IEEE Security & Privacy, Volume 5

Volume 5, Number 1, January/February 2007

Carl E. Landwehr:
New Challenges for the New Year. 3-4
Ross Anderson:
Software Security: State of the Art. 8
Gary McGraw:
Silver Bullet Speaks with John Stewart [Interview]. 9-11
Brandi Ortega:
News Briefs. 12-15
Rolf Oppliger:
Providing Certified Mail Services on the Internet. 16-22
Marco Domenico Aime, Giorgio Calandriello, Antonio Lioy:
Dependability in Wireless Networks: Can We Rely on WiFi? 23-29
Carol Woody, Christopher Alberts:
Considering Operational Security Risk during System Development. 30-35
Wade H. Baker, Linda Wallace:
Is Information Security Under Control?: Investigating Quality in Information Security Management. 36-44
Annie I. Antón, Julia B. Eart, Matthew W. Vail, Neha Jain, Carrie M. Gheen, Jack M. Frink:
HIPAA's Effect on Web Site Privacy Policies. 45-52
Matt Bishop, Deborah A. Frincke:
Achieving Learning Objectives through E-Voting Case Studies. 53-56
Ravishankar K. Iyer, Zbigniew Kalbarczyk, Karthik Pattabiraman, William Healey, Wen-mei W. Hwu, Peter Klemperer, Reza Farivar:
Toward Application-Aware Security and Reliability. 57-62
Willi Geiselmann, Rainer Steinwandt:
Special-Purpose Hardware in Cryptanalysis: The Case of 1, 024-Bit RSA. 63-66
Richard Ford, William H. Allen:
How Not to Be Seen. 67-69
Adam J. O'Donnell:
The Evolutionary Microcosm of Stock Spam. 70-75
Lori L. DeLooze:
Providing Web Service Security in a Federated Environment. 73-75
John Morris, Jon Peterson:
Who's Watching You Now? 76-79
Steve Bellovin:
DRM, Complexity, and Correctness. 80

Volume 5, Number 2, March/April 2007

Fred B. Schneider:
Trusted Computing in Context. 4-5
Brandi Ortega:
News Briefs. 7-10
Gary McGraw:
Silver Bullet Speaks with Dorothy Denning. 11-14
Ivan Arce:
A Surprise Party (on Your Computer)? 15-16
Luca Carettoni, Claudio Merloni, Stefano Zanero:
Studying Bluetooth Malware Propagation: The BlueBag Project. 17-25
Vanessa Gratzer, David Naccache:
Alien vs. Quine. 26-31
Carsten Willems, Thorsten Holz, Felix C. Freiling:
Toward Automated Dynamic Malware Analysis Using CWSandbox. 32-39
Robert Lyda, James Hamrock:
Using Entropy Analysis to Find Encrypted and Packed Malware. 40-45
Danilo Bruschi, Lorenzo Martignoni, Mattia Monga:
Code Normalization for Self-Mutating Malware. 46-54
Abhilasha Bhargav-Spantzel, Anna Cinzia Squicciarini, Elisa Bertino:
Trust Negotiation in Identity Management. 55-63
Marianthi Theoharidou, Dimitris Gritzalis:
Common Body of Knowledge for Information Security. 64-67
Keye Martin:
Secure Communication without Encryption? 68-71
E. Michael Power, Jonathan Gilhen, Roland L. Trope:
Setting Boundaries at Borders: Reconciling Laptop Searches and Privacy. 72-75
Patrick P. Tsang:
When Cryptographers Turn Lead into Gold. 76-79
Apu Kapadia:
A Case (Study) For Usability in Secure Email Communication. 80-84
Michael Lesk:
South Korea's Way to the Future. 85-87
Elizabeth A. Nichols, Gunnar Peterson:
A Metrics Framework to Drive Application Security Improvement. 88-91
Ramaswamy Chandramouli, Philip Lee:
Infrastructure Standards for Smart ID Card Deployment. 92-96

Volume 5, Number 3, May/June 2007

Carl E. Landwehr:
Food for Thought: Improving the Market for Assurance. 3-4
Gary McGraw:
Silver Bullet Talks with Becky Bace. 6-9
Brandi Ortega:
News Briefs. 10-12
Shari Lawrence Pfleeger, Roland L. Trope, Charles C. Palmer:
Guest Editors' Introduction: Managing Organizational Security. 13-15
M. Eric Johnson, Eric Goetz:
Embedding Information Security into the Organization. 16-24
Shari Lawrence Pfleeger, Martin Libicki, Michael Webber:
I'll Buy That! Cybersecurity in the Internet Marketplace. 25-31
Roland L. Trope, E. Michael Power, Vincent I. Polley, Bradford C. Morley:
A Coherent Strategy for Data Security through Data Governance. 32-39
David Rosenblum:
What Anyone Can Know: The Privacy Risks of Social Networking Sites. 40-49
Walter S. Baer, Andrew Parkinson:
Cyberinsurance in IT Security Management. 50-56
Richard S. Swart, Robert F. Erbacher:
Educating Students to Create Trustworthy Systems. 58-61
Matthew Carpenter, Tom Liston, Ed Skoudis:
Hiding Virtualization from Attackers and Malware. 62-65
Edward Sobiesk, Gregory J. Conti:
The Cost of Free Web Tools. 66-68
Anna Lysyanskaya:
Authentication without Identification. 69-71
Tina R. Knutson:
Building Privacy into Software Products and Services. 72-74
David Ahmad:
The Contemporary Software Security Landscape. 75-77
Martina Angela Sasse:
Red-Eye Blink, Bendy Shuffle, and the Yuck Factor: A User Experience of Biometric Airport Systems. 78-81
Michael N. Gagnon, Stephen Taylor, Anup K. Ghosh:
Software Protection through Anti-Debugging. 82-84
Johan Peeters, Paul Dyson:
Cost-Effective Security. 85-87
Bruce Schneier:
Nonsecurity Considerations in Security Decisions. 88

Volume 5, Number 4, July/August 2007

Marc Donner:
Cyberassault on Estonia. 4
Brandi Ortega:
News Briefs. 6-9
Gary McGraw, Ross Anderson:
Silver Bullet Talks with Ross Anderson. 10-13
Jennifer English, David Coe, Rhonda Kay Gaede, David W. Hyde, Jeffrey H. Kulick:
MEMS-Assisted Cryptography for CPI Protection. 14-21
Faith M. Heikkila:
Encryption: Security Considerations for Portable Media Devices. 22-27
Jeffrey R. Jones:
Estimating Software Vulnerabilities. 28-32
Jangbok Kim, Kihyun Chung, Kyunghee Choi:
Spam Filtering With Dynamically Updated URL Statistics. 33-39
Christos K. Dimitriadis:
Improving Mobile Core Network Security with Honeynets. 40-47
Sean Peisert, Matt Bishop:
I Am a Scientist, Not a Philosopher! 48-51
Michael Franz:
Containing the Ultimate Trojan Horse. 52-56
Sophie In't Veld:
Data Sharing across the Atlantic. 58-61
Onur Acucmez, Jean-Pierre Seifert, Çetin Kaya Koç:
Micro-Architectural Cryptanalysis. 62-64
William H. Allen:
Mixing Wheat with the Chaff: Creating Useful Test Data for IDS Evaluation. 65-67
Ivan Arce:
Ghost in the Virtual Machine. 68-71
Surgey Bratus:
What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum. 72-75
Michael Lesk:
The New Front Line: Estonia under Cyberassault. 76-79
Suvajit Gupta, Joel Winstead:
Using Attack Graphs to Design Systems. 80-83
Pete Bramhall, Marit Hansen, Kai Rannenberg, Thomas Roessler:
User-Centric Identity Management: New Trends in Standardization and Regulation. 84-87
Daniel E. Geer Jr.:
The End of Black and White. 88

Volume 5, Number 5, September/October 2007

Fred B. Schneider:
Technology Scapegoats and Policy Saviors. 3-4
Shari Lawrence Pfleeger:
Spooky Lessons. 7
Gary McGraw:
Silver Bullet Talks with Annie Antón. 8-11
Brandi Ortega:
News Briefs. 12-14
Paul N. Otto, Annie I. Antón, David L. Baumer:
The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information. 15-23
Apostol T. Vassilev, Bertrand du Castel, Asad M. Ali:
Personal Brokerage of Web Service Access. 24-31
Frank Mabry, John R. James, Aaron J. Ferguson:
Unicode Steganographic Exploits: Maintaining Enterprise Border Security. 32-39
Barry E. Mullins, Timothy H. Lacey, Robert F. Mills, Joseph M. Trechter, Samuel D. Bass:
How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum. 40-49
Ilan Oshri, Julia Kotlarsky, Corey Hirsch:
An Information Security Strategy for Networkable Devices. 50-56
Jonathan P. Caulkins, Eric D. Hough, Nancy R. Mead, Hassan Osman:
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets. 57-60
Julie J. C. H. Ryan:
Plagiarism, Graduate Education, and Information Security. 62-65
David Fraser:
The Canadian Response to the USA Patriot Act. 66-68
Vanessa Gratzer, David Naccache:
Trust on a Nationwide Scale. 69-71
Dianne Solomon:
Balancing Privacy and Risk in the E-Messaging World. 72-75
Gary McGraw, Greg Hoglund:
Online Games and Security. 76-79
Fred Dushin, Eric Newcomer:
Handling Multiple Credentials in a Heterogeneous SOA Environment. 80-82
Roger Dingledine, Nick Mathewson, Paul F. Syverson:
Deploying Low-Latency Anonymity: Design Challenges and Social Factors. 83-87
Steve Bellovin:
Seers and Craftspeople. 88

Volume 5, Number 6, November/December 2007

Carl E. Landwehr:
Revolution through Competition? 3-4
Brandi Ortega:
News Briefs. 6-7
Gary McGraw:
Silver Bullet Talks with Mikko Hypponen [Interview]. 8-11
Martin R. Stytz:
What Are the Numbers? [review of "Security metrics: Replacing Fear, Uncertainty, and Doubt; Jaquith, A.; 2006]. 12
Markus Jakobsson, Sid Stamm:
Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks. 16-24
Kjell Jørgen Hole, Vebjørn Moen, André N. Klingsheim, Knut M. Tande:
Lessons from the Norwegian ATM System. 25-31
Ugo Piazzalunga, Paolo Salvaneschi, Francesco Balducci, Pablo Jacomuzzi, Cristiano Moroncelli:
Security Strength Measurement for Dongle-Protected Software. 32-40
Ninghui Li, Ji-Won Byun, Elisa Bertino:
A Critique of the ANSI Standard on Role-Based Access Control. 41-49
David F. Ferraiolo, D. Richard Kuhn, Ravi S. Sandhu:
RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control". 51-53
Pythagoras Petratos:
Weather, Information Security, and Markets. 54-57
E. Michael Power:
Developing a Culture of Privacy: A Case Study. 58-60
Serge Vaudenay:
E-Passport Threats. 61-64
William H. Allen, Richard Ford:
How Not to Be Seen II: The Defenders Fight Back. 65-68
David McKinney:
Vulnerability Bazaar. 69-73
Luiz Felipe Perrone:
Could a Caveman Do It? The Surprising Potential of Simple Attacks. 74-77
Martin R. Stytz:
Who Are the Experts, and What Have They Done for Us Lately? 78-80
John Steven, Gunnar Peterson:
Metricon 2.0. 81-83
Matt Bishop:
About Penetration Testing. 84-87
Bruce Schneier:
The Death of the Security Industry. 88