By Topic

IEEE Security & Privacy

Issue 1 • Date Jan.-Feb. 2014

Filter Results

Displaying Results 1 - 23 of 23
  • [Front cover]

    Publication Year: 2014, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (1570 KB)
    Freely Available from IEEE
  • IEEE Computer Society - Rock stars of mobile cloud [future event]

    Publication Year: 2014, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (1774 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2014, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (3284 KB)
    Freely Available from IEEE
  • Humans in the Loop

    Publication Year: 2014, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (629 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2014, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (136 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Jon Callas

    Publication Year: 2014, Page(s):6 - 8
    Request permission for commercial reuse | PDF file iconPDF (677 KB) | HTML iconHTML
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Publication Year: 2014, Page(s):9 - 10
    Request permission for commercial reuse | PDF file iconPDF (596 KB) | HTML iconHTML
    Freely Available from IEEE
  • Protecting You [Guest editors' introduction]

    Publication Year: 2014, Page(s):11 - 13
    Request permission for commercial reuse | PDF file iconPDF (1370 KB) | HTML iconHTML
    Freely Available from IEEE
  • More Is Not the Answer

    Publication Year: 2014, Page(s):14 - 19
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1298 KB) | HTML iconHTML

    Progress in user security has been slow for several reasons. First, the Web's scale and diversity make one-size-fits-all approaches hard. Second, the competition for user attention is fierce: there are no pools of unexploited user effort to be had. Third, persuasion is the only tool we have, mandates being often impossible or undesirable. We need to find new techniques to improve user security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Leaking Sensitive Information in Complex Document Files--and How to Prevent It

    Publication Year: 2014, Page(s):20 - 27
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2281 KB) | HTML iconHTML

    Complex document formats such as PDF and Microsoft's Compound File Binary Format can contain information that is hidden but recoverable, as a result of text highlighting, cropping, or the embedding of high-resolution JPEG images. Private information can be released inadvertently if these files are distributed in electronic form. Simple experiments involving the creation of test documents can deter... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Going Spear Phishing: Exploring Embedded Training and Awareness

    Publication Year: 2014, Page(s):28 - 38
    Cited by:  Papers (12)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1992 KB) | HTML iconHTML

    To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Helping You Protect You

    Publication Year: 2014, Page(s):39 - 42
    Request permission for commercial reuse | PDF file iconPDF (886 KB) | HTML iconHTML
    Freely Available from IEEE
  • Redefining Security Criteria for Networking Devices with Case Studies

    Publication Year: 2014, Page(s):43 - 53
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (994 KB) | HTML iconHTML

    Common Criteria, ICSA Labs, and NSS Labs--three well-known standard security criteria--emphasize document review of a product's life cycle, false negative and positive rates of malicious and benign traffic, and performance and self-protection of security functions, respectively. The authors combine test cases from these security criteria with the RealFlow stability test to form a set of lightweigh... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Bandwidth Distributed Denial of Service: Attacks and Defenses

    Publication Year: 2014, Page(s):54 - 61
    Cited by:  Papers (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (402 KB) | HTML iconHTML

    The Internet is vulnerable to bandwidth distributed denial-of-service (BW-DDoS) attacks, wherein many hosts send a huge number of packets to cause congestion and disrupt legitimate traffic. So far, BW-DDoS attacks have employed relatively crude, inefficient, brute force mechanisms; future attacks might be significantly more effective and harmful. To meet the increasing threats, we must deploy more... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Highlights from Making Sense of Snowden, Part II: What's Significant in the NSA Revelations

    Publication Year: 2014, Page(s):62 - 64
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (152 KB) | HTML iconHTML Multimedia Media

    In June 2013, the English newspaper The Guardian began publishing a series of secret documents leaked from the National Security Agency (NSA). Each day brought startling news, from the NSA's collection of metadata records of all calls made within the US to programs that collected and stored data of “non-US” persons to the UK Government Communications Headquarters' (GCHQ) interception... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Tests-versus-Proofs Conundrum

    Publication Year: 2014, Page(s):65 - 68
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (258 KB) | HTML iconHTML

    Fully proving the correctness of entire real-world software stacks is still not practical, despite impressive recent advances. At the same time, classic system testing is increasingly insufficient to make modern systems reliable and secure. To make progress, we must fuse formal methods with traditional testing practice into a unified approach. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Learning Mobile Security with Labware

    Publication Year: 2014, Page(s):69 - 72
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (455 KB) | HTML iconHTML

    As smart mobile devices become increasingly popular, so do the incentives for attackers. Mobile devices' prevalence and mobile threats' rapid growth have resulted in a shortage of mobile-security personnel. We need educational activities to promote mobile-security education and meet the emerging industry and education needs. However, mobile security is a relatively weak area in most schools' compu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Should Sniffing Wi-Fi Be Illegal?

    Publication Year: 2014, Page(s):73 - 76
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1057 KB) | HTML iconHTML

    Should it be against the law to sniff Wi-Fi packets? This question not only has ramifications for Wi-Fi and wiretapping but also poses broader questions about how we use law to protect online privacy. It leads us to consider many important and recurring debates about the collision of law and technology. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Driving for Big Data? Privacy Concerns in Vehicular Networking

    Publication Year: 2014, Page(s):77 - 79
    Cited by:  Papers (11)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1383 KB) | HTML iconHTML

    Communicating vehicles will change road traffic as we know it. With current versions of European and US standards in mind, the authors discuss privacy and traffic surveillance issues in vehicular network technology and outline research directions that could address these issues. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Protecting Me

    Publication Year: 2014, Page(s):80 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (175 KB) | HTML iconHTML

    In this column, we give a quick overview of the many lines of protection you find on a typical home machine, which in turn helps us illustrate the complexity and challenges involved in securing a standard computer system. We focus on Windows here simply because it's widespread and widely attacked; many of the same techniques can be found on other platforms. As such, if you're a Unix user or a Mac ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier

    Publication Year: 2014, Page(s):83 - 87
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1203 KB) | HTML iconHTML Multimedia Media

    Big data is changing the landscape of security tools for network monitoring, security information and event management, and forensics; however, in the eternal arms race of attack and defense, security researchers must keep exploring novel ways to mitigate and contain sophisticated attackers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Polarization

    Publication Year: 2014, Page(s): 88
    Request permission for commercial reuse | PDF file iconPDF (562 KB) | HTML iconHTML
    Freely Available from IEEE
  • Subscribe to IEEE Security & Privacy [Advertisement]

    Publication Year: 2014, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (3188 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu