By Topic

Security & Privacy, IEEE

Issue 5 • Date Sept.-Oct. 2013

Filter Results

Displaying Results 1 - 22 of 22
  • Front Cover

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (859 KB)  
    Freely Available from IEEE
  • Table of Contents

    Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (787 KB)  
    Freely Available from IEEE
  • Open Assurance

    Page(s): 3 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (181 KB)  
    Freely Available from IEEE
  • Masthead

    Page(s): 5
    Save to Project icon | Request Permissions | PDF file iconPDF (132 KB)  
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Page(s): 6 - 7
    Save to Project icon | Request Permissions | PDF file iconPDF (241 KB)  
    Freely Available from IEEE
  • Silver Bullet Talks with Wenyuan Xu

    Page(s): 8 - 10
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (925 KB)  

    Wenyuan Xu, as associate professor at the University of South Carolina, talks about the differences between American and Chinese technical culture, her work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science. Hear the full podcast at www.computer.org/silverbullet. Show links, notes, and an online discussion can be found at www.cigital.com/silverbullet. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Personal Data Store Approach to Personal Data Security

    Page(s): 12 - 19
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (607 KB) |  | HTML iconHTML  

    A growing number of actors believe personal data stores (PDSs) are the solution to the issue of online privacy. With PDSs, people can choose to share specific personal information or restrict access to certain interested parties. A small-scale test involving job applicants and employers attempted to ascertain the extent to which users are willing to adopt PDSs. This article describes the EU Framework Programme 7 TAS3's PDS solution and explores whether PDSs are a practical solution to address personal data insecurity on the Web. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anonymous and Distributed Community Cyberincident Detection

    Page(s): 20 - 27
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (259 KB)  

    Communities are under attack from a variety of threat agents. The repercussions from these attacks will grow more severe as communities become increasingly reliant on cyberspace. Communities must be prepared to prevent, detect, respond to, and recover from a wide variety of cyberincidents. The timely and useful detection of cyberattacks is a first step toward fast and effective response and recovery. However, centralized community cyberincident detection scales poorly, and community members are understandably hesitant to share sensitive security information. Anonymity is vital to protecting participants' privacy, and thereby encouraging their participation. A community cyberincident detection framework based on an anonymous, distributed, scalable information-sharing architecture addresses these issues. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Teaching an Old TPM New Tricks: Repurposing for Identity-Based Signatures

    Page(s): 28 - 35
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (299 KB)  

    A trusted platform module (TPM) is an industry-standard module bound to a system; it provides secure, cryptoprocessor functions such as asymmetric key generation and storage, asymmetric encryption/decryption, cryptographic hashing operations, and much more. Although it may seem useful, this module, ubiquitous in many OEM systems, is often underutilized or not utilized at all. This article presents a way to use the TPM as a secure key-generating authority in a Shamir identity-based signature scheme implementation. The authors demonstrate that the TPM can be used for more than what it's usually documented for. If more such uses can be found, perhaps the TPM will no longer be underutilized. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Federated Identity Management Systems: A Privacy-Based Characterization

    Page(s): 36 - 48
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (975 KB)  

    Identity management systems store attributes associated with users and employ these attributes to facilitate authorization. The authors analyze existing systems and describe a privacy-driven taxonomy of design choices, which can help technical experts consulting on public policy relating to identity management. The US National Strategy for Trusted Identities in Cyberspace initiative is discussed to illustrate how this taxonomy helps analyze public policy options. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • iOS Data Recovery Using Low-Level NAND Images

    Page(s): 49 - 55
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (537 KB)  

    To recover erased data from iOS devices, specialists use a brute-force method to decrypt the passwords, then extract data images directly from low-level NAND storage and analyze the redundancy caused by its file translation layer (FTL) behavior. iOS devices' garbage collection strategy significantly affects data recovery. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Public as Partner? Technology Can Make Us Auxiliaries as Well as Vigilantes

    Page(s): 56 - 61
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (574 KB) |  | HTML iconHTML  

    Starting from police requests for help from citizens in the Boston Marathon bombing, this article examines some of the new opportunities and risks that computers and related communication tools bring to social control efforts. Issues of justice, liberty, privacy, community, and effectiveness are involved. Yet whatever is new here for national security, police and criminal justice grows out of and is encapsulated in settings that are in some ways old and shows enduring cultural continuities, trade-offs, and value conflicts. The more permeable the borders between citizens' information and the police, the greater the threat to liberty. If we become too comfortable with the idea of reporting on every imaginable violation or problem, we risk diluting cooperation for more serious problems, overwhelming police resources, and introducing other problems such as invading privacy and unwarranted damage to reputations. Yet paradoxically in a democracy for both legitimacy and effectiveness, appropriate forms of citizen involvement are of the utmost importance. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Dependable Systems-of-Systems Design Challenge

    Page(s): 62 - 65
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (399 KB)  

    Systems of systems are becoming more prevalent and more critical to industry and society. Designing these systems is difficult; designing them to be dependable is an even greater challenge. However, there are ways to ease this process. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Cyberoperations Program

    Page(s): 66 - 69
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (733 KB)  

    To conduct cyberoperations, not only must you understand computers, networks, and protocols, you must also determine what circumstances actions may be taken in and who can take them. In addition, you must consider strategies and policies as well as those actions' possible side effects, in both cyberspace and the natural world. At the US Naval Postgraduate School and elsewhere, educators are preparing computer science graduates to meet these challenges. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Tiny Salespeople: Mediated Transactions and the Internet of Things

    Page(s): 70 - 72
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (589 KB)  

    If the Internet of Things becomes reality, everyday objects might try to sell you products and services. This presents both benefits and perils, the latter in the form of an increased "attack surface" for companies interested in jogging sales. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Conflicts between Intrusion Detection and Privacy Mechanisms for Wireless Sensor Networks

    Page(s): 73 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1057 KB)  

    Both active and passive attackers pose a threat for wireless sensor networks. So, intrusion detection systems and privacy mechanisms must be deployed, usually at the same time. Yet this coexistence might result in the malfunction or inefficiency of one of these components. Several techniques and principles can help minimize such problems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Known Unknowns

    Page(s): 77 - 79
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (109 KB)  

    Securing computer systems is an ongoing task that requires involvement of users, system administrators, and developers. There has been a lot of discussion of embedded computer security in the computer science curriculum, but that is insufficient. It's necessary to provide training to keep workers up to date, and to educate them. In this article, the authors discuss the workforce, and the fact that a majority of those working in computing fields don't have a formal computer science degree. What do they know, and what do employers need to know about the gaps in the employee's knowledge? View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Circumvention of Security: Good Users Do Bad Things

    Page(s): 80 - 83
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (112 KB)  

    Conventional wisdom is that the textbook view describes reality, and only bad people (not good people trying to get their jobs done) break the rules. And yet it doesn't, and good people circumvent. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Profile as Promise: Honest and Deceptive Signals in Online Dating

    Page(s): 84 - 88
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (450 KB) |  | HTML iconHTML  

    Online dating is a popular way to meet new romantic partners, but many people fear that others are lying in their profiles. Research suggests that "fudging" (or small deceptions) are common but that big lies are relatively rare. Drawing from their Profile as Promise framework and signaling theory, the authors discuss why this happens and how it fits into broader patterns of human behavior, both online and offline, and offer ideas about how these insights might be applied to other contexts. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building Security In: A Road to Competency

    Page(s): 89 - 92
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (158 KB)  

    The Software Assurance (SwA) Competency Model provides a foundation for assessing and advancing software security professionals' capability. A span of competency levels and their decomposition into competencies, based on the knowledge and skills in the SwA Core Body of Knowledge, enable organizations or individuals to determine SwA competency. Organizations can also adapt the model's features to their domain, culture, or structure. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Crime Science and the Internet Battlefield: Securing the Analog World from Digital Crime

    Page(s): 93 - 95
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (113 KB)  

    The study of crime science could contribute to understanding the fundamental issues of security in cyberspace. The author confronts the traditional understanding of cybercrime with the newly emerging phenomena, in which the Internet is simply a tool to commit criminal and terrorist acts in real-life circumstances. The idea of a "new criminal battlefield" presents a future-oriented and predictive approach to the latest challenges that the Internet and related technologies bring to the law enforcement and criminal justice systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Trust in Man/Machine Security Systems

    Page(s): 96
    Save to Project icon | Request Permissions | PDF file iconPDF (218 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu