IEEE Security and Privacy

The author examines the debate about Microsoft's Passport technology--it will be difficult to design a workable Internet identity framework. Weýre currently trapped between Scylla and Charybdis. On one side, civil libertarians warn that a centralized ...

The US National Academy of Sciences' in-depth study of the FBI's Trilogy project outlines factors that contributed to the failure of the Trilogy program and its accompanying application software, Virtual Case File.Whatever the FBI decides to do to ...

The International Association for Cryptologic Research (IACR; www.iacr.org) held its 24th annual International Cryptography Conference 15--19 August 2004 in Santa Barbara, California. The conference consisted of short sessions, invited talks, and ...

Reviewed in this issue:James S. Tiller, The Ethical Hack: A Framework for Business Value Penetration Testing

The authors examine whether trusted computing is likely to remedy the relevant security problems in PCs. They argue that although trusted computing has some merits, it neither provides a complete remedy nor is it likely to prevail in the PC mass market.

Current trusted-computing initiatives usually involve large organizations putting physically secure hardware on user machines, potentially violating user privacy. Yet, it's possible to exploit robust server-side secure hardware to enhance user privacy. ...

Users' concerns regarding privacy issues are lowering their trust in e-services and, thus, affecting the widespread adoption of online services. To increase users' perceived control over their privacy, the authors propose a novel e-privacy architecture.

Unsolicited email is a major problem for anyone who transmits or receives email on a computer, telephone, or personal digital assistant. This article describes the magnitude of the problem, the reasons for proliferation, some interventions available ...

Information assurance (IA) education is increasingly important and widespread, and institutions are putting more resources into it and focusing their curricula around it. The US Military Academy has gone even further by infusing its full curriculum--...

Recent breakthroughs--experimental test beds, insider-detection advancements, biometrics, and user interfaces that are robust to human error--promise to raise the effectiveness of computer security to levels that have been previously unattainable. Such ...

Boundary conditions are important because significant subsets of boundary condition failures are security failures. As such, the boundary conditions we don't test today are the security patches we'll have to issue tomorrow. An effective way to limit ...

This past December, a new family of worms was discovered. The family, Santy, attacked Web applications written in the PHP scripting language. Santy is interesting for two reasons: First, its worms used Web search engines to locate likely targets; second,...

Computer security's primary background fields are computer science and computer engineering. These fields sometimes bring very different approaches to the same basic security problems. This installment of Secure Systems takes a lighthearted look at ...

As company-collected data increases in value, it attracts interest from unauthorized persons. Despite this, companies contract with third-parties for routine activities but must be careful how they set up and maintain these outsourcing agreements so ...

A critical challenge facing software security today is the dearth of experienced practitioners. Approaches that rely solely on apprenticeship as a method of propagation won't scale quickly enough to address this burgeoning problem, so as the field ...

A problem statement encouraging elegance is spare, unadorned, clean, and leaves the designer as much room as can be left. This is the hardest part of any design process. A good problem statement is a mentor and a supervisor. It asks the right question. ...