IEEE Security & Privacy, Volume 4

Volume 4, Number 1, January/February 2006

• George Cybenko:
  Why Johnny Can't Evaluate Security Risk. 5
  

• Whitfield Diffie:
  Chattering about SIGINT. 9
  

• Laurianne McLaughlin:
  Philip Zimmermann on What's Next after PGP. 10-13
  

• Heather Drinan, Nancy Fontaine, Brent Kesler:
  News Briefs. 14-16
  

• Edward W. Felten, J. Alex Halderman:
  Digital Rights Management, Spyware, and Security. 18-23
  

• John G. Levine, Julian B. Grizzard, Henry L. Owen:
  Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection. 24-32
  

• Nir Kshetri:
  The Simple Economics of Cybercrimes. 33-39
  

• Steven Cheung:
  Denial of Service against the Domain Name System. 40-45
  

• John Black, Martin Cochran, Martin Ryan Gardner:
  A Security Analysis of the Internet Chess Club. 46-52
  

• Christian Rechberger, Vincent Rijmen, Nicolas Sklavos:
  The NIST Cryptographic Workshop on Hash Functions. 54-56
  

• Timothy Rosenberg, Lance J. Hoffman:
  Taking Networks on the Road: Portable Solutions for Security Educators. 57-60
  

• Virgil D. Gligor, Thomas Haigh, Dick Kemmerer, Carl E. Landwehr, Steven B. Lipner, John D. McLean:
  Information Assurance Technology Forecast 2005. 62-69
  

• Jean-Sébastien Coron:
  What Is Cryptography? 70-73
  

• Robert C. Seacord:
  Secure Coding in C and C++: Of Strings and Integers. 74-76
  

• Dragos Ruiu:
  Learning from Information Security History. 77-79
  

• Jeremy Epstein, Scott R. Matsumoto, Gary McGraw:
  Software Security and SOA: Danger, Will Robinson! 80-83
  

• Ramaswamy Chandramouli, Scott Rose:
  Challenges in Securing the Domain Name System. 84-87
  

• Steven M. Bellovin:
  Unconventional Wisdom. 88
  

Volume 4, Number 2, March/April 2006

• Marc Donner:
  The Impending Debate. 4-5
  

• Mikhael Felker:
  Internet War Games: Power of the Masses. 7
  

• Brent Kesler, Heather Drinan, Nancy Fontaine:
  News Briefs. 8-13
  

• Kjell Jørgen Hole, Vebjørn Moen, Thomas Tjøstheim:
  Case Study: Online Banking Security. 14-20
  

• Alain P. Hiltgen, Thorsten Kramp, Thomas Weigold:
  Secure Internet Banking Authentication. 21-29
  

• Wenjie Wang, Yufei Yuan, Norman P. Archer:
  A Contextual Framework for Combating Identity Theft. 30-38
  

• David Hwang, Patrick Schaumont, Kris Tiri, Ingrid Verbauwhede:
  Securing Embedded Systems. 40-49
  

• Feisal Keblawi, Dick Sullivan:
  Applying the Common Criteria in Systems Engineering. 50-55
  

• Peter Kuper:
  A Warning to Industry--Fix It or Lose It. 56-60
  

• Matt Bishop, Deborah A. Frincke:
  Who Owns Your Computer? 61-63
  

• Rosario Gennaro:
  Randomness in Cryptography. 64-67
  

• James A. Whittaker, Richard Ford:
  How to Think about Security. 68-71
  

• Thorsten Holz, Simon Marechal, Frédéric Raynal:
  New Threats and Attacks on the World Wide Web. 72-75
  

• Scott Bradner:
  The End of End-to-End Security? 76-79
  

• Michael E. Lesk:
  Should Indexing Be Fair Use? The Battle over Google Book Search. 80-83
  

• John Steven:
  Adopting an Enterprise Software Security Framework. 84-87
  

• William E. Burr:
  Cryptographic Hash Standards: Where Do We Go from Here? 88-91
  

Volume 4, Number 3, May/June 2006

• Fred B. Schneider:
  Here Be Dragons. 3
  
• Shari Lawrence Pfleeger:
  Everything You Wanted to Know about Privacy (But Were Afraid to Ask). 5
  
• Brent Kesler, Heather Drinan:
  News Briefs. 6-10
  
• Gary McGraw:
  Silver Bullet Speaks to Avi Rubin. 11-13
  
• James X. Dempsey, Ira Rubinstein:
  Guest Editors' Introduction: Lawyers and Technologists--Joined at the Hip? 15-19
  
• Patricia L. Bellia:
  The fourth amendment and emerging communications technologies. 20-28
  
• Albert Gidari:
  Designing the right wiretap solution: setting standards under CALEA. 29-36
  
• Erin Egan, Tim Jucovy:
  Building a better filter how to create a safer Internet and avoid the litigation trap. 37-44
  
• Charles D. Curran:
  Combating spam, spyware, and other desktop intrusions: legal considerations in operating trusted intermediary technologies. 45-51
  
• Gregory P. Schaffer:
  Worms and viruses and botnets, oh my! Rational responses to emerging Internet threats. 52-58
  
• Pinny Sheoran, Oris Friesen, Barbara J. Huffman de Belón:
  Developing and sustaining information assurance: the role of community colleges. Part 2. 60-65
  
• Robin E. Bloomfield, Sofia Guerra, Ann Miller, Marcelo Masera, Charles B. Weinstock:
  International Working Group on Assurance Cases (for Security). 66-68
  
• Kenneth G. Paterson, Arnold K. L. Yau:
  Lost in translation: theory and practice in cryptography. 69-72
  
• Tuomas Aura:
  Why you shouldn't study security [security education]. 74-76
  
• Martin R. Stytz, Sheila B. Banks:
  Dynamic software security testing. 77-79
  
• Pravir Chandra, Brian Chess, John Steven:
  Putting the tools to work: how to succeed with source code analysis. 80-83
  
• Anne Anderson:
  Web services policies. 84-87
  
• Daniel E. Geer Jr.:
  Convergence. 88-88
  

Volume 4, Number 4, July/August 2006

• Carl E. Landwehr:
  Speaking of Privacy. 4-5
  
• Brent Kesler, Heather Drinan:
  News Briefs. 6-8
  
• Charles P. Pfleeger, Shari Lawrence Pfleeger:
  Why We Won't Review Books by Hackers. 9-9
  
• Gary McGraw:
  Silver Bullet Speaks with Dan Geer. 10-13
  
• Mike Andrews:
  Guest Editor's Introduction: The State of Web Security. 14-15
  
• J. D. Meier:
  Web application security engineering. 16-24
  
• John Viega, Jeremy Epstein:
  Why applying standards to Web services is not enough. 25-31
  
• Mark Curphey, Rudolph Arawo:
  Web application security assessment tools. 32-41
  
• Denis Verdon:
  Security policies and the software developer. 42-49
  
• Richard R. Brooks, Christopher N. Vutsinas:
  Kafka in the academy: a note on ethics in IA education. 50-53
  
• Paulo Veríssimo, Nuno Ferreira Neves, Christian Cachin, Jonathan A. Poritz, David Powell, Yves Deswarte, Robert J. Stroud, Ian Welch:
  Intrusion-tolerant middleware: the road to automatic security. 54-62
  
• Roland L. Trope, E. Michael Power:
  Lessons for laptops from the 18th century. 64-68
  
• Melanie R. Rieback, Bruno Crispo, Andrew S. Tanenbaum:
  RFID malware: truth vs. myth. 70-72
  
• Michael A. Howard:
  A process for performing security code reviews. 74-79
  
• Ivan Arce:
  Voices, I hear voices [VoIP security]. 80-83
  
• Jonathan Herzog:
  Applying protocol analysis to security device interfaces. 84-87
  
• Gunnar Peterson:
  Introduction to identity management risk metrics. 88-91
  
• Jim Robbins, John T. Sabo:
  Managing information privacy: developing a context for security and privacy standards convergence. 92-95
  
• Steven M. Bellovin:
  On the Brittleness of Software and the Infeasibility of Security Metrics. 96-96
  

Volume 4, Number 5, September/October 2006

• Marc Donner:
  Insecurity through Obscurity. 4
  
• Geraldine MacDonald:
  Cross-Border Transaction Liability. 7
  
• Brandi Ortega:
  News Briefs. 8-10
  
• Gary McGraw:
  Interview: Silver Bullet Speaks to Marcus Ranum. 11-14
  
• Matthew Geiger, Lorrie Faith Cranor:
  Scrubbing Stubborn Data: An Evaluation of Counter-Forensic Privacy Tools. 16-25
  
• Robert Thibadeau:
  Trusted Computing for Disk Drives and Other Peripherals. 26-33
  
• Peng Shaunghe, Han Zhen:
  Enhancing PC Security with a U-Key. 34-39
  
• Grant A. Jacoby, Randy Marchany, Nathaniel J. Davis IV:
  Using Battery Constraints within Mobile Hosts to Improve Network Security. 40-49
  
• Brian Randell, Peter Y. A. Ryan:
  Voting Technologies and Trust. 50-56
  
• Stephen A. Weis:
  Privacy Enhancing Technologies. 59-59
  
• Jill Slay, Benjamin Turnbull:
  Computer Security Education and Research in Australia. 60-63
  
• Luther Martin:
  Fitting Square Pegs into Round Holes. 64-66
  
• Sarah Gordon:
  Understanding the Adversary: Virus Writers and Beyond. 67-70
  
• Elias Levy:
  Worst-Case Scenario. 71-73
  
• Roland L. Trope:
  Immaterial Transfers with Material Consequences. 74-78
  
• Kenneth R. van Wyk, John Steven:
  Essential Factors for Successful Software Security Awareness Training. 80-83
  
• Doug Montgomery, Sandra Murphy:
  Toward Secure Routing Infrastructures. 84-87
  
• Bruce Schneier:
  University Networks and Data Security. 88-88
  

Volume 4, Number 6, November/December 2006

• George Cybenko:
  Weak Links, Strong Ties. 3
  
• Eugene H. Spafford:
  Desert Island Books. 5
  
• Brandi Ortega:
  News. 6-9
  
• Gary McGraw:
  Silver Bullet Speaks with Ed Felten. 10-13
  
• Simson L. Garfinkel, Michael D. Smith:
  Guest Editors' Introduction: Data Surveillance. 15-17
  
• Robert Popp, J. C. Poindexter:
  Countering Terrorism through Information and Privacy Protection Technologies. 18-27
  
• Jeff Jonas:
  Threat and Fraud Intelligence, Las Vegas Style. 28-34
  
• David J. Chaboya, Richard A. Raines, Rusty O. Baldwin, Barry E. Mullins:
  Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion. 36-43
  
• Vincent C. S. Lee, Linyi Shao:
  Estimating Potential IT Security Losses: An Alternative Quantitative Approach. 44-52
  
• Janice Y. Tsai, Serge Egelman:
  Soups 2006. 53-55
  
• Bradley S. Rubin, Donald Cheung:
  Computer Security Education and Research: Handle with Care. 56-59
  
• Phillip A. Porras:
  Privacy-Enabled Global Threat Monitoring. 60-63
  
• John P. Tomaszewski:
  Are You Sure You Had a Privacy Incident? 64-66
  
• Vanessa Gratzer, David Naccache:
  Cryptography, Law Enforcement, and Mobile Communications. 67-70
  
• David Ladd:
  A Software Procurement and Security Primer. 71-73
  
• Laree Kiely, Terry V. Benzel:
  Systemic Security Management. 74-77
  
• William Suchan, Edward Sobiesk:
  Strengthening the Weakest Link in Digital Protection. 78-80
  
• Gunnar Peterson, John Steven:
  Defining Misuse within the Development Process. 81-84
  
• Peter Mell, Karen Scarfone, Sasha Romanosky:
  Common Vulnerability Scoring System. 85-89
  
• Daniel E. Geer Jr.:
  Evidently Evidentiary. 96