By Topic

IEEE Security & Privacy

Issue 2 • Date Mar.-Apr. 2014

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2014, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (3137 KB)
    Freely Available from IEEE
  • Magazine Subscribe [advertisement]

    Publication Year: 2014, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (4345 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2014, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (3574 KB)
    Freely Available from IEEE
  • Taking Action to Build Trust in Security

    Publication Year: 2014, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (642 KB) | HTML iconHTML
    Freely Available from IEEE
  • [Masthead]

    Publication Year: 2014, Page(s): 5
    Request permission for commercial reuse | PDF file iconPDF (137 KB)
    Freely Available from IEEE
  • Membership Matters [advertisement]

    Publication Year: 2014, Page(s): 6
    Request permission for commercial reuse | PDF file iconPDF (654 KB)
    Freely Available from IEEE
  • Silver Bullet Talks with Matthew Green

    Publication Year: 2014, Page(s):7 - 10
    Request permission for commercial reuse | PDF file iconPDF (6347 KB) | HTML iconHTML
    Freely Available from IEEE
  • Security, Privacy, Policy, and Dependability Roundup

    Publication Year: 2014, Page(s):11 - 13
    Request permission for commercial reuse | PDF file iconPDF (1965 KB) | HTML iconHTML
    Freely Available from IEEE
  • Moving Target [Guest editors' introduction]

    Publication Year: 2014, Page(s):14 - 15
    Cited by:  Papers (1)
    Request permission for commercial reuse | PDF file iconPDF (1507 KB) | HTML iconHTML
    Freely Available from IEEE
  • Finding Focus in the Blur of Moving-Target Techniques

    Publication Year: 2014, Page(s):16 - 26
    Cited by:  Papers (18)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1116 KB) | HTML iconHTML

    Protecting critical systems and assets against cyberattacks is an ever more difficult challenge that strongly favors attackers. Whereas defenders must protect a large, diverse set of cybersystems containing an unknown number of vulnerabilities of various types, attackers need only find one or a few exploitable vulnerabilities to mount a successful attack. One promising approach that can shift the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Jobs Board [advertisement]

    Publication Year: 2014, Page(s): 27
    Request permission for commercial reuse | PDF file iconPDF (557 KB)
    Freely Available from IEEE
  • Security through Diversity: Are We There Yet?

    Publication Year: 2014, Page(s):28 - 35
    Cited by:  Papers (10)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1426 KB) | HTML iconHTML

    Because most software attacks rely on predictable behavior on the target platform, mass distribution of identical software facilitates mass exploitation. Countermeasures include moving-target defenses in general and biologically inspired artificial software diversity in particular. Although the concept of software diversity has interested researchers for more than 20 years, technical obstacles pre... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Defense on the Move: Ant-Based Cyber Defense

    Publication Year: 2014, Page(s):36 - 43
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2596 KB) | HTML iconHTML

    Many common cyberdefenses (like firewalls and intrusion-detection systems) are static, giving attackers the freedom to probe them at will. Moving-target defense (MTD) adds dynamism, putting the systems to be defended in motion, potentially at great cost to the defender. An alternative approach is a mobile resilient defense that removes attackers' ability to rely on prior experience without requiri... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Countering Intelligent Jamming with Full Protocol Stack Agility

    Publication Year: 2014, Page(s):44 - 50
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1755 KB) | HTML iconHTML

    Intelligent jamming (IJ) attacks go beyond applying brute-force power at the physical link, exploiting vulnerabilities specific to protocols or configurations. IJ attackers who can gain a foothold into a network by understanding and exploiting vulnerabilities can operate with a much lower chance of detection and a greater impact on the network. For example, one IJ technique exploits media access c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Managed Execution Environment as a Moving-Target Defense Infrastructure

    Publication Year: 2014, Page(s):51 - 59
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1436 KB) | HTML iconHTML

    The A3 adaptive execution management environment contributes to moving-target defense (MTD) strategies by enabling sophisticated dynamic defensive maneuvers. A3 facilitates synergistic combination of MTDs with one another as well as with other aspects of a composite defense, aiming to improve an application's resiliency over time. It can expand MTDs' scope and increase their effectiveness by subje... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Tool to Analyze Potential I/O Attacks against PCs

    Publication Year: 2014, Page(s):60 - 66
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (516 KB) | HTML iconHTML

    Instead of making the CPU execute malware, I/O attacks exploit peripheral devices and, as such, can't be detected by traditional anti-malware techniques. The proposed multipurpose FPGA-based tool can help analyze such attacks and be programmed to mimic a malicious I/O controller, host a Trojan horse, and even apply fuzzing techniques to identify vulnerabilities that could be exploited from I/O con... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Quantitative Security Metrics: Unattainable Holy Grail or a Vital Breakthrough within Our Reach?

    Publication Year: 2014, Page(s):67 - 69
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (150 KB) | HTML iconHTML

    It's long been well understood that you can calculate useful estimations of systems' reliability against accidental failure. It's also well understood that trying to calculate systems' level of security against possibly intelligent, determined, well-funded, and creative adversaries is a far greater challenge. Nevertheless, even a less-than-perfect predictive capacity, if its limitations are respec... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Authenticated Encryption: Toward Next-Generation Algorithms

    Publication Year: 2014, Page(s):70 - 72
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (150 KB) | HTML iconHTML

    Wondering whether researchers have a cryptographic tool able to provide both confidentiality (privacy) and integrity (authenticity) of a message? They do: authenticated encryption (AE), a symmetric-key mechanism that transforms a message into a ciphertext. This article discusses standard AE algorithms, classic security models' shortcomings for AE algorithms, and related attacks. Motivated by these... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Moving-Target Defenses for Computer Networks

    Publication Year: 2014, Page(s):73 - 76
    Cited by:  Papers (8)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1293 KB) | HTML iconHTML

    One of the criticisms of traditional security approaches is that they present a static target for attackers. Critics state, with good justification, that by allowing the attacker to reconnoiter a system at leisure to plan an attack, defenders are immediately disadvantaged. To address this, the concept of moving-target defense (MTD) has recently emerged as a new paradigm for protecting computer net... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Caller ID: Whose Privacy?

    Publication Year: 2014, Page(s):77 - 79
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (964 KB) | HTML iconHTML

    Today, we consider it routine to see the name of the person calling us when our phone rings. When this service was introduced, it was debated: was a telephone caller entitled to anonymity? We opted for disclosure, and we should remember that maximum privacy isn't always the best public policy. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Genomic Privacy and the Rise of a New Research Community

    Publication Year: 2014, Page(s):80 - 83
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1106 KB) | HTML iconHTML

    Recent breakthroughs in whole genome sequencing (WGS) have laid the foundations to improve modern healthcare and attain a better understanding of genetic features, as well as their relation to diseases. The increased affordability of WGS prompts institutions worldwide to build large datasets of digitized genomes, often obtained from donors, and make them available for different research purposes. ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Metadata = Surveillance

    Publication Year: 2014, Page(s): 84
    Cited by:  Papers (2)
    Request permission for commercial reuse | PDF file iconPDF (659 KB) | HTML iconHTML
    Freely Available from IEEE
  • Software Experts Summit

    Publication Year: 2014, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (1539 KB)
    Freely Available from IEEE
  • Rock Stars of Mobile Cloud [advertisement]

    Publication Year: 2014, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (1774 KB)
    Freely Available from IEEE

Aims & Scope

The primary objective of IEEE Security & Privacy is to stimulate and track advances in information assurance and security and present these advances in a form that can be useful to a broad cross-section of the professional community-ranging from academic researchers to industry practitioners. It is intended to serve a broad readership.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Shari Lawrence Pfleeger
shari.l.pfleeger@dartmouth.edu