Table of contents for issues of IEEE Security & Privacy

Last update: Thu Sep 13 10:40:34 MDT 2018                Valid HTML 3.2!

Volume 1, Number 1, January / February, 2003
Volume 1, Number 2, March / April, 2003
Volume 1, Number 3, May / June, 2003
Volume 1, Number 5, September / October, 2003
Volume 1, Number 6, November / December, 2003
Volume 2, Number 1, January / February, 2004
Volume 2, Number 2, March / April, 2004
Volume 2, Number 3, May / June, 2004
Volume 2, Number 4, July / August, 2004
Volume 2, Number 5, September / October, 2004
Volume 2, Number 6, November / December, 2004
Volume 3, Number 1, January / February, 2005
Volume 3, Number 2, March / April, 2005
Volume 3, Number 3, May / June, 2005
Volume 3, Number 4, July / August, 2005
Volume 3, Number 5, September / October, 2005
Volume 3, Number 6, November / December, 2005
Volume 4, Number 1, January / February, 2006
Volume 4, Number 2, March / April, 2006
Volume 4, Number 3, May / June, 2006
Volume 4, Number 4, July / August, 2006
Volume 4, Number 5, September / October, 2006
Volume 4, Number 6, November / December, 2006
Volume 5, Number 1, January / February, 2007
Volume 5, Number 2, March / April, 2007
Volume 5, Number 3, May / June, 2007
Volume 5, Number 4, July / August, 2007
Volume 5, Number 5, September / October, 2007
Volume 5, Number 6, November / December, 2007
Volume 6, Number 1, January / February, 2008
Volume 6, Number 2, March / April, 2008
Volume 6, Number 3, May / June, 2008
Volume 6, Number 4, July / August, 2008
Volume 6, Number 5, September / October, 2008
Volume 6, Number 6, November / December, 2008
Volume 7, Number 1, January / February, 2009
Volume 7, Number 2, March / April, 2009
Volume 7, Number 3, May / June, 2009
Volume 7, Number 4, July / August, 2009
Volume 7, Number 5, September / October, 2009
Volume 7, Number 6, November / December, 2009
Volume 8, Number 1, January / February, 2010
Volume 8, Number 2, March / April, 2010
Volume 8, Number 3, May / June, 2010
Volume 8, Number 4, July / August, 2010
Volume 8, Number 5, September / October, 2010
Volume 8, Number 6, November / December, 2010
Volume 9, Number 1, January / February, 2011
Volume 9, Number 2, March / April, 2011
Volume 9, Number 3, May / June, 2011
Volume 9, Number 4, July / August, 2011
Volume 9, Number 5, September / October, 2011
Volume 9, Number 6, November / December, 2011
Volume 10, Number 1, January / February, 2012
Volume 10, Number 2, March / April, 2012
Volume 10, Number 3, May / June, 2012
Volume 10, Number 4, July / August, 2012
Volume 10, Number 5, September / October, 2012
Volume 10, Number 6, November / December, 2012
Volume 11, Number 1, January / February, 2013
Volume 11, Number 2, March / April, 2013
Volume 11, Number 3, May / June, 2013
Volume 11, Number 4, July / August, 2013
Volume 11, Number 5, September / October, 2013
Volume 11, Number 6, November / December, 2013
Volume 12, Number 1, January / February, 2014
Volume 12, Number 2, March / April, 2014
Volume 12, Number 3, May / June, 2014
Volume 12, Number 4, July / August, 2014
Volume 12, Number 5, September / October, 2014
Volume 12, Number 6, November / December, 2014
Volume 13, Number 1, January / February, 2015
Volume 13, Number 2, March / April, 2015
Volume 13, Number 3, May / June, 2015
Volume 13, Number 4, July / August, 2015
Volume 13, Number 5, September / October, 2015
Volume 13, Number 6, November / December, 2015
Volume 14, Number 1, January / February, 2016
Volume 14, Number 2, March / April, 2016
Volume 14, Number 3, May / June, 2016
Volume 14, Number 4, July / August, 2016
Volume 14, Number 5, September / October, 2016
Volume 14, Number 6, November / December, 2016
Volume 15, Number 1, January / February, 2017
Volume 15, Number 2, March / April, 2017
Volume 15, Number 3, May / June, 2017
Volume 15, Number 4, July / August, 2017
Volume 15, Number 5, September / October, 2017
Volume 15, Number 6, November / December, 2017
Volume 16, Number 1, January / February, 2018
Volume 16, Number 2, March / April, 2018
Volume 16, Number 3, May / June, 2018
Volume 16, Number 4, July / August, 2018


IEEE Security & Privacy
Volume 1, Number 1, January / February, 2003

                 George Cybenko   A Critical Need, An Ambitious Mission, a
                                  New Magazine . . . . . . . . . . . . . . 5--9
              Sandra Kay Miller   Legal Battle Looming for Internet
                                  Protections Acts . . . . . . . . . . . . 10--12
              Scott L. Andresen   New Draft to Secure Cyberspace Leaked    13--13
        Simson L. Garfinkel and   
                    Abhi Shelat   Remembrance of Data Passed: a Study of
                                  Disk Sanitization Practices  . . . . . . 17--27
       Nick L. Petroni, Jr. and   
             William A. Arbaugh   The Dangers of Mitigating Security
                                  Design Flaws: a Wireless Case Study  . . 28--36
                  Crispin Cowan   Software Security for Open-Source
                                  Systems  . . . . . . . . . . . . . . . . 38--45
              Joshua Haines and   
        Dorene Kewley Ryder and   
               Laura Tinnel and   
                 Stephen Taylor   Validation of Sensor Alert Correlators   46--56
             Michael Howard and   
                   Steve Lipner   Inside the Windows Security Push . . . . 57--61
                    Marc Donner   AI Bites Man?  . . . . . . . . . . . . . 63--66
                    Matt Bishop   What Is Computer Security? . . . . . . . 67--69
                 Daniel J. Ryan   Two Views on Security Software
                                  Liability: Let the Legal System Decide   70--72
                  Carey Heckman   Two Views on Security Software
                                  Liability: Using the Right Legal Tools   73--75
                   Michael Lesk   Copyright Extension: Eldred v. Ashcroft  76--78
                      Jim Hearn   International Participation: The
                                  Continuing March Toward Security and
                                  Privacy  . . . . . . . . . . . . . . . . 79--81
           Iván Arce and   
                     Elias Levy   An Analysis of the Slapper Worm  . . . . 82--87
                    S. W. Smith   Fairy Dust, Secrets, and the Real World  89--93
            Martin R. Stytz and   
             James A. Whittaker   Software Protection: Security's Last
                                  Stand? . . . . . . . . . . . . . . . . . 95--98
           Michael Caloyannides   Privacy vs. Information Technology . . . 100--103
                 Bruce Schneier   We Are All Security Consumers  . . . . . 104--104

IEEE Security & Privacy
Volume 1, Number 2, March / April, 2003

                 George Cybenko   From the Editor: Sapphire/Slammer Redux  6--6
                      Anonymous   Letters to the Editor  . . . . . . . . . 7--10
                 Daniel P. Dern   Privacy Concerns . . . . . . . . . . . . 11--13
                 Lance Spitzner   The Honeynet Project: Trapping the
                                  Hackers  . . . . . . . . . . . . . . . . 15--23
                     Matt Blaze   Rights Amplification in Master-Keyed
                                  Mechanical Locks . . . . . . . . . . . . 24--32
            Salil Prabhakar and   
           Sharath Pankanti and   
                   Anil K. Jain   Biometric Recognition: Security and
                                  Privacy Concerns . . . . . . . . . . . . 33--42
                William E. Burr   Selecting the Advanced Encryption
                                  Standard . . . . . . . . . . . . . . . . 43--52
                    Marc Donner   Post-Apocalypse Now  . . . . . . . . . . 53--55
                  Jim Davis and   
                   Melissa Dark   Teaching Students to Design Secure
                                  Systems  . . . . . . . . . . . . . . . . 56--58
                    Gary McGraw   From the Ground Up: The DIMACS Software
                                  Security Workshop  . . . . . . . . . . . 59--66
                   Michael Lesk   Copyright Enforcement or Censorship: New
                                  Uses for the DMCA? . . . . . . . . . . . 67--69
                      Jim Hearn   Moving Forward?  . . . . . . . . . . . . 70--71
               Iván Arce   The Weakest Link Revisited . . . . . . . 72--76
                Edward Ball and   
          David W. Chadwick and   
                   Darren Mundy   Patient Privacy in Electronic
                                  Prescription Transfer  . . . . . . . . . 77--80
                James Whittaker   Why Secure Applications Are Difficult to
                                  Write  . . . . . . . . . . . . . . . . . 81--83
        Michael A. Caloyannides   Engineering or Sloganeering? The
                                  Counterattack on Privacy . . . . . . . . 84--87
                 Bruce Schneier   Locks and Full Disclosure  . . . . . . . 88--88

IEEE Security & Privacy
Volume 1, Number 3, May / June, 2003

                    Marc Donner   Toward a Security Ontology . . . . . . . 6--7
                      Anonymous   Errata: ``On the Horizon'' (vol. 1, no.
                                  2) and ``Interface'' (vol. 1, no. 2, p.
                                  9) . . . . . . . . . . . . . . . . . . . 7--7
                      Anonymous   News . . . . . . . . . . . . . . . . . . 8--13
                  Nancy R. Mead   Building a Foundation  . . . . . . . . . 14--14
            Lucila Ishitani and   
           Virgilio Almeida and   
              Wagner Meira, Jr.   Masks: Bringing Anonymity and
                                  Personalization Together . . . . . . . . 18--23
                 Hassan Aljifri   IP Traceback: a New Denial-of-Service
                                  Deterrent? . . . . . . . . . . . . . . . 24--31
               Niels Provos and   
                 Peter Honeyman   Hide and Seek: An Introduction to
                                  Steganography  . . . . . . . . . . . . . 32--44
Václav Matyás, Jr. and   
                    Zdenek Riha   Toward Reliable User Authentication
                                  through Biometrics . . . . . . . . . . . 45--49
                    Marc Donner   Hey, Robot!  . . . . . . . . . . . . . . 51--55
                Deborah Frincke   Who Watches the Security Educators?  . . 56--58
               Edward W. Felten   Understanding Trusted Computing: Will
                                  Its Benefits Outweigh Its Drawbacks? . . 60--62
                   Michael Lesk   The Good, the Bad, and the Ugly: What
                                  Might Change if We Had Good DRM  . . . . 63--66
                      Jim Hearn   Slow Dancing . . . . . . . . . . . . . . 67--68
                     Elias Levy   Poisoning the Software Supply Chain  . . 70--73
                    S. W. Smith   Humans in the Loop: Human-Computer
                                  Interaction and Security . . . . . . . . 75--79
                Martin R. Stytz   The Case for Software Warranties . . . . 80--82
        Michael A. Caloyannides   Society Cannot Function Without Privacy  84--86
                 Bruce Schneier   Guilty Until Proven Innocent?  . . . . . 88, 87

IEEE Security & Privacy
Volume 1, Number 5, September / October, 2003

               Carl E. Landwehr   From the Editor: Security Cosmology:
                                  Moving from Big Bang to Worlds in
                                  Collusion  . . . . . . . . . . . . . . . 5--5
                      Anonymous   Security and Privacy Welcomes New
                                  Editorial Board Members  . . . . . . . . 6--7
                  Greg Goth and   
              Sandra Kay Miller   News . . . . . . . . . . . . . . . . . . 8--11
              Scott L. Andresen   News Briefs  . . . . . . . . . . . . . . 12--13
                      Anonymous   Letters to the Editor  . . . . . . . . . 14--14
             Robert J. Campbell   Crime Scene Investigators: The Next
                                  Generation . . . . . . . . . . . . . . . 15--15
                 Dennis McGrath   Measuring the 4:11 Effect: The Power
                                  Failure and the Internet . . . . . . . . 16--18
                   Massoud Amin   North America's Electricity
                                  Infrastructure: Are We Ready for More
                                  Perfect Storms?  . . . . . . . . . . . . 19--25
             Peter G. Capek and   
             David M. Chess and   
                 Steve R. White   Merry Christma: An Early Network Worm    26--34
                  Hilarie Orman   The Morris Worm: a Fifteen-Year
                                  Perspective  . . . . . . . . . . . . . . 35--43
              Rolf Oppliger and   
                     Ruedi Rytz   Digital Evidence: Dream and Reality  . . 44--48
               Salim Hariri and   
                Guangzhi Qu and   
       Tushneem Dharmagadda and   
        Modukuri Ramkishore and   
         Cauligi S. Raghavendra   Impact Analysis of Faults and Attacks in
                                  Large-Scale Networks . . . . . . . . . . 49--54
              Fred B. Schneider   Least Privilege and More . . . . . . . . 55--59
                  John Lenarcic   The Dinosaur and the Butterfly: a Tale
                                  of Computer Ethics . . . . . . . . . . . 61--63
               Dan Ragsdale and   
                  Don Welch and   
                      Ron Dodge   Information Assurance the West Point Way 64--67
                  Nancy R. Mead   SEHAS 2003: The Future of High-Assurance
                                  Systems  . . . . . . . . . . . . . . . . 68--72
                   Michael Lesk   Chicken Little and the Recorded Music
                                  Crisis . . . . . . . . . . . . . . . . . 73--75
                      Jim Hearn   What Works?  . . . . . . . . . . . . . . 76--77
               Iván Arce   The Rise of the Gadgets  . . . . . . . . 78--81
                      Jean Camp   Access Denied  . . . . . . . . . . . . . 82--85
               Martin Stytz and   
             James A. Whittaker   Caution: This Product Contains Security
                                  Code . . . . . . . . . . . . . . . . . . 86--88
                   Bill McCarty   Automated Identity Theft . . . . . . . . 89--92
           Michael Caloyannides   Keeping Offline Computer Usage Private   93--95

IEEE Security & Privacy
Volume 1, Number 6, November / December, 2003

                 George Cybenko   From the Editors: Privacy Is the Issue   5--7
                  Greg Goth and   
            Benjamin J. Alfonsi   News . . . . . . . . . . . . . . . . . . 8--13
        Daniel E. Geer, Jr. and   
              Dave Aucsmith and   
             James A. Whittaker   Monoculture  . . . . . . . . . . . . . . 14--17
            Simson L. Garfinkel   Email-Based Identification and
                                  Authentication: An Alternative to PKI?   20--26
             Dakshi Agrawal and   
                 Dogan Kesdogan   Measuring Anonymity: The Disclosure
                                  Attack . . . . . . . . . . . . . . . . . 27--34
         Jean-Marc Seigneur and   
     Christian Damsgaard Jensen   Privacy Recovery with Disposable Email
                                  Addresses  . . . . . . . . . . . . . . . 35--39
        Abdelmounaam Rezgui and   
         Athman Bouguettaya and   
          Mohamed Y. Eltoweissy   Privacy on the Web: Facts, Challenges,
                                  and Solutions  . . . . . . . . . . . . . 40--49
            Lorrie Faith Cranor   P3P: Making Privacy Policies More Useful 50--55
             John S. Quarterman   The Ultimate in Instant Gratification    56--58
              Cynthia E. Irvine   Teaching Constructive Security . . . . . 59--61
              Jeannette M. Wing   A Call to Action: Look Beyond the
                                  Horizon  . . . . . . . . . . . . . . . . 62--67
                   Michael Lesk   Feist and Facts: If Data Is Protected,
                                  Will It Be More or Less Available? . . . 68--70
                     Elias Levy   Crossover: Online Pests Plaguing the
                                  Offline World  . . . . . . . . . . . . . 71--73
                S. W. Smith and   
            Jothy Rosenberg and   
                  Adam Golodner   A Funny Thing Happened on the Way to the
                                  Marketplace  . . . . . . . . . . . . . . 74--78
                   Bill McCarty   The Honeynet Arms Race . . . . . . . . . 79--82
                      Anonymous   2003 Annual Index IEEE Security & Privacy
                                  Volume 1 . . . . . . . . . . . . . . . . 83--88
        Michael A. Caloyannides   Digital `Evidence' and Reasonable Doubt  89--91
                 Bruce Schneier   Airplane Hackers . . . . . . . . . . . . 92--92


IEEE Security & Privacy
Volume 2, Number 1, January / February, 2004

              Fred B. Schneider   From the Editors: The Next Digital
                                  Divide . . . . . . . . . . . . . . . . . 5--5
                      Anonymous   Reviewer Thanks  . . . . . . . . . . . . 6--6
               Daniel Weber and   
                  Jean Camp and   
              Tom Van Vleck and   
                  Bob Bruen and   
                James Whittaker   Letters to the Editors: Digital Rights
                                  Management; Change the Game?; No Clear
                                  Answers  . . . . . . . . . . . . . . . . 7--9
              Charles C. Palmer   Editorial Board Member Profile: Can We
                                  Win the Security Game? . . . . . . . . . 10--12
                  Greg Goth and   
               Pam Frost Gorder   News: E-Voting Security: The Electoral
                                  Dialect Gets Hot; Balancing Video-Game
                                  Piracy Issues  . . . . . . . . . . . . . 14--17
              Scott L. Andresen   NewsBriefs: Policy; Privacy; Security    18--19
                Martin R. Stytz   Book Reviews: Wireless World Order [\em
                                  How Secure Is Your Wireless Network?
                                  Safeguarding Your Wi-Fi LAN by Lee
                                  Barken]; No Need to Fear [\em Beyond
                                  Fear: Thinking Sensibly About Security
                                  in an Uncertain World, by Bruce
                                  Schneier]  . . . . . . . . . . . . . . . 20--21
              David L. Dill and   
                 Aviel D. Rubin   Guest Editors' Introduction: E-Voting
                                  Security . . . . . . . . . . . . . . . . 22--23
                David Evans and   
                 Nathanael Paul   E-Voting: Election Security: Perception
                                  and Reality  . . . . . . . . . . . . . . 24--31
            Jonathan Bannet and   
             David W. Price and   
                Algis Rudys and   
              Justin Singer and   
                 Dan S. Wallach   E-Voting: Hack-a-Vote: Security Issues
                                  with Electronic Voting Systems . . . . . 32--37
                    David Chaum   E-Voting: Secret-Ballot Receipts: True
                                  Voter-Verifiable Elections . . . . . . . 38--47
            Nicolas Sklavos and   
          Nikolay Moldovyan and   
        Vladimir Gorodetsky and   
           Odysseas Koufopavlou   Conference Reports: Computer Network
                                  Security: Report from MMM-ACNS . . . . . 49--52
                    Marc Donner   Biblio Tech: Die Gedanken Sind Frei  . . 53--55
       Michael Russell Grimaila   Education: Maximizing Business
                                  Information Security's Educational Value 56--60
                   Michael Lesk   Digital Rights: Micropayments: An Idea
                                  Whose Time Has Passed Twice? . . . . . . 61--63
                      Jim Hearn   Global Perspectives: Does the Common
                                  Criteria Paradigm Have a Future? . . . . 64--65
               Iván Arce   Attack Trends: More Bang For the Bug: An
                                  Account of 2003's Attack Trends  . . . . 66--68
              Sean W. Smith and   
             Eugene H. Spafford   Secure Systems: Grand Challenges in
                                  Information Security: Process and Output 69--71
                Martin R. Stytz   Considering Defense in Depth for
                                  Software Applications  . . . . . . . . . 72--75
                   Neal Krawetz   The Honeynet Files: Anti-Honeypot
                                  Technology . . . . . . . . . . . . . . . 76--79
        Michael A. Caloyannides   Privacy Matters: Online Monitoring:
                                  Security or Social Control?  . . . . . . 81--83
                 Bruce Schneier   Clear Text: Voting Security and
                                  Technology . . . . . . . . . . . . . . . 84--84

IEEE Security & Privacy
Volume 2, Number 2, March / April, 2004

                 George Cybenko   From the Editors: Don't Bring a Knife to
                                  a Gunfight . . . . . . . . . . . . . . . 5--5
         Matthias Fischmann and   
             Matthias Bauer and   
               Simson Garfinkel   Letters to the Editor: EBIA vs. PKI  . . 6--7
                Martin R. Stytz   Book Reviews: Hacking for Understanding:
                                  \em Hacking: The Art of Exploitation, by
                                  Jon Erickson . . . . . . . . . . . . . . 8--8
                  Greg Goth and   
        Benjamin J. Alfonsi and   
              Scott L. Andresen   News: How Useful Are Attack Trend
                                  Resources? . . . . . . . . . . . . . . . 9--11
              Kanta Jiwnani and   
               Marvin Zelkowitz   Susceptibility Matrix: a New Aid to
                                  Software Auditing  . . . . . . . . . . . 16--21
                    Simon Byers   Information Leakage Caused by Hidden
                                  Data in Published Documents  . . . . . . 23--27
             Marco Gruteser and   
                       Xuan Liu   Protecting Privacy in Continuous
                                  Location-Tracking Applications . . . . . 28--34
      Annie I. Antón and   
              Julia B. Earp and   
                Qingfeng He and   
        William Stufflebeam and   
            Davide Bolchini and   
       University of Lugano and   
                  Carlos Jensen   Financial Privacy Policies and the Need
                                  for Standardization  . . . . . . . . . . 36--45
                   Ashish Popli   ACM Computer and Communication Security
                                  Conference . . . . . . . . . . . . . . . 46--47
                Stephen A. Weis   RFID Privacy Workshop: Concerns,
                                  Consensus, and Questions . . . . . . . . 48--50
                    Marc Donner   Hacking the Best-Seller List . . . . . . 51--53
                Matt Bishop and   
                    Deb Frincke   Teaching Robust Programming  . . . . . . 54--57
               Jeffery E. Payne   Regulation and Information Security: Can
                                  Y2K Lessons Help Us? . . . . . . . . . . 58--61
                   Michael Lesk   Shedding Light on Creativity: The
                                  History of Photography . . . . . . . . . 62--64
                     Elias Levy   Criminals Become Tech Savvy  . . . . . . 65--68
                   Peter Wayner   The Power of Candy-Coated Bits . . . . . 69--72
                Roland L. Trope   A Warranty of Cyberworthiness  . . . . . 73--76
                George Chamales   The Honeywall CD-ROM . . . . . . . . . . 77--79
                    Gary McGraw   Software Security  . . . . . . . . . . . 80--83
        Michael A. Caloyannides   The Cost of Convenience: a Faustian Deal 84--87

IEEE Security & Privacy
Volume 2, Number 3, May / June, 2004

                    Marc Donner   From the Editors: Whose Data Are These,
                                  Anyway?  . . . . . . . . . . . . . . . . 5--6
        Shari Lawrence Pfleeger   Book Reviews: a Gift of Impact: \em A
                                  Gift of Fire: The Social, Legal, and
                                  Ethical Issues for Computers and the
                                  Internet, by Sara Baase (Prentice-Hall
                                  2002, ISBN 0-13-008215-5)  . . . . . . . 7--7
                Hong-Lok Li and   
                      Stan Bush   Letters to the Editor: Interface:
                                  Usability, efficiency --- or privacy?;
                                  Does piracy increase sales?  . . . . . . 8--9
                  Greg Goth and   
              Scott L. Andresen   News: Richard Clarke Talks Cybersecurity
                                  and JELL-O . . . . . . . . . . . . . . . 11--15
               Noopur Davis and   
             Watts Humphrey and   
     Samuel T. Redwine, Jr. and   
          Gerlinde Zibulski and   
                    Gary McGraw   Processes for Producing Secure Software:
                                  Summary of US National Cybersecurity
                                  Summit Subgroup Report . . . . . . . . . 18--25
             William A. Arbaugh   Guest Editor's Introduction: Wired on
                                  Wireless . . . . . . . . . . . . . . . . 26--27
                Yih-Chun Hu and   
                  Adrian Perrig   A Survey of Secure Wireless Ad Hoc
                                  Routing  . . . . . . . . . . . . . . . . 28--39
             David Johnston and   
                   Jesse Walker   Overview of IEEE 802.16 Security . . . . 40--48
         Jean-Pierre Hubaux and   
              Srdjan Capkun and   
                        Jun Luo   The Security and Privacy of Smart
                                  Vehicles . . . . . . . . . . . . . . . . 49--55
             Joel W. Branch and   
       Nick L. Petroni, Jr. and   
         Leendert Van Doorn and   
                  David Safford   Autonomic 802.11 Wireless LAN Security
                                  Auditing . . . . . . . . . . . . . . . . 56--65
                    Marc Donner   Cult Classics  . . . . . . . . . . . . . 66--68
         Deborah A. Frincke and   
                    Matt Bishop   Guarding the Castle Keep: Teaching with
                                  the Fortress Metaphor  . . . . . . . . . 69--72
            Salvatore J. Stolfo   Worm and Attack Early Warning  . . . . . 73--75
                   Michael Lesk   Digital Rights: Copyright and Creativity 76--78
              Ivaán Arce   The Kernel Craze . . . . . . . . . . . . 79--81
                Mark F. Vilardo   Online Impersonation in Securities Scams 82--85
                   Richard Ford   The Wrong Stuff? . . . . . . . . . . . . 86--89
                  Paco Hope and   
                Gary McGraw and   
          Annie I. Antón   Misuse and Abuse Cases: Getting Past the
                                  Positive . . . . . . . . . . . . . . . . 90--92
        Michael A. Caloyannides   Security or Cosmetology? . . . . . . . . 93--95
                 Bruce Schneier   Security and Compliance  . . . . . . . . 96--96

IEEE Security & Privacy
Volume 2, Number 4, July / August, 2004

                    Marc Donner   From the Editors: a Witty Lesson . . . . 5--5
               Brad Spencer and   
        Michael A. Caloyannides   Letters to the Editor: Interface:
                                  Machine Gun or Blunderbuss?; Usability
                                  or privacy redux; Erratum  . . . . . . . 7--8
                   Scott Forbes   Book Reviews: \em A .NET Gold Mine: .NET
                                  Security and Cryptography, by Peter
                                  Thorsteinson and G. Gnana Arun Ganesh
                                  (Prentice-Hall 2004, ISBN 0-13-100851-X) 10--10
                 Adam Stone and   
           Benjamin Alfonsi and   
              Scott L. Andresen   News: The Delicate Balance: Security and
                                  Privacy; Corporate Security Under Siege;
                                  NewsBriefs . . . . . . . . . . . . . . . 12--13
          Iváan Arce and   
                    Gary McGraw   Guest Editors' Introduction: Why
                                  Attacking Systems Is a Good Idea . . . . 17--19
            Jonathan Pincus and   
                  Brandon Baker   Beyond Stack Smashing: Recent Advances
                                  in Exploiting Buffer Overruns  . . . . . 20--27
              Carolyn P. Meinel   Cybercrime Treaty Could Chill Research   28--32
                 Greg White and   
                    Art Conklin   The Appropriate Use of Force-on-Force
                                  Cyberexercises . . . . . . . . . . . . . 33--37
                Sandra Ring and   
                      Eric Cole   Taking a Lesson from Stealthy Rootkits   38--45
            Colleen Shannon and   
                    David Moore   The Spread of the Witty Worm . . . . . . 46--50
                    Marc Donner   Deus Est Machina . . . . . . . . . . . . 51--53
            Deborah Frincke and   
                    Matt Bishop   Back to School . . . . . . . . . . . . . 54--56
                   Chip Elliott   Quantum Cryptography . . . . . . . . . . 57--61
                   Michael Lesk   Bigger Share of a Smaller Pie  . . . . . 62--64
                     Elias Levy   Approaching Zero . . . . . . . . . . . . 65--66
              Richard Guida and   
               Robert Stahl and   
                Thomas Bunt and   
               Gary Secrest and   
               Joseph Moorcones   Deploying and Using Public Key
                                  Technology: Lessons Learned in Real Life 67--71
            Frederic Raynal and   
              Yann Berthier and   
            Philippe Biondi and   
              Danielle Kaminsky   Honeypot Forensics Part I: Analyzing the
                                  Network  . . . . . . . . . . . . . . . . 72--78
               Denis Verdon and   
                    Gary McGraw   Risk Analysis in Software Design . . . . 79--84
        Michael A. Caloyannides   Is Privacy Really Constraining Security
                                  or Is this a Red Herring?  . . . . . . . 86--87
                 Bruce Schneier   Customers, Passwords, and Web Sites  . . 88--88

IEEE Security & Privacy
Volume 2, Number 5, September / October, 2004

                 Fred Schneider   Time Out for Station Identification  . . 5--5
                      Anonymous   Letters to the Editor  . . . . . . . . . 6--7
                      Greg Goth   News . . . . . . . . . . . . . . . . . . 8--11
                      Anonymous   Protecting Consumers' Private Health
                                  Information  . . . . . . . . . . . . . . 12--12
        Lorrie Faith Cranor and   
               Simson Garfinkel   Guest Editors' Introduction: Secure or
                                  Usable?  . . . . . . . . . . . . . . . . 16--18
               Dirk Balfanz and   
               Glenn Durfee and   
         Rebecca E. Grinter and   
                 D. K. Smetters   In Search of Usable Security: Five
                                  Lessons from the Field . . . . . . . . . 19--24
                   Jeff Yan and   
             Alan Blackwell and   
              Ross Anderson and   
                 Alasdair Grant   Password Memorability and Security:
                                  Empirical Results  . . . . . . . . . . . 25--31
                      Mike Just   Designing and Evaluating
                                  Challenge-Question Systems . . . . . . . 32--39
               Alen Peacock and   
                    Xian Ke and   
              Matthew Wilkerson   Typing Patterns: a Key to User
                                  Identification . . . . . . . . . . . . . 40--47
                    Ka-Ping Yee   Aligning Security and Usability  . . . . 48--55
                    Marc Donner   Jennifer Government  . . . . . . . . . . 57--59
            Deborah Frincke and   
                    Matt Bishop   Joining the Security Education Community 61--63
               O. Sami Saydjari   Multilevel Security: Reprise . . . . . . 64--67
               Mike Andrews and   
             James A. Whittaker   Computer Security  . . . . . . . . . . . 68--71
               Iván Arce   The Shellcode Generation . . . . . . . . 72--76
            Frederic Raynal and   
              Yann Berthier and   
            Philippe Biondi and   
              Danielle Kaminsky   Honeypot Forensics, Part II: Analyzing
                                  the Compromised Host . . . . . . . . . . 77--80
                Gary McGraw and   
                   Bruce Potter   Software Security Testing  . . . . . . . 81--85
        Michael A. Caloyannides   Speech Privacy Technophobes Need Not
                                  Apply  . . . . . . . . . . . . . . . . . 86--87
                 Bruce Schneier   SIMS: Solution, or Part of the Problem?  88--88

IEEE Security & Privacy
Volume 2, Number 6, November / December, 2004

                 George Cybenko   Security Alchemy . . . . . . . . . . . . 5--5
                   Scott Forbes   Privacy Law Resource for Students and
                                  Professionals  . . . . . . . . . . . . . 7--7
                  Greg Goth and   
               Benjamin Alfonsi   News . . . . . . . . . . . . . . . . . . 8--9
      Annie I. Antón and   
                Qingfeng He and   
                David L. Baumer   Inside JetBlue's Privacy Policy
                                  Violations . . . . . . . . . . . . . . . 12--18
             Jaideep Vaidya and   
                  Chris Clifton   Privacy-Preserving Data Mining: Why,
                                  How, and When  . . . . . . . . . . . . . 19--27
              K. S. Shankar and   
                   Helmut Kurth   Certifying Open Source---The Linux
                                  Experience . . . . . . . . . . . . . . . 28--33
            David E. Bakken and   
          Rupa Parameswaran and   
          Douglas M. Blough and   
              Andy A. Franz and   
                   Ty J. Palmer   Data Obfuscation: Anonymity and
                                  Desensitization of Usable Data Sets  . . 34--41
                Javed Aslam and   
              Sergey Bratus and   
                 David Kotz and   
               Ron Peterson and   
                Brett Tofel and   
                    Daniela Rus   The Kerf Toolkit for Intrusion Analysis  42--52
                    Marc Donner   Use the Force, Luke! . . . . . . . . . . 53--55
            Deborah Frincke and   
                    Matt Bishop   Academic Degrees and Professional
                                  Certification  . . . . . . . . . . . . . 56--58
               Shelby Evans and   
             David Heinbuch and   
            Elizabeth Kyule and   
            John Piorkowski and   
                  James Wallner   Risk-based Systems Security Engineering:
                                  Stopping Attacks with Intention  . . . . 59--62
                 Michael Howard   Building More Secure Software with
                                  Improved Development Processes . . . . . 63--65
                     Elias Levy   Interface Illusions  . . . . . . . . . . 66--69
                  Anil Somayaji   How to Win and Evolutionary Arms Race    70--72
             John G. Levine and   
         Julian B. Grizzard and   
                  Henry L. Owen   Using Honeynets to Protect Large
                                  Enterprise Networks  . . . . . . . . . . 73--75
                Brian Chess and   
                    Gary McGraw   Static Analysis for Security . . . . . . 76--79
                      Anonymous   2004 Annual Index  . . . . . . . . . . . 80--85
           Michael Caloyannides   Enhancing Security: Not for the
                                  Conformist . . . . . . . . . . . . . . . 88, 86--87


IEEE Security & Privacy
Volume 3, Number 1, January / February, 2005

                    C. Landwehr   Changing the Puzzle Pieces . . . . . . . 3--4
                     M. R. Sytz   Studying Attacks to Improve Software
                                  Defense  . . . . . . . . . . . . . . . . 11--11
                R. Anderson and   
                    B. Schneier   Guest Editors' Introduction: Economics
                                  of Information Security  . . . . . . . . 12--13
                    E. Rescorla   Is finding security holes a good idea?   14--19
                   A. Arora and   
                      R. Telang   Economics of software vulnerability
                                  disclosure . . . . . . . . . . . . . . . 20--25
                A. Acquisti and   
                  J. Grossklags   Privacy and rationality in individual
                                  decision making  . . . . . . . . . . . . 26--33
                  H. Varian and   
              F. Wallenberg and   
                      G. Woroch   The demographics of the do-not-call list
                                  [security of data] . . . . . . . . . . . 34--39
                S. E. Schechter   Toward econometric models of the
                                  security risk from remote attacks  . . . 40--44
                 G. Danezis and   
                    R. Anderson   The economics of resisting censorship    45--50
                        J. Linn   Technology and Web user data privacy ---
                                  a survey of risks and countermeasures    52--58
                A. Yasinsac and   
                   M. Burmester   Centers of academic excellence: a case
                                  study  . . . . . . . . . . . . . . . . . 62--65
                 H. H. Thompson   Application penetration testing  . . . . 66--69
                        I. Arce   Bad peripherals  . . . . . . . . . . . . 70--73
                       C. Adams   Building secure Web-based environments:
                                  understanding research
                                  interrelationships through a
                                  construction metaphor  . . . . . . . . . 74--77
                    R. L. Trope   Directors' digital fiduciary duties  . . 78--82
                   B. Arkin and   
                 S. Stender and   
                      G. McGraw   Software penetration testing . . . . . . 84--87
                    B. Schneier   Authentication and Expiration  . . . . . 88--88

IEEE Security & Privacy
Volume 3, Number 2, March / April, 2005

                      M. Donner   What's in a Name?  . . . . . . . . . . . 4--5
                    S. A. Weiss   Crypto 2004  . . . . . . . . . . . . . . 11--13
                     R. Iverson   A Framework to Consider  . . . . . . . . 14--14
                R. Oppliger and   
                        R. Rytz   Does trusted computing remedy computer
                                  security problems? . . . . . . . . . . . 16--19
                   A. Iliev and   
                    S. W. Smith   Protecting client privacy with trusted
                                  computing at the server  . . . . . . . . 20--28
                D. N. Jutla and   
                     P. Bodorik   Sociotechnical architecture for online
                                  privacy  . . . . . . . . . . . . . . . . 29--39
             S. L. Pfleeger and   
                       G. Bloom   Canning SPAM: Proposed solutions to
                                  unwanted email . . . . . . . . . . . . . 40--47
                   R. Dodge and   
                    D. Ragsdale   Technology education at the US Military
                                  Academy  . . . . . . . . . . . . . . . . 49--53
               R. A. Maxion and   
               R. R. M. Roberts   Methodological foundations: enabling the
                                  next generation of security  . . . . . . 54--57
                     P. Oehlert   Violating assumptions with fuzzing . . . 58--62
                        E. Levy   Worm propagation and generic attacks . . 63--65
                    S. W. Smith   Turing is from Mars, Shannon is from
                                  Venus: computer science and computer
                                  engineering  . . . . . . . . . . . . . . 66--69
                E. M. Power and   
                    R. L. Trope   Averting security missteps in
                                  outsourcing  . . . . . . . . . . . . . . 70--73
                  S. Barnum and   
                      G. McGraw   Knowledge for software security  . . . . 74--78
                   D. Geer, Jr.   The Problem Statement is the Problem . . 80--80

IEEE Security & Privacy
Volume 3, Number 3, May / June, 2005

                F. B. Schneider   It Depends on What You Pay . . . . . . . 3--3
                    M. R. Stytz   Under the Black Hat  . . . . . . . . . . 5--5
                  L. McLaughlin   Interview: Holistic Security . . . . . . 6--8
                  S. Landau and   
                    M. R. Stytz   Overview of cyber security: a crisis of
                                  prioritization . . . . . . . . . . . . . 9--11
                        M. Amin   Guest Editor's Introduction:
                                  Infrastructure Security--Reliability and
                                  Dependability of Critical Systems  . . . 15--17
                   M. Sahinoglu   Security meter: a practical
                                  decision-tree model to quantify risk . . 18--24
                    Min Cai and   
                  Kai Hwang and   
              Yu-Kwong Kwok and   
              Shanshan Song and   
                        Yu Chen   Collaborative Internet worm containment  25--33
            S. L. Garfinkel and   
                   A. Juels and   
                       R. Pappu   RFID privacy: an overview of problems
                                  and proposed solutions . . . . . . . . . 34--43
                T. J. Walsh and   
                     D. R. Kuhn   Challenges in securing voice over IP . . 44--49
                  A. Senior and   
                S. Pankanti and   
                A. Hampapur and   
                   L. Brown and   
               Ying-Li Tian and   
                    A. Ekin and   
                 J. Connell and   
               Chiao Fe Shu and   
                          M. Lu   Enabling video privacy through computer
                                  vision . . . . . . . . . . . . . . . . . 50--57
                      M. Donner   A young geek's fancy turns to\ldots
                                  science fiction? [Book recommendations]  58--60
               C. E. Irvine and   
             M. F. Thompson and   
                       K. Allen   CyberCIEGE: gaming for information
                                  assurance  . . . . . . . . . . . . . . . 61--64
                        B. Snow   Four ways to improve security  . . . . . 65--67
                 P. Gutmann and   
                D. Naccache and   
                   C. C. Palmer   When hashes collide [applied
                                  cryptography]  . . . . . . . . . . . . . 68--71
                        R. Ford   Malcode mysteries revealed [computer
                                  viruses and worms] . . . . . . . . . . . 72--75
                        T. Holz   A short visit to the bot zoo [malicious
                                  bots software] . . . . . . . . . . . . . 76--79
                       C. Salka   Programming languages and systems
                                  security . . . . . . . . . . . . . . . . 80--83
                        M. Lesk   Salute the broadcast flag [digital
                                  protection for TV recording] . . . . . . 84--87
                  D. Taylor and   
                      G. McGraw   Adopting a software security improvement
                                  program  . . . . . . . . . . . . . . . . 88--91
                    S. Bellovin   Security and Privacy: Enemies or Allies? 92--92

IEEE Security & Privacy
Volume 3, Number 4, July / August, 2005

                 George Cybenko   The One-Eyed Man Is King . . . . . . . . 4--5
                 Nathanael Paul   A Closer Look at Viruses and Worms . . . 7
               Benjamin Alfonsi   Alliance Addresses VoIP Security . . . . 8
            Axelle Apvrille and   
                Makan Pourzandi   Secure Software Development by Example   10--17
             Helayne T. Ray and   
           Raghunath Vemuri and   
      Hariprasad R. Kantubhukta   Toward an Automated Attack Model for Red
                                  Teams  . . . . . . . . . . . . . . . . . 18--25
             Michael Bailey and   
                 Evan Cooke and   
            Farnam Jahanian and   
               David Watson and   
                   Jose Nazario   The Blaster Worm: Then and Now . . . . . 26--31
           Dimitrios Lekkas and   
             Diomidis Spinellis   Handling and Reporting Security
                                  Advisories: a Scorecard Approach . . . . 32--41
                Urs E. Gattiker   EICAR 2005 . . . . . . . . . . . . . . . 45--48
                Matt Bishop and   
                Deborah Frincke   A Human Endeavor: Lessons from
                                  Shakespeare and Beyond . . . . . . . . . 49--51
                 James Mulvenon   Toward a Cyberconflict Studies Research
                                  Agenda . . . . . . . . . . . . . . . . . 52--55
              Peter Gutmann and   
                      Ian Grigg   Security Usability . . . . . . . . . . . 56--58
               William H. Allen   Computer Forensics . . . . . . . . . . . 59--62
               Iván Arce   The Land of the Blind  . . . . . . . . . 63--67
              Sara Sinclair and   
                    S. W. Smith   The TIPPI Point: Toward Trustworthy
                                  Interfaces . . . . . . . . . . . . . . . 68--71
                Martin R. Stytz   Protecting Personal Privacy: Hauling
                                  Down the Jolly Roger . . . . . . . . . . 72--74
              Nancy R. Mead and   
                    Gary McGraw   A Portal for Software Security . . . . . 75--79

IEEE Security & Privacy
Volume 3, Number 5, September / October, 2005

                    Marc Donner   There Ain't No Inside, There Ain't No
                                  Outside\ldots  . . . . . . . . . . . . . 4--5
              Katharine W. Webb   Biometric Security Solutions . . . . . . 7
             Heather Drinan and   
                   Brent Kesler   News Briefs  . . . . . . . . . . . . . . 8--10
           Laurianne McLaughlin   From AWK to Google: Peter Weinberger
                                  Talks Search . . . . . . . . . . . . . . 11--13
          Barbara Carminati and   
              Elena Ferrari and   
             Patrick C. K. Hung   Exploring Privacy Issues in Web Services
                                  Discovery Agencies . . . . . . . . . . . 14--21
       Bernardo A. Huberman and   
                 Eytan Adar and   
                 Leslie R. Fine   Valuating Privacy  . . . . . . . . . . . 22--25
           Lance J. Hoffman and   
              Tim Rosenberg and   
               Ronald Dodge and   
                Daniel Ragsdale   Exploring a National Cybersecurity
                                  Exercise for Universities  . . . . . . . 27--33
          Fred B. Schneider and   
                    Lidong Zhou   Implementing Trustworthy Services Using
                                  Replicated State Machines  . . . . . . . 34--43
           Robert W. Reeder and   
                    Fahd Arshad   Soups 2005 . . . . . . . . . . . . . . . 47--50
                    Peter Kuper   The State of Security  . . . . . . . . . 51--53
                Matt Bishop and   
             Deborah A. Frincke   Teaching Secure Programming  . . . . . . 54--56
                     Ann Miller   Trends in Process Control Systems
                                  Security . . . . . . . . . . . . . . . . 57--60
                 David Naccache   Finding Faults . . . . . . . . . . . . . 61--65
                     Peter Torr   Demystifying the Threat-Modeling Process 66--70
                 David M. Nicol   Modeling and Simulation in Security
                                  Evaluation . . . . . . . . . . . . . . . 71--74
         Kenneth R. van Wyk and   
                    Gary McGraw   Bridging the Gap between Software
                                  Development and Information Security . . 75--79
                       Dan Geer   When Is a Product a Security Product?    80

IEEE Security & Privacy
Volume 3, Number 6, November / December, 2005

                 Martin Libicki   Are RFIDs Coming to Get You? . . . . . . 6--6
             Heather Drinan and   
             Nancy Fontaine and   
                   Brent Kesler   News Briefs  . . . . . . . . . . . . . . 7--8
           Laurianne McLaughlin   Winning the Game of Risk: Neumann's Take
                                  on Sound Design  . . . . . . . . . . . . 9--12
               Michah Sherr and   
                Eric Cronin and   
                Sandy Clark and   
                     Matt Blaze   Signaling vulnerabilities in wiretapping
                                  systems  . . . . . . . . . . . . . . . . 13--25
                   Susan Landau   Security, wiretapping, and the Internet  26--33
             Philip L. Campbell   The denial-of-service dance  . . . . . . 34--40
         Stelios Sidiroglou and   
           Angelos D. Keromytis   Countering network worms through
                                  automatic patch generation . . . . . . . 41--49
              Gregory Conti and   
                Mustaque Ahamad   A framework for countering
                                  denial-of-information attacks  . . . . . 50--56
              Faith M. Keikkila   SecureWorld Expo 2005  . . . . . . . . . 57--60
              Pinny Sheoran and   
               Oria Friesen and   
Barbara J. Huffman de Belón   Developing and Sustaining Information
                                  Assurance: The Role of Community
                                  Colleges (Part 1)  . . . . . . . . . . . 61--63
                     Scott Borg   Economically complex cyberattacks  . . . 64--67
                Gerald A. Marin   Network security basics  . . . . . . . . 68--72
                    S. W. Smith   Pretending that systems are secure . . . 73--76
           E. Michael Power and   
                Roland L. Trope   Acting responsibly with geospatial data  77--80
          Katrina Tsipenyuk and   
                Brian Chess and   
                    Gary McGraw   Seven pernicious kingdoms: a taxonomy of
                                  software security errors . . . . . . . . 81--84
               Ted Phillips and   
           Ttom Karygiannis and   
                      Rick Kuhn   Security standards for the RFID market   85--89
                      Anonymous   2005 Annual Index  . . . . . . . . . . . 90--95
                 Bruce Schneier   The Zotob Storm  . . . . . . . . . . . . 96--96


IEEE Security & Privacy
Volume 4, Number 1, January / February, 2006

                 George Cybenko   Why Johnny Can't Evaluate Security Risk  5--5
                      Anonymous   Special Thanks to S&P's Reviewers . . . . 7--8
               Whitfield Diffie   Chattering about SIGINT  . . . . . . . . 9--9
           Laurianne McLaughlin   Philip Zimmermann on What's Next after
                                  PGP? . . . . . . . . . . . . . . . . . . 10--13
             Heather Drinan and   
             Nancy Fontaine and   
                   Brent Kesler   News Briefs  . . . . . . . . . . . . . . 14--16
           Edward W. Felten and   
              J. Alex Halderman   Digital Rights Management, Spyware, and
                                  Security . . . . . . . . . . . . . . . . 18--23
             John G. Levine and   
         Julian B. Grizzard and   
                  Henry L. Owen   Detecting and Categorizing Kernel-Level
                                  Rootkits to Aid Future Detection . . . . 24--32
                    Nir Kshetri   The Simple Economics of Cybercrimes  . . 33--39
                  Steven Cheung   Denial of Service against the Domain
                                  Name System  . . . . . . . . . . . . . . 40--45
                 John Black and   
             Martin Cochran and   
                   Ryan Gardner   A Security Analysis of the Internet
                                  Chess Club . . . . . . . . . . . . . . . 46--52
       Christian Rechberger and   
             Vincent Rijmen and   
                Nicolas Sklavos   The NIST Cryptographic Workshop on Hash
                                  Functions  . . . . . . . . . . . . . . . 54--56
          Timothy Rosenberg and   
               Lance J. Hoffman   Taking Networks on the Road: Portable
                                  Solutions for Security Educators . . . . 57--60
                      Anonymous   2006 Editorial Calendar  . . . . . . . . 61--61
           Virgil D. Gligor and   
                  Tom Haigh and   
              Dick Kemmerer and   
              Carl Landwehr and   
               Steve Lipner and   
                    John McLean   Information Assurance Technology
                                  Forecast 2005  . . . . . . . . . . . . . 62--69
           Jean-Sebastien Coron   What Is Cryptography?  . . . . . . . . . 70--73
                 Robert Seacord   Secure Coding in C and C++: Of Strings
                                  and Integers . . . . . . . . . . . . . . 74--76
                    Dragos Ruiu   Learning from Information Security
                                  History  . . . . . . . . . . . . . . . . 77--79
             Jeremy Epstein and   
            Scott Matsumoto and   
                    Gary McGraw   Software Security and SOA: Danger, Will
                                  Robinson!  . . . . . . . . . . . . . . . 80--83
     Ramaswamy Chandramouli and   
                     Scott Rose   Challenges in Securing the Domain Name
                                  System . . . . . . . . . . . . . . . . . 84--87
                 Steve Bellovin   Unconventional Wisdom  . . . . . . . . . 88--88

IEEE Security & Privacy
Volume 4, Number 2, March / April, 2006

                    Marc Donner   The Impending Debate . . . . . . . . . . 4--5
                 Mikhael Felker   Internet War Games: Power of the Masses  7
               Brent Kesler and   
             Heather Drinan and   
                 Nancy Fontaine   News Briefs  . . . . . . . . . . . . . . 8--13
              Kjell J. Hole and   
        Vebjòrn Moen and   
        Thomas Tjòstheim   Case Study: Online Banking Security  . . 14--20
              Alain Hiltgen and   
             Thorsten Kramp and   
                 Thomas Weigold   Secure Internet Banking Authentication   21--29
                WenJie Wang and   
                 Yufei Yuan and   
                    Norm Archer   A Contextual Framework for Combating
                                  Identity Theft . . . . . . . . . . . . . 30--38
             David D. Hwang and   
          Patrick Schaumont and   
                  Kris Tiri and   
             Ingrid Verbauwhede   Securing Embedded Systems  . . . . . . . 40--49
             Feisal Keblawi and   
                  Dick Sullivan   Applying the Common Criteria in Systems
                                  Engineering  . . . . . . . . . . . . . . 50--55
                    Peter Kuper   A Warning to Industry---Fix It or Lose
                                  It . . . . . . . . . . . . . . . . . . . 56--60
                Matt Bishop and   
             Deborah A. Frincke   Who Owns Your Computer?  . . . . . . . . 61--63
                Rosario Gennaro   Randomness in Cryptography . . . . . . . 64--67
         James A. Whittaker and   
                   Richard Ford   How to Think about Security  . . . . . . 68--71
              Thorsten Holz and   
             Simon Marechal and   
  Frédéric Raynal   New Threats and Attacks on the World
                                  Wide Web . . . . . . . . . . . . . . . . 72--75
                  Scott Bradner   The End of End-to-End Security?  . . . . 76--79
                   Michael Lesk   Should Indexing Be Fair Use? The Battle
                                  over Google Book Search  . . . . . . . . 80--83
                    John Steven   Adopting an Enterprise Software Security
                                  Framework  . . . . . . . . . . . . . . . 84--87
                William E. Burr   Cryptographic Hash Standards: Where Do
                                  We Go from Here? . . . . . . . . . . . . 88--91
                      Anonymous   IEEE Security & Privacy 2006 Editorial
                                  Calendar . . . . . . . . . . . . . . . . 92

IEEE Security & Privacy
Volume 4, Number 3, May / June, 2006

              Fred B. Schneider   Here Be Dragons  . . . . . . . . . . . . 3
        Shari Lawrence Pfleeger   Everything You Wanted to Know about
                                  Privacy (But Were Afraid to Ask) . . . . 5
               Brent Kesler and   
                 Heather Drinan   News Briefs  . . . . . . . . . . . . . . 6--10
                    Gary McGraw   Interview: Silver Bullet Speaks to Avi
                                  Rubin  . . . . . . . . . . . . . . . . . 11--13
           James X. Dempsey and   
                 Ira Rubinstein   Guest Editors' Introduction: Lawyers and
                                  Technologists---Joined at the Hip? . . . 15--19
             Patricia L. Bellia   The Fourth Amendment and Emerging
                                  Communications Technologies  . . . . . . 20--28
                  Albert Gidari   Designing the Right Wiretap Solution:
                                  Setting Standards under CALEA  . . . . . 29--36
                  Erin Egan and   
                     Tim Jucovy   Building a Better Filter: How To Create
                                  a Safer Internet and Avoid the
                                  Litigation Trap  . . . . . . . . . . . . 37--44
              Charles D. Curran   Combating Spam, Spyware, and Other
                                  Desktop Intrusions: Legal Considerations
                                  in Operating Trusted Intermediary
                                  Technologies . . . . . . . . . . . . . . 45--51
            Gregory P. Schaffer   Worms and Viruses and Botnets, Oh My!:
                                  Rational Responses to Emerging Internet
                                  Threats  . . . . . . . . . . . . . . . . 52--58
              Pinny Sheoran and   
               Oris Friesen and   
Barbara J. Huffman de Belón   Developing and Sustaining Information
                                  Assurance: The Role of Community
                                  Colleges, Part 2 . . . . . . . . . . . . 60--65
        Robin E. Bloomfield and   
               Sofia Guerra and   
                 Ann Miller and   
             Marcelo Masera and   
           Charles B. Weinstock   International Working Group on Assurance
                                  Cases (for Security) . . . . . . . . . . 66--68
        Kenneth G. Paterson and   
               Arnold K. L. Yau   Lost in Translation: Theory and Practice
                                  in Cryptography  . . . . . . . . . . . . 69--72
                    Tuomas Aura   Why You Shouldn't Study Security . . . . 74--76
            Martin R. Stytz and   
                Sheila B. Banks   Dynamic Software Security Testing  . . . 77--79
             Pravir Chandra and   
                Brian Chess and   
                    John Steven   Putting the Tools to Work: How to
                                  Succeed with Source Code Analysis  . . . 80--83
                  Anne Anderson   Web Services Policies (Abstract) . . . . 84--87
            Daniel E. Geer, Jr.   Convergence (Abstract) . . . . . . . . . 88--88

IEEE Security & Privacy
Volume 4, Number 4, July / August, 2006

               Carl E. Landwehr   Speaking of Privacy  . . . . . . . . . . 4--5
               Brent Kesler and   
                 Heather Drinan   News Briefs  . . . . . . . . . . . . . . 6--8
        Charles P. Pfleeger and   
        Shari Lawrence Pfleeger   Why We Won't Review Books by Hackers . . 9
                    Gary McGraw   Interview: Silver Bullet Speaks with Dan
                                  Geer . . . . . . . . . . . . . . . . . . 10--13
                   Mike Andrews   Guest Editor's Introduction: The State
                                  of Web Security  . . . . . . . . . . . . 14--15
                    J. D. Meier   Web Application Security Engineering . . 16--24
                 John Viega and   
                 Jeremy Epstein   Why Applying Standards to Web Services
                                  Is Not Enough  . . . . . . . . . . . . . 25--31
               Mark Curphey and   
                 Rudolph Araujo   Web Application Security Assessment
                                  Tools  . . . . . . . . . . . . . . . . . 32--41
                   Denis Verdon   Security Policies and the Software
                                  Developer  . . . . . . . . . . . . . . . 42--49
          Richard R. Brooks and   
           Christopher Vutsinas   Kafka in the Academy: a Note on Ethics
                                  in IA Education  . . . . . . . . . . . . 50--53
  Paulo E. Veríssimo and   
              Nuno F. Neves and   
           Christian Cachin and   
            Jonathan Poritz and   
               David Powell and   
              Yves Deswarte and   
              Robert Stroud and   
                      Ian Welch   Intrusion-Tolerant Middleware: The Road
                                  to Automatic Security  . . . . . . . . . 54--62
            Roland L. Trope and   
               E. Michael Power   Lessons for Laptops for the 18th Century 64--68
         Melanie R. Rieback and   
               Bruno Crispo and   
            Andrew S. Tanenbaum   RFID Malware: Truth vs. Myth . . . . . . 70--72
                 Michael Howard   A Process for Performing Security Code
                                  Reviews  . . . . . . . . . . . . . . . . 74--79
                      Ivan Arce   Voices, I Hear Voices  . . . . . . . . . 80--83
                Jonathan Herzog   Applying Protocol Analysis to Security
                                  Device Interfaces  . . . . . . . . . . . 84--87
                Gunnar Peterson   Introduction to Identity Management Risk
                                  Metrics  . . . . . . . . . . . . . . . . 88--91
                Jim Robbins and   
                   John T. Sabo   Managing Information Privacy: Developing
                                  a Context for Security and Privacy
                                  Standards Convergence  . . . . . . . . . 92--95
             Steven M. Bellovin   On the Brittleness of Software and the
                                  Infeasibility of Security Metrics  . . . 96--96

IEEE Security & Privacy
Volume 4, Number 5, September / October, 2006

                    Marc Donner   Insecurity through Obscurity . . . . . . 4
                      Anonymous   Letters to the Editor  . . . . . . . . . 5
            Geraldine MacDonald   Cross-Border Transaction Liability . . . 7
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 8--10
                    Gary McGraw   Interview: Silver Bullet Speaks to
                                  Marcus Ranum . . . . . . . . . . . . . . 11--14
             Matthew Geiger and   
            Lorrie Faith Cranor   Scrubbing Stubborn Data: An Evaluation
                                  of Counter-Forensic Privacy Tools  . . . 16--25
               Robert Thibadeau   Trusted Computing for Disk Drives and
                                  Other Peripherals  . . . . . . . . . . . 26--33
              Peng Shaunghe and   
                       Han Zhen   Enhancing PC Security with a U-Key . . . 34--39
            Grant A. Jacoby and   
             Randy Marchany and   
          Nathaniel J. Davis IV   Using Battery Constraints within Mobile
                                  Hosts to Improve Network Security  . . . 40--49
              Brian Randell and   
               Peter Y. A. Ryan   Voting Technologies and Trust  . . . . . 50--56
                Stephen A. Weis   Privacy Enhancing Technologies . . . . . 59
                  Jill Slay and   
              Benjamin Turnbull   Computer Security Education and Research
                                  in Australia . . . . . . . . . . . . . . 60--63
                  Luther Martin   Fitting Square Pegs into Round Holes . . 64--66
                   Sarah Gordon   Understanding the Adversary: Virus
                                  Writers and Beyond . . . . . . . . . . . 67--70
                     Elias Levy   Worst-Case Scenario  . . . . . . . . . . 71--73
                Roland L. Trope   Immaterial Transfers with Material
                                  Consequences . . . . . . . . . . . . . . 74--78
         Kenneth R. van Wyk and   
                    John Steven   Essential Factors for Successful
                                  Software Security Awareness Training . . 80--83
            Doug Montgomery and   
                  Sandra Murphy   Toward Secure Routing Infrastructures    84--87
                 Bruce Schneier   University Networks and Data Security    88--88

IEEE Security & Privacy
Volume 4, Number 6, November / December, 2006

                 George Cybenko   Weak Links, Strong Ties  . . . . . . . . 3
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 4
                Eugene Spafford   Desert Island Books  . . . . . . . . . . 5
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 6--9
                    Gary McGraw   Silver Bullet Speaks with Ed Felten  . . 10--13
                      Anonymous   RSA\reg Conference 2007  . . . . . . . . 14
           Simson Garfinkel and   
               Michael D. Smith   Guest Editors' Introduction: Data
                                  Surveillance . . . . . . . . . . . . . . 15--17
                Robert Popp and   
                John Poindexter   Countering Terrorism through Information
                                  and Privacy Protection Technologies  . . 18--27
                     Jeff Jonas   Threat and Fraud Intelligence, Las Vegas
                                  Style  . . . . . . . . . . . . . . . . . 28--34
                      Anonymous   IEEE Computer Society Distance Learning
                                  Campus . . . . . . . . . . . . . . . . . 35
           David J. Chaboya and   
          Richard A. Raines and   
           Rusty O. Baldwin and   
               Barry E. Mullins   Network Intrusion Detection: Automated
                                  and Manual Methods Prone to Attack and
                                  Evasion  . . . . . . . . . . . . . . . . 36--43
          Vincent C. S. Lee and   
                     Linyi Shao   Estimating Potential IT Security Losses:
                                  An Alternative Quantitative Approach . . 44--52
             Janice Y. Tsai and   
                  Serge Egelman   Soups 2006 . . . . . . . . . . . . . . . 53--55
           Bradley S. Rubin and   
                  Donald Cheung   Computer Security Education and
                                  Research: Handle with Care . . . . . . . 56--59
              Phillip A. Porras   Privacy-Enabled Global Threat Monitoring 60--63
            John P. Tomaszewski   Are You Sure You Had a Privacy Incident? 64--66
            Vanessa Gratzer and   
                 David Naccache   Cryptography, Law Enforcement, and
                                  Mobile Communications  . . . . . . . . . 67--70
                     David Ladd   A Software Procurement and Security
                                  Primer . . . . . . . . . . . . . . . . . 71--73
                Laree Kiely and   
                Terry V. Benzel   Systemic Security Management . . . . . . 74--77
             William Suchan and   
                 Edward Sobiesk   Strengthening the Weakest Link in
                                  Digital Protection . . . . . . . . . . . 78--80
            Gunnar Peterson and   
                    John Steven   Defining Misuse within the Development
                                  Process  . . . . . . . . . . . . . . . . 81--84
                 Peter Mell and   
             Karen Scarfone and   
                Sasha Romanosky   Common Vulnerability Scoring System  . . 85--89
                      Anonymous   IEEE Security & Privacy 2006 Annual
                                  Index, Volume 4  . . . . . . . . . . . . 90--95
            Daniel E. Geer, Jr.   Evidently Evidentiary  . . . . . . . . . 96


IEEE Security & Privacy
Volume 5, Number 1, January / February, 2007

               Carl E. Landwehr   New Challenges for the New Year  . . . . 3--4
                      Anonymous   Special Thanks to S&P's Reviewers . . . . 6--7
                  Ross Anderson   Software Security: State of the Art  . . 8
                    Gary McGraw   Silver Bullet Speaks with John Stewart   9--11
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 12--15
                  Rolf Oppliger   Providing Certified Mail Services on the
                                  Internet . . . . . . . . . . . . . . . . 16--22
        Marco Domenico Aime and   
       Giorgio Calandriello and   
                   Antonio Lioy   Dependability in Wireless Networks: Can
                                  We Rely on WiFi? . . . . . . . . . . . . 23--29
                Carol Woody and   
            Christopher Alberts   Considering Operational Security Risk
                                  during System Development  . . . . . . . 30--35
              Wade H. Baker and   
                  Linda Wallace   Is Information Security Under Control?:
                                  Investigating Quality in Information
                                  Security Management  . . . . . . . . . . 36--44
      Annie I. Antón and   
              Julia B. Eart and   
            Matthew W. Vail and   
                  Neha Jain and   
            Carrie M. Gheen and   
                  Jack M. Frink   HIPAA's Effect on Web Site Privacy
                                  Policies . . . . . . . . . . . . . . . . 45--52
                Matt Bishop and   
             Deborah A. Frincke   Achieving Learning Objectives through
                                  E-Voting Case Studies  . . . . . . . . . 53--56
        Ravishankar K. Iyer and   
        Zbigniew Kalbarczyk and   
       Karthik Pattabiraman and   
             William Healey and   
             Wen-Mei W. Hwu and   
            Peter Klemperer and   
                   Reza Farivar   Toward Application-Aware Security and
                                  Reliability  . . . . . . . . . . . . . . 57--62
           Willi Geiselmann and   
              Rainer Steinwandt   Special-Purpose Hardware in
                                  Cryptanalysis: The Case of 1,024-Bit RSA 63--66
               Richard Ford and   
               William H. Allen   How Not to Be Seen . . . . . . . . . . . 67--69
              Adam J. O'Donnell   The Evolutionary Microcosm of Stock Spam 70--72
                   Lori DeLooze   Providing Web Service Security in a
                                  Federated Environment  . . . . . . . . . 73--75
                John Morris and   
                   Jon Peterson   Who's Watching You Now?  . . . . . . . . 76--79
                 Steve Bellovin   DRM, Complexity, and Correctness . . . . 80

IEEE Security & Privacy
Volume 5, Number 2, March / April, 2007

                 Fred Schneider   Trusted Computing in Context . . . . . . 4--5
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 7--10
                    Gary McGraw   Silver Bullet Speaks with Dorothy
                                  Denning  . . . . . . . . . . . . . . . . 11--14
               Iván Arce   A Surprise Party (on Your Computer)? . . 15--16
             Luca Carettoni and   
            Claudio Merloni and   
                 Stefano Zanero   Studying Bluetooth Malware Propagation:
                                  The BlueBag Project  . . . . . . . . . . 17--25
            Vanessa Gratzer and   
                 David Naccache   Alien vs. Quine  . . . . . . . . . . . . 26--31
            Carsten Willems and   
              Thorsten Holz and   
                 Felix Freiling   Toward Automated Dynamic Malware
                                  Analysis Using CWSandbox . . . . . . . . 32--39
                Robert Lyda and   
                  James Hamrock   Using Entropy Analysis to Find Encrypted
                                  and Packed Malware . . . . . . . . . . . 40--45
             Danilo Bruschi and   
         Lorenzo Martignoni and   
                   Mattia Monga   Code Normalization for Self-Mutating
                                  Malware  . . . . . . . . . . . . . . . . 46--54
 Abhilasha Bhargav-Spantzel and   
       Anna C. Squicciarini and   
                  Elisa Bertino   Trust Negotiation in Identity Management 55--63
      Marianthi Theoharidou and   
            Dimitris Gritazalis   Common Body of Knowledge for Information
                                  Security . . . . . . . . . . . . . . . . 64--67
                    Keye Martin   Secure Communication without Encryption? 68--71
           E. Michael Power and   
            Jonathan Gilhen and   
                Roland L. Trope   Setting Boundaries at Borders:
                                  Reconciling Laptop Searches and Privacy  72--75
               Patrick P. Tsang   When Cryptographers Turn Lead into Gold  76--79
                    Apu Kapadia   A Case (Study) For Usability in Secure
                                  Email Communication  . . . . . . . . . . 80--84
                   Michael Lesk   South Korea's Way to the Future  . . . . 85--87
       Elizabeth A. Nichols and   
                Gunnar Peterson   A Metrics Framework to Drive Application
                                  Security Improvement . . . . . . . . . . 88--91
     Ramaswamy Chandramouli and   
                     Philip Lee   Infrastructure Standards for Smart ID
                                  Card Deployment  . . . . . . . . . . . . 92--96

IEEE Security & Privacy
Volume 5, Number 3, May / June, 2007

               Carl E. Landwehr   Food for Thought: Improving the Market
                                  for Assurance  . . . . . . . . . . . . . 3--4
                    Gary McGraw   Silver Bullet Talks with Becky Bace  . . 6--9
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 10--12
    Shari Lawrence Pfleeger and   
            Roland L. Trope and   
              Charles C. Palmer   Guest Editors' Introduction: Managing
                                  Organizational Security  . . . . . . . . 13--15
            M. Eric Johnson and   
                     Eric Goetz   Embedding Information Security into the
                                  Organization . . . . . . . . . . . . . . 16--24
    Shari Lawrence Pfleeger and   
             Martin Libicki and   
                 Michael Webber   I'll Buy That! Cybersecurity in the
                                  Internet Marketplace . . . . . . . . . . 25--31
            Roland L. Trope and   
           E. Michael Power and   
          Vincent I. Polley and   
             Bradford C. Morley   A Coherent Strategy for Data Security
                                  through Data Governance  . . . . . . . . 32--39
                David Rosenblum   What Anyone Can Know: The Privacy Risks
                                  of Social Networking Sites . . . . . . . 40--49
             Walter S. Baer and   
               Andrew Parkinson   Cyberinsurance in IT Security Management 50--56
           Richard S. Swart and   
             Robert F. Erbacher   Educating Students to Create Trustworthy
                                  Systems  . . . . . . . . . . . . . . . . 58--61
          Matthew Carpenter and   
                 Tom Liston and   
                     Ed Skoudis   Hiding Virtualization from Attackers and
                                  Malware  . . . . . . . . . . . . . . . . 62--65
             Edward Sobiesk and   
                  Gregory Conti   The Cost of Free Web Tools . . . . . . . 66--68
               Anna Lysyanskaya   Authentication without Identification    69--71
                Tina R. Knutson   Building Privacy into Software Products
                                  and Services . . . . . . . . . . . . . . 72--74
                    David Ahmad   The Contemporary Software Security
                                  Landscape  . . . . . . . . . . . . . . . 75--77
                M. Angela Sasse   Red-Eye Blink, Bendy Shuffle, and the
                                  Yuck Factor: a User Experience of
                                  Biometric Airport Systems  . . . . . . . 78--81
          Michael N. Gagnon and   
             Stephen Taylor and   
                  Anup K. Ghosh   Software Protection through
                                  Anti-Debugging . . . . . . . . . . . . . 82--84
              Johan Peeters and   
                     Paul Dyson   Cost-Effective Security  . . . . . . . . 85--87
                 Bruce Schneier   Nonsecurity Considerations in Security
                                  Decisions  . . . . . . . . . . . . . . . 88

IEEE Security & Privacy
Volume 5, Number 4, July / August, 2007

                    Marc Donner   Cyberassault on Estonia  . . . . . . . . 4
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 6--9
                Gary McGraw and   
                  Ross Anderson   Silver Bullet Talks with Ross Anderson   10--13
           Jennifer English and   
                  David Coe and   
               Rhonda Gaede and   
                 David Hyde and   
                 Jeffrey Kulick   MEMS-Assisted Cryptography for CPI
                                  Protection . . . . . . . . . . . . . . . 14--21
              Faith M. Heikkila   Encryption: Security Considerations for
                                  Portable Media Devices . . . . . . . . . 22--27
               Jeffrey R. Jones   Estimating Software Vulnerabilities  . . 28--32
                Jangbok Kim and   
               Kihyun Chung and   
                  Kyunghee Choi   Spam Filtering With Dynamically Updated
                                  URL Statistics . . . . . . . . . . . . . 33--39
        Christos K. Dimitriadis   Improving Mobile Core Network Security
                                  with Honeynets . . . . . . . . . . . . . 40--47
               Sean Peisert and   
                    Matt Bishop   I Am a Scientist, Not a Philosopher! . . 48--51
                  Michael Franz   Containing the Ultimate Trojan Horse . . 52--56
              Sophie In 't Veld   Data Sharing across the Atlantic . . . . 58--61
       Onur Aciiçmez and   
        Jean-Pierre Seifert and   
   Çetin Kaya Koç   Micro-Architectural Cryptanalysis  . . . 62--64
               William H. Allen   Mixing Wheat with the Chaff: Creating
                                  Useful Test Data for IDS Evaluation  . . 65--67
               Iván Arce   Ghost in the Virtual Machine . . . . . . 68--71
                  Sergey Bratus   What Hackers Learn that the Rest of Us
                                  Don't: Notes on Hacker Curriculum  . . . 72--75
                   Michael Lesk   The New Front Line: Estonia under
                                  Cyberassault . . . . . . . . . . . . . . 76--79
              Suvajit Gupta and   
                  Joel Winstead   Using Attack Graphs to Design Systems    80--83
              Pete Bramhall and   
               Marit Hansen and   
             Kai Rannenberg and   
                Thomas Roessler   User-Centric Identity Management: New
                                  Trends in Standardization and Regulation 84--87
                 Daniel E. Geer   The End of Black and White . . . . . . . 88

IEEE Security & Privacy
Volume 5, Number 5, September / October, 2007

              Fred B. Schneider   Technology Scapegoats and Policy Saviors 3--4
                      Anonymous   Interface  . . . . . . . . . . . . . . . 5
        Shari Lawrence Pfleeger   Spooky Lessons . . . . . . . . . . . . . 7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Annie Antón . . . . . . . . . . . . . . . 8--11
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 12--14
               Paul N. Otto and   
      Annie I. Antón and   
                David L. Baumer   The ChoicePoint Dilemma: How Data
                                  Brokers Should Handle the Privacy of
                                  Personal Information . . . . . . . . . . 15--23
        Apostol T. Vassilev and   
         Bertrand du Castel and   
                    Asad M. Ali   Personal Brokerage of Web Service Access 24--31
             Frank J. Mabry and   
              John R. James and   
              Aaron J. Ferguson   Unicode Steganographic Exploits:
                                  Maintaining Enterprise Border Security   32--39
           Barry E. Mullins and   
           Timothy H. Lacey and   
            Robert F. Mills and   
         Joseph E. Trechter and   
                 Samuel D. Bass   How the Cyber Defense Exercise Shaped an
                                  Information-Assurance Curriculum . . . . 40--49
                 Ilan Oshri and   
            Julia Kotlarsky and   
                   Corey Hirsch   An Information Security Strategy for
                                  Networkable Devices  . . . . . . . . . . 50--56
          Jonathan Caulkins and   
              Eric D. Hough and   
              Nancy R. Mead and   
                   Hassan Osman   Optimizing Investments in Security
                                  Countermeasures: a Practical Tool for
                                  Fixed Budgets  . . . . . . . . . . . . . 57--60
            Julie J. C. H. Ryan   Plagiarism, Graduate Education, and
                                  Information Security . . . . . . . . . . 62--65
                   David Fraser   The Canadian Response to the USA Patriot
                                  Act  . . . . . . . . . . . . . . . . . . 66--68
            Vanessa Gratzer and   
                 David Naccache   Trust on a Nationwide Scale  . . . . . . 69--71
                 Dianne Solomon   Balancing Privacy and Risk in the
                                  E-Messaging World  . . . . . . . . . . . 72--75
                Gary McGraw and   
                   Greg Hoglund   Online Games and Security  . . . . . . . 76--79
                Fred Dushin and   
                  Eric Newcomer   Handling Multiple Credentials in a
                                  Heterogeneous SOA Environment  . . . . . 80--82
           Roger Dingledine and   
             Nick Mathewson and   
                  Paul Syverson   Deploying Low-Latency Anonymity: Design
                                  Challenges and Social Factors  . . . . . 83--87
                 Steve Bellovin   Seers and Craftspeople . . . . . . . . . 88

IEEE Security & Privacy
Volume 5, Number 6, November / December, 2007

               Carl E. Landwehr   Revolution through Competition?  . . . . 3--4
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Mikko Hyppönen  . . . . . . . . . . . . . 8--11
                Martin R. Stytz   What Are the Numbers?  . . . . . . . . . 12
           Markus Jakobsson and   
                      Sid Stamm   Web Camouflage: Protecting Your Clients
                                  from Browser-Sniffing Attacks  . . . . . 16--24
              Kjell J. Hole and   
        Vebjòrn Moen and   
 André N. Klingsheim and   
                  Knut M. Tande   Lessons from the Norwegian ATM System    25--31
            Ugo Piazzalunga and   
          Paolo Salvaneschi and   
         Francesco Balducci and   
            Pablo Jacomuzzi and   
           Cristiano Moroncelli   Security Strength Measurement for
                                  Dongle-Protected Software  . . . . . . . 32--40
                 Ninghui Li and   
                Ji-Won Byun and   
                  Elisa Bertino   A Critique of the ANSI Standard on
                                  Role-Based Access Control  . . . . . . . 41--49
            David Ferraiolo and   
                  Rick Kuhn and   
                    Ravi Sandhu   RBAC Standard Rationale: Comments on ``A
                                  Critique of the ANSI Standard on
                                  Role-Based Access Control''  . . . . . . 51--53
            Pythagoras Petratos   Weather, Information Security, and
                                  Markets  . . . . . . . . . . . . . . . . 54--57
               E. Michael Power   Developing a Culture of Privacy: a Case
                                  Study  . . . . . . . . . . . . . . . . . 58--60
                 Serge Vaudenay   E-Passport Threats . . . . . . . . . . . 61--64
               Richard Ford and   
               William H. Allen   How Not to Be Seen II: The Defenders
                                  Fight Back . . . . . . . . . . . . . . . 65--68
                 David McKinney   Vulnerability Bazaar . . . . . . . . . . 69--73
            Luiz Felipe Perrone   Could a Caveman Do It? The Surprising
                                  Potential of Simple Attacks  . . . . . . 74--77
                Martin R. Stytz   Who Are the Experts, and What Have They
                                  Done for Us Lately?  . . . . . . . . . . 78--80
                John Steven and   
                Gunnar Peterson   Metricon 2.0 . . . . . . . . . . . . . . 81--83
                    Matt Bishop   About Penetration Testing  . . . . . . . 84--87
                 Bruce Schneier   The Death of the Security Industry . . . 88


IEEE Security & Privacy
Volume 6, Number 1, January / February, 2008

                    Marc Donner   Charge of the Light Brigade  . . . . . . 5--5
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 6--8
                Eugene Spafford   James P. Anderson: An Information
                                  Security Pioneer . . . . . . . . . . . . 9
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Eugene Spafford  . . . . . . . . . . . . 10--15
         Steven M. Bellovin and   
            Terry V. Benzel and   
                Bob Blakley and   
         Dorothy E. Denning and   
           Whitfield Diffie and   
             Jeremy Epstein and   
         Paulo Veríssimo   Information Assurance Technology
                                  Forecast 2008  . . . . . . . . . . . . . 16--23
         Steven M. Bellovin and   
                 Matt Blaze and   
           Whitfield Diffie and   
               Susan Landau and   
           Peter G. Neumann and   
               Jennifer Rexford   Risking Communications Security:
                                  Potential Hazards of the Protect America
                                  Act  . . . . . . . . . . . . . . . . . . 24--33
              Siani Pearson and   
         Marco Casassa-Mont and   
                    Manny Novoa   Securing Information Transfer in
                                  Distributed Computing Environments . . . 34--42
        Anirban Chakrabarti and   
            Anish Damodaran and   
            Shubhashis Sengupta   Grid Computing Security: a Taxonomy  . . 44--51
       David John Leversage and   
               Eric James Byres   Estimating a System's Mean
                                  Time-to-Compromise . . . . . . . . . . . 52--60
          Frank L. Greitzer and   
            Andrew P. Moore and   
           Dawn M. Cappelli and   
             Dee H. Andrews and   
            Lynn A. Carroll and   
                 Thomas D. Hull   Combating the Insider Cyber Threat . . . 61--64
             Martim Carbone and   
              Diego Zamboni and   
                      Wenke Lee   Taming Virtualization  . . . . . . . . . 65--67
           Aleksey Kolupaev and   
                 Juriy Ogijenko   CAPTCHAs: Humans vs. Bots  . . . . . . . 68--70
                 Michael Howard   Becoming a Security Expert . . . . . . . 71--73
                     Dave Ahmad   The Confused Deputy and the Domain
                                  Hijacker . . . . . . . . . . . . . . . . 74--77
                   Michael Lesk   Forum Shopping on the Internet . . . . . 78--80
                  Edward Bonver   Security Testing of Internal Tools . . . 81--83
                   Ed Coyne and   
                       Tim Weil   An RBAC Implementation and
                                  Interoperability Standard: The INCITS
                                  Cyber Security 1.1 Model . . . . . . . . 84--87
                   Dan Geer and   
                  Daniel Conway   What We Got for Christmas  . . . . . . . 88

IEEE Security & Privacy
Volume 6, Number 2, March / April, 2008

                    Marc Donner   Lessons from Electrification for
                                  Identification . . . . . . . . . . . . . 3
               Simson Garfinkel   Sharp Figures, Fuzzy Purpose . . . . . . 5
                    Gary McGraw   Interview: Silver Bullet Talks with Ed
                                  Amoroso  . . . . . . . . . . . . . . . . 6--9
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 10--12
               Susan Landau and   
            Deirdre K. Mulligan   I'm Pc01002/SpringPeeper/ED288l.6; Who
                                  are You? . . . . . . . . . . . . . . . . 13--15
                  Eve Maler and   
                  Drummond Reed   The Venn of Identity: Options and Issues
                                  in Federated Identity Management . . . . 16--23
             Rachna Dhamija and   
                 Lisa Dusseault   The Seven Flaws of Identity Management:
                                  Usability and Security Challenges  . . . 24--29
                James L. Wayman   Biometrics in Identity Management
                                  Systems  . . . . . . . . . . . . . . . . 30--37
               Marit Hansen and   
               Ari Schwartz and   
                  Alissa Cooper   Privacy and Identity Management  . . . . 38--45
            Alessandro Acquisti   Identity Management, Privacy, and Price
                                  Discrimination . . . . . . . . . . . . . 46--50
             Robin McKenzie and   
           Malcolm Crompton and   
                   Colin Wallis   Use Cases for Identity Management in
                                  E-Government . . . . . . . . . . . . . . 51--57
             Thomas E. Dube and   
            Bobby D. Birrer and   
          Richard A. Raines and   
           Rusty O. Baldwin and   
           Barry E. Mullins and   
       Robert W. Bennington and   
          Christopher E. Reuter   Hindering Reverse Engineering: Thinking
                                  Outside the Box  . . . . . . . . . . . . 58--65
           Markus Jakobsson and   
          Nathaniel Johnson and   
                     Peter Finn   Why and How to Perform Fraud Experiments 66--68
               Eric Levieil and   
                 David Naccache   Cryptographic Test Correction  . . . . . 69--71
                 Marco Carvalho   Security in Mobile Ad Hoc Networks . . . 72--75
                 David McKinney   New Hurdles for Vulnerability Disclosure 76--78
         Michael E. Locasto and   
                Angelos Stavrou   The Hidden Difficulties of Watching and
                                  Rebuilding Networks  . . . . . . . . . . 79--82
            Patrick Harding and   
             Leif Johansson and   
              Nate Klingenstein   Dynamic Security Assertion Markup
                                  Language: Simplifying Single Sign-On . . 83--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   Beware the IDs of March  . . . . . . . . 87
                 Steve Bellovin   Security by Checklist  . . . . . . . . . 88

IEEE Security & Privacy
Volume 6, Number 3, May / June, 2008

               Carl E. Landwehr   Up Scope . . . . . . . . . . . . . . . . 3--4
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 6--8
                    Gary McGraw   Interview: Silver Bullet Talks with Jon
                                  Swartz . . . . . . . . . . . . . . . . . 9--11
             Aviel D. Rubin and   
             David R. Jefferson   New Research Results for Electronic
                                  Voting . . . . . . . . . . . . . . . . . 12--13
           Altair O. Santin and   
         Regivaldo G. Costa and   
              Carlos A. Maziero   A Three-Ballot-Based Secure Electronic
                                  Voting System  . . . . . . . . . . . . . 14--21
              Alec Yasinsac and   
                    Matt Bishop   The Dynamics of Counting and Recounting
                                  Votes  . . . . . . . . . . . . . . . . . 22--29
              Nirwan Ansari and   
       Pitipatana Sakarindr and   
              Ehsan Haghani and   
                 Chao Zhang and   
           Aridaman K. Jain and   
                     Yun Q. Shi   Evaluating Electronic Voting Systems
                                  Equipped with Voter-Verified Paper
                                  Records  . . . . . . . . . . . . . . . . 30--39
                David Chaum and   
                Aleks Essex and   
            Richard Carback and   
               Jeremy Clark and   
          Stefan Popoveniuc and   
               Alan Sherman and   
                    Poorvi Vora   Scantegrity: End-to-End Voter-Verifiable
                                  Optical-Scan Voting  . . . . . . . . . . 40--46
   Iñaki Goirizelaia and   
                 Ted Selker and   
              Maider Huarte and   
                 Juanjo Unzilla   An Optical Scan E-Voting System based on
                                  N-Version Programming  . . . . . . . . . 47--53
                Lynn Batten and   
                        Lei Pan   Teaching Digital Forensics to
                                  Undergraduate Students . . . . . . . . . 54--56
              Gordon Hughes and   
              Sophie Dawson and   
                    Tim Brookes   Considering New Privacy Laws in
                                  Australia  . . . . . . . . . . . . . . . 57--59
                William E. Burr   A New Hash Competition . . . . . . . . . 60--62
               John R. Michener   Common Permissions in Microsoft Windows
                                  Server 2008 and Windows Vista  . . . . . 63--67
              Adam J. O'Donnell   When Malware Attacks (Anything but
                                  Windows) . . . . . . . . . . . . . . . . 68--70
              Sergey Bratus and   
               Chris Masone and   
                  Sean W. Smith   Why Do Street-Smart People Do Stupid
                                  Things Online? . . . . . . . . . . . . . 71--74
                   Michael Lesk   Digital Rights Management and
                                  Individualized Pricing . . . . . . . . . 76--79
                 Jeremy Epstein   Security Lessons Learned from Société
                                  Générale . . . . . . . . . . . . . . . . . 80--82
             Sheila Frankel and   
                    David Green   Internet Protocol Version 6  . . . . . . 83--86
            Daniel E. Geer, Jr.   Learn by Analogy or Die Trying . . . . . 88, 87

IEEE Security & Privacy
Volume 6, Number 4, July / August, 2008

              Fred B. Schneider   Network Neutrality versus Internet
                                  Trustworthiness? . . . . . . . . . . . . 3--4
                    Gary McGraw   Interview: Silver Bullet Talks with Adam
                                  Shostack . . . . . . . . . . . . . . . . 6--10
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 11--13
              Kjell J. Hole and   
         Lars-Helge Netland and   
              Yngve Espelid and   
 André N. Klingsheim and   
          Hallvar Helleseth and   
               Jan B. Henriksen   Open Wireless Networks on University
                                  Campuses . . . . . . . . . . . . . . . . 14--20
          Abdul (Ali) Razaq and   
               Wai Tong Luk and   
               Kam Man Shum and   
             Lee Ming Cheng and   
                  Kai Ning Yung   Second-Generation RFID . . . . . . . . . 21--27
                 Sameer Pai and   
            Sergio Bermudez and   
          Stephen B. Wicker and   
             Marci Meingast and   
               Tanya Roosta and   
             Shankar Sastry and   
            Deirdre K. Mulligan   Transactional Confidentiality in Sensor
                                  Networks . . . . . . . . . . . . . . . . 28--35
             Thomas Weigold and   
             Thorsten Kramp and   
               Michael Baentsch   Remote Client Authentication . . . . . . 36--43
       Alexander Pretschner and   
               Manuel Hilty and   
        Florian Schütz and   
         Christian Schaefer and   
                  Thomas Walter   Usage Control Enforcement: Present and
                                  Future . . . . . . . . . . . . . . . . . 44--53
      Lillian Ròstad and   
Gunnar René Òie and   
   Inger Anne Tòndel and   
         Per Håkon Meland   Learning by Failing (and Fixing) . . . . 54--56
                      Anonymous   Call for Papers: Online Gaming Security  57--57
                 Khaled El Emam   Heuristics for De-identifying Health
                                  Data . . . . . . . . . . . . . . . . . . 58--61
                Justin Troutman   The Virtues of Mature and Minimalist
                                  Cryptography . . . . . . . . . . . . . . 62--65
                 Joel Predd and   
    Shari Lawrence Pfleeger and   
             Jeffrey Hunker and   
                  Carla Bulford   Insiders Behaving Badly  . . . . . . . . 66--70
                      Anonymous   2008 Membership advertisement  . . . . . 71--73
                   Susan Landau   Security and Privacy Landscape in
                                  Emerging Technologies  . . . . . . . . . 74--77
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   Strong Attractors  . . . . . . . . . . . 78--79
                 Bruce Schneier   How the Human Brain Buys Security  . . . 80--80
                      Anonymous   Corporate Network Security advertisement c3--c3
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IT Security World advertisement  . . . . c2--c2
                      Anonymous   Usenix Security Symposium advertisement  c4--c4

IEEE Security & Privacy
Volume 6, Number 5, September / October, 2008

               Carl E. Landwehr   From the Editors: Cybersecurity and
                                  Artificial Intelligence: From Fixing the
                                  Plumbing to Smart Water  . . . . . . . . 3--4
                Martin R. Stytz   Book Reviews: The Shape of Crimeware to
                                  Come . . . . . . . . . . . . . . . . . . 5--5
                    Gary McGraw   Interview: Silver Bullet Talks with Bill
                                  Cheswick . . . . . . . . . . . . . . . . 7--11
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 12--13
             Samuel T. King and   
                  Sean W. Smith   Guest Editors' Introduction:
                                  Virtualization and Security: Back to the
                                  Future . . . . . . . . . . . . . . . . . 15--15
             Paul A. Karger and   
               David R. Safford   Virtualization: I/O for Virtual Machine
                                  Monitors: Security and Performance
                                  Issues . . . . . . . . . . . . . . . . . 16--23
               Ronald Perez and   
         Leendert van Doorn and   
                  Reiner Sailer   Virtualization and Hardware-Based
                                  Security . . . . . . . . . . . . . . . . 24--31
                 Kara Nance and   
                Matt Bishop and   
                      Brian Hay   Virtual Machine Introspection:
                                  Observation or Interference? . . . . . . 32--37
        Julie J. C. H. Ryan and   
                 Daniel J. Ryan   Risk Management: Performance Metrics for
                                  Information Security Risk Management . . 38--44
       Panayiotis Kotzanikolaou   Data Privacy: Data Retention and Privacy
                                  in Electronic Communications . . . . . . 46--52
                Matt Bishop and   
             Deborah A. Frincke   Education: Information Assurance
                                  Education: a Work In Progress  . . . . . 54--57
               Peter McLaughlin   Privacy Interests: Cross-Border Data
                                  Flows and Increased Enforcement  . . . . 58--61
                  Luther Martin   Crypto Corner: Identity-Based Encryption
                                  and Beyond . . . . . . . . . . . . . . . 62--64
                    Wei Yan and   
                Zheng Zhang and   
                  Nirwan Ansari   Basic Training: Revealing Packed Malware 65--69
                    David Ahmad   Attack Trends: Two Years of Broken
                                  Crypto: Debian's Dress Rehearsal for a
                                  Global PKI Compromise  . . . . . . . . . 70--73
              Camilo Viecco and   
                      Jean Camp   Secure Systems: a Life or Death InfoSec
                                  Subversion . . . . . . . . . . . . . . . 74--76
            Roland L. Trope and   
               Monique Witt and   
               William J. Adams   Digital Protection: Hardening the Target 77--81
              Edward Bonver and   
                  Michael Cohen   Building Security In: Developing and
                                  Retaining a Security Testing Mindset . . 82--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   For Good Measure: Type II Reverse
                                  Engineering  . . . . . . . . . . . . . . 86--87
             Steven M. Bellovin   Clear Text: The Puzzle of Privacy  . . . 88--88

IEEE Security & Privacy
Volume 6, Number 6, November / December, 2008

                   Bret Michael   From the Editors: Are Governments Up to
                                  the Task?  . . . . . . . . . . . . . . . 4--5
                    Gary McGraw   Interview: Silver Bullet Talks with Matt
                                  Bishop . . . . . . . . . . . . . . . . . 6--10
               O. Sami Saydjari   Spotlight: Launching into the Cyberspace
                                  Race: An Interview with Melissa E.
                                  Hathaway . . . . . . . . . . . . . . . . 11--17
             James Figueroa and   
                  Brandi Ortega   News: Shaking Up the Cybersecurity
                                  Landscape  . . . . . . . . . . . . . . . 18--21
                Ron Trellue and   
              Charles C. Palmer   Guest Editors' Introduction: Process
                                  Control System Security: Bootstrapping a
                                  Legacy . . . . . . . . . . . . . . . . . 22--23
        Markus Brändle and   
                 Martin Naedele   Process Control Security: Security for
                                  Process Control Systems: An Overview . . 24--29
             David M. Nicol and   
         William H. Sanders and   
              Sankalp Singh and   
                     Mouna Seri   Usable Global Network Access Policy for
                                  Process Control Systems  . . . . . . . . 30--36
           Raymond C. Parks and   
                  Edmond Rogers   Vulnerability Assessment for Critical
                                  Infrastructure Control Systems . . . . . 37--43
      Alysson Neves Bessani and   
                Paulo Sousa and   
             Miguel Correia and   
        Nuno Ferreira Neves and   
         Paulo Veríssimo   The Crutial Way of Critical
                                  Infrastructure Protection  . . . . . . . 44--51
           Bertrand Mathieu and   
          Saverio Niccolini and   
                Dorgham Sisalem   Voice over IP: SDRS: a Voice-over-IP
                                  Spam Detection and Reaction System . . . 52--59
                Shane Balfe and   
             Eimear Gallery and   
          Chris J. Mitchell and   
            Kenneth G. Paterson   Trusted Computing: Challenges for
                                  Trusted Computing  . . . . . . . . . . . 60--66
              Yuen-Yan Chan and   
                  Victor K. Wei   Education: Teaching for Conceptual
                                  Change in Security Awareness . . . . . . 67--69
                  Kirk J. Nahra   Privacy Interests: HIPAA Security
                                  Enforcement Is Here  . . . . . . . . . . 70--72
                   Chengyun Chu   Basic Training: Introduction to
                                  Microsoft .NET Security  . . . . . . . . 73--78
              Jeremiah Grossman   Attack Trends: Five User-Customizable
                                  Web Site Security Features . . . . . . . 79--81
                    John Steven   Building Security In: State of
                                  Application Assessment . . . . . . . . . 82--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   For Good Measure: Security Is a Subset
                                  of Reliability . . . . . . . . . . . . . 86--87
            Daniel E. Geer, Jr.   Clear Text: Complexity Is the Enemy  . . 88--88
                      Anonymous   Annual Index . . . . . . . . . . . . . . 0--0


IEEE Security & Privacy
Volume 7, Number 1, January / February, 2009

                    Marc Donner   From the Editors: Reading (with) the
                                  Enemy  . . . . . . . . . . . . . . . . . 3--3
                  Brandi Ortega   News Briefs: Shaking Up the
                                  Cybersecurity Landscape  . . . . . . . . 5--6
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Gunnar Peterson  . . . . . . . . . . . . 7--11
         Jaynarayan H. Lala and   
              Fred B. Schneider   Guest Editors' Introduction: IT
                                  Monoculture Security Risks and Defenses  12--13
          Kenneth P. Birman and   
              Fred B. Schneider   IT Monoculture: The Monoculture Risk Put
                                  into Context . . . . . . . . . . . . . . 14--17
           Angelos D. Keromytis   Randomized Instruction Sets and Runtime
                                  Environments Past Research and Future
                                  Directions . . . . . . . . . . . . . . . 18--25
            Daniel Williams and   
                     Wei Hu and   
           Jack W. Davidson and   
             Jason D. Hiser and   
             John C. Knight and   
               Anh Nguyen-Tuong   Security through Diversity: Leveraging
                                  Virtual Machine Technology . . . . . . . 26--33
              Kjell J. Hole and   
 André N. Klingsheim and   
         Lars-Helge Netland and   
              Yngve Espelid and   
    Thomas TjÒstheim and   
            VebjÒrn Moen   Assessing PKI: Risk Assessment of a
                                  National Security Infrastructure . . . . 34--41
              Michel Cukier and   
                Susmit Panjwani   Vulnerability Remediation: Prioritizing
                                  Vulnerability Remediation by Determining
                                  Attacker-Targeted Vulnerabilities  . . . 42--48
               William Enck and   
           Machigar Ongtang and   
               Patrick McDaniel   Focus: Understanding Android Security    50--57
                   Susan Landau   Perspectives: The NRC Takes on Data
                                  Mining, Behavioral Surveillance, and
                                  Privacy  . . . . . . . . . . . . . . . . 58--62
               Bret Michael and   
               Jeffrey Voas and   
                  Phil Laplante   It All Depends: Cyberpandemics: History,
                                  Inevitability, Response  . . . . . . . . 63--67
              Yuen-Yan Chan and   
                  Victor K. Wei   Education: Teaching for Conceptual
                                  Change in Security Awareness: a Case
                                  Study in Higher Education  . . . . . . . 68--71
           Patricia Kosseim and   
                 Khaled El Emam   Privacy Interests: Privacy Interests in
                                  Prescription Data, Part I: Prescriber
                                  Privacy  . . . . . . . . . . . . . . . . 72--76
           Franco Callegati and   
             Walter Cerroni and   
                  Marco Ramilli   Basic Training: Man-in-the-Middle Attack
                                  to the HTTPS Protocol  . . . . . . . . . 78--81
                 Phillip Porras   Attack Trends: Directions in
                                  Network-Based Security Monitoring  . . . 82--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   For Good Measure: The Owned Price Index  86--87
                 Bruce Schneier   Clear Text: Architecture of Privacy  . . 88--88

