Last update:
Wed Feb 12 12:06:58 MST 2025
George Cybenko A Critical Need, An Ambitious Mission, a
New Magazine . . . . . . . . . . . . . . 5--9
Sandra Kay Miller Legal Battle Looming for Internet
Protections Acts . . . . . . . . . . . . 10--12
Scott L. Andresen New Draft to Secure Cyberspace Leaked 13--13
Simson L. Garfinkel and
Abhi Shelat Remembrance of Data Passed: a Study of
Disk Sanitization Practices . . . . . . 17--27
Nick L. Petroni, Jr. and
William A. Arbaugh The Dangers of Mitigating Security
Design Flaws: a Wireless Case Study . . 28--36
Crispin Cowan Software Security for Open-Source
Systems . . . . . . . . . . . . . . . . 38--45
Joshua Haines and
Dorene Kewley Ryder and
Laura Tinnel and
Stephen Taylor Validation of Sensor Alert Correlators 46--56
Michael Howard and
Steve Lipner Inside the Windows Security Push . . . . 57--61
Marc Donner AI Bites Man? . . . . . . . . . . . . . 63--66
Matt Bishop What Is Computer Security? . . . . . . . 67--69
Daniel J. Ryan Two Views on Security Software
Liability: Let the Legal System Decide 70--72
Carey Heckman Two Views on Security Software
Liability: Using the Right Legal Tools 73--75
Michael Lesk Copyright Extension: Eldred v. Ashcroft 76--78
Jim Hearn International Participation: The
Continuing March Toward Security and
Privacy . . . . . . . . . . . . . . . . 79--81
Iván Arce and
Elias Levy An Analysis of the Slapper Worm . . . . 82--87
S. W. Smith Fairy Dust, Secrets, and the Real World 89--93
Martin R. Stytz and
James A. Whittaker Software Protection: Security's Last
Stand? . . . . . . . . . . . . . . . . . 95--98
Michael Caloyannides Privacy vs. Information Technology . . . 100--103
Bruce Schneier We Are All Security Consumers . . . . . 104--104
George Cybenko From the Editor: Sapphire/Slammer Redux 6--6
Anonymous Letters to the Editor . . . . . . . . . 7--10
Daniel P. Dern Privacy Concerns . . . . . . . . . . . . 11--13
Lance Spitzner The Honeynet Project: Trapping the
Hackers . . . . . . . . . . . . . . . . 15--23
Matt Blaze Rights Amplification in Master-Keyed
Mechanical Locks . . . . . . . . . . . . 24--32
Salil Prabhakar and
Sharath Pankanti and
Anil K. Jain Biometric Recognition: Security and
Privacy Concerns . . . . . . . . . . . . 33--42
William E. Burr Selecting the Advanced Encryption
Standard . . . . . . . . . . . . . . . . 43--52
Marc Donner Post-Apocalypse Now . . . . . . . . . . 53--55
Jim Davis and
Melissa Dark Teaching Students to Design Secure
Systems . . . . . . . . . . . . . . . . 56--58
Gary McGraw From the Ground Up: The DIMACS Software
Security Workshop . . . . . . . . . . . 59--66
Michael Lesk Copyright Enforcement or Censorship: New
Uses for the DMCA? . . . . . . . . . . . 67--69
Jim Hearn Moving Forward? . . . . . . . . . . . . 70--71
Iván Arce The Weakest Link Revisited . . . . . . . 72--76
Edward Ball and
David W. Chadwick and
Darren Mundy Patient Privacy in Electronic
Prescription Transfer . . . . . . . . . 77--80
James Whittaker Why Secure Applications Are Difficult to
Write . . . . . . . . . . . . . . . . . 81--83
Michael A. Caloyannides Engineering or Sloganeering? The
Counterattack on Privacy . . . . . . . . 84--87
Bruce Schneier Locks and Full Disclosure . . . . . . . 88--88
Marc Donner Toward a Security Ontology . . . . . . . 6--7
Anonymous Errata: ``On the Horizon'' (vol. 1, no.
2) and ``Interface'' (vol. 1, no. 2, p.
9) . . . . . . . . . . . . . . . . . . . 7--7
Anonymous News . . . . . . . . . . . . . . . . . . 8--13
Nancy R. Mead Building a Foundation . . . . . . . . . 14--14
Lucila Ishitani and
Virgilio Almeida and
Wagner Meira, Jr. Masks: Bringing Anonymity and
Personalization Together . . . . . . . . 18--23
Hassan Aljifri IP Traceback: a New Denial-of-Service
Deterrent? . . . . . . . . . . . . . . . 24--31
Niels Provos and
Peter Honeyman Hide and Seek: An Introduction to
Steganography . . . . . . . . . . . . . 32--44
Václav Matyás, Jr. and
Zdenek Riha Toward Reliable User Authentication
through Biometrics . . . . . . . . . . . 45--49
Marc Donner Hey, Robot! . . . . . . . . . . . . . . 51--55
Deborah Frincke Who Watches the Security Educators? . . 56--58
Edward W. Felten Understanding Trusted Computing: Will
Its Benefits Outweigh Its Drawbacks? . . 60--62
Michael Lesk The Good, the Bad, and the Ugly: What
Might Change if We Had Good DRM . . . . 63--66
Jim Hearn Slow Dancing . . . . . . . . . . . . . . 67--68
Elias Levy Poisoning the Software Supply Chain . . 70--73
S. W. Smith Humans in the Loop: Human-Computer
Interaction and Security . . . . . . . . 75--79
Martin R. Stytz The Case for Software Warranties . . . . 80--82
Michael A. Caloyannides Society Cannot Function Without Privacy 84--86
Bruce Schneier Guilty Until Proven Innocent? . . . . . 88, 87
Carl E. Landwehr From the Editor: Security Cosmology:
Moving from Big Bang to Worlds in
Collusion . . . . . . . . . . . . . . . 5--5
Anonymous Security and Privacy Welcomes New
Editorial Board Members . . . . . . . . 6--7
Greg Goth and
Sandra Kay Miller News . . . . . . . . . . . . . . . . . . 8--11
Scott L. Andresen News Briefs . . . . . . . . . . . . . . 12--13
Anonymous Letters to the Editor . . . . . . . . . 14--14
Robert J. Campbell Crime Scene Investigators: The Next
Generation . . . . . . . . . . . . . . . 15--15
Dennis McGrath Measuring the 4:11 Effect: The Power
Failure and the Internet . . . . . . . . 16--18
Massoud Amin North America's Electricity
Infrastructure: Are We Ready for More
Perfect Storms? . . . . . . . . . . . . 19--25
Peter G. Capek and
David M. Chess and
Steve R. White Merry Christma: An Early Network Worm 26--34
Hilarie Orman The Morris Worm: a Fifteen-Year
Perspective . . . . . . . . . . . . . . 35--43
Rolf Oppliger and
Ruedi Rytz Digital Evidence: Dream and Reality . . 44--48
Salim Hariri and
Guangzhi Qu and
Tushneem Dharmagadda and
Modukuri Ramkishore and
Cauligi S. Raghavendra Impact Analysis of Faults and Attacks in
Large-Scale Networks . . . . . . . . . . 49--54
Fred B. Schneider Least Privilege and More . . . . . . . . 55--59
John Lenarcic The Dinosaur and the Butterfly: a Tale
of Computer Ethics . . . . . . . . . . . 61--63
Dan Ragsdale and
Don Welch and
Ron Dodge Information Assurance the West Point Way 64--67
Nancy R. Mead SEHAS 2003: The Future of High-Assurance
Systems . . . . . . . . . . . . . . . . 68--72
Michael Lesk Chicken Little and the Recorded Music
Crisis . . . . . . . . . . . . . . . . . 73--75
Jim Hearn What Works? . . . . . . . . . . . . . . 76--77
Iván Arce The Rise of the Gadgets . . . . . . . . 78--81
Jean Camp Access Denied . . . . . . . . . . . . . 82--85
Martin Stytz and
James A. Whittaker Caution: This Product Contains Security
Code . . . . . . . . . . . . . . . . . . 86--88
Bill McCarty Automated Identity Theft . . . . . . . . 89--92
Michael Caloyannides Keeping Offline Computer Usage Private 93--95
George Cybenko From the Editors: Privacy Is the Issue 5--7
Greg Goth and
Benjamin J. Alfonsi News . . . . . . . . . . . . . . . . . . 8--13
Daniel E. Geer, Jr. and
Dave Aucsmith and
James A. Whittaker Monoculture . . . . . . . . . . . . . . 14--17
Simson L. Garfinkel Email-Based Identification and
Authentication: An Alternative to PKI? 20--26
Dakshi Agrawal and
Dogan Kesdogan Measuring Anonymity: The Disclosure
Attack . . . . . . . . . . . . . . . . . 27--34
Jean-Marc Seigneur and
Christian Damsgaard Jensen Privacy Recovery with Disposable Email
Addresses . . . . . . . . . . . . . . . 35--39
Abdelmounaam Rezgui and
Athman Bouguettaya and
Mohamed Y. Eltoweissy Privacy on the Web: Facts, Challenges,
and Solutions . . . . . . . . . . . . . 40--49
Lorrie Faith Cranor P3P: Making Privacy Policies More Useful 50--55
John S. Quarterman The Ultimate in Instant Gratification 56--58
Cynthia E. Irvine Teaching Constructive Security . . . . . 59--61
Jeannette M. Wing A Call to Action: Look Beyond the
Horizon . . . . . . . . . . . . . . . . 62--67
Michael Lesk Feist and Facts: If Data Is Protected,
Will It Be More or Less Available? . . . 68--70
Elias Levy Crossover: Online Pests Plaguing the
Offline World . . . . . . . . . . . . . 71--73
S. W. Smith and
Jothy Rosenberg and
Adam Golodner A Funny Thing Happened on the Way to the
Marketplace . . . . . . . . . . . . . . 74--78
Bill McCarty The Honeynet Arms Race . . . . . . . . . 79--82
Anonymous 2003 Annual Index IEEE Security & Privacy
Volume 1 . . . . . . . . . . . . . . . . 83--88
Michael A. Caloyannides Digital `Evidence' and Reasonable Doubt 89--91
Bruce Schneier Airplane Hackers . . . . . . . . . . . . 92--92
Fred B. Schneider From the Editors: The Next Digital
Divide . . . . . . . . . . . . . . . . . 5--5
Anonymous Reviewer Thanks . . . . . . . . . . . . 6--6
Daniel Weber and
Jean Camp and
Tom Van Vleck and
Bob Bruen and
James Whittaker Letters to the Editors: Digital Rights
Management; Change the Game?; No Clear
Answers . . . . . . . . . . . . . . . . 7--9
Charles C. Palmer Editorial Board Member Profile: Can We
Win the Security Game? . . . . . . . . . 10--12
Greg Goth and
Pam Frost Gorder News: E-Voting Security: The Electoral
Dialect Gets Hot; Balancing Video-Game
Piracy Issues . . . . . . . . . . . . . 14--17
Scott L. Andresen News Briefs: Policy; Privacy; Security 18--19
Martin R. Stytz Book Reviews: Wireless World Order [\em
How Secure Is Your Wireless Network?
Safeguarding Your Wi-Fi LAN by Lee
Barken]; No Need to Fear [\em Beyond
Fear: Thinking Sensibly About Security
in an Uncertain World, by Bruce
Schneier] . . . . . . . . . . . . . . . 20--21
David L. Dill and
Aviel D. Rubin Guest Editors' Introduction: E-Voting
Security . . . . . . . . . . . . . . . . 22--23
David Evans and
Nathanael Paul E-Voting: Election Security: Perception
and Reality . . . . . . . . . . . . . . 24--31
Jonathan Bannet and
David W. Price and
Algis Rudys and
Justin Singer and
Dan S. Wallach E-Voting: Hack-a-Vote: Security Issues
with Electronic Voting Systems . . . . . 32--37
David Chaum E-Voting: Secret-Ballot Receipts: True
Voter-Verifiable Elections . . . . . . . 38--47
Nicolas Sklavos and
Nikolay Moldovyan and
Vladimir Gorodetsky and
Odysseas Koufopavlou Conference Reports: Computer Network
Security: Report from MMM-ACNS . . . . . 49--52
Marc Donner Biblio Tech: Die Gedanken Sind Frei . . 53--55
Michael Russell Grimaila Education: Maximizing Business
Information Security's Educational Value 56--60
Michael Lesk Digital Rights: Micropayments: An Idea
Whose Time Has Passed Twice? . . . . . . 61--63
Jim Hearn Global Perspectives: Does the Common
Criteria Paradigm Have a Future? . . . . 64--65
Iván Arce Attack Trends: More Bang For the Bug: An
Account of 2003's Attack Trends . . . . 66--68
Sean W. Smith and
Eugene H. Spafford Secure Systems: Grand Challenges in
Information Security: Process and Output 69--71
Martin R. Stytz Considering Defense in Depth for
Software Applications . . . . . . . . . 72--75
Neal Krawetz The Honeynet Files: Anti-Honeypot
Technology . . . . . . . . . . . . . . . 76--79
Michael A. Caloyannides Privacy Matters: Online Monitoring:
Security or Social Control? . . . . . . 81--83
Bruce Schneier Clear Text: Voting Security and
Technology . . . . . . . . . . . . . . . 84--84
George Cybenko From the Editors: Don't Bring a Knife to
a Gunfight . . . . . . . . . . . . . . . 5--5
Matthias Fischmann and
Matthias Bauer and
Simson Garfinkel Letters to the Editor: EBIA vs. PKI . . 6--7
Martin R. Stytz Book Reviews: Hacking for Understanding:
\em Hacking: The Art of Exploitation, by
Jon Erickson . . . . . . . . . . . . . . 8--8
Greg Goth and
Benjamin J. Alfonsi and
Scott L. Andresen News: How Useful Are Attack Trend
Resources? . . . . . . . . . . . . . . . 9--11
Kanta Jiwnani and
Marvin Zelkowitz Susceptibility Matrix: a New Aid to
Software Auditing . . . . . . . . . . . 16--21
Simon Byers Information Leakage Caused by Hidden
Data in Published Documents . . . . . . 23--27
Marco Gruteser and
Xuan Liu Protecting Privacy in Continuous
Location-Tracking Applications . . . . . 28--34
Annie I. Antón and
Julia B. Earp and
Qingfeng He and
William Stufflebeam and
Davide Bolchini and
University of Lugano and
Carlos Jensen Financial Privacy Policies and the Need
for Standardization . . . . . . . . . . 36--45
Ashish Popli ACM Computer and Communication Security
Conference . . . . . . . . . . . . . . . 46--47
Stephen A. Weis RFID Privacy Workshop: Concerns,
Consensus, and Questions . . . . . . . . 48--50
Marc Donner Hacking the Best-Seller List . . . . . . 51--53
Matt Bishop and
Deb Frincke Teaching Robust Programming . . . . . . 54--57
Jeffery E. Payne Regulation and Information Security: Can
Y2K Lessons Help Us? . . . . . . . . . . 58--61
Michael Lesk Shedding Light on Creativity: The
History of Photography . . . . . . . . . 62--64
Elias Levy Criminals Become Tech Savvy . . . . . . 65--68
Peter Wayner The Power of Candy-Coated Bits . . . . . 69--72
Roland L. Trope A Warranty of Cyberworthiness . . . . . 73--76
George Chamales The Honeywall CD-ROM . . . . . . . . . . 77--79
Gary McGraw Software Security . . . . . . . . . . . 80--83
Michael A. Caloyannides The Cost of Convenience: a Faustian Deal 84--87
Marc Donner From the Editors: Whose Data Are These,
Anyway? . . . . . . . . . . . . . . . . 5--6
Shari Lawrence Pfleeger Book Reviews: a Gift of Impact: \em A
Gift of Fire: The Social, Legal, and
Ethical Issues for Computers and the
Internet, by Sara Baase (Prentice-Hall
2002, ISBN 0-13-008215-5) . . . . . . . 7--7
Hong-Lok Li and
Stan Bush Letters to the Editor: Interface:
Usability, efficiency --- or privacy?;
Does piracy increase sales? . . . . . . 8--9
Greg Goth and
Scott L. Andresen News: Richard Clarke Talks Cybersecurity
and JELL-O . . . . . . . . . . . . . . . 11--15
Noopur Davis and
Watts Humphrey and
Samuel T. Redwine, Jr. and
Gerlinde Zibulski and
Gary McGraw Processes for Producing Secure Software:
Summary of US National Cybersecurity
Summit Subgroup Report . . . . . . . . . 18--25
William A. Arbaugh Guest Editor's Introduction: Wired on
Wireless . . . . . . . . . . . . . . . . 26--27
Yih-Chun Hu and
Adrian Perrig A Survey of Secure Wireless Ad Hoc
Routing . . . . . . . . . . . . . . . . 28--39
David Johnston and
Jesse Walker Overview of IEEE 802.16 Security . . . . 40--48
Jean-Pierre Hubaux and
Srdjan Capkun and
Jun Luo The Security and Privacy of Smart
Vehicles . . . . . . . . . . . . . . . . 49--55
Joel W. Branch and
Nick L. Petroni, Jr. and
Leendert Van Doorn and
David Safford Autonomic 802.11 Wireless LAN Security
Auditing . . . . . . . . . . . . . . . . 56--65
Marc Donner Cult Classics . . . . . . . . . . . . . 66--68
Deborah A. Frincke and
Matt Bishop Guarding the Castle Keep: Teaching with
the Fortress Metaphor . . . . . . . . . 69--72
Salvatore J. Stolfo Worm and Attack Early Warning . . . . . 73--75
Michael Lesk Digital Rights: Copyright and Creativity 76--78
Ivaán Arce The Kernel Craze . . . . . . . . . . . . 79--81
Mark F. Vilardo Online Impersonation in Securities Scams 82--85
Richard Ford The Wrong Stuff? . . . . . . . . . . . . 86--89
Paco Hope and
Gary McGraw and
Annie I. Antón Misuse and Abuse Cases: Getting Past the
Positive . . . . . . . . . . . . . . . . 90--92
Michael A. Caloyannides Security or Cosmetology? . . . . . . . . 93--95
Bruce Schneier Security and Compliance . . . . . . . . 96--96
Marc Donner From the Editors: a Witty Lesson . . . . 5--5
Brad Spencer and
Michael A. Caloyannides Letters to the Editor: Interface:
Machine Gun or Blunderbuss?; Usability
or privacy redux; Erratum . . . . . . . 7--8
Scott Forbes Book Reviews: \em A .NET Gold Mine: .NET
Security and Cryptography, by Peter
Thorsteinson and G. Gnana Arun Ganesh
(Prentice-Hall 2004, ISBN 0-13-100851-X) 10--10
Adam Stone and
Benjamin Alfonsi and
Scott L. Andresen News: The Delicate Balance: Security and
Privacy; Corporate Security Under Siege;
News Briefs . . . . . . . . . . . . . . 12--13
Iváan Arce and
Gary McGraw Guest Editors' Introduction: Why
Attacking Systems Is a Good Idea . . . . 17--19
Jonathan Pincus and
Brandon Baker Beyond Stack Smashing: Recent Advances
in Exploiting Buffer Overruns . . . . . 20--27
Carolyn P. Meinel Cybercrime Treaty Could Chill Research 28--32
Greg White and
Art Conklin The Appropriate Use of Force-on-Force
Cyberexercises . . . . . . . . . . . . . 33--37
Sandra Ring and
Eric Cole Taking a Lesson from Stealthy Rootkits 38--45
Colleen Shannon and
David Moore The Spread of the Witty Worm . . . . . . 46--50
Marc Donner Deus Est Machina . . . . . . . . . . . . 51--53
Deborah Frincke and
Matt Bishop Back to School . . . . . . . . . . . . . 54--56
Chip Elliott Quantum Cryptography . . . . . . . . . . 57--61
Michael Lesk Bigger Share of a Smaller Pie . . . . . 62--64
Elias Levy Approaching Zero . . . . . . . . . . . . 65--66
Richard Guida and
Robert Stahl and
Thomas Bunt and
Gary Secrest and
Joseph Moorcones Deploying and Using Public Key
Technology: Lessons Learned in Real Life 67--71
Frederic Raynal and
Yann Berthier and
Philippe Biondi and
Danielle Kaminsky Honeypot Forensics Part I: Analyzing the
Network . . . . . . . . . . . . . . . . 72--78
Denis Verdon and
Gary McGraw Risk Analysis in Software Design . . . . 79--84
Michael A. Caloyannides Is Privacy Really Constraining Security
or Is this a Red Herring? . . . . . . . 86--87
Bruce Schneier Customers, Passwords, and Web Sites . . 88--88
Fred Schneider Time Out for Station Identification . . 5--5
Anonymous Letters to the Editor . . . . . . . . . 6--7
Greg Goth News . . . . . . . . . . . . . . . . . . 8--11
Anonymous Protecting Consumers' Private Health
Information . . . . . . . . . . . . . . 12--12
Lorrie Faith Cranor and
Simson Garfinkel Guest Editors' Introduction: Secure or
Usable? . . . . . . . . . . . . . . . . 16--18
Dirk Balfanz and
Glenn Durfee and
Rebecca E. Grinter and
D. K. Smetters In Search of Usable Security: Five
Lessons from the Field . . . . . . . . . 19--24
Jeff Yan and
Alan Blackwell and
Ross Anderson and
Alasdair Grant Password Memorability and Security:
Empirical Results . . . . . . . . . . . 25--31
Mike Just Designing and Evaluating
Challenge-Question Systems . . . . . . . 32--39
Alen Peacock and
Xian Ke and
Matthew Wilkerson Typing Patterns: a Key to User
Identification . . . . . . . . . . . . . 40--47
Ka-Ping Yee Aligning Security and Usability . . . . 48--55
Marc Donner Jennifer Government . . . . . . . . . . 57--59
Deborah Frincke and
Matt Bishop Joining the Security Education Community 61--63
O. Sami Saydjari Multilevel Security: Reprise . . . . . . 64--67
Mike Andrews and
James A. Whittaker Computer Security . . . . . . . . . . . 68--71
Iván Arce The Shellcode Generation . . . . . . . . 72--76
Frederic Raynal and
Yann Berthier and
Philippe Biondi and
Danielle Kaminsky Honeypot Forensics, Part II: Analyzing
the Compromised Host . . . . . . . . . . 77--80
Gary McGraw and
Bruce Potter Software Security Testing . . . . . . . 81--85
Michael A. Caloyannides Speech Privacy Technophobes Need Not
Apply . . . . . . . . . . . . . . . . . 86--87
Bruce Schneier SIMS: Solution, or Part of the Problem? 88--88
George Cybenko Security Alchemy . . . . . . . . . . . . 5--5
Scott Forbes Privacy Law Resource for Students and
Professionals . . . . . . . . . . . . . 7--7
Greg Goth and
Benjamin Alfonsi News . . . . . . . . . . . . . . . . . . 8--9
Annie I. Antón and
Qingfeng He and
David L. Baumer Inside JetBlue's Privacy Policy
Violations . . . . . . . . . . . . . . . 12--18
Jaideep Vaidya and
Chris Clifton Privacy-Preserving Data Mining: Why,
How, and When . . . . . . . . . . . . . 19--27
K. S. Shankar and
Helmut Kurth Certifying Open Source---The Linux
Experience . . . . . . . . . . . . . . . 28--33
David E. Bakken and
Rupa Parameswaran and
Douglas M. Blough and
Andy A. Franz and
Ty J. Palmer Data Obfuscation: Anonymity and
Desensitization of Usable Data Sets . . 34--41
Javed Aslam and
Sergey Bratus and
David Kotz and
Ron Peterson and
Brett Tofel and
Daniela Rus The Kerf Toolkit for Intrusion Analysis 42--52
Marc Donner Use the Force, Luke! . . . . . . . . . . 53--55
Deborah Frincke and
Matt Bishop Academic Degrees and Professional
Certification . . . . . . . . . . . . . 56--58
Shelby Evans and
David Heinbuch and
Elizabeth Kyule and
John Piorkowski and
James Wallner Risk-based Systems Security Engineering:
Stopping Attacks with Intention . . . . 59--62
Michael Howard Building More Secure Software with
Improved Development Processes . . . . . 63--65
Elias Levy Interface Illusions . . . . . . . . . . 66--69
Anil Somayaji How to Win and Evolutionary Arms Race 70--72
John G. Levine and
Julian B. Grizzard and
Henry L. Owen Using Honeynets to Protect Large
Enterprise Networks . . . . . . . . . . 73--75
Brian Chess and
Gary McGraw Static Analysis for Security . . . . . . 76--79
Anonymous 2004 Annual Index . . . . . . . . . . . 80--85
Michael Caloyannides Enhancing Security: Not for the
Conformist . . . . . . . . . . . . . . . 88, 86--87
C. Landwehr Changing the Puzzle Pieces . . . . . . . 3--4
M. R. Sytz Studying Attacks to Improve Software
Defense . . . . . . . . . . . . . . . . 11--11
R. Anderson and
B. Schneier Guest Editors' Introduction: Economics
of Information Security . . . . . . . . 12--13
E. Rescorla Is finding security holes a good idea? 14--19
A. Arora and
R. Telang Economics of software vulnerability
disclosure . . . . . . . . . . . . . . . 20--25
A. Acquisti and
J. Grossklags Privacy and rationality in individual
decision making . . . . . . . . . . . . 26--33
H. Varian and
F. Wallenberg and
G. Woroch The demographics of the do-not-call list
[security of data] . . . . . . . . . . . 34--39
S. E. Schechter Toward econometric models of the
security risk from remote attacks . . . 40--44
G. Danezis and
R. Anderson The economics of resisting censorship 45--50
J. Linn Technology and Web user data privacy ---
a survey of risks and countermeasures 52--58
A. Yasinsac and
M. Burmester Centers of academic excellence: a case
study . . . . . . . . . . . . . . . . . 62--65
H. H. Thompson Application penetration testing . . . . 66--69
I. Arce Bad peripherals . . . . . . . . . . . . 70--73
C. Adams Building secure Web-based environments:
understanding research
interrelationships through a
construction metaphor . . . . . . . . . 74--77
R. L. Trope Directors' digital fiduciary duties . . 78--82
B. Arkin and
S. Stender and
G. McGraw Software penetration testing . . . . . . 84--87
B. Schneier Authentication and Expiration . . . . . 88--88
M. Donner What's in a Name? . . . . . . . . . . . 4--5
S. A. Weiss Crypto 2004 . . . . . . . . . . . . . . 11--13
R. Iverson A Framework to Consider . . . . . . . . 14--14
R. Oppliger and
R. Rytz Does trusted computing remedy computer
security problems? . . . . . . . . . . . 16--19
A. Iliev and
S. W. Smith Protecting client privacy with trusted
computing at the server . . . . . . . . 20--28
D. N. Jutla and
P. Bodorik Sociotechnical architecture for online
privacy . . . . . . . . . . . . . . . . 29--39
S. L. Pfleeger and
G. Bloom Canning SPAM: Proposed solutions to
unwanted email . . . . . . . . . . . . . 40--47
R. Dodge and
D. Ragsdale Technology education at the US Military
Academy . . . . . . . . . . . . . . . . 49--53
R. A. Maxion and
R. R. M. Roberts Methodological foundations: enabling the
next generation of security . . . . . . 54--57
P. Oehlert Violating assumptions with fuzzing . . . 58--62
E. Levy Worm propagation and generic attacks . . 63--65
S. W. Smith Turing is from Mars, Shannon is from
Venus: computer science and computer
engineering . . . . . . . . . . . . . . 66--69
E. M. Power and
R. L. Trope Averting security missteps in
outsourcing . . . . . . . . . . . . . . 70--73
S. Barnum and
G. McGraw Knowledge for software security . . . . 74--78
D. Geer, Jr. The Problem Statement is the Problem . . 80--80
F. B. Schneider It Depends on What You Pay . . . . . . . 3--3
M. R. Stytz Under the Black Hat . . . . . . . . . . 5--5
L. McLaughlin Interview: Holistic Security . . . . . . 6--8
S. Landau and
M. R. Stytz Overview of cyber security: a crisis of
prioritization . . . . . . . . . . . . . 9--11
M. Amin Guest Editor's Introduction:
Infrastructure Security--Reliability and
Dependability of Critical Systems . . . 15--17
M. Sahinoglu Security meter: a practical
decision-tree model to quantify risk . . 18--24
Min Cai and
Kai Hwang and
Yu-Kwong Kwok and
Shanshan Song and
Yu Chen Collaborative Internet worm containment 25--33
S. L. Garfinkel and
A. Juels and
R. Pappu RFID privacy: an overview of problems
and proposed solutions . . . . . . . . . 34--43
T. J. Walsh and
D. R. Kuhn Challenges in securing voice over IP . . 44--49
A. Senior and
S. Pankanti and
A. Hampapur and
L. Brown and
Ying-Li Tian and
A. Ekin and
J. Connell and
Chiao Fe Shu and
M. Lu Enabling video privacy through computer
vision . . . . . . . . . . . . . . . . . 50--57
M. Donner A young geek's fancy turns to\ldots
science fiction? [Book recommendations] 58--60
C. E. Irvine and
M. F. Thompson and
K. Allen CyberCIEGE: gaming for information
assurance . . . . . . . . . . . . . . . 61--64
B. Snow Four ways to improve security . . . . . 65--67
P. Gutmann and
D. Naccache and
C. C. Palmer When hashes collide [applied
cryptography] . . . . . . . . . . . . . 68--71
R. Ford Malcode mysteries revealed [computer
viruses and worms] . . . . . . . . . . . 72--75
T. Holz A short visit to the bot zoo [malicious
bots software] . . . . . . . . . . . . . 76--79
C. Salka Programming languages and systems
security . . . . . . . . . . . . . . . . 80--83
M. Lesk Salute the broadcast flag [digital
protection for TV recording] . . . . . . 84--87
D. Taylor and
G. McGraw Adopting a software security improvement
program . . . . . . . . . . . . . . . . 88--91
S. Bellovin Security and Privacy: Enemies or Allies? 92--92
George Cybenko The One-Eyed Man Is King . . . . . . . . 4--5
Nathanael Paul A Closer Look at Viruses and Worms . . . 7
Benjamin Alfonsi Alliance Addresses VoIP Security . . . . 8
Axelle Apvrille and
Makan Pourzandi Secure Software Development by Example 10--17
Helayne T. Ray and
Raghunath Vemuri and
Hariprasad R. Kantubhukta Toward an Automated Attack Model for Red
Teams . . . . . . . . . . . . . . . . . 18--25
Michael Bailey and
Evan Cooke and
Farnam Jahanian and
David Watson and
Jose Nazario The Blaster Worm: Then and Now . . . . . 26--31
Dimitrios Lekkas and
Diomidis Spinellis Handling and Reporting Security
Advisories: a Scorecard Approach . . . . 32--41
Urs E. Gattiker EICAR 2005 . . . . . . . . . . . . . . . 45--48
Matt Bishop and
Deborah Frincke A Human Endeavor: Lessons from
Shakespeare and Beyond . . . . . . . . . 49--51
James Mulvenon Toward a Cyberconflict Studies Research
Agenda . . . . . . . . . . . . . . . . . 52--55
Peter Gutmann and
Ian Grigg Security Usability . . . . . . . . . . . 56--58
William H. Allen Computer Forensics . . . . . . . . . . . 59--62
Iván Arce The Land of the Blind . . . . . . . . . 63--67
Sara Sinclair and
S. W. Smith The TIPPI Point: Toward Trustworthy
Interfaces . . . . . . . . . . . . . . . 68--71
Martin R. Stytz Protecting Personal Privacy: Hauling
Down the Jolly Roger . . . . . . . . . . 72--74
Nancy R. Mead and
Gary McGraw A Portal for Software Security . . . . . 75--79
Marc Donner There Ain't No Inside, There Ain't No
Outside\ldots . . . . . . . . . . . . . 4--5
Katharine W. Webb Biometric Security Solutions . . . . . . 7
Heather Drinan and
Brent Kesler News Briefs . . . . . . . . . . . . . . 8--10
Laurianne McLaughlin From AWK to Google: Peter Weinberger
Talks Search . . . . . . . . . . . . . . 11--13
Barbara Carminati and
Elena Ferrari and
Patrick C. K. Hung Exploring Privacy Issues in Web Services
Discovery Agencies . . . . . . . . . . . 14--21
Bernardo A. Huberman and
Eytan Adar and
Leslie R. Fine Valuating Privacy . . . . . . . . . . . 22--25
Lance J. Hoffman and
Tim Rosenberg and
Ronald Dodge and
Daniel Ragsdale Exploring a National Cybersecurity
Exercise for Universities . . . . . . . 27--33
Fred B. Schneider and
Lidong Zhou Implementing Trustworthy Services Using
Replicated State Machines . . . . . . . 34--43
Robert W. Reeder and
Fahd Arshad Soups 2005 . . . . . . . . . . . . . . . 47--50
Peter Kuper The State of Security . . . . . . . . . 51--53
Matt Bishop and
Deborah A. Frincke Teaching Secure Programming . . . . . . 54--56
Ann Miller Trends in Process Control Systems
Security . . . . . . . . . . . . . . . . 57--60
David Naccache Finding Faults . . . . . . . . . . . . . 61--65
Peter Torr Demystifying the Threat-Modeling Process 66--70
David M. Nicol Modeling and Simulation in Security
Evaluation . . . . . . . . . . . . . . . 71--74
Kenneth R. van Wyk and
Gary McGraw Bridging the Gap between Software
Development and Information Security . . 75--79
Dan Geer When Is a Product a Security Product? 80
Martin Libicki Are RFIDs Coming to Get You? . . . . . . 6--6
Heather Drinan and
Nancy Fontaine and
Brent Kesler News Briefs . . . . . . . . . . . . . . 7--8
Laurianne McLaughlin Winning the Game of Risk: Neumann's Take
on Sound Design . . . . . . . . . . . . 9--12
Michah Sherr and
Eric Cronin and
Sandy Clark and
Matt Blaze Signaling vulnerabilities in wiretapping
systems . . . . . . . . . . . . . . . . 13--25
Susan Landau Security, wiretapping, and the Internet 26--33
Philip L. Campbell The denial-of-service dance . . . . . . 34--40
Stelios Sidiroglou and
Angelos D. Keromytis Countering network worms through
automatic patch generation . . . . . . . 41--49
Gregory Conti and
Mustaque Ahamad A framework for countering
denial-of-information attacks . . . . . 50--56
Faith M. Keikkila SecureWorld Expo 2005 . . . . . . . . . 57--60
Pinny Sheoran and
Oria Friesen and
Barbara J. Huffman de Belón Developing and Sustaining Information
Assurance: The Role of Community
Colleges (Part 1) . . . . . . . . . . . 61--63
Scott Borg Economically complex cyberattacks . . . 64--67
Gerald A. Marin Network security basics . . . . . . . . 68--72
S. W. Smith Pretending that systems are secure . . . 73--76
E. Michael Power and
Roland L. Trope Acting responsibly with geospatial data 77--80
Katrina Tsipenyuk and
Brian Chess and
Gary McGraw Seven pernicious kingdoms: a taxonomy of
software security errors . . . . . . . . 81--84
Ted Phillips and
Ttom Karygiannis and
Rick Kuhn Security standards for the RFID market 85--89
Anonymous 2005 Annual Index . . . . . . . . . . . 90--95
Bruce Schneier The Zotob Storm . . . . . . . . . . . . 96--96
George Cybenko Why Johnny Can't Evaluate Security Risk 5--5
Anonymous Special Thanks to S&P's Reviewers . . . . 7--8
Whitfield Diffie Chattering about SIGINT . . . . . . . . 9--9
Laurianne McLaughlin Philip Zimmermann on What's Next after
PGP? . . . . . . . . . . . . . . . . . . 10--13
Heather Drinan and
Nancy Fontaine and
Brent Kesler News Briefs . . . . . . . . . . . . . . 14--16
Edward W. Felten and
J. Alex Halderman Digital Rights Management, Spyware, and
Security . . . . . . . . . . . . . . . . 18--23
John G. Levine and
Julian B. Grizzard and
Henry L. Owen Detecting and Categorizing Kernel-Level
Rootkits to Aid Future Detection . . . . 24--32
Nir Kshetri The Simple Economics of Cybercrimes . . 33--39
Steven Cheung Denial of Service against the Domain
Name System . . . . . . . . . . . . . . 40--45
John Black and
Martin Cochran and
Ryan Gardner A Security Analysis of the Internet
Chess Club . . . . . . . . . . . . . . . 46--52
Christian Rechberger and
Vincent Rijmen and
Nicolas Sklavos The NIST Cryptographic Workshop on Hash
Functions . . . . . . . . . . . . . . . 54--56
Timothy Rosenberg and
Lance J. Hoffman Taking Networks on the Road: Portable
Solutions for Security Educators . . . . 57--60
Anonymous 2006 Editorial Calendar . . . . . . . . 61--61
Virgil D. Gligor and
Tom Haigh and
Dick Kemmerer and
Carl Landwehr and
Steve Lipner and
John McLean Information Assurance Technology
Forecast 2005 . . . . . . . . . . . . . 62--69
Jean-Sebastien Coron What Is Cryptography? . . . . . . . . . 70--73
Robert Seacord Secure Coding in C and C++: Of Strings
and Integers . . . . . . . . . . . . . . 74--76
Dragos Ruiu Learning from Information Security
History . . . . . . . . . . . . . . . . 77--79
Jeremy Epstein and
Scott Matsumoto and
Gary McGraw Software Security and SOA: Danger, Will
Robinson! . . . . . . . . . . . . . . . 80--83
Ramaswamy Chandramouli and
Scott Rose Challenges in Securing the Domain Name
System . . . . . . . . . . . . . . . . . 84--87
Steve Bellovin Unconventional Wisdom . . . . . . . . . 88--88
Marc Donner The Impending Debate . . . . . . . . . . 4--5
Mikhael Felker Internet War Games: Power of the Masses 7
Brent Kesler and
Heather Drinan and
Nancy Fontaine News Briefs . . . . . . . . . . . . . . 8--13
Kjell J. Hole and
Vebjòrn Moen and
Thomas Tjòstheim Case Study: Online Banking Security . . 14--20
Alain Hiltgen and
Thorsten Kramp and
Thomas Weigold Secure Internet Banking Authentication 21--29
WenJie Wang and
Yufei Yuan and
Norm Archer A Contextual Framework for Combating
Identity Theft . . . . . . . . . . . . . 30--38
David D. Hwang and
Patrick Schaumont and
Kris Tiri and
Ingrid Verbauwhede Securing Embedded Systems . . . . . . . 40--49
Feisal Keblawi and
Dick Sullivan Applying the Common Criteria in Systems
Engineering . . . . . . . . . . . . . . 50--55
Peter Kuper A Warning to Industry---Fix It or Lose
It . . . . . . . . . . . . . . . . . . . 56--60
Matt Bishop and
Deborah A. Frincke Who Owns Your Computer? . . . . . . . . 61--63
Rosario Gennaro Randomness in Cryptography . . . . . . . 64--67
James A. Whittaker and
Richard Ford How to Think about Security . . . . . . 68--71
Thorsten Holz and
Simon Marechal and
Frédéric Raynal New Threats and Attacks on the World
Wide Web . . . . . . . . . . . . . . . . 72--75
Scott Bradner The End of End-to-End Security? . . . . 76--79
Michael Lesk Should Indexing Be Fair Use? The Battle
over Google Book Search . . . . . . . . 80--83
John Steven Adopting an Enterprise Software Security
Framework . . . . . . . . . . . . . . . 84--87
William E. Burr Cryptographic Hash Standards: Where Do
We Go from Here? . . . . . . . . . . . . 88--91
Anonymous IEEE Security & Privacy 2006 Editorial
Calendar . . . . . . . . . . . . . . . . 92
Fred B. Schneider Here Be Dragons . . . . . . . . . . . . 3
Shari Lawrence Pfleeger Everything You Wanted to Know about
Privacy (But Were Afraid to Ask) . . . . 5
Brent Kesler and
Heather Drinan News Briefs . . . . . . . . . . . . . . 6--10
Gary McGraw Interview: Silver Bullet Speaks to Avi
Rubin . . . . . . . . . . . . . . . . . 11--13
James X. Dempsey and
Ira Rubinstein Guest Editors' Introduction: Lawyers and
Technologists---Joined at the Hip? . . . 15--19
Patricia L. Bellia The Fourth Amendment and Emerging
Communications Technologies . . . . . . 20--28
Albert Gidari Designing the Right Wiretap Solution:
Setting Standards under CALEA . . . . . 29--36
Erin Egan and
Tim Jucovy Building a Better Filter: How To Create
a Safer Internet and Avoid the
Litigation Trap . . . . . . . . . . . . 37--44
Charles D. Curran Combating Spam, Spyware, and Other
Desktop Intrusions: Legal Considerations
in Operating Trusted Intermediary
Technologies . . . . . . . . . . . . . . 45--51
Gregory P. Schaffer Worms and Viruses and Botnets, Oh My!:
Rational Responses to Emerging Internet
Threats . . . . . . . . . . . . . . . . 52--58
Pinny Sheoran and
Oris Friesen and
Barbara J. Huffman de Belón Developing and Sustaining Information
Assurance: The Role of Community
Colleges, Part 2 . . . . . . . . . . . . 60--65
Robin E. Bloomfield and
Sofia Guerra and
Ann Miller and
Marcelo Masera and
Charles B. Weinstock International Working Group on Assurance
Cases (for Security) . . . . . . . . . . 66--68
Kenneth G. Paterson and
Arnold K. L. Yau Lost in Translation: Theory and Practice
in Cryptography . . . . . . . . . . . . 69--72
Tuomas Aura Why You Shouldn't Study Security . . . . 74--76
Martin R. Stytz and
Sheila B. Banks Dynamic Software Security Testing . . . 77--79
Pravir Chandra and
Brian Chess and
John Steven Putting the Tools to Work: How to
Succeed with Source Code Analysis . . . 80--83
Anne Anderson Web Services Policies (Abstract) . . . . 84--87
Daniel E. Geer, Jr. Convergence (Abstract) . . . . . . . . . 88--88
Carl E. Landwehr Speaking of Privacy . . . . . . . . . . 4--5
Brent Kesler and
Heather Drinan News Briefs . . . . . . . . . . . . . . 6--8
Charles P. Pfleeger and
Shari Lawrence Pfleeger Why We Won't Review Books by Hackers . . 9
Gary McGraw Interview: Silver Bullet Speaks with Dan
Geer . . . . . . . . . . . . . . . . . . 10--13
Mike Andrews Guest Editor's Introduction: The State
of Web Security . . . . . . . . . . . . 14--15
J. D. Meier Web Application Security Engineering . . 16--24
John Viega and
Jeremy Epstein Why Applying Standards to Web Services
Is Not Enough . . . . . . . . . . . . . 25--31
Mark Curphey and
Rudolph Araujo Web Application Security Assessment
Tools . . . . . . . . . . . . . . . . . 32--41
Denis Verdon Security Policies and the Software
Developer . . . . . . . . . . . . . . . 42--49
Richard R. Brooks and
Christopher Vutsinas Kafka in the Academy: a Note on Ethics
in IA Education . . . . . . . . . . . . 50--53
Paulo E. Veríssimo and
Nuno F. Neves and
Christian Cachin and
Jonathan Poritz and
David Powell and
Yves Deswarte and
Robert Stroud and
Ian Welch Intrusion-Tolerant Middleware: The Road
to Automatic Security . . . . . . . . . 54--62
Roland L. Trope and
E. Michael Power Lessons for Laptops for the 18th Century 64--68
Melanie R. Rieback and
Bruno Crispo and
Andrew S. Tanenbaum RFID Malware: Truth vs. Myth . . . . . . 70--72
Michael Howard A Process for Performing Security Code
Reviews . . . . . . . . . . . . . . . . 74--79
Ivan Arce Voices, I Hear Voices . . . . . . . . . 80--83
Jonathan Herzog Applying Protocol Analysis to Security
Device Interfaces . . . . . . . . . . . 84--87
Gunnar Peterson Introduction to Identity Management Risk
Metrics . . . . . . . . . . . . . . . . 88--91
Jim Robbins and
John T. Sabo Managing Information Privacy: Developing
a Context for Security and Privacy
Standards Convergence . . . . . . . . . 92--95
Steven M. Bellovin On the Brittleness of Software and the
Infeasibility of Security Metrics . . . 96--96
Marc Donner Insecurity through Obscurity . . . . . . 4
Anonymous Letters to the Editor . . . . . . . . . 5
Geraldine MacDonald Cross-Border Transaction Liability . . . 7
Brandi Ortega News Briefs . . . . . . . . . . . . . . 8--10
Gary McGraw Interview: Silver Bullet Speaks to
Marcus Ranum . . . . . . . . . . . . . . 11--14
Matthew Geiger and
Lorrie Faith Cranor Scrubbing Stubborn Data: An Evaluation
of Counter-Forensic Privacy Tools . . . 16--25
Robert Thibadeau Trusted Computing for Disk Drives and
Other Peripherals . . . . . . . . . . . 26--33
Peng Shaunghe and
Han Zhen Enhancing PC Security with a U-Key . . . 34--39
Grant A. Jacoby and
Randy Marchany and
Nathaniel J. Davis IV Using Battery Constraints within Mobile
Hosts to Improve Network Security . . . 40--49
Brian Randell and
Peter Y. A. Ryan Voting Technologies and Trust . . . . . 50--56
Stephen A. Weis Privacy Enhancing Technologies . . . . . 59
Jill Slay and
Benjamin Turnbull Computer Security Education and Research
in Australia . . . . . . . . . . . . . . 60--63
Luther Martin Fitting Square Pegs into Round Holes . . 64--66
Sarah Gordon Understanding the Adversary: Virus
Writers and Beyond . . . . . . . . . . . 67--70
Elias Levy Worst-Case Scenario . . . . . . . . . . 71--73
Roland L. Trope Immaterial Transfers with Material
Consequences . . . . . . . . . . . . . . 74--78
Kenneth R. van Wyk and
John Steven Essential Factors for Successful
Software Security Awareness Training . . 80--83
Doug Montgomery and
Sandra Murphy Toward Secure Routing Infrastructures 84--87
Bruce Schneier University Networks and Data Security 88--88
George Cybenko Weak Links, Strong Ties . . . . . . . . 3
Anonymous Masthead . . . . . . . . . . . . . . . . 4
Eugene Spafford Desert Island Books . . . . . . . . . . 5
Brandi Ortega News Briefs . . . . . . . . . . . . . . 6--9
Gary McGraw Silver Bullet Speaks with Ed Felten . . 10--13
Anonymous RSA\reg Conference 2007 . . . . . . . . 14
Simson Garfinkel and
Michael D. Smith Guest Editors' Introduction: Data
Surveillance . . . . . . . . . . . . . . 15--17
Robert Popp and
John Poindexter Countering Terrorism through Information
and Privacy Protection Technologies . . 18--27
Jeff Jonas Threat and Fraud Intelligence, Las Vegas
Style . . . . . . . . . . . . . . . . . 28--34
Anonymous IEEE Computer Society Distance Learning
Campus . . . . . . . . . . . . . . . . . 35
David J. Chaboya and
Richard A. Raines and
Rusty O. Baldwin and
Barry E. Mullins Network Intrusion Detection: Automated
and Manual Methods Prone to Attack and
Evasion . . . . . . . . . . . . . . . . 36--43
Vincent C. S. Lee and
Linyi Shao Estimating Potential IT Security Losses:
An Alternative Quantitative Approach . . 44--52
Janice Y. Tsai and
Serge Egelman Soups 2006 . . . . . . . . . . . . . . . 53--55
Bradley S. Rubin and
Donald Cheung Computer Security Education and
Research: Handle with Care . . . . . . . 56--59
Phillip A. Porras Privacy-Enabled Global Threat Monitoring 60--63
John P. Tomaszewski Are You Sure You Had a Privacy Incident? 64--66
Vanessa Gratzer and
David Naccache Cryptography, Law Enforcement, and
Mobile Communications . . . . . . . . . 67--70
David Ladd A Software Procurement and Security
Primer . . . . . . . . . . . . . . . . . 71--73
Laree Kiely and
Terry V. Benzel Systemic Security Management . . . . . . 74--77
William Suchan and
Edward Sobiesk Strengthening the Weakest Link in
Digital Protection . . . . . . . . . . . 78--80
Gunnar Peterson and
John Steven Defining Misuse within the Development
Process . . . . . . . . . . . . . . . . 81--84
Peter Mell and
Karen Scarfone and
Sasha Romanosky Common Vulnerability Scoring System . . 85--89
Anonymous IEEE Security & Privacy 2006 Annual
Index, Volume 4 . . . . . . . . . . . . 90--95
Daniel E. Geer, Jr. Evidently Evidentiary . . . . . . . . . 96
Carl E. Landwehr New Challenges for the New Year . . . . 3--4
Anonymous Special Thanks to S&P's Reviewers . . . . 6--7
Ross Anderson Software Security: State of the Art . . 8
Gary McGraw Silver Bullet Speaks with John Stewart 9--11
Brandi Ortega News Briefs . . . . . . . . . . . . . . 12--15
Rolf Oppliger Providing Certified Mail Services on the
Internet . . . . . . . . . . . . . . . . 16--22
Marco Domenico Aime and
Giorgio Calandriello and
Antonio Lioy Dependability in Wireless Networks: Can
We Rely on WiFi? . . . . . . . . . . . . 23--29
Carol Woody and
Christopher Alberts Considering Operational Security Risk
during System Development . . . . . . . 30--35
Wade H. Baker and
Linda Wallace Is Information Security Under Control?:
Investigating Quality in Information
Security Management . . . . . . . . . . 36--44
Annie I. Antón and
Julia B. Eart and
Matthew W. Vail and
Neha Jain and
Carrie M. Gheen and
Jack M. Frink HIPAA's Effect on Web Site Privacy
Policies . . . . . . . . . . . . . . . . 45--52
Matt Bishop and
Deborah A. Frincke Achieving Learning Objectives through
E-Voting Case Studies . . . . . . . . . 53--56
Ravishankar K. Iyer and
Zbigniew Kalbarczyk and
Karthik Pattabiraman and
William Healey and
Wen-Mei W. Hwu and
Peter Klemperer and
Reza Farivar Toward Application-Aware Security and
Reliability . . . . . . . . . . . . . . 57--62
Willi Geiselmann and
Rainer Steinwandt Special-Purpose Hardware in
Cryptanalysis: The Case of 1,024-Bit RSA 63--66
Richard Ford and
William H. Allen How Not to Be Seen . . . . . . . . . . . 67--69
Adam J. O'Donnell The Evolutionary Microcosm of Stock Spam 70--72
Lori DeLooze Providing Web Service Security in a
Federated Environment . . . . . . . . . 73--75
John Morris and
Jon Peterson Who's Watching You Now? . . . . . . . . 76--79
Steve Bellovin DRM, Complexity, and Correctness . . . . 80
Fred Schneider Trusted Computing in Context . . . . . . 4--5
Brandi Ortega News Briefs . . . . . . . . . . . . . . 7--10
Gary McGraw Silver Bullet Speaks with Dorothy
Denning . . . . . . . . . . . . . . . . 11--14
Iván Arce A Surprise Party (on Your Computer)? . . 15--16
Luca Carettoni and
Claudio Merloni and
Stefano Zanero Studying Bluetooth Malware Propagation:
The BlueBag Project . . . . . . . . . . 17--25
Vanessa Gratzer and
David Naccache Alien vs. Quine . . . . . . . . . . . . 26--31
Carsten Willems and
Thorsten Holz and
Felix Freiling Toward Automated Dynamic Malware
Analysis Using CWSandbox . . . . . . . . 32--39
Robert Lyda and
James Hamrock Using Entropy Analysis to Find Encrypted
and Packed Malware . . . . . . . . . . . 40--45
Danilo Bruschi and
Lorenzo Martignoni and
Mattia Monga Code Normalization for Self-Mutating
Malware . . . . . . . . . . . . . . . . 46--54
Abhilasha Bhargav-Spantzel and
Anna C. Squicciarini and
Elisa Bertino Trust Negotiation in Identity Management 55--63
Marianthi Theoharidou and
Dimitris Gritazalis Common Body of Knowledge for Information
Security . . . . . . . . . . . . . . . . 64--67
Keye Martin Secure Communication without Encryption? 68--71
E. Michael Power and
Jonathan Gilhen and
Roland L. Trope Setting Boundaries at Borders:
Reconciling Laptop Searches and Privacy 72--75
Patrick P. Tsang When Cryptographers Turn Lead into Gold 76--79
Apu Kapadia A Case (Study) For Usability in Secure
Email Communication . . . . . . . . . . 80--84
Michael Lesk South Korea's Way to the Future . . . . 85--87
Elizabeth A. Nichols and
Gunnar Peterson A Metrics Framework to Drive Application
Security Improvement . . . . . . . . . . 88--91
Ramaswamy Chandramouli and
Philip Lee Infrastructure Standards for Smart ID
Card Deployment . . . . . . . . . . . . 92--96
Carl E. Landwehr Food for Thought: Improving the Market
for Assurance . . . . . . . . . . . . . 3--4
Gary McGraw Silver Bullet Talks with Becky Bace . . 6--9
Brandi Ortega News Briefs . . . . . . . . . . . . . . 10--12
Shari Lawrence Pfleeger and
Roland L. Trope and
Charles C. Palmer Guest Editors' Introduction: Managing
Organizational Security . . . . . . . . 13--15
M. Eric Johnson and
Eric Goetz Embedding Information Security into the
Organization . . . . . . . . . . . . . . 16--24
Shari Lawrence Pfleeger and
Martin Libicki and
Michael Webber I'll Buy That! Cybersecurity in the
Internet Marketplace . . . . . . . . . . 25--31
Roland L. Trope and
E. Michael Power and
Vincent I. Polley and
Bradford C. Morley A Coherent Strategy for Data Security
through Data Governance . . . . . . . . 32--39
David Rosenblum What Anyone Can Know: The Privacy Risks
of Social Networking Sites . . . . . . . 40--49
Walter S. Baer and
Andrew Parkinson Cyberinsurance in IT Security Management 50--56
Richard S. Swart and
Robert F. Erbacher Educating Students to Create Trustworthy
Systems . . . . . . . . . . . . . . . . 58--61
Matthew Carpenter and
Tom Liston and
Ed Skoudis Hiding Virtualization from Attackers and
Malware . . . . . . . . . . . . . . . . 62--65
Edward Sobiesk and
Gregory Conti The Cost of Free Web Tools . . . . . . . 66--68
Anna Lysyanskaya Authentication without Identification 69--71
Tina R. Knutson Building Privacy into Software Products
and Services . . . . . . . . . . . . . . 72--74
David Ahmad The Contemporary Software Security
Landscape . . . . . . . . . . . . . . . 75--77
M. Angela Sasse Red-Eye Blink, Bendy Shuffle, and the
Yuck Factor: a User Experience of
Biometric Airport Systems . . . . . . . 78--81
Michael N. Gagnon and
Stephen Taylor and
Anup K. Ghosh Software Protection through
Anti-Debugging . . . . . . . . . . . . . 82--84
Johan Peeters and
Paul Dyson Cost-Effective Security . . . . . . . . 85--87
Bruce Schneier Nonsecurity Considerations in Security
Decisions . . . . . . . . . . . . . . . 88
Marc Donner Cyberassault on Estonia . . . . . . . . 4
Brandi Ortega News Briefs . . . . . . . . . . . . . . 6--9
Gary McGraw and
Ross Anderson Silver Bullet Talks with Ross Anderson 10--13
Jennifer English and
David Coe and
Rhonda Gaede and
David Hyde and
Jeffrey Kulick MEMS-Assisted Cryptography for CPI
Protection . . . . . . . . . . . . . . . 14--21
Faith M. Heikkila Encryption: Security Considerations for
Portable Media Devices . . . . . . . . . 22--27
Jeffrey R. Jones Estimating Software Vulnerabilities . . 28--32
Jangbok Kim and
Kihyun Chung and
Kyunghee Choi Spam Filtering With Dynamically Updated
URL Statistics . . . . . . . . . . . . . 33--39
Christos K. Dimitriadis Improving Mobile Core Network Security
with Honeynets . . . . . . . . . . . . . 40--47
Sean Peisert and
Matt Bishop I Am a Scientist, Not a Philosopher! . . 48--51
Michael Franz Containing the Ultimate Trojan Horse . . 52--56
Sophie In 't Veld Data Sharing across the Atlantic . . . . 58--61
Onur Aciiçmez and
Jean-Pierre Seifert and
Çetin Kaya Koç Micro-Architectural Cryptanalysis . . . 62--64
William H. Allen Mixing Wheat with the Chaff: Creating
Useful Test Data for IDS Evaluation . . 65--67
Iván Arce Ghost in the Virtual Machine . . . . . . 68--71
Sergey Bratus What Hackers Learn that the Rest of Us
Don't: Notes on Hacker Curriculum . . . 72--75
Michael Lesk The New Front Line: Estonia under
Cyberassault . . . . . . . . . . . . . . 76--79
Suvajit Gupta and
Joel Winstead Using Attack Graphs to Design Systems 80--83
Pete Bramhall and
Marit Hansen and
Kai Rannenberg and
Thomas Roessler User-Centric Identity Management: New
Trends in Standardization and Regulation 84--87
Daniel E. Geer The End of Black and White . . . . . . . 88
Fred B. Schneider Technology Scapegoats and Policy Saviors 3--4
Anonymous Interface . . . . . . . . . . . . . . . 5
Shari Lawrence Pfleeger Spooky Lessons . . . . . . . . . . . . . 7
Gary McGraw Interview: Silver Bullet Talks with
Annie Antón . . . . . . . . . . . . . . . 8--11
Brandi Ortega News Briefs . . . . . . . . . . . . . . 12--14
Paul N. Otto and
Annie I. Antón and
David L. Baumer The ChoicePoint Dilemma: How Data
Brokers Should Handle the Privacy of
Personal Information . . . . . . . . . . 15--23
Apostol T. Vassilev and
Bertrand du Castel and
Asad M. Ali Personal Brokerage of Web Service Access 24--31
Frank J. Mabry and
John R. James and
Aaron J. Ferguson Unicode Steganographic Exploits:
Maintaining Enterprise Border Security 32--39
Barry E. Mullins and
Timothy H. Lacey and
Robert F. Mills and
Joseph E. Trechter and
Samuel D. Bass How the Cyber Defense Exercise Shaped an
Information-Assurance Curriculum . . . . 40--49
Ilan Oshri and
Julia Kotlarsky and
Corey Hirsch An Information Security Strategy for
Networkable Devices . . . . . . . . . . 50--56
Jonathan Caulkins and
Eric D. Hough and
Nancy R. Mead and
Hassan Osman Optimizing Investments in Security
Countermeasures: a Practical Tool for
Fixed Budgets . . . . . . . . . . . . . 57--60
Julie J. C. H. Ryan Plagiarism, Graduate Education, and
Information Security . . . . . . . . . . 62--65
David Fraser The Canadian Response to the USA Patriot
Act . . . . . . . . . . . . . . . . . . 66--68
Vanessa Gratzer and
David Naccache Trust on a Nationwide Scale . . . . . . 69--71
Dianne Solomon Balancing Privacy and Risk in the
E-Messaging World . . . . . . . . . . . 72--75
Gary McGraw and
Greg Hoglund Online Games and Security . . . . . . . 76--79
Fred Dushin and
Eric Newcomer Handling Multiple Credentials in a
Heterogeneous SOA Environment . . . . . 80--82
Roger Dingledine and
Nick Mathewson and
Paul Syverson Deploying Low-Latency Anonymity: Design
Challenges and Social Factors . . . . . 83--87
Steve Bellovin Seers and Craftspeople . . . . . . . . . 88
Carl E. Landwehr Revolution through Competition? . . . . 3--4
Brandi Ortega News Briefs . . . . . . . . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet Talks with
Mikko Hyppönen . . . . . . . . . . . . . 8--11
Martin R. Stytz What Are the Numbers? . . . . . . . . . 12
Markus Jakobsson and
Sid Stamm Web Camouflage: Protecting Your Clients
from Browser-Sniffing Attacks . . . . . 16--24
Kjell J. Hole and
Vebjòrn Moen and
André N. Klingsheim and
Knut M. Tande Lessons from the Norwegian ATM System 25--31
Ugo Piazzalunga and
Paolo Salvaneschi and
Francesco Balducci and
Pablo Jacomuzzi and
Cristiano Moroncelli Security Strength Measurement for
Dongle-Protected Software . . . . . . . 32--40
Ninghui Li and
Ji-Won Byun and
Elisa Bertino A Critique of the ANSI Standard on
Role-Based Access Control . . . . . . . 41--49
David Ferraiolo and
Rick Kuhn and
Ravi Sandhu RBAC Standard Rationale: Comments on ``A
Critique of the ANSI Standard on
Role-Based Access Control'' . . . . . . 51--53
Pythagoras Petratos Weather, Information Security, and
Markets . . . . . . . . . . . . . . . . 54--57
E. Michael Power Developing a Culture of Privacy: a Case
Study . . . . . . . . . . . . . . . . . 58--60
Serge Vaudenay E-Passport Threats . . . . . . . . . . . 61--64
Richard Ford and
William H. Allen How Not to Be Seen II: The Defenders
Fight Back . . . . . . . . . . . . . . . 65--68
David McKinney Vulnerability Bazaar . . . . . . . . . . 69--73
Luiz Felipe Perrone Could a Caveman Do It? The Surprising
Potential of Simple Attacks . . . . . . 74--77
Martin R. Stytz Who Are the Experts, and What Have They
Done for Us Lately? . . . . . . . . . . 78--80
John Steven and
Gunnar Peterson Metricon 2.0 . . . . . . . . . . . . . . 81--83
Matt Bishop About Penetration Testing . . . . . . . 84--87
Bruce Schneier The Death of the Security Industry . . . 88
Marc Donner Charge of the Light Brigade . . . . . . 5--5
Brandi Ortega News Briefs . . . . . . . . . . . . . . 6--8
Eugene Spafford James P. Anderson: An Information
Security Pioneer . . . . . . . . . . . . 9
Gary McGraw Interview: Silver Bullet Talks with
Eugene Spafford . . . . . . . . . . . . 10--15
Steven M. Bellovin and
Terry V. Benzel and
Bob Blakley and
Dorothy E. Denning and
Whitfield Diffie and
Jeremy Epstein and
Paulo Veríssimo Information Assurance Technology
Forecast 2008 . . . . . . . . . . . . . 16--23
Steven M. Bellovin and
Matt Blaze and
Whitfield Diffie and
Susan Landau and
Peter G. Neumann and
Jennifer Rexford Risking Communications Security:
Potential Hazards of the Protect America
Act . . . . . . . . . . . . . . . . . . 24--33
Siani Pearson and
Marco Casassa-Mont and
Manny Novoa Securing Information Transfer in
Distributed Computing Environments . . . 34--42
Anirban Chakrabarti and
Anish Damodaran and
Shubhashis Sengupta Grid Computing Security: a Taxonomy . . 44--51
David John Leversage and
Eric James Byres Estimating a System's Mean
Time-to-Compromise . . . . . . . . . . . 52--60
Frank L. Greitzer and
Andrew P. Moore and
Dawn M. Cappelli and
Dee H. Andrews and
Lynn A. Carroll and
Thomas D. Hull Combating the Insider Cyber Threat . . . 61--64
Martim Carbone and
Diego Zamboni and
Wenke Lee Taming Virtualization . . . . . . . . . 65--67
Aleksey Kolupaev and
Juriy Ogijenko CAPTCHAs: Humans vs. Bots . . . . . . . 68--70
Michael Howard Becoming a Security Expert . . . . . . . 71--73
Dave Ahmad The Confused Deputy and the Domain
Hijacker . . . . . . . . . . . . . . . . 74--77
Michael Lesk Forum Shopping on the Internet . . . . . 78--80
Edward Bonver Security Testing of Internal Tools . . . 81--83
Ed Coyne and
Tim Weil An RBAC Implementation and
Interoperability Standard: The INCITS
Cyber Security 1.1 Model . . . . . . . . 84--87
Dan Geer and
Daniel Conway What We Got for Christmas . . . . . . . 88
Marc Donner Lessons from Electrification for
Identification . . . . . . . . . . . . . 3
Simson Garfinkel Sharp Figures, Fuzzy Purpose . . . . . . 5
Gary McGraw Interview: Silver Bullet Talks with Ed
Amoroso . . . . . . . . . . . . . . . . 6--9
Brandi Ortega News Briefs . . . . . . . . . . . . . . 10--12
Susan Landau and
Deirdre K. Mulligan I'm Pc01002/SpringPeeper/ED288l.6; Who
are You? . . . . . . . . . . . . . . . . 13--15
Eve Maler and
Drummond Reed The Venn of Identity: Options and Issues
in Federated Identity Management . . . . 16--23
Rachna Dhamija and
Lisa Dusseault The Seven Flaws of Identity Management:
Usability and Security Challenges . . . 24--29
James L. Wayman Biometrics in Identity Management
Systems . . . . . . . . . . . . . . . . 30--37
Marit Hansen and
Ari Schwartz and
Alissa Cooper Privacy and Identity Management . . . . 38--45
Alessandro Acquisti Identity Management, Privacy, and Price
Discrimination . . . . . . . . . . . . . 46--50
Robin McKenzie and
Malcolm Crompton and
Colin Wallis Use Cases for Identity Management in
E-Government . . . . . . . . . . . . . . 51--57
Thomas E. Dube and
Bobby D. Birrer and
Richard A. Raines and
Rusty O. Baldwin and
Barry E. Mullins and
Robert W. Bennington and
Christopher E. Reuter Hindering Reverse Engineering: Thinking
Outside the Box . . . . . . . . . . . . 58--65
Markus Jakobsson and
Nathaniel Johnson and
Peter Finn Why and How to Perform Fraud Experiments 66--68
Eric Levieil and
David Naccache Cryptographic Test Correction . . . . . 69--71
Marco Carvalho Security in Mobile Ad Hoc Networks . . . 72--75
David McKinney New Hurdles for Vulnerability Disclosure 76--78
Michael E. Locasto and
Angelos Stavrou The Hidden Difficulties of Watching and
Rebuilding Networks . . . . . . . . . . 79--82
Patrick Harding and
Leif Johansson and
Nate Klingenstein Dynamic Security Assertion Markup
Language: Simplifying Single Sign-On . . 83--85
Daniel E. Geer, Jr. and
Daniel G. Conway Beware the IDs of March . . . . . . . . 87
Steve Bellovin Security by Checklist . . . . . . . . . 88
Carl E. Landwehr Up Scope . . . . . . . . . . . . . . . . 3--4
Brandi Ortega News Briefs . . . . . . . . . . . . . . 6--8
Gary McGraw Interview: Silver Bullet Talks with Jon
Swartz . . . . . . . . . . . . . . . . . 9--11
Aviel D. Rubin and
David R. Jefferson New Research Results for Electronic
Voting . . . . . . . . . . . . . . . . . 12--13
Altair O. Santin and
Regivaldo G. Costa and
Carlos A. Maziero A Three-Ballot-Based Secure Electronic
Voting System . . . . . . . . . . . . . 14--21
Alec Yasinsac and
Matt Bishop The Dynamics of Counting and Recounting
Votes . . . . . . . . . . . . . . . . . 22--29
Nirwan Ansari and
Pitipatana Sakarindr and
Ehsan Haghani and
Chao Zhang and
Aridaman K. Jain and
Yun Q. Shi Evaluating Electronic Voting Systems
Equipped with Voter-Verified Paper
Records . . . . . . . . . . . . . . . . 30--39
David Chaum and
Aleks Essex and
Richard Carback and
Jeremy Clark and
Stefan Popoveniuc and
Alan Sherman and
Poorvi Vora Scantegrity: End-to-End Voter-Verifiable
Optical-Scan Voting . . . . . . . . . . 40--46
Iñaki Goirizelaia and
Ted Selker and
Maider Huarte and
Juanjo Unzilla An Optical Scan E-Voting System based on
N-Version Programming . . . . . . . . . 47--53
Lynn Batten and
Lei Pan Teaching Digital Forensics to
Undergraduate Students . . . . . . . . . 54--56
Gordon Hughes and
Sophie Dawson and
Tim Brookes Considering New Privacy Laws in
Australia . . . . . . . . . . . . . . . 57--59
William E. Burr A New Hash Competition . . . . . . . . . 60--62
John R. Michener Common Permissions in Microsoft Windows
Server 2008 and Windows Vista . . . . . 63--67
Adam J. O'Donnell When Malware Attacks (Anything but
Windows) . . . . . . . . . . . . . . . . 68--70
Sergey Bratus and
Chris Masone and
Sean W. Smith Why Do Street-Smart People Do Stupid
Things Online? . . . . . . . . . . . . . 71--74
Michael Lesk Digital Rights Management and
Individualized Pricing . . . . . . . . . 76--79
Jeremy Epstein Security Lessons Learned from Société
Générale . . . . . . . . . . . . . . . . . 80--82
Sheila Frankel and
David Green Internet Protocol Version 6 . . . . . . 83--86
Daniel E. Geer, Jr. Learn by Analogy or Die Trying . . . . . 88, 87
Fred B. Schneider Network Neutrality versus Internet
Trustworthiness? . . . . . . . . . . . . 3--4
Gary McGraw Interview: Silver Bullet Talks with Adam
Shostack . . . . . . . . . . . . . . . . 6--10
Brandi Ortega News Briefs . . . . . . . . . . . . . . 11--13
Kjell J. Hole and
Lars-Helge Netland and
Yngve Espelid and
André N. Klingsheim and
Hallvar Helleseth and
Jan B. Henriksen Open Wireless Networks on University
Campuses . . . . . . . . . . . . . . . . 14--20
Abdul (Ali) Razaq and
Wai Tong Luk and
Kam Man Shum and
Lee Ming Cheng and
Kai Ning Yung Second-Generation RFID . . . . . . . . . 21--27
Sameer Pai and
Sergio Bermudez and
Stephen B. Wicker and
Marci Meingast and
Tanya Roosta and
Shankar Sastry and
Deirdre K. Mulligan Transactional Confidentiality in Sensor
Networks . . . . . . . . . . . . . . . . 28--35
Thomas Weigold and
Thorsten Kramp and
Michael Baentsch Remote Client Authentication . . . . . . 36--43
Alexander Pretschner and
Manuel Hilty and
Florian Schütz and
Christian Schaefer and
Thomas Walter Usage Control Enforcement: Present and
Future . . . . . . . . . . . . . . . . . 44--53
Lillian Ròstad and
Gunnar René Òie and
Inger Anne Tòndel and
Per Håkon Meland Learning by Failing (and Fixing) . . . . 54--56
Anonymous Call for Papers: Online Gaming Security 57--57
Khaled El Emam Heuristics for De-identifying Health
Data . . . . . . . . . . . . . . . . . . 58--61
Justin Troutman The Virtues of Mature and Minimalist
Cryptography . . . . . . . . . . . . . . 62--65
Joel Predd and
Shari Lawrence Pfleeger and
Jeffrey Hunker and
Carla Bulford Insiders Behaving Badly . . . . . . . . 66--70
Anonymous 2008 Membership advertisement . . . . . 71--73
Susan Landau Security and Privacy Landscape in
Emerging Technologies . . . . . . . . . 74--77
Daniel E. Geer, Jr. and
Daniel G. Conway Strong Attractors . . . . . . . . . . . 78--79
Bruce Schneier How the Human Brain Buys Security . . . 80--80
Anonymous Corporate Network Security advertisement c3--c3
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IT Security World advertisement . . . . c2--c2
Anonymous Usenix Security Symposium advertisement c4--c4
Carl E. Landwehr From the Editors: Cybersecurity and
Artificial Intelligence: From Fixing the
Plumbing to Smart Water . . . . . . . . 3--4
Martin R. Stytz Book Reviews: The Shape of Crimeware to
Come . . . . . . . . . . . . . . . . . . 5--5
Gary McGraw Interview: Silver Bullet Talks with Bill
Cheswick . . . . . . . . . . . . . . . . 7--11
Brandi Ortega News Briefs . . . . . . . . . . . . . . 12--13
Samuel T. King and
Sean W. Smith Guest Editors' Introduction:
Virtualization and Security: Back to the
Future . . . . . . . . . . . . . . . . . 15--15
Paul A. Karger and
David R. Safford Virtualization: I/O for Virtual Machine
Monitors: Security and Performance
Issues . . . . . . . . . . . . . . . . . 16--23
Ronald Perez and
Leendert van Doorn and
Reiner Sailer Virtualization and Hardware-Based
Security . . . . . . . . . . . . . . . . 24--31
Kara Nance and
Matt Bishop and
Brian Hay Virtual Machine Introspection:
Observation or Interference? . . . . . . 32--37
Julie J. C. H. Ryan and
Daniel J. Ryan Risk Management: Performance Metrics for
Information Security Risk Management . . 38--44
Panayiotis Kotzanikolaou Data Privacy: Data Retention and Privacy
in Electronic Communications . . . . . . 46--52
Matt Bishop and
Deborah A. Frincke Education: Information Assurance
Education: a Work In Progress . . . . . 54--57
Peter McLaughlin Privacy Interests: Cross-Border Data
Flows and Increased Enforcement . . . . 58--61
Luther Martin Crypto Corner: Identity-Based Encryption
and Beyond . . . . . . . . . . . . . . . 62--64
Wei Yan and
Zheng Zhang and
Nirwan Ansari Basic Training: Revealing Packed Malware 65--69
David Ahmad Attack Trends: Two Years of Broken
Crypto: Debian's Dress Rehearsal for a
Global PKI Compromise . . . . . . . . . 70--73
Camilo Viecco and
Jean Camp Secure Systems: a Life or Death InfoSec
Subversion . . . . . . . . . . . . . . . 74--76
Roland L. Trope and
Monique Witt and
William J. Adams Digital Protection: Hardening the Target 77--81
Edward Bonver and
Michael Cohen Building Security In: Developing and
Retaining a Security Testing Mindset . . 82--85
Daniel E. Geer, Jr. and
Daniel G. Conway For Good Measure: Type II Reverse
Engineering . . . . . . . . . . . . . . 86--87
Steven M. Bellovin Clear Text: The Puzzle of Privacy . . . 88--88
Bret Michael From the Editors: Are Governments Up to
the Task? . . . . . . . . . . . . . . . 4--5
Gary McGraw Interview: Silver Bullet Talks with Matt
Bishop . . . . . . . . . . . . . . . . . 6--10
O. Sami Saydjari Spotlight: Launching into the Cyberspace
Race: An Interview with Melissa E.
Hathaway . . . . . . . . . . . . . . . . 11--17
James Figueroa and
Brandi Ortega News: Shaking Up the Cybersecurity
Landscape . . . . . . . . . . . . . . . 18--21
Ron Trellue and
Charles C. Palmer Guest Editors' Introduction: Process
Control System Security: Bootstrapping a
Legacy . . . . . . . . . . . . . . . . . 22--23
Markus Brändle and
Martin Naedele Process Control Security: Security for
Process Control Systems: An Overview . . 24--29
David M. Nicol and
William H. Sanders and
Sankalp Singh and
Mouna Seri Usable Global Network Access Policy for
Process Control Systems . . . . . . . . 30--36
Raymond C. Parks and
Edmond Rogers Vulnerability Assessment for Critical
Infrastructure Control Systems . . . . . 37--43
Alysson Neves Bessani and
Paulo Sousa and
Miguel Correia and
Nuno Ferreira Neves and
Paulo Veríssimo The Crutial Way of Critical
Infrastructure Protection . . . . . . . 44--51
Bertrand Mathieu and
Saverio Niccolini and
Dorgham Sisalem Voice over IP: SDRS: a Voice-over-IP
Spam Detection and Reaction System . . . 52--59
Shane Balfe and
Eimear Gallery and
Chris J. Mitchell and
Kenneth G. Paterson Trusted Computing: Challenges for
Trusted Computing . . . . . . . . . . . 60--66
Yuen-Yan Chan and
Victor K. Wei Education: Teaching for Conceptual
Change in Security Awareness . . . . . . 67--69
Kirk J. Nahra Privacy Interests: HIPAA Security
Enforcement Is Here . . . . . . . . . . 70--72
Chengyun Chu Basic Training: Introduction to
Microsoft .NET Security . . . . . . . . 73--78
Jeremiah Grossman Attack Trends: Five User-Customizable
Web Site Security Features . . . . . . . 79--81
John Steven Building Security In: State of
Application Assessment . . . . . . . . . 82--85
Daniel E. Geer, Jr. and
Daniel G. Conway For Good Measure: Security Is a Subset
of Reliability . . . . . . . . . . . . . 86--87
Daniel E. Geer, Jr. Clear Text: Complexity Is the Enemy . . 88--88
Anonymous Annual Index . . . . . . . . . . . . . . 0--0
Marc Donner From the Editors: Reading (with) the
Enemy . . . . . . . . . . . . . . . . . 3--3
Brandi Ortega News Briefs: Shaking Up the
Cybersecurity Landscape . . . . . . . . 5--6
Gary McGraw Interview: Silver Bullet Talks with
Gunnar Peterson . . . . . . . . . . . . 7--11
Jaynarayan H. Lala and
Fred B. Schneider Guest Editors' Introduction: IT
Monoculture Security Risks and Defenses 12--13
Kenneth P. Birman and
Fred B. Schneider IT Monoculture: The Monoculture Risk Put
into Context . . . . . . . . . . . . . . 14--17
Angelos D. Keromytis Randomized Instruction Sets and Runtime
Environments Past Research and Future
Directions . . . . . . . . . . . . . . . 18--25
Daniel Williams and
Wei Hu and
Jack W. Davidson and
Jason D. Hiser and
John C. Knight and
Anh Nguyen-Tuong Security through Diversity: Leveraging
Virtual Machine Technology . . . . . . . 26--33
Kjell J. Hole and
André N. Klingsheim and
Lars-Helge Netland and
Yngve Espelid and
Thomas TjÒstheim and
VebjÒrn Moen Assessing PKI: Risk Assessment of a
National Security Infrastructure . . . . 34--41
Michel Cukier and
Susmit Panjwani Vulnerability Remediation: Prioritizing
Vulnerability Remediation by Determining
Attacker-Targeted Vulnerabilities . . . 42--48
William Enck and
Machigar Ongtang and
Patrick McDaniel Focus: Understanding Android Security 50--57
Susan Landau Perspectives: The NRC Takes on Data
Mining, Behavioral Surveillance, and
Privacy . . . . . . . . . . . . . . . . 58--62
Bret Michael and
Jeffrey Voas and
Phil Laplante It All Depends: Cyberpandemics: History,
Inevitability, Response . . . . . . . . 63--67
Yuen-Yan Chan and
Victor K. Wei Education: Teaching for Conceptual
Change in Security Awareness: a Case
Study in Higher Education . . . . . . . 68--71
Patricia Kosseim and
Khaled El Emam Privacy Interests: Privacy Interests in
Prescription Data, Part I: Prescriber
Privacy . . . . . . . . . . . . . . . . 72--76
Franco Callegati and
Walter Cerroni and
Marco Ramilli Basic Training: Man-in-the-Middle Attack
to the HTTPS Protocol . . . . . . . . . 78--81
Phillip Porras Attack Trends: Directions in
Network-Based Security Monitoring . . . 82--85
Daniel E. Geer, Jr. and
Daniel G. Conway For Good Measure: The Owned Price Index 86--87
Bruce Schneier Clear Text: Architecture of Privacy . . 88--88
Fred B. Schneider From the Editors: Accountability for
Perfection . . . . . . . . . . . . . . . 3--4
Anonymous Special Thanks: Special Thanks to S&P's
Peer Reviewers . . . . . . . . . . . . . 5--6
Brandi Ortega News Briefs . . . . . . . . . . . . . . 8--9
Gary McGraw Interview: Silver Bullet Talks with
Jeremiah Grossman . . . . . . . . . . . 10--14
Shari Lawrence Pfleeger Book Reviews: Searching for You . . . . 15--15
Michael A. Caloyannides and
Nasir Memon and
Wietse Venema Guest Editors' Introduction: Digital
Forensics . . . . . . . . . . . . . . . 16--17
Michael A. Caloyannides Forensics Is So ``Yesterday'' . . . . . 18--25
Brian D. Carrier Digital Forensics Works . . . . . . . . 26--29
Brian Hay and
Matt Bishop and
Kara Nance Live Analysis: Progress and Challenges 30--37
Simson L. Garfinkel and
James J. Migletz New XML-Based Files Implications for
Forensics . . . . . . . . . . . . . . . 38--44
Gavin W. Manes and
Elizabeth Downing Overview of Licensing and Legal Issues
for Digital Forensic Investigators . . . 45--48
Vassil Roussev Hashing and Data Fingerprinting in
Digital Forensics . . . . . . . . . . . 49--55
Sarah Spiekermann and
Sergei Evdokimov Authentication: Critical RFID
Privacy-Enhancing Technologies . . . . . 56--62
John Harauz and
Lori M. Kaufman It All Depends: a New Era of
Presidential Security: The President and
His BlackBerry . . . . . . . . . . . . . 67--70
Jungwoo Ryoo and
Angsana Techatassanasoontorn and
Dongwon Lee Education: Security Education Using
Second Life . . . . . . . . . . . . . . 71--74
Khaled El Emam and
Patricia Kosseim Privacy Interests: Privacy Interests in
Prescription Data, Part 2: Patient
Privacy . . . . . . . . . . . . . . . . 75--78
Julien Brouchier and
Tom Kean and
Carol Marsh and
David Naccache Crypto Corner: Temperature Attacks . . . 79--82
Martin Gilje Jaatun and
Jostein Jensen and
Håvard Vegge and
Finn Michael Halvorsen and
Rune Walsò Nergård Attack Trends: Fools Download Where
Angels Fear to Tread . . . . . . . . . . 83--86
Michael Zhivich and
Robert K. Cunningham Secure Systems: The Real Cost of
Software Errors . . . . . . . . . . . . 87--90
Gunnar Peterson Building Security In: Service-Oriented
Security Indications for Use . . . . . . 91--93
Daniel E. Geer, Jr. and
Daniel G. Conway For Good Measure: Hard Data Is Good to
Find . . . . . . . . . . . . . . . . . . 94--95
Steven M. Bellovin Clear Text: The Government and
Cybersecurity . . . . . . . . . . . . . 96--96
Carl E. Landwehr From the Editors: a National Goal for
Cyberspace: Create an Open, Accountable
Internet . . . . . . . . . . . . . . . . 3--4
James Figueroa News Briefs . . . . . . . . . . . . . . 6--7
James McGovern Interview: Silver Bullet Talks with Gary
McGraw . . . . . . . . . . . . . . . . . 8--10
Gary McGraw and
Ming Chow Securing Online Games: Guest Editors'
Introduction: Securing Online Games:
Safeguarding the Future of Software
Security . . . . . . . . . . . . . . . . 11--12
Stephen Bono and
Dan Caselden and
Gabriel Landau and
Charlie Miller Reducing the Attack Surface in Massively
Multiplayer Online Role-Playing Games 13--19
Aaron Portnoy and
Ali Rizvi-Santiago Walking on Water: a Cheating Case Study 20--22
Sean F. Kane Virtual Judgment: Legal Implications of
Online Gaming . . . . . . . . . . . . . 23--28
Stefan Mitterhofer and
Christopher Kruegel and
Engin Kirda and
Christian Platzer Server-Side Bot Detection in Massively
Multiplayer Online Games . . . . . . . . 29--36
Jeff Yan and
Brian Randell An Investigation of Cheating in Online
Games . . . . . . . . . . . . . . . . . 37--44
M. Eric Johnson and
Eric Goetz and
Shari Lawrence Pfleeger Information Risk: Security through
Information Risk Management . . . . . . 45--52
Michael E. Locasto Education: Helping Students Own Their
Own Code . . . . . . . . . . . . . . . . 53--56
Vijay Varadharajan On the Horizon: a Note on Trust-Enhanced
Security . . . . . . . . . . . . . . . . 57--59
Marc Donner Biblio Tech: War Stories . . . . . . . . 60--63
Gregory Conti and
Edward Sobiesk Privacy Interests: Malicious Interfaces
and Personalization's Uninviting Future 64--67
Michael Howard Basic Training: Improving Software
Security by Eliminating the CWE Top 25
Vulnerabilities . . . . . . . . . . . . 68--71
Bojan Zdrnja Attack Trends: Malicious JavaScript
Insertion through ARP Poisoning Attacks 72--74
Patrick McDaniel and
Stephen McLaughlin Secure Systems: Security and Privacy
Challenges in the Smart Grid . . . . . . 75--77
Michael Lesk Security & Privacy Economics: Reading
Over Your Shoulder . . . . . . . . . . . 78--81
Anton Chuvakin and
Gunnar Peterson Building Security In: Logging in the Age
of Web Services . . . . . . . . . . . . 82--85
Daniel E. Geer, Jr. and
Daniel G. Conway For Good Measure: a Doubt of the Benefit 86--87
Daniel E. Geer, Jr. ClearText: Digital Endosymbiosis . . . . 88--88
Marc Donner From the Editors: New Models for Old . . 3--4
Anonymous Interface: Letters to the Editor . . . . 6--7
James Figueroa News Briefs . . . . . . . . . . . . . . 8--10
Gary McGraw Interview: Silver Bullet Talks with
Virgil Gligor . . . . . . . . . . . . . 11--14
Herbert Lin Special Report: Lifting the Veil on
Cyber Offense . . . . . . . . . . . . . 15--21
Jeff Yan and
Ahmad Salah El Ahmad Pixel-Count Attacks: CAPTCHA Security: a
Case Study . . . . . . . . . . . . . . . 22--28
Gordon F. Hughes and
Tom Coughlin and
Daniel M. Commins Secure Data Sanitization: Disposal of
Disk and Tape Data by Secure
Sanitization . . . . . . . . . . . . . . 29--34
Qun Ni and
Elisa Bertino and
Jorge Lobo and
Seraphin B. Calo Access Control: Privacy-Aware Role-Based
Access Control . . . . . . . . . . . . . 35--43
Michael Meike and
Johannes Sametinger and
Andreas Wiesauer Internet Security: Security in Open
Source Web Content Management Systems 44--51
Rachel Rue and
Shari Lawrence Pfleeger Cybersecurity: Making the Best Use of
Cybersecurity Economic Models . . . . . 52--60
Lori M. Kaufman It All Depends: Data Security in the
World of Cloud Computing . . . . . . . . 61--64
Janne Hagen Education: Human Relationships: a
Never-Ending Security Education
Challenge? . . . . . . . . . . . . . . . 65--67
Betsy Masiello Privacy Interests: Deconstructing the
Privacy Experience . . . . . . . . . . . 68--70
Justin Troutman and
Vincent Rijmen Crypto Corner: Green Cryptography:
Cleaner Engineering through Recycling 71--73
Ronda Henning Basic Training: Predictable Surprises 74--76
Patrick Traynor Secure Systems: Securing Cellular
Infrastructure: Challenges and
Opportunities . . . . . . . . . . . . . 77--79
Jeffrey K. MacKie-Mason Security & Privacy Economics:
Incentive-Centered Design for Security 80--83
Andy Steingruebl and
Gunnar Peterson Building Security In: Software
Assumptions Lead to Preventable Errors 84--87
Bruce Schneier Clear Text: Security, Group Size, and
the Human Brain . . . . . . . . . . . . 88--88
Bret Michael From the Editors: In Clouds Shall We
Trust? . . . . . . . . . . . . . . . . . 3--3
Gary McGraw Interview: Silver Bullet Talks with Bob
Blakley . . . . . . . . . . . . . . . . 5--8
James Figueroa News Briefs . . . . . . . . . . . . . . 9--10
Daniel Massey and
Dorothy E. Denning Securing the Domain Name System: Guest
Editors' Introduction . . . . . . . . . 11--13
Ioannis Avramopoulos and
Martin Suchara Protecting the DNS from Routing Attacks:
Two Alternative Anycast Implementations 14--20
D. Kevin McGrath and
Andrew Kalafut and
Minaxi Gupta Phishing Infrastructure Fluxes All the
Way . . . . . . . . . . . . . . . . . . 21--28
Ramaswamy Chandramouli and
Scott Rose Open Issues in Secure DNS Deployment . . 29--35
Wouter C. A. Wijngaards and
Benno J. Overeinder Securing DNS: Extending DNS Servers with
a DNSSEC Validator . . . . . . . . . . . 36--43
Eric Osterweil and
Lixia Zhang Interadministrative Challenges in
Managing DNSKEYs . . . . . . . . . . . . 44--51
Kara Nance Education: Teach Them When They Aren't
Looking: Introducing Security in CS1 . . 53--55
Scott Charney On the Horizon: The Evolution of Online
Identity . . . . . . . . . . . . . . . . 56--59
Fred H. Cate Privacy Interests: Security, Privacy,
and the Role of Law . . . . . . . . . . 60--63
Justin Troutman and
Vincent Rijmen Crypto Corner: Green Cryptography:
Cleaner Engineering through Recycling,
Part 2 . . . . . . . . . . . . . . . . . 64--65
Michael Howard Basic Training: Managing the Security
Wall of Data . . . . . . . . . . . . . . 66--68
Stefano Zanero Attack Trends: Wireless Malware
Propagation: a Reality Check . . . . . . 70--74
Matt Blaze Secure Systems: Taking Surveillance Out
of the Shadows . . . . . . . . . . . . . 75--77
Michael Lesk Security & Privacy Economics: Incentives
to Innovate: Improve the Past or Break
with It? . . . . . . . . . . . . . . . . 78--81
Ryan W. Gardner and
Matt Bishop and
Tadayoshi Kohno Building Security In: Are Patched
Machines Really Fixed? . . . . . . . . . 82--85
Daniel E. Geer, Jr. and
Daniel G. Conway For Good Measure: Risk Concentration . . 86--87
Steven M. Bellovin and
Daniel G. Conway Clear Text: Security as a Systems
Property . . . . . . . . . . . . . . . . 88--88
Fred B. Schneider Labeling-in Security . . . . . . . . . . 3
Gary McGraw Interview: Silver Bullet Talks with Fred
Schneider . . . . . . . . . . . . . . . 5--7
James Figueroa News Briefs . . . . . . . . . . . . . . 8--9
Shari Lawrence Pfleeger and
Salvatore J. Stolfo Addressing the Insider Threat . . . . . 10--13
Deanna Caputo and
Marcus Maloof and
Gregory Stephens Detecting Insider Theft of Trade Secrets 14--21
Felicia Duran and
Stephen H. Conrad and
Gregory N. Conrad and
David P. Duggan and
Edward Bruce Held Building a System for Insider Security 30--38
Brian Bowen and
Malek Ben Salem and
Shlomo Hershkop and
Angelos Keromytis and
Salvatore Stolfo Designing Host and Network Sensors to
Mitigate the Insider Threat . . . . . . 22--29
Saar Drimer and
Steven J. Murdoch and
Ross Anderson Failures of Tamper-Proofing in PIN Entry
Devices . . . . . . . . . . . . . . . . 39--45
Eric Bier and
Richard Chow and
Philippe Golle and
Tracy Holloway King and
Jessica Staddon The Rules of Redaction: Identify,
Protect, Review (and Repeat) . . . . . . 46--53
Bruce Potter High Time for Trusted Computing . . . . 54--56
Adam Goldstein and
David Bucciero The Dartmouth Cyber Security Initiative:
Faculty, Staff, and Students Work
Together . . . . . . . . . . . . . . . . 57--59
O. Sami Saydjari and
Cynthia E. Irvine A Tale of Three Cyber-Defense Workshops 60--64
Nate Lawson Side-Channel Attacks on Cryptographic
Software . . . . . . . . . . . . . . . . 65--68
Richard Ford and
William H. Allen Malware Shall Greatly Increase \ldots 69--71
Franco Callegati and
Marco Ramilli Frightened by Links . . . . . . . . . . 72--76
Michael E. Locasto and
Sergey Bratus and
Brian Schulte Bickering In-Depth: Rethinking the
Composition of Competing Security
Systems . . . . . . . . . . . . . . . . 77--81
Alessandro Acquisti Nudging Privacy: The Behavioral
Economics of Personal Information . . . 82--85
Daniel E. Geer, Jr. and
Daniel G. Conway Patch Grief with Proverbs . . . . . . . 86--87
Daniel E. Geer, Jr. Deskilling Digital Security . . . . . . 88
Anonymous Annual Index . . . . . . . . . . . . . . 1
Carl E. Landwehr Drawing the Line . . . . . . . . . . . . 3--4
James Figueroa News Briefs . . . . . . . . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet Talks with
Christofer Hoff . . . . . . . . . . . . 8--10
Mikhail A. Lisovich and
Deirdre K. Mulligan and
Stephen B. Wicker Inferring Personal Information from
Demand-Response Systems . . . . . . . . 11--20
Annie I. Anton and
Julia B. Earp and
Jessica D. Young How Internet Users' Privacy Concerns
Have Evolved since 2002 . . . . . . . . 21--27
Mark Strembeck Scenario-Driven Role Engineering . . . . 28--35
Francis Kofi Andoh-Baidoo and
Kwasi Amoako-Gyampah and
Kweku-Muata Osei-Bryson How Internet Security Breaches Harm
Market Value . . . . . . . . . . . . . . 36--42
Jorgen Hansson and
Lutz Wrage and
Peter H. Feiler and
John Morley and
Bruce Lewis and
Jerome Hugues Architectural Modeling to Verify
Security and Nonfunctional Behavior . . 43--49
Lori M. Kaufman Can a Trusted Environment Provide
Security? . . . . . . . . . . . . . . . 50--52
Rainer Bohme and
Tyler Moore The Iterated Weakest Link . . . . . . . 53--55
Cynthia E. Irvine and
Charles C. Palmer Call in the Cyber National Guard! . . . 56--59
Fred Cohen The Smarter Grid . . . . . . . . . . . . 60--63
Wil Michiels Opportunities in White-Box Cryptography 64--67
Richard Ford and
Deborah A. Frincke Building a Better Boot Camp . . . . . . 68--71
Mark Fabro and
Tim Roxey and
Michael Assante No Grid Left Behind . . . . . . . . . . 72--76
Trent Jaeger and
Joshua Schiffman Outlook: Cloudy with a Chance of
Security Challenges and Improvements . . 77--80
Himanshu Khurana and
Mark Hadley and
Ning Lu and
Deborah A. Frincke Smart-Grid Security Issues . . . . . . . 81--85
Daniel E. Geer, Jr. and
Daniel G. Conway A Life Is Short, a Half-Life Is Forever 86--87
Bruce Schneier Security and Function Creep . . . . . . 88
Marc Donner International Blues . . . . . . . . . . 3
Gary McGraw Interview: Silver Bullet Talks with
Gillian Hayes . . . . . . . . . . . . . 5--7
James Figueroa News Briefs . . . . . . . . . . . . . . 8--10
John Viega and
Bret Michael Guest Editors' Introduction: Mobile
Device Security . . . . . . . . . . . . 11--12
Ricardo Ribalda and
Guillermo Gonzalez de Rivera and
Angel de Castro and
Javier Garrido A Mobile Biometric System-on-Token
System for Signing Digital Transactions 13--19
John Paul Dunning Taming the Blue Beast: a Survey of
Bluetooth Based Threats . . . . . . . . 20--27
H. Karen Lu and
Asad M. Ali Making Smart Cards Truly Portable . . . 28--34
Asaf Shabtai and
Yuval Fledel and
Uri Kanonov and
Yuval Elovici and
Shlomi Dolev and
Chanan Glezer Google Android: a Comprehensive Security
Assessment . . . . . . . . . . . . . . . 35--44
Christoph Sorge and
Saverio Niccolini and
Jan Seedorf The Legal Ramifications of
Call-Filtering Solutions . . . . . . . . 45--50
Bruce Potter My Information, Your Code . . . . . . . 51--53
Matt Bishop A Clinic for ``Secure'' Programming . . 54--56
Marjory S. Blumenthal Hide and Seek in the Cloud . . . . . . . 57--58
Fred H. Cate The Limits of Notice and Choice . . . . 59--62
Charles P. Pfleeger Crypto: Not Just for the Defensive Team 63--66
Andrea M. Matwyshyn and
Ang Cui and
Angelos D. Keromytis and
Salvatore J. Stolfo Ethics in Security Vulnerability
Research . . . . . . . . . . . . . . . . 67--72
Marco Ramilli and
Marco Prandini Always the Same, Never the Same . . . . 73--75
Angelos D. Keromytis Voice-over-IP Security: Research and
Practice . . . . . . . . . . . . . . . . 76--78
J. Alex Halderman To Strengthen Security, Change
Developers' Incentives . . . . . . . . . 79--82
James McGovern and
Gunnar Peterson 10 Quick, Dirty, and Cheap Things to
Improve Enterprise Security . . . . . . 83--85
Daniel E. Geer, Jr. and
Daniel G. Conway Nothing Ventured, Nothing Gained . . . . 86--87
Steven M. Bellovin Identity and Security . . . . . . . . . 88
Bret Michaels Balancing Liberty, Stability, and
Security . . . . . . . . . . . . . . . . 3
Gary McGraw Interview: Silver Bullet Talks with
Steven Kent . . . . . . . . . . . . . . 5--9
Linda Dailey Paulson News Briefs . . . . . . . . . . . . . . 11--13
Laurie Williams and
Andrew Meneely and
Grant Shipley Protection Poker: The New Software
Security ``Game'' . . . . . . . . . . . 14--20
Kjell Hole and
Lars-Helge Netland Toward Risk Assessment of Large-Impact
and Rare Events . . . . . . . . . . . . 21--27
Ian P. Cook and
Shari Lawrence Pfleeger Security Decision Support Challenges in
Data Collection and Use . . . . . . . . 28--35
Asaf Shabtai and
Yuval Fledel and
Yuval Elovici Securing Android-Powered Mobile Devices
Using SELinux . . . . . . . . . . . . . 36--44
Nir Kshetri The Economics of Click Fraud . . . . . . 45--53
Bruce Potter Thinking Operationally . . . . . . . . . 54--55
Edward B. Talbot and
Deborah Frincke and
Matt Bishop Demythifying Cybersecurity . . . . . . . 56--59
Fred Cohen The Virtualization Solution . . . . . . 60--63
Khaled El Emam Risk-Based De-Identification of Health
Data . . . . . . . . . . . . . . . . . . 64--67
Luther Martin XTS: a Mode of AES for Encrypting Hard
Disks . . . . . . . . . . . . . . . . . 68--69
Tom Kellerman Cyber-Threat Proliferation: Today's
Truly Pervasive Global Epidemic . . . . 70--73
Jon Giffin The Next Malware Battleground: Recovery
After Unknown Infection . . . . . . . . 74--76
Michael Lesk Son of Carterfone: Network Neutrality or
Regulation? . . . . . . . . . . . . . . 77--82
John Steven Threat Modeling . . . . . . . . . . . . 83--86
Daniel E. Geer, Jr. Fratricide . . . . . . . . . . . . . . . 88, 87
Fred B. Schneider Fumbling the Future, Again . . . . . . . 3
Gary McGraw Interview: Silver Bullet Talks with
Richard Clarke . . . . . . . . . . . . . 5--11
Linda Dailey Paulson News Briefs . . . . . . . . . . . . . . 12--14
Salvatore J. Stolfo and
Gene Tsudik Privacy-Preserving Sharing of Sensitive
Information . . . . . . . . . . . . . . 16--17
Emiliano De Cristofaro and
Jihye Kim Some Like It Private: Sharing
Confidential Information Based on
Oblivious Authorization . . . . . . . . 18--24
Lalana Kagal and
Joe Pato Preserving Privacy Based on Semantic
Policy Tools . . . . . . . . . . . . . . 25--30
Kc Claffy and
Erin Kenneally Dialing Privacy and Utility: a Proposed
Data-Sharing Framework to Advance
Internet Research . . . . . . . . . . . 31--39
Tal Moran and
Tyler Moore The Phish-Market Protocol: Secure
Sharing Between Competitors . . . . . . 40--45
Shari Pfleeger and
Robert Cunningham Why Measuring Security Is Hard . . . . . 46--54
Lori M. Kaufman Can Public-Cloud Security Meet Its
Unique Challenges? . . . . . . . . . . . 55--57
Cynthia Irvine and
Thuy D. Nguyen Educating the Systems Security
Engineer's Apprentice . . . . . . . . . 58--61
Vijay Varadharajan Internet Filtering . . . . . . . . . . . 62--65
Christian Cachin and
Jan Camenisch Encrypting Keys Securely . . . . . . . . 66--69
Daniel Bilar Degradation and Subversion through
Subsystem Attacks . . . . . . . . . . . 70--73
Sara Sinclair and
Sean W. Smith What's Wrong with Access Control in the
Real World? . . . . . . . . . . . . . . 74--77
Benjamin Edelman Least-Cost Avoiders in Online Fraud and
Abuse . . . . . . . . . . . . . . . . . 78--81
Anton Chuvakin and
Gunnar Peterson How to Do Application Logging Right . . 82--85
Daniel E. Geer, Jr. A Time to Rethink . . . . . . . . . . . 86--87
Bruce Schneier A Taxonomy of Social Networking Data . . 88
Marc Donner Phagocytes in Cyberspace . . . . . . . . 3--4
Gary McGraw Interview: Silver Bullet Talks with Greg
Morrisett . . . . . . . . . . . . . . . 6--9
George Lawton News Briefs . . . . . . . . . . . . . . 10--11
Ram Chillarege and
Jeffrey Voas Guest Editors' Introduction: Reliability
of Embedded and Cyber-Physical Systems 12--13
Hui Jun Wu Kernel Service Protection for Client
Security . . . . . . . . . . . . . . . . 14--19
J. Ryan Kenny and
Craig Robinson Embedded Software Assurance for
Configuring Secure Hardware . . . . . . 20--26
Sean Barnum and
Shankar Sastry and
John A. Stankovic Roundtable: Reliability of Embedded and
Cyber-Physical Systems . . . . . . . . . 27--32
Kevin Butler and
Steve McLaughlin and
Thomas Moyer and
Patrick McDaniel New Security Architectures Based on
Emerging Disk Functionality . . . . . . 34--41
Saeed Abu-Nimeh and
Thomas Chen Proliferation and Detection of Blog Spam 42--47
Corrado Visaggio Session Management Vulnerabilities in
Today's Web . . . . . . . . . . . . . . 48--56
Bruce Potter Necessary but Not Sufficient . . . . . . 57--58
Gregory B. White and
Dwayne Williams and
Keith Harrison The CyberPatriot National High School
Cyber Defense Competition . . . . . . . 59--61
Fred Cohen Automated Control System Security . . . 62--63
Paula J. Bruening and
K. Krasnow Waterman Data Tagging for New Information
Governance Models . . . . . . . . . . . 64--68
Teddy Furon and
Gwenael Doerr Tracing Pirated Content on the Internet:
Unwinding Ariadne's Thread . . . . . . . 69--71
Matt Bishop Technology, Training, and Transformation 72--75
Patrick McDaniel and
William Enck Not So Great Expectations: Why
Application Markets Haven't Failed
Security . . . . . . . . . . . . . . . . 76--78
Michael Lesk Do the Luddites Ever Win? . . . . . . . 79--82
Gunnar Peterson Don't Trust. And Verify: a Security
Architecture Stack for the Cloud . . . . 83--86
Steven M. Bellovin Perceptions and Reality . . . . . . . . 88, 87
Carl E. Landwehr Sailing Away! . . . . . . . . . . . . . 3--4
Roger Schell and
Steve Lipner and
Mary Ellen Zurko and
Elaine R. Palmer and
David Safford and
Charles C. Palmer and
Carl E. Landwehr In Memoriam: Paul Karger . . . . . . . . 5
George Lawton News Briefs . . . . . . . . . . . . . . 7--8
Gary McGraw Silver Bullet Talks with Ivan Arce . . . 9--13
Anup Ghosh and
Ivan Arce Guest Editors' Introduction: In Cloud
Computing We Trust --- But Should We? 14--16
Eric Grosse and
John Howie and
James Ransome and
Jim Reavis and
Steve Schmidt Cloud Computing Roundtable . . . . . . . 17--23
Hassan Takabi and
James B. D. Joshi and
Gail-Joon Ahn Security and Privacy Challenges in Cloud
Computing Environments . . . . . . . . . 24--31
Wayne Pauley Cloud Provider Transparency: An
Empirical Evaluation . . . . . . . . . . 32--39
Danny Harnik and
Benny Pinkas and
Alexandra Shulman-Peleg Side Channels in Cloud Services:
Deduplication in Cloud Storage . . . . . 40--47
Jose M. Alcaraz Calero and
Nigel Edwards and
Johannes Kirschnick and
Lawrence Wilcock and
Mike Wray Toward a Multi-Tenancy Authorization
System for Cloud Services . . . . . . . 48--55
Qian Liu and
Chuliang Weng and
Minglu Li and
Yuan Luo An In-VM Measuring Framework for
Increasing Virtual Machine Security in
Clouds . . . . . . . . . . . . . . . . . 56--62
Paul C. Clark and
Glenn R. Cook and
Edward L. Fisher and
John D. Fulp and
Valerie Linhoff and
Cynthia E. Irvine New Pathways in Identity Management . . 64--67
Fred H. Cate Government Access to Private-Sector Data 68--71
Joan Daemen and
Vincent Rijmen The First 10 Years of Advanced
Encryption . . . . . . . . . . . . . . . 72--74
Liam M. Mayron Secure Multimedia Communications . . . . 76--79
Marco Prandini and
Marco Ramilli and
Walter Cerroni and
Franco Callegati Splitting the HTTPS Stream to Attack
Secure Web Connections . . . . . . . . . 80--84
Anupam Datta Logical Methods in Security and Privacy 86--89
Jean Camp Identity Management's Misaligned
Incentives . . . . . . . . . . . . . . . 90--94
Daniel E. Geer, Jr. An Index of Cybersecurity . . . . . . . 96, 95
John Viega Reality Check . . . . . . . . . . . . . 3--4
Anonymous 2010 Reviewer Thanks . . . . . . . . . . 5--6
Gary McGraw Interview: Silver Bullet Talks with Paul
Kocher . . . . . . . . . . . . . . . . . 8--11
Giovanni Vigna The 2010 International Capture the Flag
Competition . . . . . . . . . . . . . . 12--14
Lee Garber News Briefs . . . . . . . . . . . . . . 15--17
Cynthia Irvine and
J. R. Rao Guest Editors' Introduction: Engineering
Secure Systems . . . . . . . . . . . . . 18--21
Paul Karger and
Suzanne McIntosh and
Elaine Palmer and
David Toll and
Samuel Weber Lessons Learned: Building the Caernarvon
High-Assurance Operating System . . . . 22--30
Clark Weissman and
Timothy Levin Lessons Learned from Building a
High-Assurance Crypto Gateway . . . . . 31--39
Joshua Schiffman and
Thomas Moyer and
Trent Jaeger and
Patrick McDaniel Network-Based Root of Trust for
Installation . . . . . . . . . . . . . . 40--48
M. Eric Johnson and
Shari Pfleeger Addressing Information Risk in Turbulent
Times . . . . . . . . . . . . . . . . . 49--57
James Alexander and
Jonathan Smith Disinformation: a Taxonomy . . . . . . . 58--63
Brett Stone-Gross and
Marco Cova and
Bob Gilbert and
Richard Kemmerer and
Christopher Kruegel and
Giovanni Vigna Analysis of a Botnet Takeover . . . . . 64--72
Lori M. Kaufman How Private Is the Internet? . . . . . . 73--75
Fred H. Cate A Transatlantic Convergence on Privacy? 76--79
Didier Stevens Malicious PDF Documents Explained . . . 80--82
Wendy Seltzer Exposing the Flaws of Censorship by
Domain Name . . . . . . . . . . . . . . 83--87
Michael Lesk What Is Information Worth? . . . . . . . 88--90
Richard Bejtlich and
John Steven and
Gunnar Peterson Directions in Incident Detection and
Response . . . . . . . . . . . . . . . . 91--92
Daniel E. Geer, Jr. Does a Rising Tide Lift All Boats? . . . 93--94
Daniel E. Geer, Jr. A Time for Choosing . . . . . . . . . . 96, 95
Marc Donner Privacy and the System Life Cycle . . . 3
Lee Garber News Briefs . . . . . . . . . . . . . . 5--7
Gary McGraw Interview: Silver Bullet Talks with
David Rice . . . . . . . . . . . . . . . 8--11
Mary Frances Theofanos and
Shari Lawrence Pfleeger Guest Editors' Introduction: Shouldn't
All Security Be Usable? . . . . . . . . 12--17
Cristian Bravo-Lillo and
Lorrie Faith Cranor and
Julie Downs and
Saranga Komanduri Bridging the Gap in Computer Security
Warnings: a Mental Model Approach . . . 18--26
Kristin Fuglerud and
Òystein Dale Secure and Inclusive Authentication with
a Talking Mobile One-Time-Password
Client . . . . . . . . . . . . . . . . . 27--34
M. Eric Johnson and
Nicholas D. Willey Usability Failures and Healthcare Data
Hemorrhages . . . . . . . . . . . . . . 35--42
Robert W. Reeder and
Stuart Schechter When the Password Doesn't Work:
Secondary Authentication for Websites 43--49
Bernd Grobauer and
Tobias Walloschek and
Elmar Stocker Understanding Cloud Computing
Vulnerabilities . . . . . . . . . . . . 50--57
Stefan Fenz and
Andreas Ekelhart Verification, Validation, and Evaluation
in Information Security Risk Management 58--65
Jonathan Spring Monitoring Cloud Computing by Layer,
Part 1 . . . . . . . . . . . . . . . . . 66--68
Matt Bishop Teaching Security Stealthily . . . . . . 69--71
Jennifer L. Bayuk Systems Security Engineering . . . . . . 72--74
Herve Chabanne and
Mehdi Tibouchi Securing E-passports with Elliptic
Curves . . . . . . . . . . . . . . . . . 75--78
Chris Greamo and
Anup Ghosh Sandboxing and Virtualization: Modern
Tools for Combating Malware . . . . . . 79--82
Patrick McDaniel Data Provenance and Security . . . . . . 83--85
Aza Raskin Your Life Experiences, Brought to You by
Budweiser . . . . . . . . . . . . . . . 86--88
Brian Chess and
Brad Arkin Software Security in Practice . . . . . 89--92
Daniel E. Geer, Jr. Correlation Is Not Causation . . . . . . 93--94
Bruce Schneier Detecting Cheaters . . . . . . . . . . . 96, 95
Robin E. Bloomfield Resilient to the Unexpected . . . . . . 3--4
Lee Garber News Briefs . . . . . . . . . . . . . . 6--8
Gary McGraw Silver Bullet Talks with Ralph Langner 9--14
David Evans and
Sal Stolfo Guest Editors' Introduction: The Science
of Security . . . . . . . . . . . . . . 16--17
Jason Bau and
John C. Mitchell Security Modeling and Analysis . . . . . 18--25
Anupam Datta and
Jason Franklin and
Deepak Garg and
Limin Jia and
Dilsun Kaynar On Adversary Models and Compositional
Security . . . . . . . . . . . . . . . . 26--32
Jean Paul Degabriele and
Kenny Paterson and
Gaven J. Watson Provable Security in the Real World . . 33--41
David Barrera and
Paul Van Oorschot Secure Software Installation on
Smartphones . . . . . . . . . . . . . . 42--48
Ralph Langner Stuxnet: Dissecting a Cyberwarfare
Weapon . . . . . . . . . . . . . . . . . 49--51
Jonathan Spring Monitoring Cloud Computing by Layer,
Part 2 . . . . . . . . . . . . . . . . . 52--55
Gregory Conti and
Thomas Babbitt and
John Nelson Hacking Competitions and Their Untapped
Potential for Security Education . . . . 56--59
Sal Stolfo and
Steven M. Bellovin and
David Evans Measuring Security . . . . . . . . . . . 60--65
Paul M. Schwartz Privacy, Ethics, and Analytics . . . . . 66--69
Ian Grigg and
Peter Gutmann The Curse of Cryptographic Numerology 70--72
Sean Heelan Vulnerability Detection Systems: Think
Cyborg, Not Robot . . . . . . . . . . . 74--77
Michael Lesk Salmon, Songs, and Blankets: Creativity
on the Northwest Coast . . . . . . . . . 78--81
Brad Arkin Never Waste a Crisis . . . . . . . . . . 82--85
Daniel E. Geer, Jr. New Measures . . . . . . . . . . . . . . 86--87
Steven M. Bellovin Clouds from Both Sides . . . . . . . . . 88
Fred B. Schneider and
Deirdre K. Mulligan A Doctrinal Thesis . . . . . . . . . . . 3--4
Lee Garber News Briefs . . . . . . . . . . . . . . 6--8
Gary McGraw Interview: Silver Bullet Talks with John
Savage . . . . . . . . . . . . . . . . . 9--12
Lee Hively and
Frederick Sheldon and
Anna Cinzia Squicciarini Toward Scalable Trustworthy Computing
Using the Human-Physiology-Immunity
Metaphor . . . . . . . . . . . . . . . . 14--23
Quyen L. Nguyen and
Arun Sood A Comparison of Intrusion-Tolerant
System Architectures . . . . . . . . . . 24--31
David Dittrich and
Michael Bailey and
Sven Dietrich Building an Active Computer Security
Ethics Community . . . . . . . . . . . . 32--40
Danny Dhillon Developer-Driven Threat Modeling:
Lessons Learned in the Trenches . . . . 41--47
Gregory Conti and
James Caroland Embracing the Kobayashi Maru: Why You
Should Teach Your Students to Cheat . . 48--51
Denis Tr\vcek Trust Management in the Pervasive
Computing Era . . . . . . . . . . . . . 52--55
David P. Fidler Was Stuxnet an Act of War? Decoding a
Cyberattack . . . . . . . . . . . . . . 56--59
Sean W. Smith Room at the Bottom: Authenticated
Encryption on Slow Legacy Networks . . . 60--63
Tara Whalen Security as if People Mattered . . . . . 64--67
Charlie Miller Mobile Attacks and Defense . . . . . . . 68--70
Michael E. Locasto and
Matthew C. Little A Failure-Based Discipline of
Trustworthy Information Systems . . . . 71--75
Michael Lesk Reading: From Paper to Pixels . . . . . 76--79
John Diamant Resilient Security Architecture: a
Complementary Approach to Reducing
Vulnerabilities . . . . . . . . . . . . 80--84
Daniel E. Geer, Jr. Attack Surface Inflation . . . . . . . . 85--86
Daniel E. Geer, Jr. Eisenhower Revisited . . . . . . . . . . 88, 87
John Viega Ten Years of Trustworthy Computing:
Lessons Learned . . . . . . . . . . . . 3--4
Lee Garber News Briefs . . . . . . . . . . . . . . 6--8
Gary McGraw Interview: Silver Bullet Talks with
Elinor Mills . . . . . . . . . . . . . . 9--12
Thomas A. Berson and
Dorothy E. Denning Cyberwarfare . . . . . . . . . . . . . . 13--15
Scott D. Applegate Cybermilitias and Political Hackers: Use
of Irregular Forces in Cyberwarfare . . 16--22
James A. Lewis Cyberwar Thresholds and Effects . . . . 23--29
Raymond C. Parks and
David P. Duggan Principles of Cyberwarfare . . . . . . . 30--35
David Elliott Deterring Strategic Cyberattack . . . . 36--40
Philip O'Kane and
Sakir Sezer and
Kieran McLaughlin Obfuscation: The Hidden Malware . . . . 41--47
Carl A. Gunter and
David M. Liebovitz and
Bradley Malin Experience-Based Access Management: a
Life-Cycle Framework for Identity and
Access Management Systems . . . . . . . 48--55
Raheem Beyah and
Aravind Venkataraman Rogue-Access-Point Detection:
Challenges, Solutions, and Future
Directions . . . . . . . . . . . . . . . 56--61
ShuiHua Han and
Chao-Hsien Chu and
Zongwei Luo Tamper Detection in the EPC Network
Using Digital Watermarking . . . . . . . 62--69
Wenliang Du SEED: Hands-On Lab Exercises for
Computer Security Education . . . . . . 70--73
Landon P. Cox Truth in Crowdsourcing . . . . . . . . . 74--76
Jeffrey MacKie-Mason All Space Will Be Public Space . . . . . 77--80
Dimitri DeFigueiredo The Case for Mobile Two-Factor
Authentication . . . . . . . . . . . . . 81--85
Daniel E. Geer, Jr. and
Peter Kuper When \$80 Billion Is Not Enough . . . . 86--87
Bruce Schneier Empathy and Security . . . . . . . . . . 88--88
Marc Donner The Invisible Computers . . . . . . . . 3
Gary McGraw Interview: Silver Bullet Talks with
Halvar Flake . . . . . . . . . . . . . . 5--8
Lee Garber News Briefs . . . . . . . . . . . . . . 9--11
William Arbaugh and
Deborah A. Frincke Living with Insecurity . . . . . . . . . 12--13
Rosa R. Heckle Security Dilemma: Healthcare Clinicians
at Work . . . . . . . . . . . . . . . . 14--19
Debin Liu and
Ninghui Li and
XiaoFeng Wang and
L. Jean Camp Security Risk Management Using
Incentives . . . . . . . . . . . . . . . 20--28
Antonio Manuel Fernandez Villamor and
Antonio Manuel Fernandez Villamor and
Juan Yelmo and
Juan C. Yelmo Helping Users Deal with Digital Threats:
The Online User Supervision Architecture 29--35
Steven Cheung Securing Collaborative Intrusion
Detection Systems . . . . . . . . . . . 36--42
Simson L. Garfinkel and
George Dinolt Operations with Degraded Security . . . 43--48
Joel Weis and
Jim Alves-Foss Securing Database as a Service: Issues
and Compromises . . . . . . . . . . . . 49--55
Mohamed Kaaniche and
Aad van Moorsel It All Depends, and Increasingly So . . 56--57
Cynthia Irvine The Value of Capture-the-Flag Exercises
in Education: An Interview with Chris
Eagle . . . . . . . . . . . . . . . . . 58--60
Tara Whalen Mobile Devices and Location Privacy:
Where Do We Go from Here? . . . . . . . 61--62
Kirsten Ferguson-Boucher Cloud Computing: a Records and
Information Management Perspective . . . 63--66
Dan Guido A Case Study of Intelligence-Driven
Defense . . . . . . . . . . . . . . . . 67--70
Kathleen M. Moriarty Incident Coordination . . . . . . . . . 71--75
Michael Lesk Cybersecurity and Economics . . . . . . 76--79
Robert Fly Detecting Fraud on Websites . . . . . . 80--85
Daniel E. Geer, Jr. Small Is Beautiful, Big Is Inevitable 86--87
Steven M. Bellovin Security Think . . . . . . . . . . . . . 88
John Viega Happy Anniversary! . . . . . . . . . . . 3--4
Anup Ghosh and
Gary McGraw Lost Decade or Golden Era: Computer
Security since 9/11 . . . . . . . . . . 6--10
Gary McGraw Interview: Silver Bullet Talks with
Deborah Frincke . . . . . . . . . . . . 11--14
Lee Garber Security, Privacy, and Policy Roundup 15--17
Markus Jakobsson and
Richard Chow and
Jesus Molina Authentication --- Are We Doing Well
Enough? . . . . . . . . . . . . . . . . 19--21
Dirk Balfanz and
Richard Chow and
Ori Eisen and
Markus Jakobsson and
Steve Kirsch and
Scott Matsumoto and
Jesus Molina and
Paul van Oorschot The Future of Authentication . . . . . . 22--27
Cormac Herley and
Paul van Oorschot A Research Agenda Acknowledging the
Persistence of Passwords . . . . . . . . 28--36
Amir Herzberg and
Ronen Margulies Training Johnny to Authenticate (Safely) 37--45
Andreas Poller and
Ulrich Waldmann and
Sven Vowe and
Sven Turpe Electronic Identity Cards for User
Authentication --- Promise and Practice 46--54
Idoia Aguirre and
Sergio Alonso Improving the Automation of Security
Information Management: a Collaborative
Approach . . . . . . . . . . . . . . . . 55--59
James A. Pettigrew III and
Julie J. C. H. Ryan Making Successful Security Decisions: a
Qualitative Evaluation . . . . . . . . . 60--68
Jean Arlat and
Zbigniew Kalbarczyk and
Takashi Nanya Nanocomputing: Small Devices, Large
Dependability Challenges . . . . . . . . 69--72
Jelena Mirkovic and
Terry Benzel Teaching Cybersecurity with DeterLab . . 73--76
Tara Whalen This Time, It's Personal: Recent
Discussions on Concepts of Personal
Information . . . . . . . . . . . . . . 77--79
Jan Camenisch and
Anja Lehmann and
Gregory Neven Electronic Identities Need Private
Credentials . . . . . . . . . . . . . . 80--83
Don A. Bailey Moving 2 Mishap: M2M's Impact on Privacy
and Safety . . . . . . . . . . . . . . . 84--87
Michael Lesk Your Memory Is Now a Vendor Service . . 88--90
Bronwen Matthews Optimizing Product Improvement Spending
with Third-Party Security Consultants 91--93
Daniel E. Geer, Jr. Power. Law. . . . . . . . . . . . . . . 94--95
Daniel E. Geer, Jr. More or Less . . . . . . . . . . . . . . 96
Jeremy Epstein Can We Be Too Careful? . . . . . . . . . 3--5
Jeremy Epstein Reflecting on Some Past Predictions . . 7--10
Gary McGraw Interview: Silver Bullet Talks with Neil
Daswani . . . . . . . . . . . . . . . . 11--14
Lee Garber Security, Privacy, and Policy Roundup 15--17
Shari Lawrence Pfleeger and
Cynthia Irvine and
Mischel Kwon Guest Editors' Introduction . . . . . . 19--23
Iacovos Kirlappos and
M. Angela Sasse Security Education against Phishing: a
Modest Proposal for a Major Rethink . . 24--32
Lance J. Hoffman and
Diana L. Burley and
Costis Toregas Holistically Building the Cybersecurity
Workforce . . . . . . . . . . . . . . . 33--39
Susanne M. Furman and
Mary Frances Theofanos and
Yee-Yin Choong and
Brian Stanton Basing Cybersecurity Training on User
Perceptions . . . . . . . . . . . . . . 40--49
Mischel Kwon and
Michael J. Jacobs and
David Cullinane and
Christopher G. Ipsen and
James Foley Educating Cyber Professionals: a View
from Academia, the Private Sector, and
Government . . . . . . . . . . . . . . . 50--53
Scott Charney Collective Defense: Applying the
Public-Health Model to the Internet . . 54--59
Sanjeev Kumar and
Sirisha Surisetty Microsoft vs. Apple: Resilience against
Distributed Denial-of-Service Attacks 60--64
Peter G. Neumann and
Ulf Lindqvist The IEEE Symposium on Security and
Privacy Is Moving to San Francisco . . . 65--66
Gernot Heiser and
Toby Murray and
Gerwin Klein It's Time for Trustworthy Systems . . . 67--70
Michael Bailey and
David Dittrich and
Erin Kenneally and
Doug Maughan The Menlo Report . . . . . . . . . . . . 71--75
Diana Maimut and
Khaled Ouafi Lightweight Cryptography for RFID Tags 76--79
Barbara Endicott-Popovsky and
Donald J. Horowitz Unintended Consequences: Digital
Evidence in Our Legal System . . . . . . 80--83
Chris Rohlf and
Yan Ivnitskiy The Security Challenges of Client-Side
Just-in-Time Engines . . . . . . . . . . 84--86
Len Sassaman and
Meredith L. Patterson and
Sergey Bratus A Patch for Postel's Robustness
Principle . . . . . . . . . . . . . . . 87--91
Lorrie Faith Cranor Can Users Control Online Behavioral
Advertising Effectively? . . . . . . . . 93--96
Barbara Fichtinger and
Frances Paulisch and
Peter Panholzer Driving Secure Software Development
Experience in a Diverse Product
Environment . . . . . . . . . . . . . . 97--101
Daniel E. Geer, Jr. Numbers Worth Having . . . . . . . . . . 102--103
Bruce Schneier How Changing Technology Affects Security 104
Shari Lawrence Pfleeger A Key to the Castle . . . . . . . . . . 3
George Cybenko and
Carl E. Landwehr Security Analytics and Measurements . . 5--8
Gary McGraw Interview: Silver Bullet Talks with
Giovanni Vigna . . . . . . . . . . . . . 9--11
Lee Garber Security, Privacy, and Policy Roundup 12--13
Brian Chess and
Chris Wysopal Software Assurance for the Masses . . . 14--15
Cristina Cifuentes and
Nathan Keynes and
Lian Li and
Nathan Hawes and
Manuel Valdiviezo Transitioning Parfait into a Development
Tool . . . . . . . . . . . . . . . . . . 16--23
Robert A. Martin and
Steven M. Christey The Software Industry's ``Clean Water
Act'' Alternative . . . . . . . . . . . 24--31
Brian Chess and
Kris Britton and
Chris Eng and
Bill Pugh and
Lakshmikanth Raghavan and
Jacob West Static Analysis in Motion . . . . . . . 53--56
Paul Anderson Measuring the Value of Static-Analysis
Tool Deployments . . . . . . . . . . . . 40--47
Karen Renaud Blaming Noncompliance Is Too Convenient:
What Really Causes Information Breaches? 57--63
Rohan M. Amin and
Julie J. C. H. Ryan and
Johan Rene van Dorp Detecting Targeted Malicious Email . . . 64--71
Lorenzo Strigini Resilience: What Is It, and How Much Do
We Want? . . . . . . . . . . . . . . . . 72--75
Celia Paulsen and
Ernest McDuffie and
William Newhouse and
Patricia Toth NICE: Creating a Cybersecurity Workforce
and Aware Public . . . . . . . . . . . . 76--79
Helena Handschuh Hardware-Anchored Security Based on SRAM
PUFs, Part 1 . . . . . . . . . . . . . . 80--83
Michael Lesk The Clouds Roll By . . . . . . . . . . . 84--87
Eric Baize Developing Secure Products in the Age of
Advanced Persistent Threats . . . . . . 88--92
Daniel E. Geer, Jr. and
Mukul Pareek ICS Update . . . . . . . . . . . . . . . 93--95
Steven M. Bellovin Fighting the Last War . . . . . . . . . 96
John Viega Cloud Security: Not a Problem . . . . . 3--3
Shari Lawrence Pfleeger Security Measurement Steps, Missteps,
and Next Steps . . . . . . . . . . . . . 5--9
Shari Lawrence Pfleeger and
Marc Rogers and
Masooda Bashir and
Kelly Caine and
Deanna Caputo and
Michael Losavio and
Sal Stolfo Does Profiling Make Us More Secure? . . 10--15
Lee Garber Security, Privacy, and Policy Roundup 16--18
Jose Nazario and
John Kristoff Internet Infrastructure Security . . . . 24--25
Ahmad AlSa'deh and
Christoph Meinel Secure Neighbor Discovery: Review,
Challenges, Perspectives, and
Recommendations . . . . . . . . . . . . 26--34
Matthew Dunlop and
Stephen Groat and
William Urbanski and
Randy Marchany and
Joseph Tront The Blind Man's Bluff Approach to
Security Using IPv6 . . . . . . . . . . 35--43
Sergio Sanchez Garcia and
Ana Gomez Oliva and
Emilia Perez-Belleboni Is Europe Ready for a Pan-European
Identity Management System? . . . . . . 44--49
Jan Kallberg The Common Criteria Meets Realpolitik:
Trust, Alliances, and Potential Betrayal 50--53
Frederick T. Sheldon and
John Mark Weber and
Seong-Moo Yoo and
W. David Pan The Insecurity of Wireless Networks . . 54--61
Gyorgy Dan and
Henrik Sandberg and
Mathias Ekstedt and
Gunnar Bjorkman Challenges in Power System Information
Security . . . . . . . . . . . . . . . . 62--70
Gary McGraw Interview: Silver Bullet Talks with
Randy Sabett . . . . . . . . . . . . . . 19--22
Anthony Dessiatnikoff and
Yves Deswarte and
Eric Alata and
Vincent Nicomette Potential Attacks on Onboard Aerospace
Systems . . . . . . . . . . . . . . . . 71--74
Efstratios Gavas and
Nasir Memon and
Douglas Britton Winning Cybersecurity One Challenge at a
Time . . . . . . . . . . . . . . . . . . 75--79
Daniel E. Geer and
Bob Blakley Are You Smarter than the TSA? (Hint: No) 94--95
Helena Handschuh Hardware-Anchored Security Based on SRAM
PUFs, Part 2 . . . . . . . . . . . . . . 80--81
Daniel E. Geer and
Jerry Archer Stand Your Ground . . . . . . . . . . . 96
Chris Valasek Primitive-Chaining Exploits: a
Real-World Example . . . . . . . . . . . 82--84
Patrick McDaniel Bloatware Comes to the Smartphone . . . 85--87
Michael Lesk Georgia on My Mind . . . . . . . . . . . 88--90
Jeremiah Grossman The State of Website Security . . . . . 91--93
Robin Bloomfield Are Things Getting Worse? . . . . . . . 3
Gary McGraw Interview: Silver Bullet Talks with Kay
Connelly . . . . . . . . . . . . . . . . 5--7
Lee Garber Security, Privacy, and Policy Roundup 8--9
Ann Cavoukian and
Alan Davidson and
Ed Felton and
Marit Hansen and
Susan Landau and
Anna Slomovic Privacy: Front and Center . . . . . . . 10--15
Michael Shamos and
Alec Yasinsac Realities of E-voting Security . . . . . 16--17
Aleksander Essex and
Urs Hengartner Hover: Trustworthy Elections with
Hash-Only Verification . . . . . . . . . 18--24
Richard Buckland and
Roland Wen The Future of E-voting in Australia . . 25--32
Philip B. Stark and
David Wagner Evidence-Based Elections . . . . . . . . 33--41
Mark Lindeman and
Philip B. Stark A Gentle Introduction to Risk-Limiting
Audits . . . . . . . . . . . . . . . . . 42--49
Merle S. King and
Brian Hancock Electronic Voting Security 10 Years
after the Help America Vote Act . . . . 50--52
Mariana Raykova and
Ang Cui and
Binh Vo and
Bin Liu and
Tal Malkin and
Steven M. Bellovin and
Salvatore J. Stolfo Usable, Secure, Private Search . . . . . 53--60
Krishna K. Venkatasubramanian and
Eugene Y. Vasserman and
Oleg Sokolsky and
Insup Lee Security and
Interoperable-Medical-Device Systems,
Part 1 . . . . . . . . . . . . . . . . . 61--63
Matt Bishop and
Sean Peisert Security and Elections . . . . . . . . . 64--67
John Viega and
Hugh Thompson The State of Embedded-Device Security
(Spoiler Alert: It's Bad) . . . . . . . 68--70
Josh Pauli and
Patrick Engebretson Filling Your Cyber Operations Training
Toolbox . . . . . . . . . . . . . . . . 71--74
Sean W. Smith Security and Cognitive Bias: Exploring
the Role of the Mind . . . . . . . . . . 75--78
Michael Lesk The Price of Privacy . . . . . . . . . . 79--81
\vZeljko Obrenovic and
Bart den Haak Integrating User Customization and
Authentication: The Identity Crisis . . 82--85
Daniel E. Geer, Jr. Risk Aversion . . . . . . . . . . . . . 86--87
Bruce Schneier The Importance of Security Engineering 88
John Viega Giving Back . . . . . . . . . . . . . . 3--4
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 6--8
Gary McGraw Interview: Silver Bullet Talks with
Howard Schmidt . . . . . . . . . . . . . 9--12
John Viega Ten Years On, How Are We Doing? (Spoiler
Alert: We Have No Clue) . . . . . . . . 13--16
Dan Thomsen and
Jeremy Epstein and
Peter G. Neumann Lost Treasures . . . . . . . . . . . . . 17--19
Richard E. Smith A Contemporary Look at Saltzer and
Schroeder's 1975 \booktitleDesign
Principles . . . . . . . . . . . . . . . 20--25
Steve Lipner and
Trent Jaeger and
Mary Ellen Zurko Lessons from VAX/SVS for High-Assurance
VM Systems . . . . . . . . . . . . . . . 26--35
Howard Shrobe and
Daniel Adams Suppose We Got a Do-Over: a Revolution
for Secure Computing . . . . . . . . . . 36--39
Steven J. Murdoch and
Mike Bond and
Ross Anderson How Certification Systems Fail: Lessons
from the Ware Report . . . . . . . . . . 40--44
Jeffrey T. McDonald and
Todd R. Andel Integrating Historical Security Jewels
in Information Assurance Education . . . 45--50
Fernando Alonso-Fernandez and
Julian Fierrez and
Javier Ortega-Garcia Quality Measures in Biometric Systems 52--62
Dinei Florencio and
Cormac Herley Is Everything We Know about Password
Stealing Wrong? . . . . . . . . . . . . 63--69
Eugene Y. Vasserman and
Krishna K. Venkatasubramanian and
Oleg Sokolsky and
Insup Lee Security and
Interoperable-Medical-Device Systems,
Part 2: Failures, Consequences, and
Classification . . . . . . . . . . . . . 70--73
Susan Older and
Shiu-Kai Chin Engineering Assurance at the
Undergraduate Level . . . . . . . . . . 74--77
Michael Brennan Academic Impact at the Federal Trade
Commission . . . . . . . . . . . . . . . 78--82
Marco Prandini and
Marco Ramilli Return-Oriented Programming . . . . . . 84--87
Rick Wash Folk Security . . . . . . . . . . . . . 88--90
Josh Kebbel-Wyen Training an Army of Security Ninjas . . 91--93
Daniel E. Geer, Jr. and
Daniel B. Larremore Progress Is Infectious . . . . . . . . . 94--95
Steven M. Bellovin The Major Cyberincident Investigations
Board . . . . . . . . . . . . . . . . . 96
Shari Lawrence Pfleeger Enlightened Security: Shedding Light on
What Works and Why . . . . . . . . . . . 3--4
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet Talks with
Per-Olof Persson . . . . . . . . . . . . 8--10
Edward G. Amoroso and
Hugh Thompson A View from the C-Suite . . . . . . . . 11--12
Dave Martin Implementing Effective Controls in a
Mobile, Agile, Cloud-Enabled Enterprise 13--14
Eric Grosse and
Mayank Upadhyay Authentication at Scale . . . . . . . . 15--22
Edward G. Amoroso From the Enterprise Perimeter to a
Mobility-Enabled Secure Cloud . . . . . 23--31
Hugh Thompson The Human Element of Information
Security . . . . . . . . . . . . . . . . 32--35
Lukasz Kufel Security Event Monitoring in a
Distributed Systems Environment . . . . 36--43
Khaled Salah and
Jose M. Alcaraz Calero and
Sherali Zeadally and
Sameera Al-Mulla and
Mohammed Alzaabi Using Cloud Computing to Implement a
Security Overlay Network . . . . . . . . 44--53
Aditya K. Sood and
Richard J. Enbody Targeted Cyberattacks: A Superset of
Advanced Persistent Threats . . . . . . 54--61
Steven M. Bellovin and
Matt Blaze and
Sandy Clark and
Susan Landau Going Bright: Wiretapping without
Weakening Communications Infrastructure 62--72
Alec Yasinsac and
Cynthia Irvine Help! Is There a Trustworthy-Systems
Doctor in the House? . . . . . . . . . . 73--77
Qing Li and
Greg Clark Mobile Security: A Look Ahead . . . . . 78--81
Frederik Zuiderveen Borgesius Behavioral Targeting: A European Legal
Perspective . . . . . . . . . . . . . . 82--85
Matthew Green The Threat in the Cloud . . . . . . . . 86--89
Alexander Kott and
Curtis Arnold The Promises and Challenges of
Continuous Monitoring and Risk Scoring 90--93
Daniel E. Geer, Jr. and
Daniel G. Conway The Times, They Are a Changin' . . . . . 94--95
Daniel E. Geer, Jr. Last Word: Identity as Privacy . . . . . 96
Fred B. Schneider Breaking-in Research . . . . . . . . . . 3--4
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet Talks with
Steve Bellovin . . . . . . . . . . . . . 8--11
Terry V. Benzel and
Steve Lipner Crossing the Great Divide: Transferring
Security Technology from Research to the
Market . . . . . . . . . . . . . . . . . 12--13
Douglas Maughan and
David Balenson and
Ulf Lindqvist and
Zachary Tudor Crossing the ``Valley of Death'':
Transitioning Cybersecurity Research
into Practice . . . . . . . . . . . . . 14--23
Anita D'Amico and
Brianne O'Brien and
Mark Larkin Building a Bridge across the Transition
Chasm . . . . . . . . . . . . . . . . . 24--33
Jostein Jensen and
Martin Gilje Jaatun Federated Identity Management --- We
Built It; Why Won't They Come? . . . . . 34--41
Terry V. Benzel and
Eric O'Brien and
Robert Rodriguez and
William Arbaugh and
John Sebes Crossing the Great Divide: From Research
to Market . . . . . . . . . . . . . . . 42--46
Bart Coppens and
Bjorn De Sutter and
Koen De Bosschere Protecting Your Software Updates . . . . 47--54
Anastasios N. Bikos and
Nicolas Sklavos LTE/SAE Security Issues on $4$G Wireless
Networks . . . . . . . . . . . . . . . . 55--62
Roland L. Trope and
Stephen J. Humes By Executive Order: Delivery of Cyber
Intelligence Imparts Cyber
Responsibilities . . . . . . . . . . . . 63--67
Anatoliy Gorbenko and
Alexander Romanovsky Time-Outing Internet Services . . . . . 68--71
Ian Koss and
Richard Ford Authorship Is Continuous: Managing Code
Plagiarism . . . . . . . . . . . . . . . 72--74
Arvind Narayanan What Happened to the Crypto Dream?, Part
1 . . . . . . . . . . . . . . . . . . . 75--76
Lorrie Faith Cranor and
Norman Sadeh A Shortage of Privacy Engineers . . . . 77--79
Adrian Hayes Network Service Authentication Timing
Attacks . . . . . . . . . . . . . . . . 80--82
Sergey Bratus and
Anna Shubina Avoiding a War on Unauthorized
Computation . . . . . . . . . . . . . . 83--88
Cormac Herley When Does Targeting Make Sense for an
Attacker? . . . . . . . . . . . . . . . 89--92
Alessandro Acquisti Complementary Perspectives on Privacy
and Security: Economics . . . . . . . . 93--95
Bruce Schneier IT for Oppression . . . . . . . . . . . 96
Jeremy Epstein From the Editors: Are all types of
Internet voting unsafe? . . . . . . . . 3--4
Lee Garber Security, privacy, policy, and
dependability roundup . . . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet talks with
Thomas Rid . . . . . . . . . . . . . . . 8--10
Susan Landau Guest Editor's Introduction: Politics,
love, and death in a world of no privacy 11--13
Balachander Krishnamurthy Privacy and online social networks: can
colorless green ideas sleep furiously? 14--20
Norberto Nuno Gomes de Andrade and
Aaron Martin and
Shara Monteleone ``All the better to see you with, my
dear'': Facial recognition and privacy
in online social networks . . . . . . . 21--28
Seda Gurses and
Claudia Diaz Two tales of privacy in online social
networks . . . . . . . . . . . . . . . . 29--37
Eszter Hargittai and
Eden Litt New strategies for employment? Internet
skills and online privacy practices
during people's job search . . . . . . . 38--45
Indrajeet Singh and
Michael Butkiewicz and
Harsha V. Madhyastha and
Srikanth V. Krishnamurthy and
Sateesh Addepalli Twitsper: Tweeting privately . . . . . . 46--50
Jonathan Anderson and
Frank Stajano Must social networking conflict with
privacy? . . . . . . . . . . . . . . . . 51--60
Philip Koopman and
Christopher Szilagyi Integrity in embedded control networks 61--63
Mark Gondree and
Zachary N. J. Peterson and
Tamara Denning Security through play . . . . . . . . . 64--67
Arvind Narayanan What Happened to the Crypto Dream?, Part
2 . . . . . . . . . . . . . . . . . . . 68--71
Travis Breaux and
David Gordon What engineers should know about US
security and privacy law . . . . . . . . 72--76
Benedikt Koppel and
Stephan Neuhaus Crypto Corner: Analysis of a hardware
security module's high-availability
setting . . . . . . . . . . . . . . . . 77--80
Michael Lesk Security & Privacy Economics: Privateers
in cyberspace: Aargh! . . . . . . . . . 81--84
Shari Lawrence Pfleeger In Our Orbit: Ramsey theory: Learning
about the needle in the haystack . . . . 85--87
Steven M. Bellovin Last Word: Military cybersomethings . . 88
Fred B. Schneider Cybersecurity Education in Universities 3--4
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet Talks with Gary
Warzala . . . . . . . . . . . . . . . . 8--10
Robin Bloomfield and
Jay Lala Safety-Critical Systems: The Next
Generation . . . . . . . . . . . . . . . 11--13
Homa Alemzadeh and
Ravishankar K. Iyer and
Zbigniew Kalbarczyk and
Jai Raman Analysis of Safety-Critical Computer
Failures in Medical Devices . . . . . . 14--26
Sayan Mitra and
Tichakorn Wongpiromsarn and
Richard M. Murray Verifying Cyber-Physical Interactions in
Safety-Critical Systems . . . . . . . . 28--37
Domenico Cotroneo and
Roberto Natella Fault Injection for Software
Certification . . . . . . . . . . . . . 38--45
Thiago Mattos Rosa and
Altair Olivo Santin and
Andreia Malucelli Mitigating XML Injection 0-Day Attacks
through Strategy-Based Detection Systems 46--53
Susan Landau Making Sense from Snowden: What's
Significant in the NSA Surveillance
Revelations . . . . . . . . . . . . . . 54--63
Jeff Stein The End of National Security Reporting? 64--68
Chris Eagle Computer Security Competitions:
Expanding Educational Outcomes . . . . . 69--71
Alessandro Acquisti and
Idris Adjerid and
Laura Brandimarte Gone in 15 Seconds: The Limits of
Privacy Transparency and Control . . . . 72--74
Stefan Mangard Keeping Secrets on Low-Cost Chips . . . 75--77
Rebecca Bace Pain Management for Entrepreneurs:
Working with Venture Capital . . . . . . 78--81
Stephen McLaughlin Securing Control Systems from the
Inside: A Case for Mediating Physical
Behaviors . . . . . . . . . . . . . . . 82--84
Michael Lesk Big Data, Big Brother, Big Money . . . . 85--89
Susan Dery Using Whitelisting to Combat Malware
Attacks at Fannie Mae . . . . . . . . . 90--92
Rafe Sagarin Bio-hacking: Tapping Life's Code to Deal
with Unpredictable Risk . . . . . . . . 93--95
Daniel E. Geer On Abandonment . . . . . . . . . . . . . 96
Robin Bloomfield Open Assurance . . . . . . . . . . . . . 3--4
Lee Garber News Briefs: Security, Privacy, Policy,
and Dependability Roundup . . . . . . . 6--7
Gary McGraw Interview: Silver Bullet Talks with
Wenyuan Xu . . . . . . . . . . . . . . . 8--10
Tom Kirkham and
Sandra Winfield and
Serge Ravet and
Sampo Kellomäki The Personal Data Store Approach to
Personal Data Security . . . . . . . . . 12--19
Keith Harrison and
Gregory B. White Anonymous and Distributed Community
Cyberincident Detection . . . . . . . . 20--27
Weihan Goh and
Chai Kiat Yeo Teaching an Old TPM New Tricks:
Repurposing for Identity-Based
Signatures . . . . . . . . . . . . . . . 28--35
Eleanor Birrell and
Fred B. Schneider Federated Identity Management Systems: A
Privacy-Based Characterization . . . . . 36--48
Wei-dong Qiu and
Qian Su and
Bo-zhong Liu iOS Data Recovery Using Low-Level NAND
Images . . . . . . . . . . . . . . . . . 49--55
Gary T. Marx The Public as Partner? Technology Can
Make Us Auxiliaries as Well as
Vigilantes . . . . . . . . . . . . . . . 56--61
Boudewijn R. Haverkort The Dependable Systems-of-Systems Design
Challenge . . . . . . . . . . . . . . . 62--65
Cynthia Irvine A Cyberoperations Program . . . . . . . 66--69
Ryan Calo Tiny Salespeople: Mediated Transactions
and the Internet of Things . . . . . . . 70--72
Vashek Matyá\vs and
Ji\vrí K\rur Conflicts between Intrusion Detection
and Privacy Mechanisms for Wireless
Sensor Networks . . . . . . . . . . . . 73--76
Jim Alves-Foss and
Paul Oman The Known Unknowns . . . . . . . . . . . 77--79
Jim Blythe and
Ross Koppel and
Sean W. Smith Circumvention of Security: Good Users Do
Bad Things . . . . . . . . . . . . . . . 80--83
Nicole B. Ellison and
Jeffrey T. Hancock Profile as Promise: Honest and Deceptive
Signals in Online Dating . . . . . . . . 84--88
Thomas B. Hilburn and
Nancy R. Mead Building Security In: A Road to
Competency . . . . . . . . . . . . . . . 89--92
Kacper Gradon Crime Science and the Internet
Battlefield: Securing the Analog World
from Digital Crime . . . . . . . . . . . 93--95
Bruce Schneier Last word: Trust in Man/Machine Security
Systems . . . . . . . . . . . . . . . . 96--96
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Usenix [House Advertisement] . . . . . . c2--c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Shari Lawrence Pfleeger Focus on Policy . . . . . . . . . . . . 3--3
Anonymous Masthead . . . . . . . . . . . . . . . . 4
Gary McGraw Interview: Silver Bullet Talks with W.
Hord Tipton . . . . . . . . . . . . . . 5--7
Lee Garber News Briefs: Security, Privacy, Policy,
and Dependability Roundup . . . . . . . 8--9
Kelly Caine and
Michael Lesk Security and Privacy in Health IT [Guest
editors' introduction] . . . . . . . . . 10--11
Mark Chignell and
Mahsa Rouzbahman and
Ryan Kealey and
Reza Samavi and
Erin Yu and
Tammy Sieminowski Nonconfidential Patient Types in
Emergency Clinical Decision Support . . 12--18
Michael Lesk Electronic Medical Records:
Confidentiality, Care, and Epidemiology 19--24
Denise Anthony and
Andrew T. Campbell and
Thomas Candon and
Andrew Gettinger and
David Kotz and
Lisa A. Marsch and
Andres Molina-Markham and
Karen Page and
Sean W. Smith and
Carl A. Gunter and
M. Eric Johnson Securing Information Technology in
Healthcare . . . . . . . . . . . . . . . 25--33
Gines Dolera Tormo and
Felix Gomez Marmol and
Joao Girao and
Gregorio Martinez Perez Identity Management --- In Privacy We
Trust: Bridging the Trust Gap in eHealth
Environments . . . . . . . . . . . . . . 34--41
Deborah C. Peel Point/Counterpoint: The Consequences of
the Lack of Privacy in Today's
Electronic Health Systems . . . . . . . 42--44
Deven McGraw Point/Counterpoint: Privacy and Security
as Enable, Not Barrier, to Responsible
Health Data Uses . . . . . . . . . . . . 42--44
Abdulghani Ali Ahmed and
Aman Jantan and
Tat-Chee Wan Real-Time Detection of Intrusive Traffic
in QoS Network Domains . . . . . . . . . 45--53
Sanmeet Kaur and
Maninder Singh Automatic Attack Signature Generation
Systems: A Review . . . . . . . . . . . 54--61
Paulo Esteves Verissimo and
Alysson Bessani E-biobanking: What Have You Done to My
Cell Samples? . . . . . . . . . . . . . 62--65
Andrew McGettrick Toward Effective Cybersecurity Education 66--68
Heather Dewey-Hagborg Stranger Visions: A Provocation . . . . 69--70
Jean-Michel Cioranesco and
Houda Ferradi and
David Naccache Crypto Corner: Communicating Covertly
through CPU Monitoring . . . . . . . . . 71--73
Alvaro A. Cardenas and
Pratyusa K. Manadhata and
Sreeranga P. Rajan Systems Security: Big Data Analytics for
Security . . . . . . . . . . . . . . . . 74--76
Michael Lesk Security & Privacy Economics: The Old Is
New Again . . . . . . . . . . . . . . . 77--79
Nancy R. Mead and
Thomas B. Hilburn Building Security In: Preparing for a
Software Security Career . . . . . . . . 80--83
Harvey Molotch Everyday Security: Default to Decency 84--87
Steven M. Bellovin The Last Word: Walls and Gates . . . . . 88--88
Anonymous InfoSec World Conference 2014 Trade
Advertisement . . . . . . . . . . . . . c3--c3
Anonymous Magazine Subscribe [House Advertisement] c4--c4
Anonymous Front Cover . . . . . . . . . . . . . . c1
Anonymous Rock Stars of Mobile Cloud [House
Advertisement] . . . . . . . . . . . . . c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Bill Horne Humans in the Loop . . . . . . . . . . . 3--4
Anonymous Masthead . . . . . . . . . . . . . . . . 5
Gary McGraw Silver Bullet Talks with Jon Callas . . 6--8
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 9--10
M. Angela Sasse and
Charles C. Palmer Protecting You . . . . . . . . . . . . . 11--13
Cormac Herley More Is Not the Answer . . . . . . . . . 14--19
Simson L. Garfinkel Leaking Sensitive Information in Complex
Document Files--and How to Prevent It 20--27
Deanna D. Caputo and
Shari Lawrence Pfleeger and
Jesse D. Freeman and
M. Eric Johnson Going Spear Phishing: Exploring Embedded
Training and Awareness . . . . . . . . . 28--38
M. Angela Sasse and
Charles C. Palmer and
Markus Jakobsson and
Sunny Consolvo and
Rick Wash and
L. Jean Camp Helping You Protect You . . . . . . . . 39--42
Ying-Dar Lin and
Chia-Yin Lee and
Hao-Chuan Tsai Redefining Security Criteria for
Networking Devices with Case Studies . . 43--53
Moti Geva and
Amir Herzberg and
Yehoshua Gev Bandwidth Distributed Denial of Service:
Attacks and Defenses . . . . . . . . . . 54--61
Susan Landau Highlights from Making Sense of Snowden,
Part II: What's Significant in the NSA
Revelations . . . . . . . . . . . . . . 62--64
George Candea The Tests-versus-Proofs Conundrum . . . 65--68
Prabir Bhattacharya and
Li Yang and
Minzhe Guo and
Kai Qian and
Ming Yang Learning Mobile Security with Labware 69--72
Paul Ohm Should Sniffing Wi-Fi Be Illegal? . . . 73--76
David Eckhoff and
Christoph Sommer Driving for Big Data? Privacy Concerns
in Vehicular Networking . . . . . . . . 77--79
Richard Ford and
Marco Carvalho Protecting Me . . . . . . . . . . . . . 80--82
Sergey Bratus and
Trey Darley and
Michael Locasto and
Meredith L. Patterson and
Rebecca ``bx'' Shapiro and
Anna Shubina Beyond Planted Bugs in `Trusting Trust':
The Input-Processing Frontier . . . . . 83--87
Daniel E. Geer Last Word: Polarization . . . . . . . . 88
Anonymous Subscribe to \booktitleIEEE Security &
Privacy [House Advertisement] . . . . . c3
Anonymous Front Cover . . . . . . . . . . . . . . c1
Anonymous Magazine Subscribe [House Advertisement] c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Taking Action to Build Trust in Security 3--4
Anonymous Masthead . . . . . . . . . . . . . . . . 5
Anonymous Membership Matters [House Advertisement] 6
Gary McGraw Silver Bullet Talks with Matthew Green 7--10
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 11--13
Luanne Goldrich and
Carl E. Landwehr Moving Target [Guest Editors'
introduction] . . . . . . . . . . . . . 14--15
Hamed Okhravi and
Thomas Hobson and
David Bigelow and
William Streilein Finding Focus in the Blur of
Moving-Target Techniques . . . . . . . . 16--26
Anonymous Jobs Board [House Advertisement] . . . . 27
Glenn A. Fink and
Jereme N. Haack and
A. David McKinnon and
Errin W. Fulp Defense on the Move: Ant-Based Cyber
Defense . . . . . . . . . . . . . . . . 36--43
Cherita Corbett and
Jason Uher and
Jarriel Cook and
Angela Dalton Countering Intelligent Jamming with Full
Protocol Stack Agility . . . . . . . . . 44--50
Fernand Lone Sang and
Vincent Nicomette and
Yves Deswarte A Tool to Analyze Potential I/O Attacks
against PCs . . . . . . . . . . . . . . 60--66
William H. Sanders Quantitative Security Metrics:
Unattainable Holy Grail or a Vital
Breakthrough within Our Reach? . . . . . 67--69
Diana Maimut and
Reza Reyhanitabar Authenticated Encryption: Toward
Next-Generation Algorithms . . . . . . . 70--72
Marco Carvalho and
Richard Ford Moving-Target Defenses for Computer
Networks . . . . . . . . . . . . . . . . 73--76
Michael Lesk Caller ID: Whose Privacy? . . . . . . . 77--79
Emiliano De Cristofaro Genomic Privacy and the Rise of a New
Research Community . . . . . . . . . . . 80--83
Bruce Schneier Metadata $=$ Surveillance . . . . . . . 84
Anonymous Software Experts Summit [House
Advertisement] . . . . . . . . . . . . . c3
Anonymous Rock Stars of Mobile Cloud [House
Advertisement] . . . . . . . . . . . . . c4
Anonymous Focus on Your Job Search [House
Advertisement] . . . . . . . . . . . . . c2--c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Jeremy Epstein Phishing Our Employees . . . . . . . . . 3--4
Anonymous [Masthead] . . . . . . . . . . . . . . . 5
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 6--8
Gary McGraw Silver Bullet Talks with Yoshi Kohno . . 9--12
Terry Benzel A Symposium, a Magazine, and a Community
[Guest editorial] . . . . . . . . . . . 13--14
Peter G. Neumann and
Sean Peisert and
Marvin Schaefer The IEEE Symposium on Security and
Privacy, in Retrospect . . . . . . . . . 15--17
George Cybenko and
Kathy Clark-Fisher IEEE Security & Privacy: The Early Years 18--19
Michael Z. Lee and
Alan M. Dunn and
Jonathan Katz and
Brent Waters and
Emmett Witchel Anon-Pass: Practical Anonymous
Subscriptions . . . . . . . . . . . . . 20--27
Nick Nikiforakis and
Alexandros Kapravelos and
Wouter Joosen and
Christopher Kruegel and
Frank Piessens and
Giovanni Vigna On the Workings and Current Practices of
Web-Based Device Fingerprinting . . . . 28--36
Joel Reardon and
David Basin and
Srdjan Capkun On Secure Data Deletion . . . . . . . . 37--44
Laszlo Szekeres and
Mathias Payer and
Lenx Tao Wei and
R. Sekar Eternal War in Memory . . . . . . . . . 45--53
Arthur Gervais and
Ghassan O. Karame and
Vedran Capkun and
Srdjan Capkun Is Bitcoin a Decentralized Currency? . . 54--60
Deirdre K. Mulligan The Enduring Importance of Transparency 61--65
Susan Landau Educating Engineers: Teaching Privacy in
a World of Open Doors . . . . . . . . . 66--70
Anna Slomovic Privacy Issues in Identity Verification 71--73
Milan Broz and
Vashek Matyas The TrueCrypt On-Disk Format --- An
Independent View . . . . . . . . . . . . 74--77
Michael Lesk Does the Cloud of Surveillance Have a
Silver Lining? . . . . . . . . . . . . . 78--81
Chris Bonebrake and
Lori Ross O'Neil Attacks on GPS Time Reliability . . . . 82--84
Martin Ortlieb The Anthropologist's View on Privacy . . 85--87
Steven M. Bellovin Dr. Strangecode . . . . . . . . . . . . 88
Anonymous IEEE Security & Privacy [Advertisement] c3
Anonymous Rock Stars of Cybersecurity [House
Advertisement] . . . . . . . . . . . . . c4
Anonymous Table of contents . . . . . . . . . . . 1--2
Susan Landau Security and Privacy: Facing Ethical
Choices . . . . . . . . . . . . . . . . 3--6
Anonymous [Masthead] . . . . . . . . . . . . . . . 7--7
Lee Garber Security, Privacy, Policy, and
Dependability Roundup . . . . . . . . . 8--10
Gary McGraw Silver Bullet Talks with Nate Fick . . . 11--13
Michael Kerr and
Ron van Schyndel Adapting Law Enforcement Frameworks to
Address the Ethical Problems of CCTV
Product Propagation . . . . . . . . . . 14--21
Simson L. Garfinkel and
Michael McCarrin Can We Sniff Wi-Fi?: Implications of
Joffe v. Google . . . . . . . . . . . . 22--28
Jan-Erik Ekberg and
Kari Kostiainen and
N. Asokan The Untapped Potential of Trusted
Execution Environments on Mobile Devices 29--37
Nir Kshetri China's Data Privacy Regulations: A
Tricky Tradeoff between ICT's Productive
Utilization and Cybercontrol . . . . . . 38--45
Daniel E. Geer and
Poul-Henning Kamp Inviting More Heartbleed . . . . . . . . 46--50
Robert Gellman Willis Ware's Lasting Contribution to
Privacy: Fair Information Practices . . 51--54
Rebecca Balebako and
Lorrie Cranor Improving App Privacy: Nudging App
Developers to Protect User Privacy . . . 55--58
Ari Juels and
Thomas Ristenpart Honey Encryption: Encryption beyond the
Brute-Force Barrier . . . . . . . . . . 59--62
Marco Carvalho and
Jared DeMott and
Richard Ford and
David A. Wheeler Heartbleed 101 . . . . . . . . . . . . . 63--67
Patrick McDaniel and
Brian Rivera and
Ananthram Swami Toward a Science of Secure Environments 68--70
Michael Lesk Staffing for Security: Don't Optimize 71--73
Shari Lawrence Pfleeger The Eyes Have It: Surveillance and How
It Evolved . . . . . . . . . . . . . . . 74--79
Steven M. Bellovin By Any Means Possible: How Intelligence
Agencies Have Gotten Their Data . . . . 80--84
John DeLong Aligning the Compasses: A Journey
through Compliance and Technology . . . 85--89
Daniel E. Geer Personal Data and Government
Surveillance . . . . . . . . . . . . . . 90--96
Anonymous [Front cover] . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy [Advertisement] c3--c3
Anonymous Rock Stars of Cybersecurity
[Advertisement] . . . . . . . . . . . . c4--c4
Anonymous Seeking IEEE Security & Security Editor
in Chief . . . . . . . . . . . . . . . . c2--c2
Anonymous Table of contents . . . . . . . . . . . 1--2
Shari Lawrence Pfleeger Expanding to Meet Readers' Needs . . . . 3--4
Anonymous [Masthead] . . . . . . . . . . . . . . . 5--5
Gary McGraw Silver Bullet Talks with Bart Miller . . 6--8
Sean Peisert and
Jonathan Margulies and
David M. Nicol and
Himanshu Khurana and
Chris Sawall Designed-in Security for Cyber-Physical
Systems . . . . . . . . . . . . . . . . 9--12
Bill Horne On Computer Security Incident Response
Teams . . . . . . . . . . . . . . . . . 13--15
Robin Ruefle and
Audrey Dorofee and
David Mundie and
Allen D. Householder and
Michael Murray and
Samuel J. Perl Computer Security Incident Response Team
Development and Evolution . . . . . . . 16--26
Kas Clark and
Don Stikvoort and
Eelco Stofbergen and
Elly van den Heuvel A Dutch Approach to Cybersecurity
through Participation . . . . . . . . . 27--34
Sandeep Bhatt and
Pratyusa K. Manadhata and
Loai Zomlot The Operational Role of Security
Information and Event Management Systems 35--41
Panos Kampanakis Security Automation and Threat
Information-Sharing Options . . . . . . 42--51
Sathya Chandran Sundaramurthy and
John McHugh and
Xinming Simon Ou and
S. Raj Rajagopalan and
Michael Wesch An Anthropological Approach to Studying
CSIRTs . . . . . . . . . . . . . . . . . 52--60
Tiffani R. Chen and
Daniel B. Shore and
Stephen J. Zaccaro and
Reeshad S. Dalal and
Lois E. Tetrick and
Aiva K. Gorab An Organizational Psychology Perspective
to Examining Computer Security Incident
Response Teams . . . . . . . . . . . . . 61--67
Yossi Gilad and
Amir Herzberg and
Haya Shulman Off-Path Hacking: The Illusion of
Challenge--Response Authentication . . . 68--77
Katrine Evans Where in the World Is My Information?:
Giving People Access to Their Data . . . 78--81
Cuong Pham and
Zachary J. Estrada and
Phuong Cao and
Zbigniew Kalbarczyk and
Ravishankar K. Iyer Building Reliable and Secure Virtual
Machines Using Architectural Invariants 82--85
Jeffrey MacKie-Mason Can We Afford Privacy from Surveillance? 86--89
Aaron Beuhring and
Kyle Salous Beyond Blacklisting: Cyberdefense in the
Era of Advanced Persistent Threats . . . 90--93
Anonymous Intelect [Advertisement] . . . . . . . . 94--94
Bruce Schneier The Future of Incident Response . . . . 96--96
Anonymous Co3 Systems Advertisement . . . . . . . c2--c2
Anonymous IEEE Security & Privacy [Advertisement] c3--c3
Anonymous Rock Stars of Big Data Analytics
[Advertisement] . . . . . . . . . . . . c4--c4
Anonymous Table of contents . . . . . . . . . . . 1--2
Shari Lawrence Pfleeger Technology, Transparency, and Trust . . 3--5
Anonymous [Masthead] . . . . . . . . . . . . . . . 6--6
Anonymous Reviewer Thanks . . . . . . . . . . . . 7--8
Gary McGraw Silver Bullet Talks with the IEEE Center
for Secure Design . . . . . . . . . . . 9--12
Sean Peisert and
Jonathan Margulies Closing the Gap on Securing Energy
Sector Control Systems [Guest Editors'
introduction] . . . . . . . . . . . . . 13--14
Carlos Barreto and
Jairo Giraldo and
Alvaro A. Cardenas and
Eduardo Mojica-Nava and
Nicanor Quijano Control Systems for the Power Grid and
Their Resiliency to Attacks . . . . . . 15--23
Moses Schwartz and
John Mulder and
Adrian R. Chavez and
Benjamin A. Allan Emerging Techniques for Field Device
Security . . . . . . . . . . . . . . . . 24--31
Chuck McParland and
Sean Peisert and
Anna Scaglione Monitoring Security of Networked Control
Systems: It's the Physics . . . . . . . 32--39
Saman Zonouz and
Julian Rrushi and
Stephen McLaughlin Detecting Industrial Control Malware
Using Automated PLC Code Analytics . . . 40--47
Ryan Ellis Regulating Cybersecurity: Institutional
Learning or a Lesson in Futility? . . . 48--54
Sean Peisert and
Jonathan Margulies and
Eric Byres and
Paul Dorey and
Dale Peterson and
Zach Tudor Control Systems Security from the Front
Lines . . . . . . . . . . . . . . . . . 55--58
Francien Dechesne and
Dina Hadziosmanovic and
Wolter Pieters Experimenting with Incentives: Security
in Pilots for Future Grids . . . . . . . 59--66
Anonymous IEEE Computer Society [Advertisement] 67--67
Jungwoo Ryoo and
Syed Rizvi and
William Aiken and
John Kissell Cloud Security Auditing: Challenges and
Emerging Approaches . . . . . . . . . . 68--74
Frank Kargl and
Rens W. van der Heijden and
Hartmut Konig and
Alfonso Valdes and
Marc C. Dacier Insights on the Security and
Dependability of Industrial Control
Systems . . . . . . . . . . . . . . . . 75--78
Melissa Dark Advancing Cybersecurity Education . . . 79--83
Wendy M. Grossman ``Emergency'' Ushers in a New Era in
British Communications Surveillance . . 84--88
Lorrie Faith Cranor and
Norbou Buchler Better Together: Usability and Security
Go Hand in Hand . . . . . . . . . . . . 89--93
Michael Lesk Trust, but Verify . . . . . . . . . . . 94--96
Todd Bauer and
Jason Hamlet Physical Unclonable Functions: A Primer 97--101
Benjamin Edelman Accountable? The Problems and Solutions
of Online Ad Optimization . . . . . . . 102--107
Steven M. Bellovin What Should Crypto Look Like? . . . . . 108--108
Anonymous [Advertisement] . . . . . . . . . . . . c4--c4
Anonymous [Front cover] . . . . . . . . . . . . . c1--c1
Anonymous Focus on Your Job Search [Advertisement] c2--c2
Anonymous IEEE Security & Privacy [Advertisement] c3--c3
Bill Horne Umbrellas and Octopuses . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6--6
Gary McGraw Silver Bullet Talks with Brian Krebs . . 7--11
Hilarie Orman and
Charles P. Pfleeger Mathematics and Physics Build a New
Future for Secure Communication [Guest
Editors' introduction] . . . . . . . . . 12--13
Wade Trappe and
Richard Howard and
Robert S. Moore Low-Energy Security: Limits and
Opportunities in the Internet of Things 14--21
David W. Archer and
Kurt Rohloff Computing with Data Privacy: Steps
toward Realization . . . . . . . . . . . 22--29
Logan O. Mailloux and
Michael R. Grimaila and
Douglas D. Hodson and
Gerald Baumgartner and
Colin McLaughlin Performance Evaluations of Quantum Key
Distribution System Architectures . . . 30--40
Ioana Boureanu and
Serge Vaudenay Challenges in Distance Bounding . . . . 41--48
Mark Maybury Toward the Assured Cyberspace Advantage:
Air Force Cyber Vision 2025 . . . . . . 49--56
Ricardo Padilha and
Fernando Pedone Confidentiality in the Cloud . . . . . . 57--60
Melissa Dark Thinking about Cybersecurity . . . . . . 61--65
Emil Simion The Relevance of Statistical Tests in
Cryptography . . . . . . . . . . . . . . 66--70
Budi Arief and
Mohd Azeem Bin Adzmi and
Thomas Gross Understanding Cybercrime from Its
Stakeholders' Perspectives: Part 1 ---
Attackers . . . . . . . . . . . . . . . 71--76
Rahul Telang Policy Framework for Data Breaches . . . 77--79
Daniel E. Geer, Jr. Less Is More: Saving the Internet from
Itself . . . . . . . . . . . . . . . . . 80--80
Anonymous 3rd Annual Best Scientific Cybersecurity
Paper Competition [House Advertisement] c4--c4
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Mark Your Calendars [House
Advertisement] . . . . . . . . . . . . . c2--c2
Anonymous Startup Rock Stars [House Advertisement] c3--c3
Jeremy Epstein The Whole Is Less than the Sum of the
Parts . . . . . . . . . . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6--6
Gary McGraw Silver Bullet Talks with Whitfield
Diffie . . . . . . . . . . . . . . . . . 7--10
Anonymous 39th Annual International Computers,
Software & Applications Conference House
Advertisement . . . . . . . . . . . . . 11--11
Terry Benzel An Enduring Symposium for Leading
Research in Security and Privacy . . . . 12--13
Sai Teja Peddinti and
Aleksandra Korolova and
Elie Bursztein and
Geetanjali Sampemane Understanding Sensitivity by Analyzing
Anonymity [Guest Editor's introduction] 14--21
Susan Hohenberger and
Steven Myers and
Rafael Pass and
Abhi Shelat An Overview of ANONIZE: A Large-Scale
Anonymous Survey System . . . . . . . . 22--29
Per Larsen and
Stefan Brunthaler and
Michael Franz Automatic Software Diversity . . . . . . 30--37
Zongwei Zhou and
Miao Yu and
Virgil D. Gligor Dancing with Giants: Wimpy Kernels for
On-Demand I/O Isolation . . . . . . . . 38--46
Anonymous Focus on Your Job Search House
Advertisement . . . . . . . . . . . . . 47--47
Bhushan Jain and
Mirza Basim Baig and
Dongli Zhang and
Donald E. Porter and
Radu Sion Introspections on the Semantic Gap . . . 48--55
Mike Bond and
Marios O. Choudary and
Steven J. Murdoch and
Sergei Skorobogatov and
Ross Anderson Be Prepared: The EMV Preplay Attack . . 56--64
Vincent Lenders and
Axel Tanner and
Albert Blarer Gaining an Edge in Cyberspace with
Advanced Situational Awareness . . . . . 65--74
Melissa Dark and
Jelena Mirkovic Evaluation Theory and Practice Applied
to Cybersecurity Education . . . . . . . 75--80
Graham Steel Automated Proof and Flaw-Finding Tools
in Cryptography . . . . . . . . . . . . 81--83
Budi Arief and
Mohd Azeem Bin Adzmi Understanding Cybercrime from Its
Stakeholders' Perspectives: Part 2 ---
Defenders and Victims . . . . . . . . . 84--88
Wojciech Mazurczyk and
Luca Caviglione Information Hiding as a Challenge for
Malware Detection . . . . . . . . . . . 89--93
Sean W. Smith and
John S. Erickson Never Mind Pearl Harbor --- What about a
Cyber Love Canal? . . . . . . . . . . . 94--98
Michael Lesk Safety Risks --- Human Error or
Mechanical Failure?: Lessons from
Railways . . . . . . . . . . . . . . . . 99--102
Frederik Zuiderveen Borgesius Informed Consent: We Can Do Better to
Defend Privacy . . . . . . . . . . . . . 103--107
Bruce Schneier The Security Value of Muddling Through 108--108
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Get More, for Less! House Advertisement c4--c4
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c3--c3
Anonymous Rock Stars of Cyber Security
[Advertisement] . . . . . . . . . . . . c2--c2
Susan Landau What Was Samsung Thinking? . . . . . . . 3--4
Gary McGraw Silver Bullet Talks with L. Jean Camp 5--7
Anonymous Masthead . . . . . . . . . . . . . . . . 8--8
Kleanthis Dellios and
Dimitrios Papanikas and
Despina Polemi Information Security Compliance over
Intelligent Transport Systems: Is IT
Possible? . . . . . . . . . . . . . . . 9--15
Nir Kshetri India's Cybersecurity Landscape: The
Roles of the Private Sector and
Public-Private Partnership . . . . . . . 16--23
David Basin and
Cas Cremers and
Kunihiko Miyazaki and
Sasa Radomirovic and
Dai Watanabe Improving the Security of Cryptographic
Protocol Standards . . . . . . . . . . . 24--31
Patricia Arias-Cabarcos and
Florina Almenarez and
Ruben Trapero and
Daniel Diaz-Sanchez and
Andres Marin Blended Identity: Pervasive IdM for
Continuous Authentication . . . . . . . 32--39
Hamilton Turner and
Jules White and
Jaime A. Camelio and
Christopher Williams and
Brandon Amos and
Robert Parker Bad Parts: Are Our Manufacturing Systems
at Risk of Silent Cyberattacks? . . . . 40--47
Kjell Jorgen Hole Diversity Reduces the Impact of Malware 48--54
Jeremy Epstein Weakness in Depth: A Voting Machine's
Demise . . . . . . . . . . . . . . . . . 55--58
Peter Y. A. Ryan and
Steve Schneider and
Vanessa Teague End-to-End Verifiability in Voting
Systems, from Theory to Practice . . . . 59--62
Jelena Mirkovic and
Melissa Dark and
Wenliang Du and
Giovanni Vigna and
Tamara Denning Evaluating Cybersecurity Education
Interventions: Three Case Studies . . . 63--69
Liam M. Mayron Biometric Authentication on Mobile
Devices . . . . . . . . . . . . . . . . 70--73
J. Adam Crain and
Sergey Bratus Bolt-On Security Extensions for
Industrial Control System Protocols: A
Case Study of DNP3 SAv5 . . . . . . . . 74--79
Angela Sasse Scaring and Bullying People into
Security Won't Work . . . . . . . . . . 80--83
Jonathan Margulies A Developer's Guide to Audit Logging . . 84--86
Anonymous Focus on Your Job Search House
Advertisement . . . . . . . . . . . . . 87--87
Kat Krol and
Soren Preibusch Effortless Privacy Negotiations . . . . 88--91
Steven M. Bellovin What a Real Cybersecurity Bill Should
Address . . . . . . . . . . . . . . . . 92--92
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Get more, for less! House Advertisement c4--c4
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c3--c3
Anonymous Rock Stars of Cybersecurity House
Advertisement . . . . . . . . . . . . . c2--c2
Terry Benzel A Strategic Plan for Cybersecurity
Research and Development . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6--6
Gary McGraw Silver Bullet Talks with Katie
Moussouris . . . . . . . . . . . . . . . 7--9
Shari Lawrence Pfleeger Learning from Other Disciplines . . . . 10--11
Denise Anthony and
Timothy Stablein and
Emily K. Carian Big Brother in the Information Age:
Concerns about Government Information
Gathering over Time . . . . . . . . . . 12--19
Julie Steinke and
Balca Bolunmez and
Laura Fletcher and
Vicki Wang and
Alan J. Tomassetti and
Kristin M. Repchick and
Stephen J. Zaccaro and
Reeshad S. Dalal and
Lois E. Tetrick Improving Cybersecurity Incident
Response Team Effectiveness Using
Teams-Based Research . . . . . . . . . . 20--29
Bilal Al Sabbagh and
Stewart Kowalski A Socio-technical Framework for Threat
Modeling a Software Supply Chain . . . . 30--39
Kjell Jorgen Hole Toward Anti-fragility: A Malware-Halting
Technique . . . . . . . . . . . . . . . 40--46
Christos Dimitrakakis and
Aikaterini Mitrokotsa Distance-Bounding Protocols: Are You
Close Enough? . . . . . . . . . . . . . 47--51
David Gugelmann and
Pascal Studerus and
Vincent Lenders and
Bernhard Ager Can Content-Based Data Loss Prevention
Solutions Prevent Data Leakage in Web
Traffic? . . . . . . . . . . . . . . . . 52--59
Rohit Tyagi and
Tuhin Paul and
B. S. Manoj and
B. Thanudas Packet Inspection for Unauthorized OS
Detection in Enterprises . . . . . . . . 60--65
Jared DeMott Bypassing EMET 4.1 . . . . . . . . . . . 66--72
John Knight The Importance of Security Cases: Proof
Is Good, But Not Enough . . . . . . . . 73--75
Michael Lesk Ideas Ahead of Their Time: Digital Time
Stamping . . . . . . . . . . . . . . . . 76--79
Jonathan Margulies Garage Door Openers: An Internet of
Things Case Study . . . . . . . . . . . 80--83
Monica T. Whitty Mass-Marketing Fraud: A Growing Concern 84--87
Daniel E. Geer The Right to Be Unobserved . . . . . . . 88--88
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Computer Society House
Advertisement . . . . . . . . . . . . . c3--c3
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c4--c4
Anonymous 2016 Richard E. Merwin Distinguished
Service Award House Advertisement . . . c2--c2
Robin E. Bloomfield Autonomy, Robotics, and Dependability 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6--6
Anonymous Focus on Your Job Search House
Advertisement . . . . . . . . . . . . . 7--7
Gary McGraw Silver Bullet Talks with Bart Preneel 8--10
Anonymous 2016 Richard E. Merwin Distinguished
Service Award House Advertisement . . . 11--11
Massimo Felici and
Nick Wainwright and
Fabio Bisogni and
Simona Cavallini What's New in the Economics of
Cybersecurity?: Observational and
Empirical Studies . . . . . . . . . . . 12--15
Hadi Asghari and
Michel J. G. van Eeten and
Johannes M. Bauer Economics of Fighting Botnets: Lessons
from a Decade of Mitigation . . . . . . 16--23
Soren Preibusch The Value of Web Search Privacy . . . . 24--32
Anonymous IEEE Computer Society 2015 Call for
Major Award Nominations House
Advertisement . . . . . . . . . . . . . 33--33
Tristan Caulfield and
David Pym Improving Security Policy Decisions with
Models . . . . . . . . . . . . . . . . . 34--41
Clementina Bruno and
Luca Guidi and
Azahara Lorite-Espejo and
Daniela Pestonesi Assessing a Potential Cyberattack on the
Italian Electric System . . . . . . . . 42--51
Martina De Gramatica and
Fabio Massacci and
Woohyun Shim and
Alessandra Tedeschi and
Julian Williams IT Interdependence and the Economic
Fairness of Cybersecurity Regulations
for Civil Aviation . . . . . . . . . . . 52--61
Anonymous Call for Standards Award Nominations
House Advertisement . . . . . . . . . . 62--62
Zahid Akhtar and
Christian Micheloni and
Gian Luca Foresti Biometric Liveness Detection: Challenges
and Research Opportunities . . . . . . . 63--72
Anonymous Call for Nominees House Advertisement 73--73
Masooda Bashir and
April Lambert and
Boyi Guo and
Nasir Memon and
Tzipora Halevi Cybersecurity Competitions: The Human
Angle . . . . . . . . . . . . . . . . . 74--79
Katrine Evans Vidal--Hall and Risk Management for
Privacy Breaches . . . . . . . . . . . . 80--84
Anonymous Software Experts Summit House
Advertisement . . . . . . . . . . . . . 85--85
Gilles Barthe High-Assurance Cryptography:
Cryptographic Software We Can Trust . . 86--89
Juhee Kwon and
M. Eric Johnson Protecting Patient Data --- The Economic
Perspective of Healthcare Security . . . 90--95
Jonathan Margulies Securing Cloud-Based Applications, Part
1 . . . . . . . . . . . . . . . . . . . 96--98
David Modic and
Ross Anderson It's All Over but the Crying: The
Emotional and Financial Impact of
Internet Fraud . . . . . . . . . . . . . 99--103
Daniel E. Geer Children of the Magenta . . . . . . . . 104--104
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c4--c4
Anonymous Keep Your Career Moving Forward House
Advertisement . . . . . . . . . . . . . c3--c3
Anonymous Rock Stars of Cybersecurity House
Advertisement . . . . . . . . . . . . . c2--c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
S. L. Pfleeger Spider-Man, Hubris, and the Future of
Security and Privacy . . . . . . . . . . 3--10
Anonymous Masthead . . . . . . . . . . . . . . . . 11
Gary McGraw Silver Bullet Talks with Steven M.
Bellovin and Matthew Green . . . . . . . 12--15
Shari Lawrence Pfleeger Lessons Learned by Our Editorial Board 16--17
R. Oppliger Quantitative Risk Analysis in
Information Security Management: A
Modern Fairy Tale . . . . . . . . . . . 18--21
C. P. Pfleeger Lesson Learned: Security is Inevitable 22--28
Anonymous Get the Recognition You Deserve House
Advertisement . . . . . . . . . . . . . 29
V. Bellandi and
S. Cimato and
E. Damiani and
G. Gianini and
A. Zilli Toward Economic-Aware Risk Assessment on
the Cloud . . . . . . . . . . . . . . . 30--37
P. H. Meland and
I. A. Tondel and
B. Solhaug Mitigating Risk with Cyberinsurance . . 38--43
A. D. Avgerou and
Y. C. Stamatiou Privacy Awareness Diffusion in Social
Networks . . . . . . . . . . . . . . . . 44--50
Anonymous Call for Papers House Advertisement . . 51
Jungwoo Ryoo and
R. Kazman and
P. Anand Architectural Analysis for Security . . 52--59
R. Verma and
M. Kantarcioglu and
D. Marchette and
E. Leiss and
T. Solorio Security Analytics: Essential Data
Analytics Knowledge for Cybersecurity
Professionals and Students . . . . . . . 60--65
J. Kosseff A New Legal Framework for Online
Anonymity: California's Privacy-Based
Approach . . . . . . . . . . . . . . . . 66--70
Anonymous Watch the World's Leading Experts Take
Multi-Core Strategies to New Heights
House Advertisement . . . . . . . . . . 71
Jia Song and
J. Alves-Foss The DARPA Cyber Grand Challenge: A
Competitor's Perspective . . . . . . . . 72--76
A. M. Memon and
A. Anwar Colluding Apps: Tomorrow's Mobile
Malware Threat . . . . . . . . . . . . . 77--81
H. Thimbleby and
R. Koppel The Healthtech Declaration . . . . . . . 82--84
M. Lesk License Creep . . . . . . . . . . . . . 85--88
A. A. Adams Possessing Mobile Devices . . . . . . . 89--95
Steven M. Bellovin The Key to the Key . . . . . . . . . . . 96
Anonymous Front Cover . . . . . . . . . . . . . . c1
Anonymous Focus on Your Job Search House
Advertisement . . . . . . . . . . . . . c3
Anonymous IEEE Computer Society: Be at the Center
of It All House Advertisement . . . . . c2
Anonymous Sponsor . . . . . . . . . . . . . . . . ??
Editor-in-Chief IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c4
Anonymous Table of Contents . . . . . . . . . . . 1--2
Ahmad-Reza Sadeghi Games without Frontiers: Whither
Information Security and Privacy? . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6--6
Gary McGraw Silver Bullet Talks with Peiter (Mudge)
Zatko . . . . . . . . . . . . . . . . . 7--10
Shari Lawrence Pfleeger Software Everywhere [Guest editors'
introduction] . . . . . . . . . . . . . 11--11
Eugene K. Ressler Mettle Fatigue: VW's
Single-Point-of-Failure Ethics . . . . . 12--30
Charles P. Pfleeger Looking into Software Transparency . . . 31--36
Richard Kuhn Learning Internet-of-Things Security
``Hands-On'' . . . . . . . . . . . . . . 37--46
Jeffrey H. Reed A communications jamming taxonomy . . . 47--54
Noboru Babaguchi Evaluating Protection Capability for
Visual Privacy Information . . . . . . . 55--61
Anonymous Special Issue on Real-World Cryptography
Call for Papers House Advertisement . . 62
David Naccache Fully Homomorphic Encryption:
Computations with a Blindfold . . . . . 63--67
Herbert Bos Binary Rejuvenation: Applications and
Challenges . . . . . . . . . . . . . . . 68--71
Laura Amo Addressing Gender Gaps in Teens'
Cybersecurity Engagement and
Self-Efficacy . . . . . . . . . . . . . 72--75
Jim Alves-Foss The DARPA Cyber Grand Challenge: A
Competitor's Perspective, Part 2 . . . . 76--81
Julian Williams Action, Inaction, Trust, and
Cybersecurity's Common Property Problem 82--86
Bruce Schneier Cryptography Is Harder than It Looks . . 87--88
Anonymous 4th Annual Best Scientific Cybersecurity
Paper Competition . . . . . . . . . . . c4--c4
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Computer Society: Be at the Center
of It All House Advertisement . . . . . c3--c3
Anonymous IEEE Security & Privacy Qmags
Subscription House Advertisement . . . . c2--c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Jeremy Epstein Reflections of an NSF Program Officer 3--6
Anonymous Masthead . . . . . . . . . . . . . . . . 7--7
Gary McGraw Silver Bullet Talks with Jamie Butler 8--10
Anonymous Call for nominees . . . . . . . . . . . 11--11
Terry Benzel The IEEE Security and Privacy Symposium
Workshops . . . . . . . . . . . . . . . 12--14
Griffin Boyce Bake in .onion for Tear-Free and
Stronger Website Authentication . . . . 15--21
Dan Boneh Stickler: Defending against Malicious
Content Distribution Networks in an
Unmodified Browser . . . . . . . . . . . 22--28
Anonymous Rock Stars of Risk-Based Security House
Advertisement . . . . . . . . . . . . . 29
Anton Puzanov Analysis and Mitigation of NoSQL
Injections . . . . . . . . . . . . . . . 30--39
Jose M. del Alamo Privacy Engineering: Shaping an Emerging
Field of Research and Practice . . . . . 40--46
Anonymous IEEE Computer Society 2016 Call for
Major Award Nominations House
Advertisement . . . . . . . . . . . . . 47--47
Falko Dressler Cleaning up Web 2.0's Security Mess ---
at Least Partly . . . . . . . . . . . . 48--57
Chris Jay Hoofnagle Assessing the Federal Trade Commission's
Privacy Assessments . . . . . . . . . . 58--64
Anonymous Call for Papers Special Issue on Genome
Privacy and Security House Advertisement 65--65
Ali Sunyaev Dynamic Certification of Cloud Services:
Trust, but Verify! . . . . . . . . . . . 66--71
Anonymous IEEE Computer Society Richard E. Merwin
Student Leadership Scholarship House
Advertisement . . . . . . . . . . . . . 72--72
Sarah Zatko Rethinking the Role of Security in
Undergraduate Education . . . . . . . . 73--78
John Scott-Railton Security for the High-Risk User:
Separate and Unequal . . . . . . . . . . 79--87
Daniel E. Geer Provenance . . . . . . . . . . . . . . . 88--88
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Got flaws? House Advertisement . . . . . c2--c2
Anonymous IEEE Computer Society: Be at the Center
of It All House Advertisement . . . . . c3--c3
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c4--c4
Anonymous Table of Contents . . . . . . . . . . . 1--2
Bill Horne Trust Me. Trust Me Not . . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6--6
Gary McGraw Silver Bullet Talks with Jacob West . . 7--10
Fabio Bisogni What's New in the Economics of
Cybersecurity? . . . . . . . . . . . . . 11--13
Ruud Verbij The Navigation Metaphor in Security
Economics . . . . . . . . . . . . . . . 14--21
Stephane Grumbach Chasing Data in the Intermediation Era:
Economy and Security at Stake . . . . . 22--31
Hongxin Hu Mules, Seals, and Attacking Tools:
Analyzing 12 Online Marketplaces . . . . 32--43
Panayotis A. Yannakogeorgos Designing Cybersecurity into Defense
Systems: An Information Economics
Approach . . . . . . . . . . . . . . . . 44--51
Julian Williams Economic Impacts of Rules- versus
Risk-Based Cybersecurity Regulations for
Critical Infrastructure Providers . . . 52--60
Michael Waidner HbbTV Security and Privacy: Issues and
Challenges . . . . . . . . . . . . . . . 61--67
Z. Berkay Celik Machine Learning in Adversarial Settings 68--72
Neeraj Suri Quantifiably Trusting the Cloud: Putting
Metrics to Work . . . . . . . . . . . . 73--77
Darren Lawrence Security Dialogues: Building Better
Relationships between Security and
Business . . . . . . . . . . . . . . . . 82--87
Steven M. Bellovin Attack Surfaces . . . . . . . . . . . . 88--88
Anonymous Call for Papers Special Issue on
Electronic Voting House Advertisement c3--c3
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Got flaws? House Advertisement . . . . . c2--c2
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c4--c4
Anonymous Table of Contents . . . . . . . . . . . 1--2
Terry Benzel The Growth of a Conference, a Community,
and an Industry . . . . . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Gary McGraw Silver Bullet Talks with Martin Hellman 7--11
Qing-Yun Li and
Lei Zhang The Public Security and Personal Privacy
Survey: Biometric Technology in Hong
Kong . . . . . . . . . . . . . . . . . . 12--21
Jussi Laakkonen and
Janne Parkkila and
Pekka Jappinen and
Jouni Ikonen and
Ahmed Seffah Incorporating Privacy into Digital Game
Platform Design: The What, Why, and How 22--32
Anonymous IEEE Computer Society: Be at the Center
of It All House Advertisement . . . . . 33
Madhusanka Liyanage and
Ahmed Bux Abro and
Mika Ylianttila and
Andrei Gurtov Opportunities and Challenges of
Software-Defined Mobile Networks in
Network Security . . . . . . . . . . . . 34--44
Anonymous Call for Papers Special Issue on
Electronic Voting . . . . . . . . . . . 45
Aditya K. Sood and
Sherali Zeadally A Taxonomy of Domain-Generation
Algorithms . . . . . . . . . . . . . . . 46--53
Diego A. Ortiz-Yepes A Review of Technical Approaches to
Realizing Near-Field Communication
Mobile Payments . . . . . . . . . . . . 54--62
Anonymous Call for Papers Special Issue on
Postquantum Cryptography . . . . . . . . 63
Craig Burton and
Chris Culnane and
Steve Schneider vVote: Verifiable Electronic Voting in
Practice . . . . . . . . . . . . . . . . 64--73
Baijian Justin Yang and
Brian Kirk Try-CybSI: A Platform for Trying Out
Cybersecurity . . . . . . . . . . . . . 74--75
Logan O. Mailloux and
Michael A. McEvilley and
Stephen Khou and
John M. Pecarina Putting the `Systems' in Security
Engineering: An Examination of NIST
Special Publication 800-160 . . . . . . 76--80
Anonymous IEEE Computer Society 2016 Call for
Major Award Nominations House
Advertisement . . . . . . . . . . . . . 81
Robert Cunningham and
Pamela Gupta and
Ulf Lindqvist and
Stelios Sidiroglou-Douskos and
Michael Hicks IEEE SecDev 2016: Prioritizing Secure
Development . . . . . . . . . . . . . . 82--84
Anonymous Computer Entrepreneur Award House
Advertisement . . . . . . . . . . . . . 85
Anonymous Call for Nominees Education Awards
Nominations House Advertisement . . . . 86
Daniel E. Geer Privacy's Paradigm . . . . . . . . . . . 87--88
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Got flaws? House Advertisement . . . . . c3--c3
Anonymous IEEE Security & Privacy House
Advertisement . . . . . . . . . . . . . c4--c4
Anonymous Rock Stars of Cybersecurity House
Advertisement . . . . . . . . . . . . . c2--c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Susan Landau Is It Legal? Is It Right? The Can and
Should of Use . . . . . . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Marcus Ranum Silver Bullet Talks with Gary McGraw . . 7--10
M. Angela Sasse and
Matthew Smith The Security--Usability Tradeoff Myth
[Guest Editors' introduction] . . . . . 11--13
Mary Theofanos and
Simson Garfinkel and
Yee-Yin Choong Secure and Usable Enterprise
Authentication: Lessons from the Field 14--21
Deanna D. Caputo and
Shari Lawrence Pfleeger and
M. Angela Sasse and
Paul Ammann and
Jeff Offutt and
Lin Deng Barriers to Usable Security? Three
Organizational Case Studies . . . . . . 22--32
M. Angela Sasse and
Matthew Smith and
Cormac Herley and
Heather Lipford and
Kami Vaniea Debunking Security--Usability Tradeoff
Myths . . . . . . . . . . . . . . . . . 33--39
Matthew Green and
Matthew Smith Developers are Not the Enemy!: The Need
for Usable Security APIs . . . . . . . . 40--46
Anonymous Rock Stars of Pervasive, Predictive
Analytics . . . . . . . . . . . . . . . 47
David W. Archer and
Dan Bogdanov and
Benny Pinkas and
Pille Pullonen Maturity and Performance of Programmable
Secure Computation . . . . . . . . . . . 48--56
Anonymous Call for Papers Special Issue on
Postquantum Cryptography . . . . . . . . 57
Ahmad-Reza Sadeghi and
Ghada Dessouky Security & Privacy Week Interviews, Part
1 . . . . . . . . . . . . . . . . . . . 58--67
Rita Heimes Global InfoSec and Breach Standards . . 68--72
Ivo Flammer Genteel Wearables: Bystander-Centered
Design . . . . . . . . . . . . . . . . . 73--79
Hui Xu and
Michael R. Lyu Assessing the Security Properties of
Software Obfuscation . . . . . . . . . . 80--83
Tina Ladabouche and
Steve LaFountain GenCyber: Inspiring the Next Generation
of Cyber Stars . . . . . . . . . . . . . 84--86
Anonymous Got flaws? . . . . . . . . . . . . . . . 87
Marc Beunardeau and
Aisling Connolly and
Remi Geraud and
David Naccache White-Box Cryptography: Security in an
Insecure Environment . . . . . . . . . . 88--92
Jonathan Margulies and
Michael Berg That Certificate You Bought Could Get
You Hacked . . . . . . . . . . . . . . . 93--95
Bruce Schneier Stop Trying to Fix the User . . . . . . 96
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Cybersecurity Development SecDev
2016 . . . . . . . . . . . . . . . . . . c2--c2
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous New Membership Options for A Better Fit c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Gary McGraw Silver Bullet Talks with Jim Manico . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Dan Boneh and
Kenny Paterson and
Nigel P. Smart Building a Community of Real-World
Cryptographers . . . . . . . . . . . . . 7--9
Phillip Rogaway Practice-Oriented Provable Security and
the Social Construction of Cryptography 10--17
Karthikeyan Bhargavan and
Cedric Fournet and
Markulf Kohlweiss miTLS: Verifying Protocol
Implementations against Real-World
Attacks . . . . . . . . . . . . . . . . 18--25
Aaron Tomb Automated Verification of Real-World
Cryptographic Implementations . . . . . 26--33
Neal Koblitz and
Alfred Menezes A Riddle Wrapped in an Enigma . . . . . 34--42
Lucas Dixon and
Thomas Ristenpart and
Thomas Shrimpton Network Traffic Obfuscation and
Automated Internet Censorship . . . . . 43--53
Shay Gueron Memory Encryption for General-Purpose
Processors . . . . . . . . . . . . . . . 54--62
Jingqiang Lin and
Bo Luo and
Le Guan and
Jiwu Jing Secure Computing Using Registers and
Caches: The Problem, Challenges, and
Solutions . . . . . . . . . . . . . . . 63--70
Ahmad-Reza Sadeghi and
Ghada Dessouky Security & Privacy Week Interviews, Part
2 . . . . . . . . . . . . . . . . . . . 71--80
Omer Tene Microsoft v. USA: Location of Data and
the Law of the Horse . . . . . . . . . . 81--85
Christof Fetzer Building Critical Applications Using
Microservices . . . . . . . . . . . . . 86--89
Portia Pusey and
Mark Gondree and
Zachary Peterson The Outcomes of Cybersecurity
Competitions and Implications for
Underrepresented Populations . . . . . . 90--95
Steven M. Bellovin Easy Email Encryption . . . . . . . . . 96--96
Anonymous Can You Invent a Better World through
Technologies? . . . . . . . . . . . . . c4--c4
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous New Membership Options for a Better Fit c2--c2
Anonymous TechIgnite . . . . . . . . . . . . . . . c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Ahmad-Reza Sadeghi Security and Privacy More Crucial than
Ever . . . . . . . . . . . . . . . . . . 3--4
Anonymous Masthead . . . . . . . . . . . . . . . . 5
Anonymous Reviewer Thanks . . . . . . . . . . . . 6--7
Gary McGraw Silver Bullet Talks with Marie Moe . . . 8--11
Jacob Bellatti and
Andrew Brunner and
Joseph Lewis and
Prasad Annadata and
Wisam Eltarjaman and
Rinku Dewri and
Ramakrishna Thurimella Driving Habits Data: Location Privacy
Implications and Solutions . . . . . . . 12--20
Anonymous Call for Papers: Special Issue on
Hacking without Humans . . . . . . . . . 21
Oyindamola Oluwatimi and
Daniele Midi and
Elisa Bertino Overview of Mobile Containerization
Approaches and Open Research Directions 22--31
Pawel Lubomski and
Henryk Krawczyk Practical Evaluation of Internet
Systems' Security Mechanisms . . . . . . 32--40
Anonymous Call for Papers: Special Issue on
Digital Forensics . . . . . . . . . . . 41
Manjur Kolhar and
Mosleh M. Abu-Alhaj and
Saied M. Abd El-atty Cloud Data Auditing Techniques with a
Focus on Privacy and Security . . . . . 42--51
Ezhil Kalaimannan and
Jatinder N. D. Gupta The Security Development Lifecycle in
the Context of Accreditation Policies
and Standards . . . . . . . . . . . . . 52--57
Hossein Homaei and
Hamid Reza Shahriari Seven Years of Software Vulnerabilities:
The Ebb and Flow . . . . . . . . . . . . 58--65
Ahmad-Reza Sadeghi and
Ghada Dessouky Security & Privacy Week Interviews, Part
3 . . . . . . . . . . . . . . . . . . . 66--74
Franziska Roesner Designing Application Permission Models
that Meet User Expectations . . . . . . 75--79
Nir Kshetri An Opinion on the ``Report on Securing
and Growing the Digital Economy'' . . . 80--85
Anonymous Focus on Your Job Search . . . . . . . . 86
Daniel E. Geer and
Richard Danzig Mutual Dependence Demands Mutual Sharing 87--88
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous TechIgnite . . . . . . . . . . . . . . . c2--c2
Anonymous New Membership Options for a Better Fit c3--c3
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous Unwavering Mission Unwavering Commitment
Advertisement . . . . . . . . . . . . . 1
Anonymous Not so Secure House Advertisement . . . 2
Anonymous Table of Contents . . . . . . . . . . . 3--4
Jeremy Epstein Privacy is Context Dependent . . . . . . 5--6
Anonymous Masthead . . . . . . . . . . . . . . . . 7
Gary McGraw Silver Bullet Talks with Lesley Carhart 8--10
Terry Benzel Selected Papers from the 2016 IEEE
Symposium on Security and Privacy . . . 11--13
Anonymous Prepose: Privacy, Security, and
Reliability for Gesture-Based
Programming . . . . . . . . . . . . . . 14--23
Anonymous Security Implications of Permission
Models in Smart-Home Application
Frameworks . . . . . . . . . . . . . . . 24--30
Anonymous Focus on Your Job Search House
Advertisement . . . . . . . . . . . . . 31
Anonymous The Perils of User Tracking Using
Zero-Permission Mobile Apps . . . . . . 32--41
Anonymous Apple ZeroConf Holes: How Hackers Can
Steal iPhone Photos . . . . . . . . . . 42--49
Anonymous How Internet Resources Might Be Helping
You Develop Faster but Less Securely . . 50--60
Anonymous 2017 B. Ramakrishna Rau Award Call for
Nominations House Advertisement . . . . 61
Anonymous The Danger of USB Drives . . . . . . . . 62--69
Anonymous Dawn of the Dead Domain: Measuring the
Exploitation of Residual Trust in
Domains . . . . . . . . . . . . . . . . 70--77
Anonymous Does the Online Card Payment Landscape
Unwittingly Facilitate Fraud? . . . . . 78--86
Anonymous myCS House Advertisement . . . . . . . . 87
Ahmad-Reza Sadeghi and
Shaza Zeitouni ACM CCS 2016 Interviews, Part 1 . . . . 88--91
Anonymous Does Industry Self-Regulation of
Consumer Data Privacy Work? . . . . . . 92--95
Anonymous Security Challenges and Opportunities of
Software-Defined Networking . . . . . . 96--100
Anonymous Call for Nominees Education Awards
Nominations House Advertisement . . . . 101
Anonymous How Businesses Can Speed Up
International Cybercrime Investigation 102--106
Anonymous IEEE Computer Society 2017 Call for
Major Award Nominations House
Advertisement . . . . . . . . . . . . . 107
Bruce Schneier The Internet of Things Will Upend Our
Industry . . . . . . . . . . . . . . . . 108
Anonymous Behind the Scenes at NSA Advertisement c2--c2
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous New Membership Options for A Better Fit.
House Advertisement . . . . . . . . . . c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Ethics in Information Security . . . . . 3--4
Anonymous Masthead . . . . . . . . . . . . . . . . 5
Gary McGraw Silver Bullet Talks with Kate Pearce . . 6--9
Anonymous New Membership Options for A Better Fit 10
Anonymous Achieve your career goals with the fit
that's right for you. . . . . . . . . . 11
Josh Benaloh and
Peter Y. A. Ryan and
Steve Schneider and
Vanessa Teague A Vote of Confidence? . . . . . . . . . 12--13
Aggelos Kiayias and
Thomas Zacharias and
Bingsheng Zhang An Efficient E2E Verifiable E-voting
System without Setup Assumptions . . . . 14--23
Oksana Kulyk and
Stephan Neumann and
Jurlind Budurushi and
Melanie Volkamer Nothing Comes for Free: How Much
Usability Can You Sacrifice for
Security? . . . . . . . . . . . . . . . 24--29
Aleksander Essex Detecting the Detectable: Unintended
Consequences of Cryptographic Election
Verification . . . . . . . . . . . . . . 30--38
Anonymous Call for Papers: Special Issue on AI
Ethics: The Privacy Challenge . . . . . 39
Jeroen van de Graaf Long-Term Threats to Ballot Privacy . . 40--47
Ronald L. Rivest and
Philip B. Stark When Is an Election Verifiable? . . . . 48--50
Anonymous Call for Nominees: Education Awards
Nominations . . . . . . . . . . . . . . 51
Aanjhan Ranganathan and
Srdjan Capkun Are We Really Close? Verifying Proximity
in Wireless Systems . . . . . . . . . . 52--58
Anonymous IEEE Computer Society 2017 Call for
Major Award Nominations . . . . . . . . 59
Jay Aikat and
Aditya Akella and
Jeffrey S. Chase and
Ari Juels and
Michael K. Reiter and
Thomas Ristenpart and
Vyas Sekar and
Michael Swift Rethinking Security in the Era of Cloud
Computing . . . . . . . . . . . . . . . 60--69
Ahmad-Reza Sadeghi and
Shaza Zeitouni ACM CCS 2016 Interviews, Part 2 . . . . 70--76
Anonymous IEEE Computer Society . . . . . . . . . 77
Chetan Gupta The Market's Law of Privacy: Case
Studies in Privacy and Security Adoption 78--83
Sai Teja Peddinti and
Keith W. Ross and
Justin Cappos User Anonymity on Twitter . . . . . . . 84--87
Anonymous myCS . . . . . . . . . . . . . . . . . . 88
Anonymous IEEE Computer Society Harlan D. Mills
Award . . . . . . . . . . . . . . . . . 89
Richard Weiss and
Franklyn Turbak and
Jens Mache and
Michael E. Locasto Cybersecurity Education and Assessment
in EDURange . . . . . . . . . . . . . . 90--95
Steven M. Bellovin Jurisdiction and the Internet . . . . . 96
Anonymous Call for Papers: Special Issue on
Hacking without Humans . . . . . . . . . c2--c2
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Focus on Your Job Search . . . . . . . . c3--c3
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous Table of contents . . . . . . . . . . . 1--2
Anonymous Authorship Integrity and Attacks . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Gary McGraw Silver Bullet Talks with Kelly Lum . . . 7--10
Anonymous Looking for the BEST Tech Job for You?
[advertisement] . . . . . . . . . . . . 11
Johannes Buchmann and
Kristin Lauter and
Michele Mosca Postquantum Cryptography --- State of
the Art . . . . . . . . . . . . . . . . 12--13
John Mulholland and
Michele Mosca and
Johannes Braun The Day the Cryptography Dies . . . . . 14--21
Kristin Lauter Postquantum Opportunities: Lattices,
Homomorphic Encryption, and
Supersingular Isogeny Graphs . . . . . . 22--27
Jintai Ding and
Albrecht Petzoldt Current State of Multivariate
Cryptography . . . . . . . . . . . . . . 28--36
Denis Butin Hash-Based Signatures: State of Play . . 37--43
Nicolas Sendrier Code-Based Cryptography: State of the
Art and Perspectives . . . . . . . . . . 44--50
Lidong Chen Cryptography Standards in Quantum Time:
New Wine in an Old Wineskin? . . . . . . 51--57
Ahmad-Reza Sadeghi and
Shaza Zeitouni ACM CCS 2016 Interview, Part 3 . . . . . 58--61
Bart P. Knijnenburg Privacy? I Can't Even! Making a Case for
User-Tailored Privacy . . . . . . . . . 62--67
Bryan Reinicke and
Jeffrey Cummings and
Howard Kleinberg The Right to Digital Self-Defense . . . 68--71
Alan Sherman and
Melissa Dark and
Agnes Chan and
Rylan Chong and
Thomas Morris and
Linda Oliva and
John Springer and
Bhavani Thuraisingham and
Christopher Vatcher and
Rakesh Verma and
Susanne Wetzel INSuRE: Collaborating Centers of
Academic Excellence Engage Students in
Cybersecurity Research . . . . . . . . . 72--78
Earlence Fernandes and
Amir Rahmati and
Kevin Eykholt and
Atul Prakash Internet of Things Security Research: A
Rehash of Old Ideas or New Intellectual
Challenges? . . . . . . . . . . . . . . 79--84
Archer Batcheller and
Summer Craze Fowler and
Robert Cunningham and
Dinara Doyle and
Trent Jaeger and
Ulf Lindqvist Building on the Success of Building
Security In . . . . . . . . . . . . . . 85--87
Daniel E. Geer Attribution . . . . . . . . . . . . . . 88
Anonymous Call for Papers Special Issue on AI
Ethics: The Privacy Challenge . . . . . c2--c2
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous New membership options for a better fit
[advertisement] . . . . . . . . . . . . c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous AI Industrial Complex: The Challenge of
AI Ethics . . . . . . . . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Gary McGraw Silver Bullet Talks with Ksenia
Dmitrieva-Peguero . . . . . . . . . . . 7--9
Jean-Pierre Hubaux and
Stefan Katzenbeisser and
Bradley Malin Genomic Data Privacy and Security: Where
We Stand and Where We Are Heading . . . 10--12
Anonymous Call for Nominees Education Awards
Nominations . . . . . . . . . . . . . . 13
Sara Renee Savage Characterizing the Risks and Harms of
Linking Genomic Information to
Individuals . . . . . . . . . . . . . . 14--19
Marina Blanton and
Fattaneh Bayatbabolghani Improving the Security and Efficiency of
Private Genomic Computation Using Server
Aid . . . . . . . . . . . . . . . . . . 20--28
Erman Ayday and
Mathias Humbert Inference Attacks against Kin Genomic
Privacy . . . . . . . . . . . . . . . . 29--37
Tatiana Bradley and
Xuhua Ding and
Gene Tsudik Genomic Security (Lest We Forget) . . . 38--46
Adenekan Dedeke Cybersecurity Framework Adoption: Using
Capability Levels for Implementation
Tiers and Profiles . . . . . . . . . . . 47--54
Robert W. Reeder and
Iulia Ion and
Sunny Consolvo 152 Simple Steps to Stay Safe Online:
Security Advice for Non-Tech-Savvy Users 55--64
Alexander Kott and
Jackson Ludwig and
Mona Lange Assessing Mission Impact of
Cyberattacks: Toward a Model-Driven
Paradigm . . . . . . . . . . . . . . . . 65--74
Anonymous Take the CS Library wherever you go! . . 75
Tara Matthews and
Kathleen O'Leary and
Anna Turner and
Manya Sleeper and
Jill Palzkill Woelfer and
Martin Shelton and
Cori Manthorne and
Elizabeth F. Churchill and
Sunny Consolvo Security and Privacy Experiences and
Practices of Survivors of Intimate
Partner Abuse . . . . . . . . . . . . . 76--81
Rolf Oppliger Disillusioning Alice and Bob . . . . . . 82--84
Patrick Traynor and
Kevin Butler and
Jasmine Bowers and
Bradley Reaves FinTechSec: Addressing the Security
Challenges of Digital Financial Services 85--89
David O'Reilly Availability of Required Data to Support
Criminal Investigations Involving
Large-Scale IP Address-Sharing
Technologies . . . . . . . . . . . . . . 90--93
Sean Peisert and
Von Welch The Open Science Cyber Risk Profile: The
Rosetta Stone for Open Science and
Cybersecurity . . . . . . . . . . . . . 94--95
Bruce Schneier IoT Security: What's Plan B? . . . . . . 96
Anonymous Call for Papers Special Issue on
Security and Privacy Research in Brazil c2--c2
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous \booktitleIEEE Security & Privacy . . . . c4--c4
Anonymous New Membership Options for a Better Fit c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Security Advice That Can Be Followed . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Gary McGraw Silver Bullet Talks with Nicole Perlroth 7--9
Wojciech Mazurczyk and
Luca Caviglione and
Steffen Wendzel Recent Advancements in Digital Forensics 10--11
Anonymous The Future of Digital Forensics:
Challenges and the Road Ahead . . . . . 12--17
Anonymous Programmable Logic Controller Forensics 18--24
Anonymous Botnet Fingerprinting: Anomaly Detection
in SMTP Conversations . . . . . . . . . 25--32
Anonymous PROFORMA: Proactive Forensics with
Message Analytics . . . . . . . . . . . 33--41
Anonymous Mobile Forensics: Advances, Challenges,
and Research Opportunities . . . . . . . 42--51
Anonymous An Exploration of the Effects of Sensory
Stimuli on the Completion of Security
Tasks . . . . . . . . . . . . . . . . . 52--60
Anonymous Faster Secure Cloud Computations with a
Trusted Proxy . . . . . . . . . . . . . 61--67
Anonymous Decision and Experienced Utility:
Computational Applications in Privacy
Decision Making . . . . . . . . . . . . 68--72
Anonymous The Last Mile for IoT Privacy . . . . . 73--76
Anonymous Securing Binary Code . . . . . . . . . . 77--81
Anonymous NAND Flash Memory Forensic Analysis and
the Growing Challenge of Bit Errors . . 82--87
Steven M. Bellovin Who Are You? . . . . . . . . . . . . . . 88
Anonymous Call for Papers Special Issue on
Security and Privacy Research in Brazil c2--c2
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous Got flaws? . . . . . . . . . . . . . . . c4--c4
Anonymous #SP18 is back in San Francisco! . . . . c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Reviewer Thanks . . . . . . . . . . . . 3--4
Anonymous Masthead . . . . . . . . . . . . . . . . 5
Gary McGraw Silver Bullet Talks with Wafaa Mamilli 6--9
Terry Benzel and
Sean Peisert Selected Papers from the 2017 IEEE
Symposium on Security and Privacy . . . 10--11
Cormac Herley and
P. C. van Oorschot Science of Security: Combining Theory
and Measurement to Reflect the
Observable . . . . . . . . . . . . . . . 12--22
Anonymous Cross-pollinate your ideas . . . . . . . 23
Paul Pearce and
Roya Ensafi and
Frank Li and
Nick Feamster and
Vern Paxson Toward Continual Measurement of Global
Network-Level Censorship . . . . . . . . 24--33
Mathias Lecuyer and
Riley Spahn and
Roxana Geambasu and
Tzu-Kuo Huang and
Siddhartha Sen Enhancing Selectivity in Big Data . . . 34--42
Anonymous COMPSAC 2018 . . . . . . . . . . . . . . 43
Kiron Lebeck and
Kimberly Ruth and
Tadayoshi Kohno and
Franziska Roesner Arya: Operating System Support for
Securely Augmenting Reality . . . . . . 44--53
Eyal Ronen and
Adi Shamir and
Achi-Or Weingarten and
Colin O'Flynn IoT Goes Nuclear: Creating a Zigbee
Chain Reaction . . . . . . . . . . . . . 54--62
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 63
Primal Wijesekera and
Arjun Baokar and
Lynn Tsai and
Joel Reardon and
Serge Egelman and
David Wagner and
Konstantin Beznosov Dynamically Regulating Mobile
Application Permissions . . . . . . . . 64--71
Feng Hao and
Dylan Clarke and
Brian Randell and
Siamak F. Shahandashti Verifiable Classroom Voting in Practice 72--81
Rick Hofstede and
Aiko Pras and
Anna Sperotto and
Gabi Dreo Rodosek Flow-Based Compromise Detection: Lessons
Learned . . . . . . . . . . . . . . . . 82--89
Anonymous myCS . . . . . . . . . . . . . . . . . . 90
Anonymous Prepare to Connect . . . . . . . . . . . 91
Massimiliano Albanese and
Sushil Jajodia and
Sridhar Venkatesan Defending from Stealthy Botnets Using
Moving Target Defenses . . . . . . . . . 92--97
Siddharth Kaza and
Blair Taylor and
Kyle Sherbert Hello, World! --- Code Responsibly . . . 98--100
Anonymous IEEE Computer Society: Be at the Center
of It All . . . . . . . . . . . . . . . 101
Aisling Connolly Freedom of Encryption . . . . . . . . . 102--103
Daniel E. Geer Trading Places . . . . . . . . . . . . . 104
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Computer Society . . . . . . . . . c3--c3
Anonymous SP18 is back in San Francisco! . . . . . c2--c2
Anonymous Take the CS Library wherever you go! . . c4--c4
Anonymous Table of contents . . . . . . . . . . . 1--2
Anonymous Introduction from the New EIC . . . . . 3--4
Anonymous Masthead . . . . . . . . . . . . . . . . 5
Gary McGraw Silver Bullet Talks with Craig Froelich 6--8
Anonymous IEEE Computer Society . . . . . . . . . 9
Timothy Vidas and
Per Larsen and
Hamed Okhravi and
Ahmad-Reza Sadeghi Changing the Game of Software Security 10--11
Yan Shoshitaishvili and
Antonio Bianchi and
Kevin Borgolte and
Amat Cama and
Jacopo Corbetta and
Francesco Disperati and
Audrey Dutcher and
John Grosen and
Paul Grosen and
Aravind Machiry and
Chris Salls and
Nick Stephens and
Ruoyu Wang and
Giovanni Vigna Mechanical Phish: Resilient Autonomous
Hacking . . . . . . . . . . . . . . . . 12--22
Benjamin Price and
Michael Zhivich and
Michael Thompson and
Chris Eagle House Rules: Designing the Scoring
Algorithm for Cyber Grand Challenge . . 23--31
Timothy Bryant and
Shaun Davenport A Honeybug for Automated Cyber Reasoning
Systems . . . . . . . . . . . . . . . . 32--36
Michael F. Thompson Effects of a Honeypot on the Cyber Grand
Challenge Final Event . . . . . . . . . 37--41
Anh Nguyen-Tuong and
David Melski and
Jack W. Davidson and
Michele Co and
William Hawkins and
Jason D. Hiser and
Derek Morris and
Ducson Nguyen and
Eric Rizzi Xandra: An Autonomous Cyber Battle
System for the Cyber Grand Challenge . . 42--51
Thanassis Avgerinos and
David Brumley and
John Davis and
Ryan Goulden and
Tyler Nighswander and
Alex Rebert and
Ned Williamson The Mayhem Cyber Reasoning System . . . 52--60
Peter Goodman and
Artem Dinaburg The Past, Present, and Future of
Cyberdyne . . . . . . . . . . . . . . . 61--69
Peter Blank and
Sabrina Kirrane and
Sarah Spiekermann Privacy-Aware Restricted Areas for
Unmanned Aerial Systems . . . . . . . . 70--79
Cliff Wang and
Zhuo Lu Cyber Deception: Overview and the Road
Ahead . . . . . . . . . . . . . . . . . 80--85
Pamela Wisniewski The Privacy Paradox of Adolescent Online
Safety: A Matter of Risk Prevention or
Risk Resilience? . . . . . . . . . . . . 86--90
Michael F. Thompson and
Cynthia E. Irvine Individualizing Cybersecurity Lab
Exercises with Labtainers . . . . . . . 91--95
Bruce Schneier Artificial Intelligence and the
Attack/Defense Balance . . . . . . . . . 96
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous Seymour Cray, Sidney Fernbach & Ken
Kennedy Awards . . . . . . . . . . . . . c2--c2
Anonymous Share the gift of knowledge: give your
favorite student a membership to the
IEEE Computer Society! . . . . . . . . . c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous How Many Is Too Many Candidates? . . . . 3--5
John D. McLean and
Cormac Herley and
P. C. Van Oorschot Letter to the Editor . . . . . . . . . . 6--10
Anonymous Masthead . . . . . . . . . . . . . . . . 11
Gary McGraw Silver Bullet Talks with Bruce Potter 12--14
Omer Tene and
Jules Polonetsky and
Ahmad-Reza Sadeghi Five Freedoms for the Homo Deus . . . . 15--17
Robert H. Sloan and
Richard Warner When Is an Algorithm Transparent?
Predictive Analytics, Privacy, and
Public Policy . . . . . . . . . . . . . 18--25
Bernd Carsten Stahl and
David Wright Ethics and Privacy in AI and Big Data:
Implementing Responsible Research and
Innovation . . . . . . . . . . . . . . . 26--33
Micah Altman and
Alexandra Wood and
Effy Vayena A Harm-Reduction Framework for
Algorithmic Fairness . . . . . . . . . . 34--45
Lilian Edwards and
Michael Veale Enslaving the Algorithm: From a ``Right
to an Explanation'' to a ``Right to
Better Decisions''? . . . . . . . . . . 46--54
Anonymous IEEE Computer Society . . . . . . . . . 55
Dawn E. Schrader and
Dipayan Ghosh Proactively Protecting Against the
Singularity: Ethical Decision Making in
AI . . . . . . . . . . . . . . . . . . . 56--63
Meg Leta Jones and
Ellen Kaufman and
Elizabeth Edenberg AI and the Ethics of Automating Consent 64--72
Reuben Binns What Can Political Philosophy Teach Us
about Algorithmic Fairness? . . . . . . 73--80
Jian Liu and
Wenting Li and
Ghassan O. Karame and
N. Asokan Toward Fairness of Cryptocurrency
Payments . . . . . . . . . . . . . . . . 81--89
Michael Franz Making Multivariant Programming
Practical and Inexpensive . . . . . . . 90--94
Anonymous Computing in Science & Engineering . . . 95
Awais Rashid and
George Danezis and
Howard Chivers and
Emil Lupu and
Andrew Martin and
Makayla Lewis and
Claudia Peersman Scoping the Cyber Security Body of
Knowledge . . . . . . . . . . . . . . . 96--102
Amin Kharraz and
William Robertson and
Engin Kirda Protecting against Ransomware: A New
Line of Research or Restating Classic
Ideas? . . . . . . . . . . . . . . . . . 103--107
Steven M. Bellovin Toward a National Cybersecurity Policy 108
Anonymous Connect on Interface . . . . . . . . . . c2--c2
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy . . . . . . . . . c4--c4
Anonymous One membership. Unlimited knowledge . . c3--c3
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Encouraging Diversity in Security and
Privacy Research . . . . . . . . . . . . 3--5
Anonymous Masthead . . . . . . . . . . . . . . . . 6
Gary McGraw Silver Bullet Talks with Nick Weaver . . 7--10
Ghassan Karame and
Srdjan Capkun Blockchain Security and Privacy . . . . 11--12
Sarah Meiklejohn Top Ten Obstacles along Distributed
Ledgers Path to Adoption . . . . . . . . 13--19
Paul Dunphy and
Fabien A. P. Petitcolas A First Look at Identity Management
Schemes on the Blockchain . . . . . . . 20--29
Lin Chen and
Lei Xu and
Zhimin Gao and
Yang Lu and
Weidong Shi Tyranny of the Majority: On the
(Im)possibility of Correctness of Smart
Contracts . . . . . . . . . . . . . . . 30--37
Ryan Henry and
Amir Herzberg and
Aniket Kate Blockchain Access Privacy: Challenges
and Directions . . . . . . . . . . . . . 38--45
Ilias Giechaskiel and
Cas Cremers and
Kasper B. Rasmussen When the Crypto in Cryptocurrencies
Breaks: Bitcoin Security under Broken
Primitives . . . . . . . . . . . . . . . 46--56
Rachid El Bansarkhani and
Matthias Geihs and
Johannes Buchmann PQChain: Strategic Design Decisions for
Distributed Ledger Technologies against
Future Threats . . . . . . . . . . . . . 57--65
Raffaello Perrotta and
Feng Hao Botnet in the Browser: Understanding
Threats Caused by Malicious Browser
Extensions . . . . . . . . . . . . . . . 66--81
Yang Wang Inclusive Security and Privacy . . . . . 82--87
Irfan Ahmed and
Vassil Roussev Peer Instruction Teaching Methodology
for Cybersecurity Education . . . . . . 88--91
Giannis Tziakouris Cryptocurrencies --- A Forensic
Challenge or Opportunity for Law
Enforcement? An INTERPOL Perspective . . 92--94
Anonymous IEEE Computer Society Information . . . 95
Daniel E. Geer You Are What You Eat . . . . . . . . . . 96
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous IEEE Security & Privacy . . . . . . . . . c2--c2
Anonymous Stay Connected . . . . . . . . . . . . . c4--c4
Anonymous Share The Gift Of Knowledge: Give Your
Favorite Student a Membership to the
IEEE Computer Society! . . . . . . . . . c3--c3
Anonymous Front Cover . . . . . . . . . . . . . . c1--c1
Anonymous \booktitleIEEE Security & Privacy Special
Issue Call for Papers . . . . . . . . . c2--c2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Internet of Things Security: Is Anything
New? . . . . . . . . . . . . . . . . . . 3--5
Anonymous [Masthead] . . . . . . . . . . . . . . . 6--6
G. McGraw Silver Bullet Talks with Tanya Janca . . 7--11
J. Buchmann and
K. Lauter and
M. Mosca Postquantum Cryptography, Part 2 . . . . 12--13
S. P. Jordan and
Y. Liu Quantum Cryptanalysis: Shor, Grover, and
Beyond . . . . . . . . . . . . . . . . . 14--21
M. Roetteler and
K. M. Svore Quantum Computing: Codebreaking and
Beyond . . . . . . . . . . . . . . . . . 22--36
Anonymous IEEE Computer Society . . . . . . . . . 37--37
M. Mosca Cybersecurity in an Era with Quantum
Computers: Will We Be Ready? . . . . . . 38--41
M. Sasaki Quantum Key Distribution and Its
Applications . . . . . . . . . . . . . . 42--48
Q. Gu and
D. Formby and
S. Ji and
H. Cam and
R. Beyah Fingerprinting for Cyber-Physical System
Security: Device Physics Matters Too . . 49--59
D. Kreutz and
J. Yu and
P. Esteves-Veríssimo and
C. Magalhães and
F. M. V. Ramos The KISS Principle in Software-Defined
Networking: A Framework for Secure
Communications . . . . . . . . . . . . . 60--70
Anonymous Impact a broader audience . . . . . . . 71--71
S. Winkler and
S. Zeadally and
K. Evans Privacy and Civilian Drone Use: The Need
for Further Regulation . . . . . . . . . 72--80
Anonymous \booktitleIEEE Transactions on Big Data 81--81
E. Stobert and
E. Cavar and
L. Malisa and
D. Sommer Teaching Authentication as a Life Skill 82--85
B. Schneier Cryptography after the Aliens Land . . . 86--88
Anonymous IEEE Letters of the Computer Society . . c3--c3
Anonymous \booktitleIEEE Security & Privacy . . . . c4--c4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Staff List . . . . . . . . . . . . . . . 3--3
G. McGraw Silver Bullet Talks With Kathleen Fisher
[Interview] . . . . . . . . . . . . . . 4--9
D. Seabra Oliveira and
J. Epstein and
J. Kurose and
A. Rocha Cybersecurity and Privacy Issues in
Brazil: Back, Now, and Then [Guest
Editors' Introduction] . . . . . . . . . 10--12
M. Barcellos and
D. F. Aranha Research in Security and Privacy in
Brazil . . . . . . . . . . . . . . . . . 14--21
D. F. Aranha and
J. van de Graaf The Good, the Bad, and the Ugly: Two
Decades of E-Voting in Brazil . . . . . 22--30
F. Ceschin and
F. Pinage and
M. Castilho and
D. Menotti and
L. S. Oliveira and
A. Gregio The Need for Speed: An Analysis of
Brazilian Malware Classifiers . . . . . 31--41
P. Matias and
P. Barbosa and
T. N. C. Cardoso and
D. M. Campos and
D. F. Aranha NIZKCTF: A Noninteractive Zero-Knowledge
Capture-the-Flag Platform . . . . . . . 42--51
P. Silva and
T. Basso and
N. Antunes and
R. Moraes and
M. Vieira and
P. Simoes and
E. Montiero A Europe--Brazil Context for Secure Data
Analytics in the Cloud . . . . . . . . . 52--60
J. A. Kroll Data Science Data Governance [AI Ethics] 61--70
X. Sun and
P. Liu and
A. Singhal Toward Cyberresiliency in the Context of
Cloud Computing [Resilient Security] . . 71--75
Anonymous IEEE Computer Society information . . . 77--77
S. M. Bellovin Unnoticed Consent [Last Word] . . . . . 80--79
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous 4th IEEE European Symposium on Security
and Privacy . . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
P. A. Schneck Cybersecurity Compliance Is Necessary
but Not Sufficient: Bad Guys Don't
Follow Laws . . . . . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 6--6
W. Mazurczyk and
L. Caviglione and
S. Wendzel Recent Advancements in Digital
Forensics, Part 2 . . . . . . . . . . . 7--8
Anonymous \booktitleIEEE Transactions on Big Data 8--8
Anonymous IEEE Computer Society Information . . . 9--9
H. Tian and
Y. Chen and
H. Jiang and
Y. Huang and
F. Nan and
Y. Chen Public Auditing for Trusted Cloud
Storage Services . . . . . . . . . . . . 10--22
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 22--22
A. Axenopoulos and
V. Eiselein and
A. Penta and
E. Koblents and
E. La Mattina and
P. Daras A Framework for Large-Scale Analysis of
Video ``in the Wild'' to Assist Digital
Forensic Examination . . . . . . . . . . 23--33
Anonymous \booktitleIEEE Security & Privacy
Subscribe . . . . . . . . . . . . . . . 33--33
J. Ricci and
I. Baggili and
F. Breitinger Blockchain-Based Distributed Cloud
Storage Digital Forensics: Where's the
Beef? . . . . . . . . . . . . . . . . . 34--42
R. Carvalho and
M. Goldsmith and
S. Creese Investigating Malware Campaigns With
Semantic Technologies . . . . . . . . . 43--54
Anonymous \booktitleIEEE CG&A Subscribe . . . . . . 54--54
S. Al-Haj Baddar and
A. Merlo and
M. Migliardi Behavioral-Anomaly Detection in
Forensics Analysis . . . . . . . . . . . 55--62
D. Maiorca and
B. Biggio Digital Investigation of PDF Files:
Unveiling Traces of Embedded Malware . . 63--71
Anonymous \booktitleIT Professional Call for
Articles . . . . . . . . . . . . . . . . 71--71
A. T. Sherman and
F. Javani and
H. Zhang and
E. Golaszewski On the Origins and Variations of
Blockchain Technologies . . . . . . . . 72--77
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 77--77
Matthias Payer The Fuzzing Hype-Train: How Random
Testing Triggers Thousands of Crashes 78--82
Bruce Schneier Cybersecurity for the Public Interest 84--83
Anonymous B. Ramkrishna Rau Award . . . . . . . . C3--C3
Anonymous IEEE Computer Society Jobs Boards . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous 4th IEEE European Symposium on Security
Privacy . . . . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
S. Peisert Some Experiences in Developing Security
Technology That Actually Get Used . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 7--7
D. M. Kyriazanos and
K. G. Thanos and
S. C. A. Thomopoulos Automated Decision Making in Airport
Checkpoints: Bias Detection Toward
Smarter Security and Fairness . . . . . 8--16
Anonymous 40th Symposium on IEEE Security Privacy 16--16
M. Abrams and
J. Abrams and
P. Cullen and
L. Goldstein Artificial Intelligence, Ethics, and
Enhanced Data Stewardship . . . . . . . 17--30
B. Darvish Rouani and
M. Samragh and
T. Javidi and
F. Koushanfar Safe Machine Learning and Defeating
Adversarial Attacks . . . . . . . . . . 31--38
M. S. Jalali and
J. P. Kaiser and
M. Siegel and
S. Madnick The Internet of Things Promises New
Benefits and Risks: A Systematic
Analysis of Adoption Dynamics of IoT
Products . . . . . . . . . . . . . . . . 39--48
M. Al-Rubaie and
J. M. Chang Privacy-Preserving Machine Learning:
Threats and Solutions . . . . . . . . . 49--58
Anonymous \booktitleIEEE & Security Privacy
Subscribe . . . . . . . . . . . . . . . 58--58
G. Horsman A Call for the Prohibition of
Encryption: Panacea or Problem? . . . . 59--66
Y. Zou and
F. Schaub Beyond Mandatory: Making Data Breach
Notifications Useful for Consumers . . . 67--72
Anonymous \booktitleIEEE Transactions on Big Data 72--72
V. Nestler and
T. Coulson and
J. D. Ashley III The NICE Challenge Project: Providing
Workforce Experience Before the
Workforce . . . . . . . . . . . . . . . 73--78
D. E. Geer, Jr. Unknowable Unknowns . . . . . . . . . . 80--79
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 79--79
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Jobs Boards . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE World Congress on Services 2019 . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
P. C. van Oorschot Software Security and Systematizing
Knowledge . . . . . . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 6--6
Anonymous Social Networking . . . . . . . . . . . 7--7
S. Barth and
P. Hartel and
M. Junger and
L. Montoya Teaching Empirical Social-Science
Research to Cybersecurity Students: The
Case of ``Thinking Like a Thief'' . . . 8--16
K. C. Toth and
A. Anderson-Priddy Self-Sovereign Digital Identity: A
Paradigm Shift for Identity . . . . . . 17--27
D. van der Linden and
A. Zamansky and
I. Hadar and
B. Craggs and
A. Rashid Buddy's Wearable Is Not Your Buddy:
Privacy Implications of Pet Wearables 28--39
J. Siegel and
S. Sarma A Cognitive Protection System for the
Internet of Things . . . . . . . . . . . 40--48
J. E. Siegel and
S. Sarma Using Open Channels to Trigger the
Invited, Unintended Consequences of the
Internet of Things . . . . . . . . . . . 49--55
A. Singla and
E. Bertino How Deep Learning Is Making Information
Security More Intelligent . . . . . . . 56--65
S. N. Matheu and
J. L. Hernandez-Ramos and
A. F. Skarmeta Toward a Cybersecurity Certification
Framework for the Internet of Things . . 66--76
A. M. Phillips Buying Your Genetic Self Online:
Pitfalls and Potential Reforms in DNA
Testing . . . . . . . . . . . . . . . . 77--81
A. T. Sherman and
P. A. H. Peterson and
E. Golaszewski and
E. LaFemina and
E. Goldschen and
M. Khan and
L. Mundy and
M. Rather and
B. Solis and
W. Tete and
E. Valdez and
B. Weber and
D. Doyle and
C. O'Brien and
L. Oliva and
J. Roundy and
J. Suess Project-Based Learning Inspires
Cybersecurity Students: A
Scholarship-for-Service Research Study 82--88
Anonymous Subscribe to \booktitleSecurity & Privacy
Magazine . . . . . . . . . . . . . . . . 88--88
Anonymous Letters of the Computer Society . . . . 89--89
R. Herardian The Soft Underbelly of Cloud Security 90--93
Anonymous \booktitleSecurity & Privacy Magazine . . 94--94
S. M. Bellovin Layered Insecurity . . . . . . . . . . . 96--95
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 95--95
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Jobs Board . . . . . . . . . . . . C4--C4
Anonymous [Front cover] . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
J. Epstein A Horse's Rump and Cybersecurity . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 6--6
W. Enck and
T. Benzel Selected Papers From the 2018 USENIX
Security Symposium . . . . . . . . . . . 7--8
Anonymous IEEE Computer Society Social Networking 9--9
N. Scaife and
C. Peeters and
P. G. Traynor More Cowbell: Lessons Learned in
Developing the Skim Reaper . . . . . . . 10--17
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 17--17
D. Kumar and
R. Paccagnella and
P. Murley and
E. Hennenfent and
J. Mason and
A. Bates and
M. Bailey Emerging Threats in Internet of Things
Voice Services . . . . . . . . . . . . . 18--24
G. Franken and
T. Van Goethem and
W. Joosen Exposing Cookie Policy Flaws Through an
Extensive Evaluation of Browsers and
Their Extensions . . . . . . . . . . . . 25--34
R. Stevens and
D. Votipka and
E. M. Redmiles and
C. Ahern and
M. L. Mazurek Applied Digital Threat Modeling: It
Works . . . . . . . . . . . . . . . . . 35--42
M. Schneider and
S. Matetic and
A. Juels and
A. Miller and
S. Capkun Secure Brokered Delegation Through
DelegaTEE . . . . . . . . . . . . . . . 43--52
Anonymous \booktitleIEEE Security & Privacy
Magazine Subscribe . . . . . . . . . . . 52--52
L. Breidenbach and
P. Daian and
F. Tramer and
A. Juels The Hydra Framework for Principled,
Automated Bug Bounties . . . . . . . . . 53--61
C. Culnane and
A. Essex and
S. J. Lewis and
O. Pereira and
V. Teague Knights and Knaves Run Elections:
Internet Voting and Undetectable
Electoral Fraud . . . . . . . . . . . . 62--70
Anonymous \booktitleIEEE Transactions on Big Data 70--70
N. Sambasivan and
N. Ahmed and
A. Batool and
E. Bursztein and
E. Churchill and
L. Sanely Gaytan-Lugo and
T. Matthews and
D. Nemar and
K. Thomas and
S. Consolvo Toward Gender-Equitable Privacy and
Security in South Asia . . . . . . . . . 71--77
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 77--77
E. Beguin and
S. Besnard and
A. Cros and
B. Joannes and
O. Leclerc-Istria and
A. Noel and
N. Roels and
F. Taleb and
J. Thongphan and
E. Alata and
V. Nicomette Computer-Security-Oriented Escape Room 78--83
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 83--83
P. Gladyshev Cybercrime as a Consequence of
Unreasonable Expectations . . . . . . . 84--87
Anonymous \booktitleIEEE Computer Graphics
Applications Magazine . . . . . . . . . 87--87
A. Bates and
W. U. Hassan Can Data Provenance Put an End to the
Data Breach? . . . . . . . . . . . . . . 88--93
Anonymous \booktitleIEEE IT Professionals Call for
Articles . . . . . . . . . . . . . . . . 93--93
N. Kobeissi Selfie's Reflections on Formal
Verification for Transport Layer
Security 1.3: Largely Opaque . . . . . . 94--96
Anonymous \booktitleIEEE Internet Computing
Magazine . . . . . . . . . . . . . . . . 97--97
Anonymous IEEE Letters of the Computer Society . . 98--98
Anonymous \booktitleIEEE Intelligent Systems
Magazine . . . . . . . . . . . . . . . . 99--99
Anonymous \booktitleIEEE Multimedia Magazine . . . 99--99
D. E. Geer Ownership . . . . . . . . . . . . . . . 100--99
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Jobs Boards . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Jobs Board . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
L. Williams Science Leaves Clues . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 6--6
P. C. van Oorschot and
S. W. Smith The Internet of Things: Security
Challenges . . . . . . . . . . . . . . . 7--9
Anonymous 2019 IEEE Computer Society Election . . 9--9
J. Valente and
M. A. Wynn and
A. A. Cardenas Stealing, Spying, and Abusing:
Consequences of Attacks on Internet of
Things Devices . . . . . . . . . . . . . 10--21
Anonymous \booktitleIEEE IT Professionals Call for
Papers . . . . . . . . . . . . . . . . . 21--21
M. Balliu and
I. Bastys and
A. Sabelfeld Securing IoT Apps . . . . . . . . . . . 22--29
Z. B. Celik and
P. McDaniel and
G. Tan and
L. Babun and
A. S. Uluagac Verifying Internet of Things Safety and
Security in Physical Spaces . . . . . . 30--37
Anonymous \booktitleIEEE Pervasive Computing Call
for Papers . . . . . . . . . . . . . . . 37--37
G. Hernandez and
F. Fowze and
D. J. Tang and
T. Yavuz and
P. Traynor and
K. R. B. Butler Toward Automated Firmware Analysis in
the IoT Era . . . . . . . . . . . . . . 38--46
Anonymous \booktitleIEEE Security & Privacy
Subscribe . . . . . . . . . . . . . . . 46--46
H. Tschofenig and
E. Baccelli Cyberphysical Security for the Masses: A
Survey of the Internet Protocol Suite
for Internet of Things Security . . . . 47--57
Anonymous \booktitleIEEE Transactions on Big Data 57--57
R. S. Leon and
M. Kiperberg and
A. A. Leon Zabag and
A. Resh and
A. Algawi and
N. J. Zaidenberg Hypervisor-Based White Listing of
Executables . . . . . . . . . . . . . . 58--67
M. Jakobsson The Rising Threat of Launchpad Attacks 68--72
Anonymous IEEE DataPort . . . . . . . . . . . . . 73--73
S. Raaijmakers Artificial Intelligence for Law
Enforcement: Challenges and
Opportunities . . . . . . . . . . . . . 74--77
I. Linkov and
F. Baiardi and
M. Florin and
S. Greer and
J. H. Lambert and
M. Pollock and
J. Rickli and
L. Roslycky and
T. Seager and
H. Thorisson and
B. D. Trump Applying Resilience to Hybrid Threats 78--83
Anonymous \booktitleIEEE Software Magazine Call
For Articles . . . . . . . . . . . . . . 83--83
L. Arbuckle and
F. Ritchie The Five Safes of Risk-Based
Anonymization . . . . . . . . . . . . . 84--89
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 89--89
F. Massacci Is ``Deny Access'' a Valid ``Fail-Safe
Default'' Principle for Building
Security in Cyberphysical Systems? . . . 90--93
Anonymous IEEE Computer Society Social Networking 94--94
Anonymous 2019 IEEE Computer Society Election . . 95--95
E. Bertino It Takes a Village to Secure Cellular
Networks . . . . . . . . . . . . . . . . 96--95
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous [Front cover] . . . . . . . . . . . . . C1--C1
Anonymous \booktitleComputing Edge Magazine . . . C2--C2
Anonymous Table of contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
J. B. Michael Trustworthiness of Autonomous Machines
in Armed Conflict . . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous \booktitleTransactions on Big Data . . . 6--6
O. Tene and
K. Evans and
B. Gencarelli and
G. Maldoff and
G. Zanfir-Fortuna GDPR at Year One: Enter the Designers
and Engineers . . . . . . . . . . . . . 7--9
N. Momen and
M. Hatamian and
L. Fritsch Did App Privacy Improve After the GDPR? 10--20
J. Singh and
J. Cobbe The Security Implications of Data
Subject Rights . . . . . . . . . . . . . 21--30
Anonymous \booktitleTransactions on Sustainable
Computing . . . . . . . . . . . . . . . 30--30
R. Petrlic The General Data Protection Regulation:
From a Data Protection Authority's
(Technical) Perspective . . . . . . . . 31--36
Anonymous \booktitleIEEE Computer Graphics and
Applications Magazine . . . . . . . . . 36--36
C. Bartolini and
G. Lenzini and
L. Robaldo The DAta Protection REgulation
COmpliance Model . . . . . . . . . . . . 37--45
B. Yener and
T. Gal Cybersecurity in the Era of Data
Science: Examining New Adversarial
Models . . . . . . . . . . . . . . . . . 46--53
M. S. Riazi and
B. Darvish Rouani and
F. Koushanfar Deep Learning on Private Data . . . . . 54--63
D. Boneh and
A. J. Grotto and
P. McDaniel and
N. Papernot How Relevant Is the Turing Test in the
Age of Sophisbots? . . . . . . . . . . . 64--71
S. Ruoti and
K. Seamons Johnny's Journey Toward Usable Secure
Email . . . . . . . . . . . . . . . . . 72--76
A. T. Sherman and
L. Oliva and
E. Golaszewski and
D. Phatak and
T. Scheponik and
G. L. Herman and
D. S. Choi and
S. E. Offenberger and
P. Peterson and
J. Dykstra and
G. V. Bard and
A. Chattopadhyay and
F. Sharevski and
R. Verma and
R. Vrecenar The CATS Hackathon: Creating and
Refining Test Items for Cybersecurity
Concept Inventories . . . . . . . . . . 77--83
A. Fasano and
T. Leek and
B. Dolan-Gavitt and
J. Bundt The Rode0day to Less-Buggy Programs . . 84--88
D. E. Geer and
D. Peterson Failure as Design . . . . . . . . . . . 90--89
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Jobs Board . . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Compsac 2020 . . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
D. M. Nicol The Value of Useless Academic Research
to the Cyberdefense of Critical
Infrastructures . . . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 6--6
Anonymous \booktitleIEEE Transactions on Computers 7--7
K. Charlet and
H. King The Future of Cybersecurity Policy . . . 8--10
Anonymous Computer Society Technology Predictions 10--10
Anonymous \booktitleComputing Edge Magazine . . . 11--11
A. Grotto Deconstructing Cyber Attribution: A
Proposed Framework and Lexicon . . . . . 12--20
D. W. Woods and
T. Moore Does Insurance Have a Future in
Governing Cybersecurity? . . . . . . . . 21--27
J. L. Hernandez-Ramos and
D. Geneiatakis and
I. Kounelis and
G. Steri and
I. Nai Fovino Toward a Data-Driven Society: A
Technological Perspective on the
Development of Cybersecurity and
Data-Protection Policies . . . . . . . . 28--38
M. Klipstein and
A. Minter and
J. Pittman Understanding the Information
Environment to Win the Next Conflict
Without Firing a Shot . . . . . . . . . 39--45
P. Sterlini and
F. Massacci and
N. Kadenko and
T. Fiebig and
M. van Eeten Governance Challenges for European
Cybersecurity Policies: Stakeholder
Views . . . . . . . . . . . . . . . . . 46--54
B. M. Horowitz Cyberattack-Resilient Cyberphysical
Systems . . . . . . . . . . . . . . . . 55--60
W. Stallings Handling of Personal Information and
Deidentified, Aggregated, and
Pseudonymized Information Under the
California Consumer Privacy Act . . . . 61--64
J. P. Howard and
M. E. Vachino Blockchain Compliance With Federal
Cryptographic Information-Processing
Standards . . . . . . . . . . . . . . . 65--70
B. Schneier Technologists vs. Policy Makers . . . . 72--71
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Jobs Board . . . . . . . . . . . . C4--C4
D. Carlin and
J. Burgess and
P. O'Kane and
S. Sezer You Could Be Mine(d): The Rise of
Cryptojacking . . . . . . . . . . . . . 16--22
B. Nour and
K. Sharif and
F. Li and
Y. Wang Security and Privacy Challenges in
Information-Centric Wireless Internet of
Things Networks . . . . . . . . . . . . 35--45
L. Allodi and
T. Chotza and
E. Panina and
N. Zannone The Need for New Antiphishing Measures
Against Spear-Phishing Attacks . . . . . 23--34
F. Farahmand Quantitative Issues in Cyberinsurance:
Lessons From Behavioral Economics,
Counterfactuals, and Causal Inference 8--15
Anonymous Errata . . . . . . . . . . . . . . . . . 55--55
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Anonymous IEEE Computer Society Information . . . C3--C3
T. R. Souvignet and
T. Heckmann and
T. Bolle From Lucky Luke to Lock Bits . . . . . . 61--66
Anonymous Reliability Society . . . . . . . . . . 6--6
Anonymous Table of Contents . . . . . . . . . . . 1--2
M. Jakobsson Permissions and Privacy . . . . . . . . 46--55
P. C. van Oorschot Untangling Security and Privacy . . . . 4--6
P. Jauernig and
A. Sadeghi and
E. Stapf Trusted Execution Environments:
Properties, Applications, and Challenges 56--60
S. M. Bellovin Policies on Privacy . . . . . . . . . . 76--76
D. Pencheva and
J. Hallett and
A. Rashid Bringing Cyber to School: Integrating
Cybersecurity Into Secondary School
Education . . . . . . . . . . . . . . . 68--74
S. Calzavara and
M. Conti and
R. Focardi and
A. Rabitti and
G. Tolomei Machine Learning for Web Vulnerability
Detection: The Case of Cross-Site
Request Forgery . . . . . . . . . . . . 8--16
G. Chen and
S. Chen and
Y. Xiao and
Y. Zhang and
Z. Lin and
T. Lai SgxPectre: Stealing Intel Secrets From
SGX Enclaves via Speculative Execution 28--37
E. van der Kouwe and
G. Heiser and
D. Andriesse and
H. Bos and
C. Giuffrida Benchmarking Flaws Undermine Security
Research . . . . . . . . . . . . . . . . 48--57
Y. Tian and
C. Herley and
S. Schechter StopGuessing: Using Guessed Passwords to
Thwart Online Password Guessing . . . . 38--47
F. Zhang and
W. He and
R. Cheng and
J. Kos and
N. Hynes and
N. Johnson and
A. Juels and
A. Miller and
D. Song The Ekiden Platform for
Confidentiality-Preserving, Trustworthy,
and Performant Smart Contracts . . . . . 17--27
D. M. Nicol In the Petri Dish: Cybersecurity Pushed
to the Edge . . . . . . . . . . . . . . 4--5
K. M. Berger Addressing Cyber Threats in Biology . . 58--61
Anonymous Errata . . . . . . . . . . . . . . . . . 61--61
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
E. Bertino The Quest for Data Transparency . . . . 67--68
Anonymous Table of Contents . . . . . . . . . . . 1--2
T. Benzel and
F. Stajano IEEE Euro S&P: The Younger Sibling Across
the Pond Following in Oakland's
Footsteps . . . . . . . . . . . . . . . 6--7
A. Kott and
P. Theron Doers, Not Watchers: Intelligent
Autonomous Agents Are a Path to Cyber
Resilience . . . . . . . . . . . . . . . 62--66
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Member Benefits C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
S. Peisert Isolating Insecurely: A Call to Arms for
the Security and Privacy Community
During the Time of COVID-19 . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
H. Okhravi and
N. Burow and
R. Skowyra and
B. C. Ward and
S. Jero and
R. Kazan and
H. Shrobe One Giant Leap for Computer Security . . 8--19
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 19--19
M. Dietz and
G. Pernul Unleashing the Digital Twin's Potential
for ICS Security . . . . . . . . . . . . 20--27
J. Camp and
R. Henry and
T. Kohno and
S. Mare and
S. Myers and
S. Patel and
J. Streiff Toward a Secure Internet of Things:
Directions for Research . . . . . . . . 28--37
Anonymous \booktitleIEEE Computer Graphics &
Applications . . . . . . . . . . . . . . 37--37
B. Momenzadeh and
H. Dougherty and
M. Remmel and
S. Myers and
L. J. Camp Best Practices Would Make Things Better
in the IoT . . . . . . . . . . . . . . . 38--47
I. A. Tondel and
M. Gilje Jaatun and
D. Soares Cruzes IT Security Is From Mars, Software
Security Is From Venus . . . . . . . . . 48--54
Anonymous AI's 10 to Watch Call for Nominations 55--55
K. El Emam Seven Ways to Evaluate the Utility of
Synthetic Data . . . . . . . . . . . . . 56--59
D. Shoemaker and
N. R. Mead and
A. Kohnke Teaching Secure Acquisition in Higher
Education . . . . . . . . . . . . . . . 60--66
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 66--66
E. Osterweil A Cybersecurity Terminarch: Use It
Before We Lose It . . . . . . . . . . . 67--70
Anonymous \booktitleIEEE Security & Privacy
[Advertisement] . . . . . . . . . . . . 70--70
Anonymous HOST 2020: 6--9 Dec. 2020, San Jose, CA 71--71
H. Mack and
T. Schroer Security Midlife Crisis: Building
Security in a New World . . . . . . . . 72--74
D. E. Geer Security Theater, the Beat Goes On . . . 75--76
Anonymous Submit today: \booktitleIEEE
Transactions on Big Data . . . . . . . . 75--75
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Table of Contents . . . . . . . . . . . C2--1
Anonymous Masthead . . . . . . . . . . . . . . . . 2--2
P. C. van Oorschot Blockchains and Stealth Tactics for
Teaching Security . . . . . . . . . . . 3--5
Anonymous Reliability Society . . . . . . . . . . 4--4
M. Mannan and
N. Asokan Confronting the Limitations of
Hardware-Assisted Security . . . . . . . 6--7
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 7--7
L. Zhao and
D. Lie Is Hardware More Secure Than Software? 8--17
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 17--17
M. Schwarz and
D. Gruss How Trusted Execution Environments Fuel
Research on Microarchitectural Attacks 18--27
K. Murdock and
D. Oswald and
F. D. Garcia and
J. Van Bulck and
F. Piessens and
D. Gruss Plundervolt: How a Little Bit of
Undervolting Can Create a Lot of Trouble 28--37
Anonymous \booktitleIEEE Computer Graphics &
Applications . . . . . . . . . . . . . . 37--37
K. Kostiainen and
A. Dhar and
S. Capkun Dedicated Security Chips in the Age of
Secure Enclaves . . . . . . . . . . . . 38--46
Anonymous IEEE Computer Society Call for Papers 46--46
D. Kohlbrenner and
S. Shinde and
D. Lee and
K. Asanovic and
D. Song Building Open Trusted Execution
Environments . . . . . . . . . . . . . . 47--56
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 56--56
G. Dessouky and
T. Frassetto and
P. Jauernig and
A.-R. Sadeghi and
E. Stapf With Great Complexity Comes Great
Vulnerability: From Stand-Alone Fixes to
Reconfigurable Security . . . . . . . . 57--66
R. Borum and
R. Sanders Preparing America's Cyber Intelligence
Workforce . . . . . . . . . . . . . . . 67--73
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 73--73
K. G. Crowther and
B. Rust Built-In Cybersecurity: Insights Into
Product Security for Cyberphysical
Systems at a Large Company . . . . . . . 74--79
B. Schneier Hacking the Tax Code . . . . . . . . . . 79--80
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous \booktitleIEEE Computing Edge Magazine C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Open Access journal of
the Computer Society . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
P. A. Schneck Cybersecurity During COVID-19 . . . . . 4--5
Anonymous Reliability Society . . . . . . . . . . 5--5
F. Hao and
S. Wang and
S. Bag and
R. Procter and
S. F. Shahandashti and
M. Mehrnezhad and
E. Toreini and
R. Metere and
L. Y. J. Liu End-to-End Verifiable E-Voting Trial for
Polling Station Voting . . . . . . . . . 6--13
C. M. Ahmed and
J. Zhou Challenges and Opportunities in
Cyberphysical Systems Security: a
Physics-Based Perspective . . . . . . . 14--22
Anonymous IEEE Computer Society Call for Papers 22--22
R. Padilha and
C. Mazini Rodrigues and
F. A. Andalo and
G. Bertocco and
Z. Dias and
A. Rocha Forensic Event Analysis: From Seemingly
Unrelated Data to Understanding . . . . 23--32
R. Maxion Reproducibility: Buy Low, Sell High . . 33--41
Q.-H. Wang and
S. M. Miller and
R. H. Deng Driving Cybersecurity Policy Insights
From Information on the Internet . . . . 42--50
R. Stevens and
J. Dykstra and
W. Knox Everette and
M. L. Mazurek It Lurks Within: a Look at the
Unexpected Security Implications of
Compliance Programs . . . . . . . . . . 51--58
J. M. Rodriguez and
B. J. Allison and
C. W. Apsey and
T. M. Boudreau Courseware as Code: Instituting Agile
Courseware Collaboration . . . . . . . . 59--62
S. M. Bellovin Security, Privacy, and Scale . . . . . . 63--64
Anonymous \booktitleIEEE IT Professional Call For
Articles . . . . . . . . . . . . . . . . 63--63
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
S. Peisert Reflections on the Past, Perspectives on
the Future [From the Editors] . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 7--7
S. Mohammed and
T.-H. Kim and
W. C. Fang Requirements for Security, Privacy, and
Trust in the Internet of Things [Guest
Editors' Introduction] . . . . . . . . . 8--10
D. M. Nicol Message from IEEE S&P's Outgoing Editor
in Chief . . . . . . . . . . . . . . . . 10--10
Anonymous Special Issue on Security and Privacy
Issues of Home Globalization . . . . . . 11--11
J. L. Hernandez-Ramos and
J. A. Martinez and
V. Savarino and
M. Angelini and
V. Napolitano and
A. F. Skarmeta and
G. Baldini Security and Privacy in Internet of
Things-Enabled Smart Cities: Challenges
and Future Directions . . . . . . . . . 12--23
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 23--23
B. Vaidya and
H. T. Mouftah Security for Shared Electric and
Automated Mobility Services in Smart
Cities . . . . . . . . . . . . . . . . . 24--33
Anonymous \booktitleIEEE Computer Graphics and
Applications . . . . . . . . . . . . . . 33--33
L. Campanile and
M. Iacono and
A. H. Levis and
F. Marulli and
M. Mastroianni Privacy Regulations, Smart Roads,
Blockchain, and Liability Insurance:
Putting Technologies to Work . . . . . . 34--43
Anonymous IEEE Computing Society Call for Papers 43--43
G. Amit and
A. Shabtai and
Y. Elovici A Self-Healing Mechanism for Internet of
Things Devices . . . . . . . . . . . . . 44--53
F. Massacci and
C. N. Ngo Distributed Financial Exchanges:
Security Challenges and Design
Principles . . . . . . . . . . . . . . . 54--64
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 64--64
R. Ben Netanel and
B. Nassi and
A. Shamir and
Y. Elovici Detecting Spying Drones . . . . . . . . 65--73
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 73--73
D. Mussington Calculating Risks: Understanding the
2020 Election Experience and Defining
the ``New Normal'' . . . . . . . . . . . 74--80
Anonymous \booktitleIEEE Transactions on Big Data 80--80
N. Dragoni and
A. Lluch Lafuente and
F. Massacci and
A. Schlichtkrull Are We Preparing Students to Build
Security In? A Survey of European
Cybersecurity in Higher Education
Programs [Education] . . . . . . . . . . 81--88
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 88--88
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 89--89
M. Said Elsayed and
N.-A. Le-Khac and
A. D. Jurcut Dealing With COVID-19 Network Traffic
Spikes [Cybercrime and Forensics] . . . 90--94
D. Genkin and
Y. Yarom Whack-a-Meltdown: Microarchitectural
Security Games [Systems Attacks and
Defenses] . . . . . . . . . . . . . . . 95--98
J. L. Hernandez-Ramos and
S. N. Matheu and
A. Skarmeta The Challenges of Software Cybersecurity
Certification [Building Security In] . . 99--102
E. Bertino Attacks on Artificial Intelligence [Last
Word] . . . . . . . . . . . . . . . . . 103--104
Anonymous Errata . . . . . . . . . . . . . . . . . 103--103
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Member Benefits C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Paul C. van Oorschot Toward Unseating the Unsafe C
Programming Language . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Sean Peisert and
Bruce Schneier and
Hamed Okhravi and
Fabio Massacci and
Terry Benzel and
Carl Landwehr and
Mohammad Mannan and
Jelena Mirkovic and
Atul Prakash and
James Bret Michael Perspectives on the SolarWinds Incident 7--13
Anonymous 42nd IEEE Symposium on Security & Privacy 13--13
Fabio Massacci and
Trent Jaeger and
Sean Peisert SolarWinds and the Challenges of
Patching: Can We Ever Stop Dancing With
the Devil? . . . . . . . . . . . . . . . 14--19
Malhar S. Jere and
Tyler Farnan and
Farinaz Koushanfar A Taxonomy of Attacks on Federated
Learning . . . . . . . . . . . . . . . . 20--28
Anonymous \booktitleIEEE Annals of the History
Computing . . . . . . . . . . . . . . . 28--28
Amir Herzberg and
Hemi Leibowitz and
Kent Seamons and
Elham Vaziripour and
Justin Wu and
Daniel Zappala Secure Messaging Authentication
Ceremonies Are Broken . . . . . . . . . 29--37
Wajeeha Ahmad and
David D. Clark A Systems Approach Toward Addressing
Anonymous Abuses: Technical and Policy
Considerations . . . . . . . . . . . . . 38--47
Anonymous \booktitleIEEE Computer Graphics &
Applications . . . . . . . . . . . . . . 47--47
Siam U. Hussain and
M. Sadegh Riazi and
Farinaz Koushanfar The Fusion of Secure Function Evaluation
and Logic Synthesis . . . . . . . . . . 48--55
Karen L. Sanzo and
Jay Paredes Scribner and
Hongyi Wu Designing a K-16 Cybersecurity
Collaborative: CIPHER . . . . . . . . . 56--59
Marco Simioni Investigative Techniques for the
De-Anonymization of Hidden Services . . 60--64
Samuel T. King and
Nolen Scaife and
Patrick Traynor and
Zainul Abi Din and
Christian Peeters and
Hari Venugopala Credit Card Fraud Is a Computer Security
Problem . . . . . . . . . . . . . . . . 65--69
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 69--69
Alfred Menezes and
Douglas Stebila Challenges in Cryptography . . . . . . . 70--73
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 73--73
Jonathan Spring and
Eric Hatleback and
Allen Householder and
Art Manion and
Deana Shick Time to Change the CVSS? . . . . . . . . 74--78
Anonymous \booktitleIEEE Transactions on Computers
Call for Papers . . . . . . . . . . . . 78--78
Daniel E. Geer Auto-Update Considered Harmful . . . . . 79--80
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 79--79
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Member Benefits C4--C4
Anonymous [Front cover] . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge
[advertisement] . . . . . . . . . . . . C2--C2
Anonymous Table of contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Laurie Williams The People Who Live in Glass Houses Are
Happy the Stones Weren't Thrown at Them
[From the Editors] . . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous \booktitleIEEE Annals of the History of
Computing [advertisement] . . . . . . . 7--7
Hamed Okhravi A Cybersecurity Moonshot . . . . . . . . 8--16
Sameed Ali and
Prashant Anantharaman and
Zephyr Lucas and
Sean W. Smith What We Have Here Is Failure to
Validate: Summer of LangSec . . . . . . 17--23
David M. Nicol The Ransomware Threat to Energy-Delivery
Systems . . . . . . . . . . . . . . . . 24--32
Akond Rahman and
Laurie Williams Different Kind of Smells: Security
Smells in Infrastructure as Code Scripts 33--41
Shuwen Deng and
Wenjie Xiong and
Jakub Szefer Understanding the Insecurity of
Processor Caches Due to Cache
Timing-Based Vulnerabilities . . . . . . 42--49
Anonymous IEEE JobBoards . . . . . . . . . . . . . 50--50
Sangchul Park and
Gina J. Choi and
Haksoo Ko Privacy in the Time of COVID-19:
Divergent Paths for Contact Tracing and
Route-Disclosure Mechanisms in South
Korea . . . . . . . . . . . . . . . . . 51--56
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 57--57
Fabio Massacci and
Ivan Pashchenko Technical Leverage: Dependencies Are a
Mixed Blessing . . . . . . . . . . . . . 58--62
Anonymous Erratum [for ``A Taxonomy of Attacks on
Federated Learning''] . . . . . . . . . 62--62
Anonymous IEEE Computer Society Call for Papers 63--63
Bruce Schneier What Will It Take? . . . . . . . . . . . 63--64
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Member Benefits C4--C4
Anonymous [Front cover] . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
James Bret Michael Security and Privacy for Edge Artificial
Intelligence . . . . . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Josh Benaloh and
Kammi Foote and
Philip B. Stark and
Vanessa Teague and
Dan S. Wallach VAULT-Style Risk-Limiting Audits and the
Inyo County Pilot . . . . . . . . . . . 8--18
Emiliano De Cristofaro A Critical Overview of Privacy in
Machine Learning . . . . . . . . . . . . 19--27
Amy Dettmer and
Hamed Okhravi and
Kevin Perry and
Nabil Schear and
Richard Shay and
Mary Ellen Zurko and
Paula Donovan Lessons Learned From Designing a
Security Architecture for Real-World
Government Agencies . . . . . . . . . . 28--36
Wenqiang Ruan and
Mingxin Xu and
Haoyang Jia and
Zhenhuan Wu and
LuShan Song and
Weili Han Privacy Compliance: Can Technology Come
to the Rescue? . . . . . . . . . . . . . 37--43
François Boechat and
Gabriel Ribas and
Lucas Senos and
Miguel Bicudo and
Mateus Schulz Nogueira and
Leandro Pfleger de Aguiar and
Daniel Sadoc Menasche Is Vulnerability Report Confidence
Redundant? Pitfalls Using Temporal Risk
Scores . . . . . . . . . . . . . . . . . 44--53
Anonymous IEEE Computer Society Call For Papers 53--53
Julie Haney and
Wayne Lutters and
Jody Jacobs Cybersecurity Advocates: Force
Multipliers in Security Behavior Change 54--59
Alfred Menezes and
Douglas Stebila End-to-End Security: When Do We Have It? 60--64
Anonymous \booktitleIEEE Computing in Science and
Engineering . . . . . . . . . . . . . . 64--64
Pollyanna Sanderson Balancing Public Health and Civil
Liberties: Privacy Aspects of
Contact-Tracing Technologies . . . . . . 65--69
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 69--69
Eric Vétillard Security Certification: Is It Box
Ticking? . . . . . . . . . . . . . . . . 70--74
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 75--75
Steven M. Bellovin The Law and Lawful Hacking . . . . . . . 76--76
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Member Benefits C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Elections . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Terry Benzel Research and Industry Partnerships in
Cybersecurity and Privacy Research: New
Frontiers or Fueling the Tech Sector? 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous Updates From \booktitleIEEE Security &
Privacy's Editor in Chief Sean Peisert 8--8
Bob Blakley and
Lorrie Cranor A Discussion of Public Health, Trust,
and Privacy With Susan Landau . . . . . 9--15
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 15--15
Yu-Tsung Lee and
Haining Chen and
Trent Jaeger Demystifying Android's Scoped Storage
Defense . . . . . . . . . . . . . . . . 16--25
Anonymous \booktitleIEEE Computing in Science &
Engineering . . . . . . . . . . . . . . 25--25
Ramona Trestian and
Guodong Xie and
Pintu Lohar and
Edoardo Celeste and
Malika Bendechache and
Rob Brennan and
Evgeniia Jayasekera and
Regina Connolly and
Irina Tal Privacy in a Time of COVID-19: How
Concerned Are You? . . . . . . . . . . . 26--35
Florian Skopik and
Markus Wurzenberger and
Max Landauer The Seven Golden Principles of Effective
Anomaly-Based Intrusion Detection . . . 36--45
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 45--45
Francesco Minna and
Agathe Blaise and
Filippo Rebecchi and
Balakrishnan Chandrasekaran and
Fabio Massacci Understanding the Security Implications
of Kubernetes Networking . . . . . . . . 46--56
Zheng Yang and
Sridhar Adepu and
Jianying Zhou Opportunities and Challenges in Securing
Critical Infrastructures Through
Cryptography . . . . . . . . . . . . . . 57--65
Sauvik Das and
W. Keith Edwards and
DeBrae Kennedy-Mayo and
Peter Swire and
Yuxi Wu Privacy for the People? Exploring
Collective Action as a Mechanism to
Shift Power to Consumers in End-User
Privacy . . . . . . . . . . . . . . . . 66--70
Anonymous \booktitleIEEE Computing Edge . . . . . 71--71
Blair Taylor and
Sidd Kaza and
Paige A. Zaleppa CLARK: A Design Science Research Project
for Building and Sharing High-Quality
Cybersecurity Curricula . . . . . . . . 72--76
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 77--77
Katja Tuma and
Mathias Widman Seven Pain Points of Threat Analysis and
Risk Assessment in the Automotive Domain 78--82
Paul C. van Oorschot Coevolution of Security's Body of
Knowledge and Curricula . . . . . . . . 83--89
Anonymous IEEE Computer Society Call for Papers 89--89
Sophie Stalla-Bourdillon A Maturity Spectrum for Data
Institutions . . . . . . . . . . . . . . 90--94
Elisa Bertino Zero Trust Architecture: Does It Help? 95--96
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 95--95
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computer Society Member Benefits C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Anonymous Toward Fail Safety for Security
Decisions . . . . . . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 7--7
Robert Cunningham and
Anita D. Carleton and
Tom Longstaff and
Forrest J. Shull A Research Road Map for Building Secure
and Resilient Software-Intensive Systems 8--14
Anonymous \booktitleIEEE Computer Graphics &
Applications . . . . . . . . . . . . . . 14--14
Anonymous A Discussion of Election Security,
Cryptography, and Exceptional Access
With Michael Alan Specter . . . . . . . 15--22
Danfeng Daphne Yao and
Terry Benzel ACSAC 2020: Furthering the Quest to
Tackle Hard Problems and Find Practical
Solutions . . . . . . . . . . . . . . . 23--24
Anonymous IEEE Computer Society Diversity and
Integrity Fund . . . . . . . . . . . . . 25--25
Dongkwan Kim and
Eunsoo Kim and
Mingeun Kim and
Yeongjin Jang and
Yongdae Kim Enabling the Large-Scale Emulation of
Internet of Things Firmware With
Heuristic Workarounds . . . . . . . . . 26--35
Suzan Ali and
Mounir Elgharabawy and
Quentin Duchaussoy and
Mohammad Mannan and
Amr Youssef Parental Controls: Safer Internet
Solutions or New Pitfalls? . . . . . . . 36--46
Stephan Wiefling and
Markus Dürmuth and
Luigi Lo Iacono Verify It's You: How Users Perceive
Risk-Based Authentication . . . . . . . 47--57
Carter Yagemann and
Pak Ho Chung and
Erkam Uzun and
Sai Ragam and
Brendan Saltaformaggio and
Wenke Lee Modeling Large-Scale Manipulation in
Open Stock Markets . . . . . . . . . . . 58--65
Song Liao and
Christin Wilson and
Cheng Long and
Hongxin Hu and
Huixing Deng Problematic Privacy Policies of Voice
Assistant Applications . . . . . . . . . 66--73
Assane Gueye and
Carlos E. C. Galhardo and
Irena Bojanova and
Peter Mell A Decade of Reoccurring Software
Weaknesses . . . . . . . . . . . . . . . 74--82
Cong Shi and
Yan Wang and
Yingying Jennifer Chen and
Nitesh Saxena Authentication of Voice Commands by
Leveraging Vibrations in Wearables . . . 83--92
Anonymous \booktitleIEEE Computing in Science and
Engineering . . . . . . . . . . . . . . 92--92
David Pujol and
Ashwin Machanavajjhala Equity and Privacy: More Than Just a
Tradeoff . . . . . . . . . . . . . . . . 93--97
Anonymous IEEE Computer Society Call for Papers 97--97
Alfred Menezes and
Douglas Stebila The Advanced Encryption Standard: 20
Years Later . . . . . . . . . . . . . . 98--102
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 102--102
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 103--103
Fariborz Farahmand Integrating Cybersecurity and Artificial
Intelligence Research in Engineering and
Computer Science Education . . . . . . . 104--110
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 110--110
Anonymous IEEE Computer Society Member Benefits 111--111
Emily Stark and
Joe DeBlasio and
Devon O'Brien Certificate Transparency in Google
Chrome: Past, Present, and Future . . . 112--118
Anonymous \booktitleIEEE Security and Privacy
Subscription . . . . . . . . . . . . . . 118--118
Jules Polonetsky and
Tim Sparapani A Review of the Privacy-Enhancing
Technologies Software Market . . . . . . 119--122
Anonymous \booktitleIEEE Transactions on Big Data 123--123
Daniel E. Geer Convergence . . . . . . . . . . . . . . 123--124
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Job Boards . . . . . . . . . . . . C4--C4
Anonymous [Front cover] . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Sean Peisert Unsafe at Any Clock Speed: The
Insecurity of Computer System Design,
Implementation, and Operation . . . . . 4--9
Anonymous Reliability Society . . . . . . . . . . 5--5
Luca Caviglione and
Steffen Wendzel and
Simon Vrhovec and
Aleksandra Mileva Security and Privacy Issues of Home
Globalization . . . . . . . . . . . . . 10--11
Yashothara Shanmugarasa and
Hye-young Paik and
Salil S. Kanhere and
Liming Zhu Automated Privacy Preferences for Smart
Home Data Sharing Using Personal Data
Stores . . . . . . . . . . . . . . . . . 12--22
Anonymous \booktitleIEEE Computing in Science and
Engineering . . . . . . . . . . . . . . 22--22
Ruben Rios and
Jose A. Onieva and
Rodrigo Roman and
Javier Lopez Personal IoT Privacy Control at the Edge 23--32
Anonymous IEEE Computer Society Member Benefits 32--32
Luca Ardito and
Luca Barbato and
Paolo Mori and
Andrea Saracino Preserving Privacy in the Globalized
Smart Home: The SIFIS-Home Project . . . 33--44
Daniele Bringhenti and
Fulvio Valenza and
Cataldo Basile Toward Cybersecurity Personalization in
Smart Homes . . . . . . . . . . . . . . 45--53
Ying Li and
Tong Xin and
Mikko Siponen Citizens Cybersecurity Behavior: Some
Major Challenges . . . . . . . . . . . . 54--61
Anonymous IEEE Computer Society Call for Papers 61--61
An\vze Miheli\vc and
Bo\vstjan \vZvanut (In)secure Smart Device Use Among Senior
Citizens . . . . . . . . . . . . . . . . 62--71
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 71--71
Joseph Bugeja and
Andreas Jacobsson and
Paul Davidsson The Ethical Smart Home: Perspectives and
Guidelines . . . . . . . . . . . . . . . 72--80
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 81--81
Florian Alt and
Stefan Schneegass Beyond Passwords: Challenges and
Opportunities of Future Authentication 82--86
Anonymous \booktitleIEEE Pervasive Computing Call
For Articles . . . . . . . . . . . . . . 86--86
Lata Nautiyal and
Awais Rashid and
Joseph Hallett and
Ben Shreeve and
Michael K. and
Chris E. and
Catherine H. The United Kingdom's Cyber Security
Degree Certification Program: a Cyber
Security Body of Knowledge Case Study 87--95
Anonymous \booktitleIEEE Computer Graphics and
Applications . . . . . . . . . . . . . . 95--95
Veronica Schmitt Medical Device Forensics . . . . . . . . 96--100
Anonymous IEEE Diversity and Inclusion Fund . . . 101--101
Paul C. van Oorschot A View of Security as 20 Subject Areas
in Four Themes . . . . . . . . . . . . . 102--108
Adam Shostack 25 Years in Application Security:
Looking Back, Looking Forward . . . . . 109--112
Anonymous \booktitleIEEE Transactions on Big Data 112--112
Adam Kardash and
Suzanne Morin The Practices and Challenges of
Generating Nonidentifiable Data . . . . 113--118
Anonymous \booktitleIEEE Transactions on Computers
Call for Papers . . . . . . . . . . . . 118--118
Bruce Schneier Robot Hacking Games . . . . . . . . . . 119--120
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 119--119
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE JobSite . . . . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Anonymous Pseudo Ground-Truth Generators and
Large-Scale Studies . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Terry Benzel and
Thorsten Holz Selected Papers From the 2021 IEEE
Symposium on Security and Privacy . . . 8--9
Penghui Zhang and
Adam Oest and
Haehyun Cho and
Zhibo Sun and
R. C. Johnson and
Brad Wardman and
Shaown Sarker and
Alexandros Kapravelos and
Tiffany Bao and
Ruoyu Wang and
Yan Shoshitaishvili and
Adam Doupé and
Gail-Joon Ahn \pkgCrawlPhish: Large-Scale Analysis of
Client-Side Cloaking Techniques in
Phishing . . . . . . . . . . . . . . . . 10--21
Chen Ling and
Gianluca Stringhini and
Utkucan Balcì and
Jeremy Blackburn A First Look at Zoombombing . . . . . . 22--30
Pardis Emami-Naeini and
Janarth Dheenadhayalan and
Yuvraj Agarwal and
Lorrie Faith Cranor An Informative Security and Privacy
Nutrition Label for Internet of Things
Devices . . . . . . . . . . . . . . . . 31--39
Alaa Daffalla and
Lucy Simko and
Tadayoshi Kohno and
Alexandru G. Bardas Defensive Technology Use During the
2018--2019 Sudanese Revolution . . . . . 40--48
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 48--48
Nicolas Huaman and
Sabrina Amft and
Marten Oltrogge and
Yasemin Acar and
Sascha Fahl They Would Do Better If They Worked
Together: Interaction Problems Between
Password Managers and the Web . . . . . 49--60
Neal Mangaokar and
Atul Prakash Dispelling Misconceptions and
Characterizing the Failings of Deepfake
Detection . . . . . . . . . . . . . . . 61--67
Daniel W. Woods and
Rainer Böhme Incident Response as a Lawyers Service 68--74
Anonymous IEEE Computer Society Call for Special
issue Proposals . . . . . . . . . . . . 75--75
Felix Fischer and
Jens Grossklags Nudging Software Developers Toward
Secure Code . . . . . . . . . . . . . . 76--79
Fabrice Boudot and
Pierrick Gaudry and
Aurore Guillevic and
Nadia Heninger and
Emmanuel Thomé and
Paul Zimmermann The State of the Art in Integer
Factoring and Breaking Public-Key
Cryptography . . . . . . . . . . . . . . 80--86
Anonymous IEEE Open Access of the Computer Society 87--87
Elisa R. Heymann and
Barton P. Miller Software Security for the People: Free
and Open Resources for Software Security
Training . . . . . . . . . . . . . . . . 88--95
Anonymous \booktitleIEEE Computer Graphics and
Applications . . . . . . . . . . . . . . 95--95
William Enck and
Laurie Williams Top Five Challenges in Software Supply
Chain Security: Observations From 30
Industry and Government Organizations 96--100
Fabio Massacci and
Silvia Vidor Building Principles for Lawful Cyber
Lethal Autonomous Weapons . . . . . . . 101--106
Anonymous IEEE Computer Society Call for Papers 107--107
Steven M. Bellovin Open Source and Trust . . . . . . . . . 107--108
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Jobs Board . . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleComputing Edge . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Mary Ellen Zurko Disinformation and Reflections From
Usable Security . . . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Tadayoshi Kohno Excerpts From the \booktitleNew
Dictionary of Cybersecurity, 2036 . . . 8--8
Anonymous Introducing \booktitleIEEE Security &
Privacy's ``Off by One'' Column . . . . 9--9
Tadayoshi Kohno Mx. President Has a Brain . . . . . . . 9--11
Anonymous Updates From \booktitleIEEE Security &
Privacy's Editor-in-Chief Sean Peisert:
And Now For Something Completely
Different . . . . . . . . . . . . . . . 11--11
Bob Blakley and
Lorrie Cranor High Assurance in the Twenty-First
Century With Roger Schell . . . . . . . 12--21
Anonymous \booktitleIEEE CGA . . . . . . . . . . . 21--21
William Martin and
Patrick Lincoln and
William Scherlis Formal Methods at Scale . . . . . . . . 22--23
Anonymous IEEE CS CFP filler . . . . . . . . . . . 23--23
David Basin and
Cas Cremers and
Jannik Dreier and
Ralf Sasse Tamarin: Verification of Large-Scale,
Real-World, Cryptographic Protocols . . 24--32
Anonymous IEEE CS IT Professional filler . . . . . 32--32
Gregory Malecha and
Gordon Stewart and
Franti ek Farka and
Jasper Haag and
Yoichi Hirai Developing With Formal Methods at
BedRock Systems, Inc. . . . . . . . . . 33--42
Anonymous IEEE SP Over the Rainbow filler2 . . . . 42--42
Calvin Deutschbein and
Andres Meza and
Francesco Restuccia and
Matthew Gregoire and
Ryan Kastner and
Cynthia Sturton Toward Hardware Security Property
Generation at Scale . . . . . . . . . . 43--51
Darren Cofer and
Isaac Amundson and
Junaid Babar and
David Hardin and
Konrad Slind and
Perry Alexander and
John Hatcliff and
Robby and
Gerwin Klein and
Corey Lewis and
Eric Mercer and
John Shackleton Cyberassured Systems Engineering at
Scale . . . . . . . . . . . . . . . . . 52--64
Mike Dodds Formally Verifying Industry Cryptography 65--70
Anonymous \booktitleIEEE Pervasive Computing . . . 70--70
Simone Raponi and
Savio Sciancalepore and
Gabriele Oligeri and
Roberto Di Pietro Road Traffic Poisoning of Navigation
Apps: Threats and Countermeasures . . . 71--79
Florian Skopik and
Max Landauer and
Markus Wurzenberger Online Log Data Analysis With Efficient
Machine Learning: A Review . . . . . . . 80--90
Anonymous IEEE tbd filler . . . . . . . . . . . . 90--90
Pietro Tedeschi and
Kang Eun Jeon and
James She and
Simon Wong and
Spiridon Bakiras and
Roberto Di Pietro Privacy-Preserving and Sustainable
Contact Tracing Using Batteryless
Bluetooth Low-Energy Beacons . . . . . . 91--100
Anonymous IEEE TC Generic CFP filler . . . . . . . 100--100
Anonymous IEEE OJ Computer Society filler . . . . 101--101
Josiah Dykstra and
Jamie Met and
Nicole Backert and
Rebecca Mattie and
Douglas Hough Action Bias and the Two Most Dangerous
Words in Cybersecurity Incident
Response: An Argument for More Measured
Incident Response . . . . . . . . . . . 102--106
Anonymous IEEE Trans Sustainable Comp filler . . . 107--107
Elisa Bertino The Persistent Problem of Software
Insecurity . . . . . . . . . . . . . . . 107--108
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE CS Job Boards . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous \booktitleIEEE Computing Edge . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Tadayoshi Kohno and
Camille Cobb and
Ada Lerner and
Michelle Lin and
Adam Shostack The Buffet Overflow Café . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
WooChul Shim and
Hyejin Shin and
Yong Ho Hwang On Data Licenses for Open Source Threat
Intelligence . . . . . . . . . . . . . . 8--22
Anonymous IEEE Computer Society Election . . . . . 22--22
Galina S. Rusman and
Yulia A. Morozova Measures to Ensure Cybersecurity of
Industrial Enterprises: a Legal
Perspective . . . . . . . . . . . . . . 23--28
Zhenpeng Shi and
Kalman Graffi and
David Starobinski and
Nikolay Matyunin Threat Modeling Tools: a Taxonomy . . . 29--39
Edy Kristianto and
Van-Linh Nguyen and
Po-Ching Lin Decentralized Public-Key Infrastructure
With Blockchain in V2X Communications:
Promising or Only Euphoria? . . . . . . 40--50
Anonymous IEEE Computer Society Call for Papers 50--50
Arslan Munir and
Erik Blasch and
Alexander Aved and
Edward Paul Ratazzi and
Joonho Kong Security Issues in Situational
Awareness: Adversarial Threats and
Mitigation Techniques . . . . . . . . . 51--60
Anonymous \booktitleIEEE Computing in Science and
Engineering . . . . . . . . . . . . . . 60--60
Jan Huck and
Frank Breitinger Wake Up Digital Forensics Community and
Help Combat Ransomware . . . . . . . . . 61--70
Anonymous 2023 IEEE Computer Society Nomination
for Watts S. Humphrey Award . . . . . . 70--70
Daniel E. Geer Identity . . . . . . . . . . . . . . . . 71--72
Anonymous \booktitleIEEE Security & Privacy
Subscribe . . . . . . . . . . . . . . . 71--71
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Job Boards . . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Quantum Week 2022 . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
James Bret Michael Taking a Measured Approach to Investing
in Information Infrastructure for
Attaining Leading-Edge Trustworthy
Artificial Intelligence . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Laurie Williams Trusting Trust: Humans in the Software
Supply Chain Loop . . . . . . . . . . . 7--10
Anonymous IEEE Computer Society Call for Papers 10--10
Nathalie Baracaldo and
Alina Oprea Machine Learning Security and Privacy 11--13
Tadayoshi Kohno The Schuhmacher . . . . . . . . . . . . 14--15
Anonymous Welcome to the Latest Off by One Column 15--15
Fabio Massacci and
Antonino Sabetta and
Jelena Mirkovic and
Toby Murray and
Hamed Okhravi and
Mohammad Mannan and
Anderson Rocha and
Eric Bodden and
Daniel E. Geer Free as in Freedom to Protest? . . . . . 16--21
Minsu Cho and
Zahra Ghodsi and
Brandon Reagen and
Siddharth Garg and
Chinmay Hegde Sphynx: a Deep Neural Network Design for
Private Inference . . . . . . . . . . . 22--34
Anonymous \booktitleIEEE Security and Privacy
Subscribe . . . . . . . . . . . . . . . 34--34
Ehud Aharoni and
Nir Drucker and
Gilad Ezov and
Hayim Shaul and
Omri Soceanu Complex Encoded Tile Tensors:
Accelerating Encrypted Analytics . . . . 35--43
Martin Strobel and
Reza Shokri Data Privacy and Trustworthy Machine
Learning . . . . . . . . . . . . . . . . 44--49
Shaofeng Li and
Tian Dong and
Benjamin Zi Hao Zhao and
Minhui Xue and
Suguo Du and
Haojin Zhu Backdoors Against Natural Language
Processing: A Review . . . . . . . . . . 50--59
Tina Marjanov and
Ivan Pashchenko and
Fabio Massacci Machine Learning for Source Code
Vulnerability Detection: What Works and
What Isn't There Yet . . . . . . . . . . 60--76
Anonymous \booktitleIEEE Pervasive Computing Call
for Articles . . . . . . . . . . . . . . 76--76
Luca Demetrio and
Battista Biggio and
Fabio Roli Practical Attacks on Machine Learning: a
Case Study on Adversarial Windows
Malware . . . . . . . . . . . . . . . . 77--85
Dinil Mon Divakaran and
Adam Oest Phishing Detection Leveraging Machine
Learning and Deep Learning: a Review . . 86--95
Ben Hermann What Has Artifact Evaluation Ever Done
for Us? . . . . . . . . . . . . . . . . 96--99
Anonymous \booktitleIEEE Open Journal of the
Computing Society . . . . . . . . . . . 100--100
Luca Caviglione and
Wojciech Mazurczyk Never Mind the Malware, Here's the
Stegomalware . . . . . . . . . . . . . . 101--106
Anonymous \booktitleIEEE Security and Privacy Over
the Rainbow podcast . . . . . . . . . . 107--107
Bruce Schneier NIST's Post-Quantum Cryptography
Standards Competition . . . . . . . . . 107--108
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Jobs Board . . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Diversity and
Inclusion . . . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Tadayoshi Kohno The Our Reality Privacy Policy . . . . . 4--7
Tadayoshi Kohno Welcome to the Latest Off by One Column 5--5
Anonymous Reliability Society . . . . . . . . . . 7--7
Charles Weir and
Sammy Migues and
Laurie Williams Exploring the Shift in Security
Responsibility . . . . . . . . . . . . . 8--17
Florian Skopik and
Max Landauer and
Markus Wurzenberger Blind Spots of Security Monitoring in
Enterprise Infrastructures: a Survey . . 18--26
Anonymous IEEE Computer Society Call For Papers 26--26
Charles Gouert and
Nektarios Georgios Tsoutsos Dirty Metadata: Understanding a Threat
to Online Privacy . . . . . . . . . . . 27--34
Dhiah el Diehn I. Abou-Tair and
Ala Khalifeh Distributed Self-Sovereign-Based Access
Control System . . . . . . . . . . . . . 35--42
Anonymous \booktitleIEEE Security and Privacy
Magazine Subscribe . . . . . . . . . . . 42--42
Danfeng Daphne Yao and
Sazzadur Rahaman and
Ya Xiao and
Sharmin Afrose and
Miles Frantz and
Ke Tian and
Na Meng and
Cristina Cifuentes and
Yang Zhao and
Nicholas Allen and
Nathan Keynes and
Barton P. Miller and
Elisa Heymann and
Murat Kantarcioglu and
Fahad Shaon Being the Developers Friend: Our
Experience Developing a High-Precision
Tool for Secure Coding . . . . . . . . . 43--52
Anonymous \booktitleIEEE Pervasive Computing Call
for Papers . . . . . . . . . . . . . . . 52--52
Howard D. Grimes and
Gabriela F. Ciocarlie and
Bo Yu and
Duminda Wijesekera and
Greg Shannon and
Wayne Austad and
Charles Fracchia and
Dongyan Xu and
Thomas R. Kurfess and
Lisa Strama and
Michael Mylrea and
Bill Reid PURE Biomanufacturing: Secure,
Pandemic-Adaptive Biomanufacturing . . . 53--65
Dustin Moody and
Angela Robinson Cryptographic Standards in the
Post-Quantum Era . . . . . . . . . . . . 66--72
Anonymous \booktitleIEEE IT Professional Call for
Articles . . . . . . . . . . . . . . . . 72--72
Anonymous \booktitleIEEE Open Journal of the
Computer Society . . . . . . . . . . . . 73--73
Paul C. van Oorschot Security as an Artificial Science,
System Administration, and Tools . . . . 74--78
Cédric Hebert Trust Me, I'm a Liar . . . . . . . . . . 79--82
Anonymous \booktitleIEEE Computing in Science and
Engineering . . . . . . . . . . . . . . 82--82
Anonymous Over the Rainbow Podcast . . . . . . . . 83--83
Steven M. Bellovin What Do We Owe? . . . . . . . . . . . . 83--84
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Jobs Board . . . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Benefits . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Terry Benzel Security and Privacy Research Artifacts:
Are We Making Progress? . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous IEEE Computer Society Publications Seek
2024 Editors in Chief . . . . . . . . . 7--7
Mary Ellen Zurko and
Julie Haney Usable Security and Privacy for Security
and Privacy Workers . . . . . . . . . . 8--10
Bob Blakley and
Lorrie Cranor Katie Moussouris: Vulnerability
Disclosure and Security Workforce
Development . . . . . . . . . . . . . . 11--18
Anonymous IEEE Job Boards . . . . . . . . . . . . 19--19
Peter Leo Gorski and
Luigi Lo Iacono and
Matthew Smith Eight Lightweight Usable Security
Principles for Developers . . . . . . . 20--26
Charles Weir and
Anna Dyson and
Dan Prince Do You Speak Cyber? Talking Security
With Developers of Health Systems and
Devices . . . . . . . . . . . . . . . . 27--36
Anonymous IEEE Computer Society Call for Papers 36--36
Mohamad Fazelnia and
Ahmet Okutan and
Mehdi Mirakhorli Supporting Artificial
Intelligence/Machine Learning Security
Workers Through an Adversarial
Techniques, Tools, and Common Knowledge
Framework . . . . . . . . . . . . . . . 37--48
Mohammad Tahaei and
Kami Vaniea and
Awais Rashid Embedding Privacy Into Design Through
Software Developers: Challenges and
Solutions . . . . . . . . . . . . . . . 49--57
Nathan Malkin Contextual Integrity, Explained: a More
Usable Privacy Definition . . . . . . . 58--65
Francesco Ciclosi and
Fabio Massacci The Data Protection Officer: a
Ubiquitous Role That No One Really Knows 66--77
Adam Shostack Nothing Is Good Enough: Fast and Cheap
Are Undervalued as Influencers of
Security Tool Adoption . . . . . . . . . 78--83
Sungmi Park and
Douglas Stebila The Future of Digital Investigation:
Automated Legal Inference . . . . . . . 84--90
Anonymous \booktitleIEEE Security and Privacy
Subscribe . . . . . . . . . . . . . . . 90--90
Elisa Bertino Privacy in the Era of 5G, IoT, Big Data,
and Machine Learning . . . . . . . . . . 91--92
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Member Benefits C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Sean Peisert The First 20 Years of \booktitleIEEE
Security & Privacy . . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Tadayoshi Kohno In Earth Until (Ready) . . . . . . . . . 7--8
Bob Blakley and
Lorrie Cranor A 20th Anniversary Episode Chat With S&P
Editors George Cybenko, Carl Landwehr,
Shari Lawrence Pfleeger, and Sean
Peisert . . . . . . . . . . . . . . . . 9--16
Anonymous IEEE CAI 2023: IEEE Conference on
Artificial Intelligence . . . . . . . . 17--17
Crispin Cowan Open and Closed Software Security Redux 18--23
Steve Lipner and
Michael Howard Inside the Windows Security Push: a
Twenty-Year Retrospective . . . . . . . 24--31
Carl Landwehr and
Michael K. Reiter and
Laurie Williams and
Gene Tsudik and
Trent Jaeger and
Tadayoshi Kohno and
Apu Kapadia Looking Backwards (and Forwards): NSF
Secure and Trustworthy Computing 20-Year
Retrospective Panel Transcription . . . 32--42
Anonymous Over the Rainbow Podcast . . . . . . . . 42--42
Terry Benzel and
Hilarie Orman \booktitleIEEE Security and Privacy
Symposium in the Year 2003 . . . . . . . 43--47
Anonymous 2024 IEEE Computer Society Watts S.
Humphery Software Quality Award Call For
Nominations . . . . . . . . . . . . . . 47--47
Elissa M. Redmiles and
Mia M. Bennett and
Tadayoshi Kohno Power in Computer Security and Privacy:
a Critical Lens . . . . . . . . . . . . 48--52
Lorenzo Cavallaro and
Johannes Kinder and
Feargus Pendlebury and
Fabio Pierazzi Are Machine Learning Models for Malware
Detection Ready for Prime Time? . . . . 53--56
Christopher A. Wood Hot Topics in Security and Privacy
Standardization at the IETF and Beyond 57--62
John True and
Navid Asadizanjani Physical Inspection and Attacks on
Electronics: an Academic Course for the
Hardware Cybersecurity Workforce . . . . 63--69
Paul C. van Oorschot Memory Errors and Memory Safety: C as a
Case Study . . . . . . . . . . . . . . . 70--76
Arvind Narayanan and
Kevin Lee Security Policy Audits: Why and How . . 77--81
Nusrat Zahan and
Elizabeth Lin and
Mahzabin Tamanna and
William Enck and
Laurie Williams Software Bills of Materials Are
Required. Are We There Yet? . . . . . . 82--88
Anonymous IEEE Job Boards . . . . . . . . . . . . 83--83
Daniel E. Geer Whither Software? . . . . . . . . . . . 89--90
Anonymous \booktitleIEEE Software Magazine Call
for Articles . . . . . . . . . . . . . . 89--89
Anonymous IEEE Computer Society . . . . . . . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Member Benefits C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Trent Jaeger On Bridges and Software . . . . . . . . 4--5
Anonymous Reliability Society . . . . . . . . . . 5--5
Trent Jaeger and
Brent ByungHoon Kang and
Nele Mentens and
Cynthia Sturton Impact of Emerging Hardware on Security
and Privacy . . . . . . . . . . . . . . 6--7
Soyeon Park and
Sangho Lee and
Taesoo Kim Memory Protection Keys: Facts, Key
Extension Perspectives, and Discussions 8--15
Anonymous Over the Rainbow Podcast . . . . . . . . 15--15
Vikram Narayanan and
Anton Burtsev The Opportunities and Limitations of
Extended Page Table Switching for
Fine-Grained Isolation . . . . . . . . . 16--26
Anonymous Watts S. Humphrey Software Quality Award
Nominations . . . . . . . . . . . . . . 26--26
Andres Meza and
Francesco Restuccia and
Jason Oberg and
Dominic Rizzo and
Ryan Kastner Security Verification of the OpenTitan
Hardware Root of Trust . . . . . . . . . 27--36
Anonymous IEEE Quantum Week . . . . . . . . . . . 36--36
Marc Lacoste and
Vincent Lefebvre Trusted Execution Environments for
Telecoms: Strengths, Weaknesses,
Opportunities, and Threats . . . . . . . 37--46
Adam Brian Turner and
Stephen McCombie and
Allon J. Uhlmann Ransomware-Bitcoin Threat Intelligence
Sharing Using Structured Threat
Information Expression . . . . . . . . . 47--57
Kacper T. Gradon Electric Sheep on the Pastures of
Disinformation and Targeted Phishing
Campaigns: The Security Implications of
ChatGPT . . . . . . . . . . . . . . . . 58--61
Paul C. van Oorschot Memory Errors and Memory Safety: a Look
at Java and Rust . . . . . . . . . . . . 62--68
Anonymous IEEE Computer Society . . . . . . . . . C3--C3
Anonymous IEEE Computer Society
\booktitleComputing Edge . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Quantum Week 2023 . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Sean Peisert On Software Infrastructure: Develop,
Prove, Profit? . . . . . . . . . . . . . 4--8
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous \booktitleIEEE Software Magazine Call
for Articles . . . . . . . . . . . . . . 8--8
Gabriela F. Ciocarlie and
Jianying Zhou Securing Critical Infrastructure Across
Cyber and Physical Dimensions . . . . . 9--9
Adeen Ayub and
Wooyeon Jo and
Syed Ali Qasim and
Irfan Ahmed How Are Industrial Control Systems
Insecure by Design? A Deeper Insight
Into Real-World Programmable Logic
Controllers . . . . . . . . . . . . . . 10--19
Luis Burbano and
Kunal Garg and
Santiago J. Leudo and
Alvaro A. Cardenas and
Ricardo G. Sanfelice Online Attack Recovery in Cyberphysical
Systems . . . . . . . . . . . . . . . . 20--28
Rodrigo Roman and
Cristina Alcaraz and
Javier Lopez and
Kouichi Sakurai Current Perspectives on Securing
Critical Infrastructures Supply Chains 29--38
Constantine Doumanidis and
Yongyu Xie and
Prashant H. N. Rajput and
Ryan Pickren and
Burak Sahin and
Saman Zonouz and
Michail Maniatakos Dissecting the Industrial Control
Systems Software Supply Chain . . . . . 39--50
Aditya P. Mathur Reconfigurable Digital Twin to Support
Research, Education, and Training in the
Defense of Critical Infrastructure . . . 51--60
Martin Strohmeier and
Mauro Leonardi and
Sergei Markochev and
Fabio Ricciato and
Matthias Schäfer and
Vincent Lenders In Pursuit of Aviation Cybersecurity:
Experiences and Lessons From a
Competitive Approach . . . . . . . . . . 61--73
Khaled Sarieddine and
Mohammad Ali Sayed and
Danial Jafarigiv and
Ribal Atallah and
Mourad Debbabi and
Chadi Assi A Real-Time Cosimulation Testbed for
Electric Vehicle Charging and Smart Grid
Security . . . . . . . . . . . . . . . . 74--83
Anonymous IEEE Computer Society Member Benefits 83--83
David M. Nicol and
Gregory Shannon and
Monika Akbar and
Matt Bishop and
Michael Chaney and
Matthew Luallen Toward Common Weakness Enumerations in
Industrial Control Systems . . . . . . . 84--93
Nigel Smart Computing on Encrypted Data . . . . . . 94--98
Anonymous Over the Rainbow Podcast . . . . . . . . 99--99
Steven M. Bellovin Is Cybersecurity Liability a Liability? 99--100
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous IEEE Computing Edge . . . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Tadayoshi Kohno In Your Eyes . . . . . . . . . . . . . . 4--5
Jingwei Wu and
Wanxi Mao and
Yuxin Deng and
Jinghong Xu Child Safety and Data Privacy in Smart
Homes With Speakers: Comparison of
Privacy Policies in the United States
and China . . . . . . . . . . . . . . . 6--17
Anonymous IEEE Computer Society Call for Papers 17--17
Abdul Majeed and
Seong Oun Hwang Rectification of Syntactic and Semantic
Privacy Mechanisms . . . . . . . . . . . 18--32
Priyanka Nanayakkara and
Jessica Hullman What's Driving Conflicts Around
Differential Privacy for the U.S. Census 33--42
Sebastian Obermeier and
Thomas Jösler and
Stephan Renggli and
Maurus Unternährer and
Bernhard M. Hämmerli Automating Recovery in Mixed Operation
Technology/IT Critical Infrastructures 43--54
Eric Ruzomberka and
David J. Love and
Christopher G. Brinton and
Arpit Gupta and
Chih-Chun Wang and
H. Vincent Poor Challenges and Opportunities for
Beyond-5G Wireless Security . . . . . . 55--66
Anonymous IEEE Career Center . . . . . . . . . . . 67--67
Padmanabhan Krishnan and
Cristina Cifuentes and
Li Li and
Tegawendé F. Bissyandé and
Jacques Klein Why Is Static Application Security
Testing Hard to Learn? . . . . . . . . . 68--72
Daniel Arp and
Erwin Quiring and
Feargus Pendlebury and
Alexander Warnecke and
Fabio Pierazzi and
Christian Wressnegger and
Lorenzo Cavallaro and
Konrad Rieck Lessons Learned on Machine Learning for
Computer Security . . . . . . . . . . . 72--77
Anonymous IEEE Reliability Society . . . . . . . . 77--77
Anonymous IEEE Computer Society Diversity and
Inclusion . . . . . . . . . . . . . . . 78--78
Frank Piessens Transient Execution Attacks . . . . . . 79--84
Konstantinos Adamos and
Fabio Di Franco and
Athanasios Grammatopoulos An Analysis of European Union
Cybersecurity Higher Education Programs
Through the Crowd-Sourced Database
CyberHEAD . . . . . . . . . . . . . . . 85--94
Daniel E. Geer Convergence: Ongoing . . . . . . . . . . 95--96
Anonymous IEEE Computer Society Member Benefits C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Diversity filler C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Mary Ellen Zurko Unusable Security for Attackers [From
the Editors] . . . . . . . . . . . . . . 4--7
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous \booktitleIEEE Security & Privacy
Subscribe filler . . . . . . . . . . . . 7--7
Fabio Massacci and
Laurie Williams Software Supply Chain Security [Guest
Editors Introduction] . . . . . . . . . 8--10
Anonymous IEEE Computer Society Has You Covered 10--10
Anonymous IEEE Computer Society Career Center
filler . . . . . . . . . . . . . . . . . 11--11
Musard Balliu and
Benoit Baudry and
Sofia Bobadilla and
Mathias Ekstedt and
Martin Monperrus and
Javier Ron and
Aman Sharma and
Gabriel Skoglund and
César Soto-Valero and
Martin Wittlinger Challenges of Producing Software Bill of
Materials for Java . . . . . . . . . . . 12--23
Anonymous IEEE Computer Society CFP filler . . . . 23--23
Ákos Milánkovich and
Katja Tuma Delta Security Certification for
Software Supply Chains . . . . . . . . . 24--33
Piergiorgio Ladisa and
Serena Elisa Ponta and
Antonino Sabetta and
Matias Martinez and
Olivier Barais Journey to the Center of Software Supply
Chain Attacks . . . . . . . . . . . . . 34--49
Santiago Torres-Arias and
Dan Geer and
John Speed Meyers A Viewpoint on Knowing Software: Bill of
Materials Quality When You See It . . . 50--54
Marcela S. Melara and
Santiago Torres-Arias A Viewpoint on Software Supply Chain
Security: Are We Getting Lost in
Translation? . . . . . . . . . . . . . . 55--58
Marcel Fourné and
Dominik Wermke and
Sascha Fahl and
Yasemin Acar A Viewpoint on Human Factors in Software
Supply Chain Security: a Research Agenda 59--63
Matthias Eckhart and
Andreas Ekelhart and
David Allison and
Magnus Almgren and
Katharina Ceesay-Seitz and
Helge Janicke and
Simin Nadjm-Tehrani and
Awais Rashid and
Mark Yampolskiy Security-Enhancing Digital Twins:
Characteristics, Indicators, and Future
Perspectives . . . . . . . . . . . . . . 64--75
Nusrat Zahan and
Parth Kanakiya and
Brian Hambleton and
Shohanuzzaman Shohan and
Laurie Williams OpenSSF Scorecard: On the Path Toward
Ecosystem-Wide Automated Security
Metrics . . . . . . . . . . . . . . . . 76--88
Anonymous IEEE Computer Society Seeks Applicants
for Editors in Chief . . . . . . . . . . 89--89
Florian Kerschbaum and
Nils Lukas Privacy-Preserving Machine Learning
[Cryptography] . . . . . . . . . . . . . 90--94
Anonymous \booktitleIEEE Annals filler . . . . . . 94--94
Anonymous 0 . . . . . . . . . . . . . . . . . . . 95--95
Bruce Schneier Trustworthy AI Means Public AI [Last
Word] . . . . . . . . . . . . . . . . . 95--96
Anonymous IEEE Computer Society Information . . . C3--C3
Anonymous \booktitleComputing Edge . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Diversity and
Inclusion Fund . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Fabio Massacci The Holy Grail of Vulnerability
Predictions . . . . . . . . . . . . . . 4--6
Anonymous IEEE Reliability Society . . . . . . . . 5--5
Franziska Roesner and
Tadayoshi Kohno Security and Privacy in the Metaverse 7--9
Anonymous IEEE Computer Society Benefits . . . . . 9--9
Derin Cayir and
Abbas Acar and
Riccardo Lazzeretti and
Marco Angelini and
Mauro Conti and
Selcuk Uluagac Augmenting Security and Privacy in the
Virtual Realm: an Analysis of Extended
Reality Devices . . . . . . . . . . . . 10--23
Vivek Nair and
Louis Rosenberg and
James F. O'Brien and
Dawn Song Truth in Motion: The Unprecedented Risks
and Opportunities of Extended Reality
Motion Data . . . . . . . . . . . . . . 24--32
Matthew Corbett and
Brendan David-John and
Jiacheng Shang and
Y. Charlie Hu and
Bo Ji Securing Bystander Privacy in Mixed
Reality While Protecting the User
Experience . . . . . . . . . . . . . . . 33--42
Anonymous IEEE Computer Society Call for Papers 42--42
Abraham Mhaidli and
Shwetha Rajaram and
Selin Fidan and
Gina Herakovic and
Florian Schaub Shockvertising, Malware, and a Lack of
Accountability: Exploring Consumer Risks
of Virtual Reality Advertisements and
Marketing Experiences . . . . . . . . . 43--52
Karoline Brehm and
Yan Shvartzshnaider Understanding Privacy in Virtual Reality
Classrooms: a Contextual Integrity
Perspective . . . . . . . . . . . . . . 53--62
Anonymous IEEE Over the Rainbow Podcast . . . . . 62--62
Anonymous Publications Seek 2025 Editors in Chief 63--63
Joseph O'Hagan and
Jan Gugenheimer and
Florian Mathis and
Jolie Bonner and
Richard Jones and
Mark McGill A Viewpoint on the Societal Impact of
Everyday Augmented Reality and the Need
for Perceptual Human Rights . . . . . . 64--68
Eric Bodden and
Jens Pottebaum and
Markus Fockel and
Iris Gräßler Evaluating Security Through Isolation
and Defense in Depth . . . . . . . . . . 69--72
Anonymous IEEE Computer Society Information . . . 73--73
Elissa M. Redmiles Friction Matters: Balancing the Pursuit
of Perfect Protection With Target
Hardening . . . . . . . . . . . . . . . 76--75
Anonymous \booktitleIEEE Annals in Computing . . . 75--75
Anonymous IEEE Career Center . . . . . . . . . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Diversity and
Inclusion Fund . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Laurie Williams Narrowing the Software Supply Chain
Attack Vectors: The SSDF Is Wonderful
but not Enough . . . . . . . . . . . . . 4--7
Anonymous IEEE Reliability Society . . . . . . . . 5--5
Anonymous \booktitleIEEE Transactions on Computers 7--7
Samuel Aiello and
Bhaskar P. Rimal Secure Access Service Edge Convergence:
Recent Progress and Open Issues . . . . 8--16
Vaughn Hamilton and
Gabriel Kaptchuk and
Allison McDonald and
Elissa M. Redmiles Safer Digital Intimacy for Sex Workers
and Beyond: a Technical Research Agenda 17--28
Gregory Lyon Trust in Data Security Protocols and
Knowledge of Privacy and Security
Technology . . . . . . . . . . . . . . . 29--37
Anonymous IEEE Computer Society --- Call for
Papers . . . . . . . . . . . . . . . . . 37--37
Winnie Mbaka and
Katja Tuma Role of Gender in the Evaluation of
Security Decisions . . . . . . . . . . . 38--48
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 48--48
Antonino Sabetta and
Serena Elisa Ponta and
Rocio Cabrera Lozoya and
Michele Bezzi and
Tommaso Sacchetti and
Matteo Greco and
Gerg Balogh and
Péter Heged s and
Rudolf Ferenc and
Ranindya Paramitha and
Ivan Pashchenko and
Aurora Papotti and
Ákos Milánkovich and
Fabio Massacci Known Vulnerabilities of Open Source
Projects: Where Are the Fixes? . . . . . 49--59
Anonymous \booktitleIEEE Computer Graphics and
Applications . . . . . . . . . . . . . . 59--59
Michele Bezzi Large Language Models and Security . . . 60--68
Anonymous \booktitleComputing in Science &
Engineering . . . . . . . . . . . . . . 68--68
Matilda Backendal and
Miro Haller and
Kenny Paterson End-to-End Encrypted Cloud Storage . . . 69--74
Anonymous \booktitleIEEE Transactions on Big Data 74--74
Frank Piessens and
Paul C. van Oorschot Side-Channel Attacks: a Short Tour . . . 75--80
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 80--80
Alice Hutchings The Amplification of Online Deviancy
Through the Language of Violent Crime,
War, and Aggression . . . . . . . . . . 81--84
Anonymous IEEE Computer Society Has You Covered! 85--85
Frank Pallas and
Katharina Koerner and
Isabel Barberá and
Jaap-Henk Hoepman and
Meiko Jensen and
Nandita Rao Narla and
Nikita Samarin and
Max-R. Ulbricht and
Isabel Wagner and
Kim Wuyts and
Christian Zimmermann Privacy Engineering From Principles to
Practice: a Roadmap . . . . . . . . . . 86--92
Anonymous IEEE Computer Society Information . . . 93--93
Helen Nissenbaum AI Safety: a Poisoned Chalice? . . . . . 94--96
Anonymous \booktitleIEEE Pervasive Computing ---
Call for Articles . . . . . . . . . . . 95--95
Anonymous IEEE Computer Society Career Center . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Computer Society Diversity and
Inclusion Fund . . . . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Nele Mentens Hardware Security in the Era of Emerging
Device and System Technologies . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Daniel Moreira and
Sébastien Marcel and
Anderson Rocha Synthetic Realities and Artificial
Intelligence-Generated Contents . . . . 7--10
Anonymous IEEE Computer Society Call for Papers 10--10
Anonymous IEEE Computer Society Benefits . . . . . 11--11
Yeali S. Sun and
Zhi-Kang Chen and
Yi-Ting Huang and
Meng Chang Chen Unleashing Malware Analysis and
Understanding With Generative AI . . . . 12--23
Javier Pastor-Galindo and
Pantaleone Nespoli and
José A. Ruipérez-Valiente Large-Language-Model-Powered Agent-Based
Framework for Misinformation and
Disinformation Research: Opportunities
and Open Challenges . . . . . . . . . . 24--36
Diangarti Tariang and
Riccardo Corvi and
Davide Cozzolino and
Giovanni Poggi and
Koki Nagano and
Luisa Verdoliva Synthetic Image Verification in the Era
of Generative Artificial Intelligence:
What Works and What Isn't There yet . . 37--49
Can Yavuz A Multidisciplinary Look at History and
Future of Deepfake With Gartner Hype
Cycle . . . . . . . . . . . . . . . . . 50--61
Anonymous \booktitleIEEE Computers In Science &
Engineering . . . . . . . . . . . . . . 61--61
Emiliano De Cristofaro Synthetic Data: Methods, Use Cases, and
Risks . . . . . . . . . . . . . . . . . 62--67
Anonymous \booktitleIEEE Pervasive Computing . . . 67--67
Meike Ramon and
Matthew Vowels and
Matthew Groh Deepfake Detection in Super-Recognizers
and Police Officers . . . . . . . . . . 68--76
Luca Maiano and
Alexandra Benova and
Lorenzo Papa and
Mara Stockner and
Michela Marchetti and
Gianmarco Convertino and
Giuliana Mazzoni and
Irene Amerini Human Versus Machine: a Comparative
Analysis in Detecting Artificial
Intelligence-Generated Images . . . . . 77--86
Anonymous IEEE Computer Society Information . . . 87--87
Steven M. Bellovin Degenerative AI? . . . . . . . . . . . . 88--88
Anonymous IEEE Career Center . . . . . . . . . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Get Published in the New \booktitleIEEE
Transactions on Privacy . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Jianying Zhou The Need of Testbeds for Cyberphysical
System Security . . . . . . . . . . . . 4--6
Anonymous IEEE Reliability Society . . . . . . . . 5--5
Tadayoshi Kohno The Task Piper . . . . . . . . . . . . . 7--12
Hamed Okhravi Memory Safety . . . . . . . . . . . . . 13--15
Dan S. Wallach and
Bob Lord A Viewpoint: a Memory Safety Manifesto 18--21
Anonymous IEEE Computer Society Has You Covered! 21--21
Per Larsen Migrating C to Rust for Memory Safety 22--29
Anonymous \booktitleIEEE Transactions on
Sustainable Computing . . . . . . . . . 29--29
Santosh Nagarakatte Full Spatial and Temporal Memory Safety
for C . . . . . . . . . . . . . . . . . 30--39
Anonymous IEEE Computer Society: Call for Papers 39--39
Kaiming Huang and
Mathias Payer and
Zhiyun Qian and
Jack Sampson and
Gang Tan and
Trent Jaeger Comprehensive Memory Safety Validation:
an Alternative Approach to Memory Safety 40--49
Robert N. M. Watson and
David Chisnall and
Jessica Clarke and
Brooks Davis and
Nathaniel Wesley Filardo and
Ben Laurie and
Simon W. Moore and
Peter G. Neumann and
Alexander Richardson and
Peter Sewell and
Konrad Witaszczyk and
Jonathan Woodruff CHERI: Hardware-Enabled C/C++ Memory
Protection at Scale . . . . . . . . . . 50--61
Anonymous \booktitleIEEE Transactions on Computers 61--61
William Robertson and
Manuel Egele A Viewpoint: Safer Heaps With Practical
Architectural Security Primitives . . . 62--65
Anonymous \booktitleIEEE Transactions on Big Data 65--65
André Rösti and
Alexios Voulimeneas and
Michael Franz The Astonishing Evolution of
Probabilistic Memory Safety: From Basic
Heap-Data Attack Detection Toward Fully
Survivable Multivariant Execution . . . 66--75
Anonymous \booktitleIEEE Pervasive Computing: Call
for Articles . . . . . . . . . . . . . . 75--75
Mohamadreza Rostami and
Chen Chen and
Rahul Kande and
Huimin Li and
Jeyavijayan Rajendran and
Ahmad-Reza Sadeghi Fuzzerfly Effect: Hardware Fuzzing for
Memory Safety . . . . . . . . . . . . . 76--86
Anonymous \booktitleIT Professional: Call for
Articles . . . . . . . . . . . . . . . . 86--86
Tobias Cloosters and
Oussama Draissi and
Johannes Willbold and
Thorsten Holz and
Lucas Davi Memory Corruption at the Border of
Trusted Execution . . . . . . . . . . . 87--96
Hans Liljestrand and
Jan-Erik Ekberg A Viewpoint: Harmonizing the Diverse
Memory Safety Fronts . . . . . . . . . . 97--100
Anonymous \booktitleComputing in Science &
Engineering . . . . . . . . . . . . . . 100--100
Daniel Moreira and
Sébastien Marcel and
Anderson Rocha Synthetic Realities and Artificial
Intelligence-Generated Contents . . . . 101--102
Anonymous \booktitleIEEE Intelligent Systems . . . 102--102
Anonymous \booktitleIEEE Multimedia . . . . . . . 102--102
Zander W. Blasingame and
Chen Liu Fast-DiM: Towards Fast Diffusion Morphs 103--114
Prakash L. Kharvi Understanding the Impact of AI-Generated
Deepfakes on Public Opinion, Political
Discourse, and Personal Security in
Social Media . . . . . . . . . . . . . . 115--122
Anonymous \booktitleIEEE Computer Graphics and
Applications . . . . . . . . . . . . . . 122--122
Anonymous IEEE Computer Society Volunteer Service
Awards . . . . . . . . . . . . . . . . . 123--123
Francis Kofi Andoh-Baidoo and
Martin Otu Offei and
Emmanuel W. Ayaburi and
Mikko Siponen and
Pavel Gladyshev How Do Real Cybercrime Syndicates
Operate?: The Case of Online Romance
Fraud Syndicates . . . . . . . . . . . . 124--128
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 128--128
Anonymous Get Published in the New \booktitleIEEE
Open Journal of the Computer Society . . 129--129
Roberto Baldoni Global Cybercrime Requires a Collective
Response: Are We Prepared to Ban Ransom
Payments? . . . . . . . . . . . . . . . 130--132
Anonymous IEEE Computer Society Information . . . 133--133
Anonymous IEEE Computer Society Diversity &
Inclusion Fund . . . . . . . . . . . . . 134--134
Daniel E. Geer What I've Learned . . . . . . . . . . . 135--136
Anonymous IEEE Computer Society Career Center . . C3--C3
Anonymous \booktitleComputing Edge . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous Get Published in the New \booktitleIEEE
Transactions on Privacy . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Trent Jaeger Has Access Control Become the Weak Link? 4--7
Anonymous IEEE Reliability Society . . . . . . . . 5--5
Apu Kapadia and
Yang Wang Inclusive Privacy and Security . . . . . 10--12
Anonymous IEEE Computer Society: Call for Papers 12--12
Filipo Sharevski Inclusive Involvement of At-Risk Users
in Cybersecurity Research . . . . . . . 13--22
Anonymous IEEE Computer Society Has You Covered! 22--22
Partha Das Chowdhury and
Karen Renaud Advocating a Policy Push Toward
Inclusive and Secure ``Digital-First''
Societies . . . . . . . . . . . . . . . 23--31
Kopo M. Ramokapane and
Maria Sameen and
Zaina Dkaidek Inclusive Internet of Things Privacy
Labels . . . . . . . . . . . . . . . . . 32--39
Anonymous \booktitleIT Professional: Call for
Articles . . . . . . . . . . . . . . . . 39--39
Chen Zhong and
J. B. Joo Baek Kim and
Hong Liu The Art of Inclusive Gamification in
Cybersecurity Training . . . . . . . . . 40--51
Jinkyung Katie Park and
Mamtaj Akter and
Pamela Wisniewski and
Karla Badillo-Urquiola It's Still Complicated: From
Privacy-Invasive Parental Control to
Teen-Centric Solutions for Digital
Resilience . . . . . . . . . . . . . . . 52--62
João Janeiro and
Sérgio Alves and
Tiago Guerreiro and
Florian Alt and
Verena Distler Understanding Phishing Experiences of
Screen Reader Users . . . . . . . . . . 63--72
Roberto Natella and
Pietro Liguori and
Cristina Improta and
Bojan Cukic and
Domenico Cotroneo AI Code Generators for Security: Friend
or Foe? . . . . . . . . . . . . . . . . 73--81
Anonymous \booktitleIEEE Pervasive Computing: Call
for Articles . . . . . . . . . . . . . . 81--81
Liliana Pasquale and
Kushal Ramkumar and
Wanling Cai and
John McCarthy and
Gavin Doherty and
Bashar Nuseibeh The Rocky Road to Sustainable Security 82--86
Anonymous IEEE Computer Society Information . . . 87--87
Zaina Dkaidek and
Awais Rashid Bridging the Cybersecurity Skills Gap:
Knowledge Framework Comparative Study 88--95
Kenneth G. Crowther Blending Shared Responsibility and Zero
Trust to Secure the Industrial Internet
of Things . . . . . . . . . . . . . . . 96--102
Anonymous IEEE Computer Society Career Center . . C3--C3
Anonymous \booktitleComputing Edge . . . . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Author's Choice . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Sean Peisert Adapting a Publicly Focused Individual
Health-Care Model to Cybersecurity . . . 4--8
Anonymous IEEE Reliability Society . . . . . . . . 5--5
Feng Hao Real-World Security Protocols . . . . . 9--10
Anonymous IEEE Computer Society Information . . . 11--11
Martin R. Albrecht and
Kenneth G. Paterson Analyzing Cryptography in the Wild: a
Retrospective . . . . . . . . . . . . . 12--18
Konstantin Fischer and
Ivana Trummová and
Phillip Gajland and
Yasemin Acar and
Sascha Fahl and
M. Angela Sasse Adoption Challenges for Cryptographic
Protocols . . . . . . . . . . . . . . . 19--29
Anonymous IEEE Computer Society Call for Papers 29--29
Diana A. Vasile and
Fahim Kawsar and
Chulhong Min Emerging Paradigms in Wearable Security:
Adaptable and Secure Sandboxing for
On-the-Fly Collaboration Among Wearables 30--39
Anonymous \booktitleIEEE Transactions on Privacy 39--39
Güliz Seray Tuncay Android Permissions: Evolution, Attacks,
and Best Practices . . . . . . . . . . . 40--49
Anonymous IEEE \booktitleIT Professionals . . . . 49--49
Andrea Bisegna and
Matteo Bitussi and
Roberto Carbone and
Silvio Ranise Enhancing Security Testing for Identity
Management Implementations: Introducing
Micro-Id-Gym Language and Micro-Id-Gym
Testing Tool . . . . . . . . . . . . . . 50--61
Anonymous \booktitleIEEE Computer Graphics and
Applications . . . . . . . . . . . . . . 61--61
Syed Rafiul Hussain and
Patrick McDaniel and
Anshul Gandhi and
Kanad Ghose and
Kartik Gopalan and
Dongyoon Lee and
Yu David Liu and
Zhenhua Liu and
Shuai Mu and
Erez Zadok Verifiable Sustainability in Data
Centers . . . . . . . . . . . . . . . . 62--74
Timothy J. Pierson and
Cesar Arguello and
Beatrice Perez and
Wondimu Zegeye and
Kevin Kornegay and
Carl A. Gunter and
David Kotz We Need a ``Building Inspector for IoT''
When Smart Homes Are Sold . . . . . . . 75--84
Chelsea Komlo Threshold Signatures . . . . . . . . . . 85--88
James Crabb and
Clemente Izurieta and
Bernard Van Wie and
Olusola Adesope and
Assefaw Gebremedhin Cybersecurity Education: Insights From a
Novel Cybersecurity Summer Workshop . . 89--98
Margaret Cunningham and
Calvin Nobles and
Nikki Robinson and
Julie Haney Leveraging the Human Factors Discipline
for Better Cybersecurity Outcomes: a
Roundtable Discussion . . . . . . . . . 99--104
Anonymous \booktitleIEEE Annals of the History of
Computing . . . . . . . . . . . . . . . 104--104
Anonymous IEEE Career Center . . . . . . . . . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4
Anonymous Front Cover . . . . . . . . . . . . . . C1--C1
Anonymous IEEE Author's Choice . . . . . . . . . . C2--C2
Anonymous Table of Contents . . . . . . . . . . . 1--2
Anonymous Masthead . . . . . . . . . . . . . . . . 3--3
Fabio Massacci Exploding Pagers and the Birth of State
Cyberterrorism . . . . . . . . . . . . . 4--6
Anonymous Reliability Society . . . . . . . . . . 5--5
Anonymous IEEE Computer Society Information . . . 7--7
David D. Clark and
Simson Garfinkel and
KC Claffy Differential Privacy, Firm-Level Data,
and the Binomial Pathology . . . . . . . 8--16
Anonymous IEEE Computer Society Call for Papers 16--16
Giuseppe Cascavilla The Rise of Cybercrime and Cyber-Threat
Intelligence: Perspectives and
Challenges From Law Enforcement . . . . 17--26
Rachel McAmis and
Betül Durak and
Melissa Chase and
Kim Laine and
Franziska Roesner and
Tadayoshi Kohno Handling Identity and Fraud in the
Metaverse . . . . . . . . . . . . . . . 27--37
Sean Oesch and
Phillipe Austria and
Amul Chaulagain and
Brian Weber and
Cory Watson and
Matthew Dixson and
Amir Sadovnik The Path to Autonomous Cyberdefense . . 38--46
Dominik Schneider and
Jannik Zeitschner and
Michael Kloos and
Kerstin Lemke-Rust and
Luigi Lo Iacono Developers: Beware of Timing
Side-Channels . . . . . . . . . . . . . 47--52
Pranet Sharma and
Zhenpeng Shi and
\cSevval \cSim\csek and
David Starobinski and
David Sastre Medina Understanding Similarities and
Differences Between Software Composition
Analysis Tools . . . . . . . . . . . . . 53--63
Mustafa Abdallah and
Saurabh Bagchi and
Shaunak D. Bopardikar and
Kevin Chan and
Xing Gao and
Murat Kantarcioglu and
Congmiao Li and
Peng Liu and
Quanyan Zhu Game Theory in Distributed Systems
Security: Foundations, Challenges, and
Future Directions . . . . . . . . . . . 64--74
Anonymous \booktitleIEEE Transactions on Privacy 75--75
Tamara Lopez Securing Code: a View on the Cultural
Aspects of Resilience . . . . . . . . . 76--78
Anonymous IEEE Computer Society Benefits . . . . . 79--79
Alice Hutchings Police Behaving Badly . . . . . . . . . 80--82
Cristina Alcaraz and
Javier Lopez Digital Twin Security: a Perspective on
Efforts From Standardization Bodies . . 83--90
Anonymous \booktitleIEEE Pervasive Computing . . . 90--90
Roberto Baldoni and
Giuseppe Di Luna Sovereignty in the Digital Era: The
Quest for Continuous Access to
Dependable Technological Capabilities 91--96
Anonymous Publications Seek 2026 Editors in Chief 97--97
Anonymous IEEE \booktitleIT Professionals Call for
Articles . . . . . . . . . . . . . . . . 99--99
Daniel E. Geer Data . . . . . . . . . . . . . . . . . . 98--100
Anonymous IEEE Career Center . . . . . . . . . . . C3--C3
Anonymous \booktitleIEEE Computing Edge . . . . . C4--C4