By Topic

Security & Privacy, IEEE

Issue 6 • Date Nov.-Dec. 2013

Filter Results

Displaying Results 1 - 25 of 26
  • Front Cover

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (559 KB)  
    Freely Available from IEEE
  • Usenix House Advertisement

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (819 KB)  
    Freely Available from IEEE
  • Table of Contents

    Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (642 KB)  
    Freely Available from IEEE
  • Focus on Policy

    Page(s): 3
    Save to Project icon | Request Permissions | PDF file iconPDF (260 KB)  
    Freely Available from IEEE
  • [Masthead]

    Page(s): 4
    Save to Project icon | Request Permissions | PDF file iconPDF (134 KB)  
    Freely Available from IEEE
  • Silver Bullet Talks with W. Hord Tipton

    Page(s): 5 - 7
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (208 KB)  

    Gary McGraw talks with W. Hord Tipton, executive director of (ISC)2, about how he got into science and engineering, the insights he's cultivated from being a nuclear and chemical engineer, whether or not certification can help advance software security, and the benefits of teaching software security to kids. Hear the full podcast at www.computer.org/silverbullet. Show links, notes, and an online discussion can be found at www.cigital.com/silverbullet. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security, Privacy, Policy, and Dependability Roundup

    Page(s): 8 - 9
    Save to Project icon | Request Permissions | PDF file iconPDF (199 KB)  
    Freely Available from IEEE
  • Security and Privacy in Health IT [Guest editors' introduction]

    Page(s): 10 - 11
    Save to Project icon | Request Permissions | PDF file iconPDF (376 KB)  
    Freely Available from IEEE
  • Nonconfidential Patient Types in Emergency Clinical Decision Support

    Page(s): 12 - 18
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (602 KB)  

    Simple tools are needed to support differential diagnosis in a cognitively complex setting. Tools that show similar patients' diagnoses and treatment trajectories might provide useful clinical decision support for emergency physicians who use a case-based reasoning approach. However, privacy concerns that arise with indirect use of electronic health records (EHRs) must be addressed. The authors present a method to abstract a collection of EHRs into a set of summarized patient types and demonstrate its use on a database of medical records. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Electronic Medical Records: Confidentiality, Care, and Epidemiology

    Page(s): 19 - 24
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (202 KB)  

    A unified patient medical record offers hope for better care and reduced costs without deteriorating the confidentiality of patient information. However, two kinds of confidentiality concerns--patients' desire to preserve privacy and vendors' desire to limit knowledge of their systems and control the data in them--impede the full exploitation of medical records for better patient care. We should be using patient records both to detect health IT problems and for epidemiological research. In neither case should we decide that the importance of secrecy, whether asserted by companies or patients, completely trumps the use of health data for research. In particular, corporate secrecy should be limited when information is necessary for treatment and research. We need to balance public health against risks to both patient concerns and commercialization. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Securing Information Technology in Healthcare

    Page(s): 25 - 33
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (259 KB)  

    Dartmouth College's Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the workshops. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identity Management--In Privacy We Trust: Bridging the Trust Gap in eHealth Environments

    Page(s): 34 - 41
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (517 KB)  

    Identity management solutions that control the data that users provide to individual healthcare services raise trust and privacy concerns, such as who owns user data, how to control its spread, and how to build trustworthy associations between care providers. Reputation systems can enhance eHealth systems by bridging the gap between strong contractual agreements and first-time domain exchanges. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Point/Counterpoint

    Page(s): 42 - 44
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (171 KB)  

    The first article, "The Consequences of the Lack of Privacy in Today's Electronic Health Systems," by Deborah C. Peel, argues that because the public doesn't trust technology systems that prevent them from deciding who can see, use, or sell their health data, millions avoid treatment or hide information and suffer bad health outcomes. The second article, "Privacy and Security as Enabler, Not Barrier, to Responsible Health Data Uses," by Deven McGraw, states that trust in health technology will be enabled not by focusing disproportionately on patient consent but through robust policies that address all of the fair information practice principles. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Real-time detection of intrusive traffic in QoS network domains

    Page(s): 45 - 53
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (625 KB)  

    A capable, scalable, and reliable model detects intrusive traffic by investigating the impact of user behavior on quality-of-service regulations in real time. The model also proposes reliable coordination for investigating user traffic, including traffic injected through several gateways. Traffic investigation is triggered only when the network is congested; at that moment, burst gateways generate an echo of explicit congestion notification to misbehaving users. The model investigates these users by measuring their bandwidth consumption ratios. User traffic that exceeds the service-level agreement bandwidth ratio is filtered as intrusive. Simulation results demonstrate that the proposed model efficiently monitors user behavior and detects intrusive traffic. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic attack signature generation systems: A review

    Page(s): 54 - 61
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (501 KB)  

    Signature-based intrusion detection systems provide solutions to counter the increasing number of attacks on network resources. But this is not helpful for novel attacks whose signatures aren't available. Automated signature generation systems can work proactively to detect these attacks in real time and generate signatures of new attacks. This article analyzes the latest developments, including Honeycyber, Hancock, Arbor, Auto-Sign, Argos, Hamsa, F-Sign, and a hybrid honeyfarm-based defense system, comparing these systems on the basis of their ability to detect novel attacks, signature generation method, suitability for multiple instances of worms, type of signature generated, attacks and worms covered, false alarm rates, and relative strengths and weaknesses. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • E-biobanking: What Have You Done to My Cell Samples?

    Page(s): 62 - 65
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (347 KB)  

    The rise in biobanking (collecting and storing human biological material) has increased the need to store large quantities of related data and make that data available to researchers and others. However, this introduces concerns regarding data security and dependability. The BiobankCloud project is developing technology to help create e-biobanking ecosystems based on a secure, dependable private-public "cloud of clouds" accessed through platform-as-a-service interfaces. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Toward Effective Cybersecurity Education

    Page(s): 66 - 68
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (89 KB)  

    A February 2013 workshop addressed the challenges of higher education in cybersecurity. The participants discussed what advice to offer regarding the most effective way to produce graduates of the highest caliber who will become the leading cybersecurity professionals. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Stranger Visions: A Provocation

    Page(s): 69 - 70
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (106 KB)  

    Genetic monitoring has been the subject of science fiction for years, but with biotechnology's decreasing costs and increasing accessibility through "DIY bio" and community laboratories, it's becoming a reality. In this new world, the very things that make us human, such as hair, skin, and saliva, become a liability as we constantly shed them in public, leaving artifacts for anyone to mine for information. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Communicating Covertly through CPU Monitoring

    Page(s): 71 - 73
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (543 KB)  

    This paper show covert channels using the CPU load are possible between clients connected to a multicore remote server. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Big Data Analytics for Security

    Page(s): 74 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (518 KB)  

    Big data is changing the landscape of security tools for network monitoring, security information and event management, and forensics; however, in the eternal arms race of attack and defense, security researchers must keep exploring novel ways to mitigate and contain sophisticated attackers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Old Is New Again

    Page(s): 77 - 79
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (181 KB)  

    The invention of copying 50 years ago offered convenience to readers and was a socially good thing. Preventing it would not have caused a major increase in individual paper subscription, then or now. Instead, without copying, readers would either have to go to a library or, more likely, not read at all. The same arguments appear today, this time about electronics. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Building Security In: Preparing for a Software Security Career

    Page(s): 80 - 83
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (5333 KB)  

    Carnegie Mellon University's Software Engineering Institute (SEI) has developed a set of software assurance curriculum guidance documents, which provides a foundation for preparing a software security workforce. This article describes the SEI Software Assurance Curriculum Project's work and the curriculum guidance documents. A case study illustrates how individuals could use the curriculum guidance. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Everyday Security: Default to Decency

    Page(s): 84 - 87
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (571 KB)  

    Sociological study of normal routine behavior informs us of the mechanisms through which safety and social order are maintained. From ethnographic studies of public sites such as the New York subway system, we learn how workers' routines fit or do not fit into official security-era policies coming from above. Suggestions are provided for concrete mechanisms likely to enhance security while providing collateral benefits of enhanced efficiency and pleasure to members of the public. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Walls and Gates

    Page(s): 88
    Save to Project icon | Request Permissions | PDF file iconPDF (153 KB)  
    Freely Available from IEEE
  • InfoSec World Conference 2014 Trade

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (1935 KB)  
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu