By Topic

Security & Privacy, IEEE

Issue 1 • Date Jan.-Feb. 2013

Filter Results

Displaying Results 1 - 25 of 25
  • Front Cover

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (1634 KB)  
    Freely Available from IEEE
  • IEEE Symposium on Security and Privacy House Advertisement

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (769 KB)  
    Freely Available from IEEE
  • Table of Contents

    Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (838 KB)  
    Freely Available from IEEE
  • Enlightened Security: Shedding Light on What Works and Why

    Page(s): 3 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (350 KB)  
    Freely Available from IEEE
  • Masthead

    Page(s): 5
    Save to Project icon | Request Permissions | PDF file iconPDF (241 KB)  
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Page(s): 6 - 7
    Save to Project icon | Request Permissions | PDF file iconPDF (261 KB)  
    Freely Available from IEEE
  • Silver Bullet Talks with Per-Olof Persson

    Page(s): 8 - 10
    Save to Project icon | Request Permissions | PDF file iconPDF (468 KB)  
    Freely Available from IEEE
  • A View from the C-Suite

    Page(s): 11 - 12
    Save to Project icon | Request Permissions | PDF file iconPDF (858 KB)  
    Freely Available from IEEE
  • Implementing Effective Controls in a Mobile, Agile, Cloud-Enabled Enterprise

    Page(s): 13 - 14
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (350 KB)  

    In today's enterprise, security teams that call for security to be "everyone's responsibility" and "built in, not bolted on" are struggling to protect their businesses in the face of consumerization, mobility, cloud, and agile business environments. This article offers tangible techniques to turn these clichés into reality while considering the cultural and trust barriers that hinder the implementation of effective controls. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authentication at Scale

    Page(s): 15 - 22
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (466 KB)  

    Like many in the industry, the authors believe passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe. Google employs a base level of sophisticated server-side technologies, such as SSL and risk analysis, to protect users with plain old passwords; however, it's also investing in client-side technologies, such as strong authentication with two-step verification using one-time passwords and public-key-based technology, for stronger user and device identification. It's championing various approaches to access delegation, both in its applications and with third parties, so that end user credentials aren't passed around insecurely. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • From the Enterprise Perimeter to a Mobility-Enabled Secure Cloud

    Page(s): 23 - 31
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (949 KB)  

    The enterprise perimeter has exhibited gradual trust degradation owing to a succession of connectivity decisions involving Web, email, virtual private networking, exceptions, and mobile networks as well as a succession of threats including malware and advanced persistent threats (APTs). The author proposes restoring trust to the enterprise by focusing protection strategies on a set of prioritized assets. The protections center on three zones: a client zone, a network zone with network-based carrier protection services, and a cloud zone with third-party attested security heavily indexed toward identity and access management services. The resultant enterprise network is more resilient to leakage attacks such as APTs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Human Element of Information Security

    Page(s): 32 - 35
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (905 KB)  

    Information security has long hinged on trusted insiders' ability to make good decisions. However, modifying human behavior through training is difficult; some battle-worn security executives might even dismiss it as impossible. Although foundational controls such as antivirus, data leak protection, and firewalls are important, they're far from sufficient. The sharp rise in "knowability" of people at a distance raises an important question for the information security industry about the automation of personalized attacks: what happens when the marginal cost of launching a convincing personalized attack starts to approach $0? Today, most security controls are ignorant of rich historical data about the person they're tasked with protecting. As the cost for attackers to personalize their attacks goes down, our zeal in building technology to personalize defense must rise. This article explores our industry's need to embrace security's human element. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Event Monitoring in a Distributed Systems Environment

    Page(s): 36 - 43
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1274 KB)  

    Today, organizations depend much more on IT than they did in the past. Services such as internal portals, email communication, and financial and HR systems rely on computers to move businesses forward. These systems are under pressure to be securer than ever to protect organizations' operational environment. One aspect to consider in this situation is IT security event management. This article presents the design and implementation of two security event monitoring approaches in a distributed systems environment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Cloud Computing to Implement a Security Overlay Network

    Page(s): 44 - 53
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (585 KB)  

    This article proposes and analyzes a general cloud-based security overlay network that can be used as a transparent overlay network to provide services such as intrusion detection systems, antivirus and antispam software, and distributed denial-of-service prevention. The authors analyze each of these in-cloud security services in terms of resiliency, effectiveness, performance, flexibility, control, and cost. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Targeted Cyberattacks: A Superset of Advanced Persistent Threats

    Page(s): 54 - 61
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (828 KB)  

    Targeted cyberattacks play an increasingly significant role in disrupting the online social and economic model, not to mention the threat they pose to nation-states. A variety of components and techniques come together to bring about such attacks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Going Bright: Wiretapping without Weakening Communications Infrastructure

    Page(s): 62 - 72
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1039 KB)  

    Mobile IP-based communications and changes in technologies, including wider use of peer-to-peer communication methods and increased deployment of encryption, has made wiretapping more difficult for law enforcement, which has been seeking to extend wiretap design requirements for digital voice networks to IP network infrastructure and applications. Such an extension to emerging Internet-based services would create considerable security risks as well as cause serious harm to innovation. In this article, the authors show that the exploitation of naturally occurring weaknesses in the software platforms being used by law enforcement's targets is a solution to the law enforcement problem. The authors analyze the efficacy of this approach, concluding that such law enforcement use of passive interception and targeted vulnerability exploitation tools creates fewer security risks for non-targets and critical infrastructure than do design mandates for wiretap interfaces. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Help! Is There a Trustworthy-Systems Doctor in the House?

    Page(s): 73 - 77
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (532 KB)  

    A multidisciplinary PhD in trustworthy systems can combine knowledge and practices from computer science, information systems, software engineering, and information technology. Such a program will create individuals who can lead teams of specialists that can address the varied functional and protection challenges of information systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mobile Security: A Look Ahead

    Page(s): 78 - 81
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (431 KB)  

    Fueled by widespread adoption of employee-owned devices in the workplace and the explosion of mobile applications, mobile device security is under heavy debate in both the academic and industry security communities. Businesses and government agencies are struggling to find some sense of control at a time when employee-owned devices now access some of the most sensitive data in an organization. Various approaches and solutions have been proposed, ranging from device-based intrusion detection systems, execution isolation through application sandboxing and bare metal hypervisors, ontology-based firewalls, behavior-based detection, to cloud-based protection through the use of VPN technology. The challenge of heterogeneous hardware and software platforms, such as iOS vs. Android OS, adds yet another layer of complexity to creating a comprehensive solution. The authors provide an overview of the current threats based on data collected from observing the interaction of 75 million users with the Internet. Extrapolating this data gives an insight into what threats wait on the horizon. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Behavioral Targeting: A European Legal Perspective

    Page(s): 82 - 85
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (679 KB)  

    Behavioral targeting, or online profiling, is a hotly debated topic. Much of the collection of personal information on the Internet is related to behavioral targeting, although research suggests that most people don't want to receive behaviorally targeted advertising. The World Wide Web Consortium is discussing a Do Not Track standard, and regulators worldwide are struggling to come up with answers. This article discusses European law and recent policy developments on behavioral targeting. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Threat in the Cloud

    Page(s): 86 - 89
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (567 KB)  

    If we're going to stick all the cryptographic services in cloud-based virtual machines, how secure can we expect them to be? The answer is-unfortunately-not very. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Promises and Challenges of Continuous Monitoring and Risk Scoring

    Page(s): 90 - 93
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (948 KB)  

    Continuous monitoring and risk scoring is a comprehensive process of maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Two of the most salient aspects of CMRS are continuous data collection through automated feeds and analysis of that data to assess and score risks. CMRS attracts growing interest due to its potential to be far more agile, responsive, and perhaps less expensive than such alternatives as periodic reporting and certification. While the potential benefits could be great, so are the challenges of implementing a successful CMRS system. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Times, They Are a Changin'

    Page(s): 94 - 95
    Save to Project icon | Request Permissions | PDF file iconPDF (652 KB)  
    Freely Available from IEEE
  • Identity as Privacy

    Page(s): 96
    Save to Project icon | Request Permissions | PDF file iconPDF (278 KB)  
    Freely Available from IEEE
  • Corporate Affiliate Program House Advertisement

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (18091 KB)  
    Freely Available from IEEE
  • Magazine Subscribe House Advertisement

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (1536 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu