By Topic

IEEE Security & Privacy

Issue 4 • Date July-Aug. 2013

Filter Results

Displaying Results 1 - 25 of 25
  • Front Cover

    Publication Year: 2013, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1513 KB)
    Freely Available from IEEE
  • IEEE Computer Society Membership [Advertisement]

    Publication Year: 2013, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (638 KB)
    Freely Available from IEEE
  • Table of Contents

    Publication Year: 2013, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (1259 KB)
    Freely Available from IEEE
  • Cybersecurity Education in Universities

    Publication Year: 2013, Page(s):3 - 4
    Cited by:  Papers (3)
    Request permission for commercial reuse | PDF file iconPDF (270 KB) | HTML iconHTML
    Freely Available from IEEE
  • Masthead

    Publication Year: 2013, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (138 KB)
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Publication Year: 2013, Page(s):6 - 7
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (522 KB) | HTML iconHTML

    News briefs cover the latest in security, privacy, policy, and dependability. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Silver Bullet Talks with Gary Warzala

    Publication Year: 2013, Page(s):8 - 10
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (490 KB) | HTML iconHTML

    Gary McGraw interviews Gary Warzala, Visa's chief information security officer. He talks about the daily life of a CISO, how companies can attract and retain good security employees, and how to measure security and discuss the results with management. Hear the full podcast at www.computer.org/silverbullet. Show links, notes, and an online discussion can be found at www.cigital.com/silverbullet. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safety-Critical Systems: The Next Generation

    Publication Year: 2013, Page(s):11 - 13
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (724 KB) | HTML iconHTML
    Freely Available from IEEE
  • Analysis of Safety-Critical Computer Failures in Medical Devices

    Publication Year: 2013, Page(s):14 - 26
    Cited by:  Papers (15)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1217 KB) | HTML iconHTML

    Malfunctioning medical devices are one of the leading causes of serious injury and death in the US. Between 2006 and 2011, 5,294 recalls and approximately 1.2 million adverse events were reported to the US Food and Drug Administration (FDA). Almost 23 percent of these recalls were due to computer-related failures, of which approximately 94 percent presented medium to high risk of severe health con... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Rock Stars of Big Data [Advertisement]

    Publication Year: 2013, Page(s): 27
    Request permission for commercial reuse | PDF file iconPDF (1867 KB)
    Freely Available from IEEE
  • Verifying Cyber-Physical Interactions in Safety-Critical Systems

    Publication Year: 2013, Page(s):28 - 37
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2261 KB) | HTML iconHTML

    Safety-compromising bugs in software-controlled systems are often hard to detect. In a 2007 DARPA Urban Challenge vehicle, such a defect remained hidden during more than 300 miles of test-driving, manifesting for the first time during the competition. With this incident as an example, the authors discuss formalisms and techniques available for safety analysis of cyber-physical systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fault Injection for Software Certification

    Publication Year: 2013, Page(s):38 - 45
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1484 KB) | HTML iconHTML

    As software becomes more pervasive and complex, it's increasingly important to ensure that a system will be safe even in the presence of residual software faults (or bugs). Software fault injection consists of the deliberate introduction of software faults for assessing the impact of faulty software on a system and improving its fault tolerance. SFI has been included as a recommended practice in r... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Mitigating XML Injection 0-Day Attacks through Strategy-Based Detection Systems

    Publication Year: 2013, Page(s):46 - 53
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (322 KB) | HTML iconHTML

    The underlying technologies used by Web services bring known vulnerabilities to a new environment as well as increased targeting by attackers. The classical approaches--knowledge and signature based, respectively--for attack detection either produce high false positive detection rates or fails to detect attack variations, leading to 0-day attacks. To counter this trend, an ontology can help build ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations

    Publication Year: 2013, Page(s):54 - 63
    Cited by:  Papers (14)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (180 KB) | HTML iconHTML

    Did Edward Snowden cause irreparable harm, or did he reveal facts that should be publicly examined? What are the facts, anyhow? This article seeks to put the Snowden revelations in context, explaining what's new, why it matters, and what might happen next. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The End of National Security Reporting?

    Publication Year: 2013, Page(s):64 - 68
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (126 KB) | HTML iconHTML

    What if your only crime was reporting one? National security reporter and former Washington Post correspondent Jeff Stein reports on how reporting on stories concerning national security could get the reporter into hot water. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computer Security Competitions: Expanding Educational Outcomes

    Publication Year: 2013, Page(s):69 - 71
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (104 KB) | HTML iconHTML

    Security competitions can be a lot of fun, and preparing for them often exposes participants to skills they might not otherwise have encountered. Yet, participating in such competitions doesn't necessarily provide a road map for future success. By offering enough feedback, organizers could turn competitions into valuable training opportunities, rather than simply opportunities for participants to ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Gone in 15 Seconds: The Limits of Privacy Transparency and Control

    Publication Year: 2013, Page(s):72 - 74
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (110 KB) | HTML iconHTML

    Even simpler or more usable privacy controls and notices might not improve users' decision-making regarding sharing of personal information. Control might paradoxically increase riskier disclosure by soothing privacy concerns. Transparency might be easily muted, and its effect arbitrarily controlled, through simple framing or misdirections. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Keeping Secrets on Low-Cost Chips

    Publication Year: 2013, Page(s):75 - 77
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (590 KB) | HTML iconHTML

    In the mass markets in which chips are integrated into everyday objects, the cost pressures are great, but so is the need for security. To help resolve the conflict between cost and security, a new strategy embeds cryptographic algorithms into a cryptographic protocol such that they only need to be protected against single-execution side-channel attacks. To do this, the strategy introduces a key d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Pain Management for Entrepreneurs: Working with Venture Capital

    Publication Year: 2013, Page(s):78 - 81
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (109 KB) | HTML iconHTML

    Although information systems security is acknowledged as one of technology's most critical areas of need, there is a sizable gap between available technical approaches to security and the capabilities of current commercial products. This reflects acknowledged issues in technology transfer. The author, a veteran of both information security research and commercial security product venture capital o... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Control Systems from the Inside: A Case for Mediating Physical Behaviors

    Publication Year: 2013, Page(s):82 - 84
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (92 KB) | HTML iconHTML

    Attackers can leverage security vulnerabilities in computerized control systems to cause real, physical harm. Despite efforts to fix control system security flaws, the advantage remains with attackers due to the increasing complexity and connectivity of modern control systems. A complementary approach to closing security holes is to directly mediate the physical behavior of control systems, thus p... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Big Data, Big Brother, Big Money

    Publication Year: 2013, Page(s):85 - 89
    Cited by:  Papers (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1017 KB) | HTML iconHTML

    Government snooping, recently publicized, is now using the same data sources that corporations use to watch us. The same records used by federal agencies to search for terrorists are used, with fewer controls, by corporations searching for customers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Whitelisting to Combat Malware Attacks at Fannie Mae

    Publication Year: 2013, Page(s):90 - 92
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (672 KB) | HTML iconHTML

    Security-awareness training and antivirus software can't entirely prevent the downloading of malware. To supplement these defenses, cybersecurity staff at Fannie Mae successfully implemented application whitelisting, which allows only approved software to execute. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Bio-hacking: Tapping Life's Code to Deal with Unpredictable Risk

    Publication Year: 2013, Page(s):93 - 95
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (79 KB) | HTML iconHTML

    The biological world--full of salty tidepools and steaming jungles--would seem to be a long way from the clean rooms and server farms of the information technology world. But these ecosystems converge strongly in the realm of security, where the 3.5 billion year history of life has numerous lessons for improving security in the far younger world of computing. The convergence lies in the fact that ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Abandonment

    Publication Year: 2013, Page(s): 96
    Request permission for commercial reuse | PDF file iconPDF (188 KB) | HTML iconHTML
    Freely Available from IEEE
  • Magazine Subscribe [Advertisement]

    Publication Year: 2013, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (1316 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu