What's in a Name?
The author examines the debate about Microsoft's Passport technology--it will be difficult to design a workable Internet identity framework. Weýre currently trapped between Scylla and Charybdis. On one side, civil libertarians warn that a centralized ...
FBI's Virtual Case File Living in Limbo
The US National Academy of Sciences' in-depth study of the FBI's Trilogy project outlines factors that contributed to the failure of the Trilogy program and its accompanying application software, Virtual Case File.Whatever the FBI decides to do to ...
Crypto 2004
The International Association for Cryptologic Research (IACR; www.iacr.org) held its 24th annual International Cryptography Conference 15--19 August 2004 in Santa Barbara, California. The conference consisted of short sessions, invited talks, and ...
A Framework to Consider
Reviewed in this issue:James S. Tiller, The Ethical Hack: A Framework for Business Value Penetration Testing
Does Trusted Computing Remedy Computer Security Problems?
The authors examine whether trusted computing is likely to remedy the relevant security problems in PCs. They argue that although trusted computing has some merits, it neither provides a complete remedy nor is it likely to prevail in the PC mass market.
...Protecting Client Privacy with Trusted Computing at the Server
Current trusted-computing initiatives usually involve large organizations putting physically secure hardware on user machines, potentially violating user privacy. Yet, it's possible to exploit robust server-side secure hardware to enhance user privacy. ...
Sociotechnical Architecture for Online Privacy
Users' concerns regarding privacy issues are lowering their trust in e-services and, thus, affecting the widespread adoption of online services. To increase users' perceived control over their privacy, the authors propose a novel e-privacy architecture.
...Canning Spam: Proposed Solutions to Unwanted Email
Unsolicited email is a major problem for anyone who transmits or receives email on a computer, telephone, or personal digital assistant. This article describes the magnitude of the problem, the reasons for proliferation, some interventions available ...
Technology Education at the US Military Academy
Information assurance (IA) education is increasingly important and widespread, and institutions are putting more resources into it and focusing their curricula around it. The US Military Academy has gone even further by infusing its full curriculum--...
Methodological Foundations: Enabling the Next Generation of Security
Recent breakthroughs--experimental test beds, insider-detection advancements, biometrics, and user interfaces that are robust to human error--promise to raise the effectiveness of computer security to levels that have been previously unattainable. Such ...
Violating Assumptions with Fuzzing
Boundary conditions are important because significant subsets of boundary condition failures are security failures. As such, the boundary conditions we don't test today are the security patches we'll have to issue tomorrow. An effective way to limit ...
Worm Propagation and Generic Attacks
This past December, a new family of worms was discovered. The family, Santy, attacked Web applications written in the PHP scripting language. Santy is interesting for two reasons: First, its worms used Web search engines to locate likely targets; second,...
Turing is from Mars, Shannon is from Venus: Computer Science and Computer Engineering
Computer security's primary background fields are computer science and computer engineering. These fields sometimes bring very different approaches to the same basic security problems. This installment of Secure Systems takes a lighthearted look at ...
Averting Security Missteps in Outsourcing
As company-collected data increases in value, it attracts interest from unauthorized persons. Despite this, companies contract with third-parties for routine activities but must be careful how they set up and maintain these outsourcing agreements so ...
Knowledge for Software Security
A critical challenge facing software security today is the dearth of experienced practitioners. Approaches that rely solely on apprenticeship as a method of propagation won't scale quickly enough to address this burgeoning problem, so as the field ...
The Problem Statement is the Problem
A problem statement encouraging elegance is spare, unadorned, clean, and leaves the designer as much room as can be left. This is the hardest part of any design process. A good problem statement is a mentor and a supervisor. It asks the right question. ...