IEEE Security & Privacy, 6olume 5

Volume 6, Number 1, January - February 2008

Marc Donner:
Charge of the Light Brigade. 5
Brandi Ortega:
News Briefs. 6-8
Eugene H. Spafford:
James P. Anderson: An Information Security Pioneer. 9
Gary McGraw:
Silver BulletTalks with Eugene Spafford. 10-15
Steven M. Bellovin, Terry V. Benzel, Bob Blakley, Dorothy E. Denning, Whitfield Diffie, Jeremy Epstein, Paulo Veríssimo:
Information Assurance Technology Forecast 2008. 16-23
Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, Jennifer Rexford:
Risking Communications Security: Potential Hazards of the Protect America Act. 24-33
Siani Pearson, Marco Casassa Mont, Manny Novoa:
Securing Information Transfer in Distributed Computing Environments. 34-42
Anirban Chakrabarti, Anish Damodaran, Subhasis Sengupta:
Grid Computing Security: A Taxonomy. 44-51
David John Leversage, Eric James James:
Estimating a System's Mean Time-to-Compromise. 52-60
Frank L. Greitzer, Abdrew P. Moore, Dawn M. Cappelli, Dee H. Andrews, Lynn A. Carroll, Thomas D. Hull:
Combating the Insider Cyber Threat. 61-64
Martim Carbone, Wenke Lee, Diego Zamboni:
Taming Virtualization. 65-67
Aleksey Kolupaev, Juriy Ogijenko:
CAPTCHAs: Humans vs. Bots. 68-70
Michael Howard:
Becoming a Security Expert. 71-73
Dave Ahmad, Ivan Arce:
The Confused Deputy and the Domain Hijacker. 74-77
Michael E. Lesk:
Forum Shopping on the Internet. 78-80
Edward Bonver:
Security Testing of Internal Tools. 81-83
Ed Coyne, Tim Weil:
An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model. 84-87
Daniel E. Geer Jr., Daniel G. Conway:
What We Got for Christmas. 88

Volume 6, Number 2, March - April 2008

Marc Donner:
Lessons from Electrification for Identification. 3
Simson L. Garfinkel:
Sharp Figures, Fuzzy Purpose. 5
Gary McGraw:
Silver Bullet Talks with Ed Amoroso. 6-9
Brandi Ortega:
News Briefs. 10-12
Susan Landau, Deirdre K. Mulligan:
I'm Pc01002/SpringPeeper/ED288l.6; Who are You? 13-15
Eve Maler, Drummond Reed:
The Venn of Identity: Options and Issues in Federated Identity Management. 16-23
Rachna Dhamija, Lisa Dusseault:
The Seven Flaws of Identity Management: Usability and Security Challenges. 24-29
James L. Wayman:
Biometrics in Identity Management Systems. 30-37
Marit Hansen, Ari Schwartz, Alissa Cooper:
Privacy and Identity Management. 38-45
Alessandro Acquisti:
Identity Management, Privacy, and Price Discrimination. 46-50
Robin McKenzie, Malcolm Crompton, Colin Wallis:
Use Cases for Identity Management in E-Government. 51-57
Thomas E. Dube, Bobby D. Birrer, Richard A. Raines, Rusty O. Baldwin, Barry E. Mullins, Robert W. Bennington, Christopher E. Reuter:
Hindering Reverse Engineering: Thinking Outside the Box. 58-65
Markus Jakobsson, Peter Finn, Nathaniel A. Johnson:
Why and How to Perform Fraud Experiments. 66-68
Éric Levieil, David Naccache:
Cryptographic Test Correction. 69-71
Marco Carvalho:
Security in Mobile Ad Hoc Networks. 72-75
David McKinney:
New Hurdles for Vulnerability Disclosure. 76-78
Michael E. Locasto, Angelos Stavrou:
The Hidden Difficulties of Watching and Rebuilding Networks. 79-82
Patrick Harding, Leif Johansson, Nate Klingenstein:
Dynamic Security Assertion Markup Language: Simplifying Single Sign-On. 83-85
Daniel E. Geer Jr., Daniel G. Conway:
Beware the IDs of March. 87
Steve Bellovin:
Security by Checklist. 88

Volume 6, Number 3, May - June 2008

Carl E. Landwehr:
Up Scope. 3-4
Brandi Ortega:
News Briefs. 6-8
Gary McGraw:
Silver Bullet Talks with Jon Swartz. 9-11
Aviel D. Rubin, David R. Jefferson:
New Research Results for Electronic Voting. 12-13
Altair Olivo Santin, Regivaldo G. Costa, Carlos Maziero:
A Three-Ballot-Based Secure Electronic Voting System. 14-21
Alec Yasinsac, Matt Bishop:
The Dynamics of Counting and Recounting Votes. 22-29
Nirwan Ansari, Pitipatana Sakarindr, Ehsan Haghani, Chao Zhang, Aridaman K. Jain, Yun Q. Shi:
Evaluating Electronic Voting Systems Equipped with Voter-Verified Paper Records. 30-39
David Chaum, Aleksander Essex, Richard Carback, Jeremy Clark, Stefan Popoveniuc, Alan T. Sherman, Poorvi L. Vora:
Scantegrity: End-to-End Voter-Verifiable Optical-Scan Voting. 40-46
Iñaki Goirizelaia, Maider Huarte, Juanjo Unzilla, Ted Selker:
An Optical Scan E-Voting System based on N-Version Programming. 47-53
Lynn Margaret Batten, Lei Pan:
Teaching Digital Forensics to Undergraduate Students. 54-56
Gordon Hughes, Sophie Dawson, Tim Brookes:
Considering New Privacy Laws in Australia. 57-59
William E. Burr:
A New Hash Competition. 60-62
John R. Michener:
Common Permissions in Microsoft Windows Server 2008 and Windows Vista. 63-67
Adam J. O'Donnell:
When Malware Attacks (Anything but Windows). 68-70
Sergey Bratus, Chris Masone, Sean W. Smith:
Why Do Street-Smart People Do Stupid Things Online? 71-74
Michael E. Lesk:
Digital Rights Management and Individualized Pricing. 76-79
Jeremy Epstein:
Security Lessons Learned from Société Générale. 80-82
Sheila Frankel, David Green:
Internet Protocol Version 6. 83-86
Daniel E. Geer Jr.:
Learn by Analogy or Die Trying. 88

Volume 6, Number 4, July - August 2008

Fred B. Schneider:
Network Neutrality versus Internet Trustworthiness? 3-4
Gary McGraw:
Silver Bullet Talks with Adam Shostack. 6-10
Brandi Ortega:
News Briefs. 11-13
Kjell Jørgen Hole, Lars-Helge Netland, Yngve Espelid, André N. Klingsheim, Hallvar Helleseth, Jan B. Henriksen:
Open Wireless Networks on University Campuses. 14-20
Abdul Razaq, Wai Tong Luk, Kam Man Shum, Lee Ming Cheng, Kai Ning Yung:
Second-Generation RFID. 21-27
Sameer Pai, Sergio Bermudez, Stephen B. Wicker, Marci Meingast, Tanya Roosta, Shankar Sastry, Deirdre K. Mulligan:
Transactional Confidentiality in Sensor Networks. 28-35
Thomas Weigold, Thorsten Kramp, Michael Baentsch:
Remote Client Authentication. 36-43
Alexander Pretschner, Manuel Hilty, Florian Schutz, Christian Schaefer, Thomas Walter:
Usage Control Enforcement: Present and Future. 44-53
Lillian Røstad, Inger Anne Tøndel, Per Håkon Meland, Gunnar René Øie:
Learning by Failing (and Fixing). 54-56
Khaled El Emam:
Heuristics for De-identifying Health Data. 58-61
Justin Troutman:
The Virtues of Mature and Minimalist Cryptography. 62-65
Joel B. Predd, Shari Lawrence Pfleeger, Jeffrey Hunker, Carla Bulford:
Insiders Behaving Badly. 66-70
Susan Landau:
Security and Privacy Landscape in Emerging Technologies. 74-77
Daniel E. Geer Jr., Daniel G. Conway:
Strong Attractors. 78-79
Bruce Schneier:
How the Human Brain Buys Security. 80

Volume 6, Number 5, September - October 2008

Carl E. Landwehr:
Cybersecurity and Artificial Intelligence: From Fixing the Plumbing to Smart Water. 3-4
Martin R. Stytz:
The Shape of Crimeware to Come (review of Crimeware: Understanding New Attacks and Defenses by M. Jacobsson and Z. Ramzan) [Book reviews]. 5
Gary McGraw:
Silver Bullet Talks with Bill Cheswick [Interview]. 7-11
Brandi Ortega:
News Briefs. 12-13
Samuel T. King, Sean W. Smith:
Virtualization and Security: Back to the Future. 15
Paul A. Karger, David Safford:
I/O for Virtual Machine Monitors: Security and Performance Issues. 16-23
Ronald Perez, Leendert van Doorn, Reiner Sailer:
Virtualization and Hardware-Based Security. 24-31
Kara L. Nance, Matt Bishop, Brian Hay:
Virtual Machine Introspection: Observation or Interference? 32-37
Julie J. J. C. Ryan, Daniel J. Ryan:
Performance Metrics for Information Security Risk Management. 38-44
Panayiotis Kotzanikolaou:
Data Retention and Privacy in Electronic Communications. 46-52
Matt Bishop, Deborah A. Frincke:
Information Assurance Education: A Work In Progress. 54-57
Peter McLaughlin:
Cross-Border Data Flows and Increased Enforcement. 58-61
Luther Martin:
Identity-Based Encryption and Beyond. 62-64
Wei Yan, Zheng Zhang, Nirwan Ansari:
Revealing Packed Malware. 65-69
David Ahmad:
Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise. 70-73
Camilo Viecco, Jean Camp:
A Life or Death InfoSec Subversion. 74-76
Roland L. Trope, Monique Witt, William J. Adams:
Hardening the Target. 77-81
Edward Bonver, Michael Cohen:
Developing and Retaining a Security Testing Mindset. 82-85
Daniel E. Geer Jr., Daniel G. Conway:
Type II Reverse Engineering [For Good Measure]. 86-87
Steven M. Bellovin:
The Puzzle of Privacy. 88

Volume 6, Number 6, November - December 2008

Bret Michael:
Are Governments Up to the Task? 4-5
Gary McGraw:
Silver Bullet Talks with Matt Bishop. 6-10
O. Sami Saydjari:
Launching into the Cyberspace Race: An Interview with Melissa E. Hathaway. 11-17
James Figueroa, Brandi Ortega:
Shaking Up the Cybersecurity Landscape. 18-21
Ron Trellue, Charles C. Palmer:
Process Control System Security: Bootstrapping a Legacy. 22-23
Markus Brändle, Martin Naedele:
Security for Process Control Systems: An Overview. 24-29
David M. Nicol, William H. Sanders, Sankalp Singh, Mouna Seri:
Usable Global Network Access Policy for Process Control Systems. 30-36
Raymond C. Parks, Edmond Rogers:
Vulnerability Assessment for Critical Infrastructure Control Systems. 37-43
Alysson Neves Bessani, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo:
The Crutial Way of Critical Infrastructure Protection. 44-51
Bertrand Mathieu, Saverio Niccolini, Dorgham Sisalem:
SDRS: A Voice-over-IP Spam Detection and Reaction System. 52-59
Shane Balfe, Eimear Gallery, Chris J. Mitchell, Kenneth G. Paterson:
Challenges for Trusted Computing. 60-66
Yuen-Yan Chan, Victor K. Wei:
Teaching for Conceptual Change in Security Awareness. 67-69
Kirk J. Nahra:
HIPAA Security Enforcement Is Here. 70-72
Chengyun Chu:
Introduction to Microsoft .NET Security. 73-78
Jeremiah Grossman:
Five User-Customizable Web Site Security Features. 79-81
John Steven:
State of Application Assessment. 82-85
Daniel E. Geer Jr., Daniel G. Conway:
Security Is a Subset of Reliability. 86-87
Daniel E. Geer Jr.:
Complexity Is the Enemy. 88