IEEE Security & Privacy
Volume 7, Number 2, March / April, 2009

              Fred B. Schneider   From the Editors: Accountability for
                                  Perfection . . . . . . . . . . . . . . . 3--4
                      Anonymous   Special Thanks: Special Thanks to S&P's
                                  Peer Reviewers . . . . . . . . . . . . . 5--6
                  Brandi Ortega   News Briefs  . . . . . . . . . . . . . . 8--9
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Jeremiah Grossman  . . . . . . . . . . . 10--14
        Shari Lawrence Pfleeger   Book Reviews: Searching for You  . . . . 15--15
    Michael A. Caloyannides and   
                Nasir Memon and   
                  Wietse Venema   Guest Editors' Introduction: Digital
                                  Forensics  . . . . . . . . . . . . . . . 16--17
        Michael A. Caloyannides   Forensics Is So ``Yesterday''  . . . . . 18--25
               Brian D. Carrier   Digital Forensics Works  . . . . . . . . 26--29
                  Brian Hay and   
                Matt Bishop and   
                     Kara Nance   Live Analysis: Progress and Challenges   30--37
        Simson L. Garfinkel and   
               James J. Migletz   New XML-Based Files Implications for
                                  Forensics  . . . . . . . . . . . . . . . 38--44
             Gavin W. Manes and   
              Elizabeth Downing   Overview of Licensing and Legal Issues
                                  for Digital Forensic Investigators . . . 45--48
                 Vassil Roussev   Hashing and Data Fingerprinting in
                                  Digital Forensics  . . . . . . . . . . . 49--55
          Sarah Spiekermann and   
               Sergei Evdokimov   Authentication: Critical RFID
                                  Privacy-Enhancing Technologies . . . . . 56--62
                John Harauz and   
                Lori M. Kaufman   It All Depends: a New Era of
                                  Presidential Security: The President and
                                  His BlackBerry . . . . . . . . . . . . . 67--70
               Jungwoo Ryoo and   
Angsana Techatassanasoontorn and   
                    Dongwon Lee   Education: Security Education Using
                                  Second Life  . . . . . . . . . . . . . . 71--74
             Khaled El Emam and   
               Patricia Kosseim   Privacy Interests: Privacy Interests in
                                  Prescription Data, Part 2: Patient
                                  Privacy  . . . . . . . . . . . . . . . . 75--78
           Julien Brouchier and   
                   Tom Kean and   
                Carol Marsh and   
                 David Naccache   Crypto Corner: Temperature Attacks . . . 79--82
        Martin Gilje Jaatun and   
             Jostein Jensen and   
         Håvard Vegge and   
     Finn Michael Halvorsen and   
Rune Walsò Nergård   Attack Trends: Fools Download Where
                                  Angels Fear to Tread . . . . . . . . . . 83--86
            Michael Zhivich and   
           Robert K. Cunningham   Secure Systems: The Real Cost of
                                  Software Errors  . . . . . . . . . . . . 87--90
                Gunnar Peterson   Building Security In: Service-Oriented
                                  Security Indications for Use . . . . . . 91--93
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   For Good Measure: Hard Data Is Good to
                                  Find . . . . . . . . . . . . . . . . . . 94--95
             Steven M. Bellovin   Clear Text: The Government and
                                  Cybersecurity  . . . . . . . . . . . . . 96--96

IEEE Security & Privacy
Volume 7, Number 3, May / June, 2009

               Carl E. Landwehr   From the Editors: a National Goal for
                                  Cyberspace: Create an Open, Accountable
                                  Internet . . . . . . . . . . . . . . . . 3--4
                 James Figueroa   News Briefs  . . . . . . . . . . . . . . 6--7
                 James McGovern   Interview: Silver Bullet Talks with Gary
                                  McGraw . . . . . . . . . . . . . . . . . 8--10
                Gary McGraw and   
                      Ming Chow   Securing Online Games: Guest Editors'
                                  Introduction: Securing Online Games:
                                  Safeguarding the Future of Software
                                  Security . . . . . . . . . . . . . . . . 11--12
               Stephen Bono and   
               Dan Caselden and   
             Gabriel Landau and   
                 Charlie Miller   Reducing the Attack Surface in Massively
                                  Multiplayer Online Role-Playing Games    13--19
              Aaron Portnoy and   
             Ali Rizvi-Santiago   Walking on Water: a Cheating Case Study  20--22
                   Sean F. Kane   Virtual Judgment: Legal Implications of
                                  Online Gaming  . . . . . . . . . . . . . 23--28
         Stefan Mitterhofer and   
        Christopher Kruegel and   
                Engin Kirda and   
              Christian Platzer   Server-Side Bot Detection in Massively
                                  Multiplayer Online Games . . . . . . . . 29--36
                   Jeff Yan and   
                  Brian Randell   An Investigation of Cheating in Online
                                  Games  . . . . . . . . . . . . . . . . . 37--44
            M. Eric Johnson and   
                 Eric Goetz and   
        Shari Lawrence Pfleeger   Information Risk: Security through
                                  Information Risk Management  . . . . . . 45--52
             Michael E. Locasto   Education: Helping Students Own Their
                                  Own Code . . . . . . . . . . . . . . . . 53--56
             Vijay Varadharajan   On the Horizon: a Note on Trust-Enhanced
                                  Security . . . . . . . . . . . . . . . . 57--59
                    Marc Donner   Biblio Tech: War Stories . . . . . . . . 60--63
              Gregory Conti and   
                 Edward Sobiesk   Privacy Interests: Malicious Interfaces
                                  and Personalization's Uninviting Future  64--67
                 Michael Howard   Basic Training: Improving Software
                                  Security by Eliminating the CWE Top 25
                                  Vulnerabilities  . . . . . . . . . . . . 68--71
                   Bojan Zdrnja   Attack Trends: Malicious JavaScript
                                  Insertion through ARP Poisoning Attacks  72--74
           Patrick McDaniel and   
             Stephen McLaughlin   Secure Systems: Security and Privacy
                                  Challenges in the Smart Grid . . . . . . 75--77
                   Michael Lesk   Security & Privacy Economics: Reading
                                  Over Your Shoulder . . . . . . . . . . . 78--81
             Anton Chuvakin and   
                Gunnar Peterson   Building Security In: Logging in the Age
                                  of Web Services  . . . . . . . . . . . . 82--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   For Good Measure: a Doubt of the Benefit 86--87
            Daniel E. Geer, Jr.   ClearText: Digital Endosymbiosis . . . . 88--88

IEEE Security & Privacy
Volume 7, Number 4, July / August, 2009

                    Marc Donner   From the Editors: New Models for Old . . 3--4
                      Anonymous   Interface: Letters to the Editor . . . . 6--7
                 James Figueroa   News Briefs  . . . . . . . . . . . . . . 8--10
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Virgil Gligor  . . . . . . . . . . . . . 11--14
                    Herbert Lin   Special Report: Lifting the Veil on
                                  Cyber Offense  . . . . . . . . . . . . . 15--21
                   Jeff Yan and   
           Ahmad Salah El Ahmad   Pixel-Count Attacks: CAPTCHA Security: a
                                  Case Study . . . . . . . . . . . . . . . 22--28
           Gordon F. Hughes and   
               Tom Coughlin and   
              Daniel M. Commins   Secure Data Sanitization: Disposal of
                                  Disk and Tape Data by Secure
                                  Sanitization . . . . . . . . . . . . . . 29--34
                     Qun Ni and   
              Elisa Bertino and   
                 Jorge Lobo and   
               Seraphin B. Calo   Access Control: Privacy-Aware Role-Based
                                  Access Control . . . . . . . . . . . . . 35--43
              Michael Meike and   
        Johannes Sametinger and   
               Andreas Wiesauer   Internet Security: Security in Open
                                  Source Web Content Management Systems    44--51
                 Rachel Rue and   
        Shari Lawrence Pfleeger   Cybersecurity: Making the Best Use of
                                  Cybersecurity Economic Models  . . . . . 52--60
                Lori M. Kaufman   It All Depends: Data Security in the
                                  World of Cloud Computing . . . . . . . . 61--64
                    Janne Hagen   Education: Human Relationships: a
                                  Never-Ending Security Education
                                  Challenge? . . . . . . . . . . . . . . . 65--67
                 Betsy Masiello   Privacy Interests: Deconstructing the
                                  Privacy Experience . . . . . . . . . . . 68--70
            Justin Troutman and   
                 Vincent Rijmen   Crypto Corner: Green Cryptography:
                                  Cleaner Engineering through Recycling    71--73
                  Ronda Henning   Basic Training: Predictable Surprises    74--76
                Patrick Traynor   Secure Systems: Securing Cellular
                                  Infrastructure: Challenges and
                                  Opportunities  . . . . . . . . . . . . . 77--79
        Jeffrey K. MacKie-Mason   Security & Privacy Economics:
                                  Incentive-Centered Design for Security   80--83
           Andy Steingruebl and   
                Gunnar Peterson   Building Security In: Software
                                  Assumptions Lead to Preventable Errors   84--87
                 Bruce Schneier   Clear Text: Security, Group Size, and
                                  the Human Brain  . . . . . . . . . . . . 88--88

IEEE Security & Privacy
Volume 7, Number 5, September / October, 2009

                   Bret Michael   From the Editors: In Clouds Shall We
                                  Trust? . . . . . . . . . . . . . . . . . 3--3
                    Gary McGraw   Interview: Silver Bullet Talks with Bob
                                  Blakley  . . . . . . . . . . . . . . . . 5--8
                 James Figueroa   News Briefs  . . . . . . . . . . . . . . 9--10
              Daniel Massey and   
             Dorothy E. Denning   Securing the Domain Name System: Guest
                                  Editors' Introduction  . . . . . . . . . 11--13
       Ioannis Avramopoulos and   
                 Martin Suchara   Protecting the DNS from Routing Attacks:
                                  Two Alternative Anycast Implementations  14--20
           D. Kevin McGrath and   
             Andrew Kalafut and   
                   Minaxi Gupta   Phishing Infrastructure Fluxes All the
                                  Way  . . . . . . . . . . . . . . . . . . 21--28
     Ramaswamy Chandramouli and   
                     Scott Rose   Open Issues in Secure DNS Deployment . . 29--35
    Wouter C. A. Wijngaards and   
            Benno J. Overeinder   Securing DNS: Extending DNS Servers with
                                  a DNSSEC Validator . . . . . . . . . . . 36--43
             Eric Osterweil and   
                    Lixia Zhang   Interadministrative Challenges in
                                  Managing DNSKEYs . . . . . . . . . . . . 44--51
                     Kara Nance   Education: Teach Them When They Aren't
                                  Looking: Introducing Security in CS1 . . 53--55
                  Scott Charney   On the Horizon: The Evolution of Online
                                  Identity . . . . . . . . . . . . . . . . 56--59
                   Fred H. Cate   Privacy Interests: Security, Privacy,
                                  and the Role of Law  . . . . . . . . . . 60--63
            Justin Troutman and   
                 Vincent Rijmen   Crypto Corner: Green Cryptography:
                                  Cleaner Engineering through Recycling,
                                  Part 2 . . . . . . . . . . . . . . . . . 64--65
                 Michael Howard   Basic Training: Managing the Security
                                  Wall of Data . . . . . . . . . . . . . . 66--68
                 Stefano Zanero   Attack Trends: Wireless Malware
                                  Propagation: a Reality Check . . . . . . 70--74
                     Matt Blaze   Secure Systems: Taking Surveillance Out
                                  of the Shadows . . . . . . . . . . . . . 75--77
                   Michael Lesk   Security & Privacy Economics: Incentives
                                  to Innovate: Improve the Past or Break
                                  with It? . . . . . . . . . . . . . . . . 78--81
            Ryan W. Gardner and   
                Matt Bishop and   
                Tadayoshi Kohno   Building Security In: Are Patched
                                  Machines Really Fixed? . . . . . . . . . 82--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   For Good Measure: Risk Concentration . . 86--87
         Steven M. Bellovin and   
               Daniel G. Conway   Clear Text: Security as a Systems
                                  Property . . . . . . . . . . . . . . . . 88--88

IEEE Security & Privacy
Volume 7, Number 6, November / December, 2009

              Fred B. Schneider   Labeling-in Security . . . . . . . . . . 3
                    Gary McGraw   Interview: Silver Bullet Talks with Fred
                                  Schneider  . . . . . . . . . . . . . . . 5--7
                 James Figueroa   News Briefs  . . . . . . . . . . . . . . 8--9
    Shari Lawrence Pfleeger and   
            Salvatore J. Stolfo   Addressing the Insider Threat  . . . . . 10--13
              Deanna Caputo and   
              Marcus Maloof and   
               Gregory Stephens   Detecting Insider Theft of Trade Secrets 14--21
              Felicia Duran and   
          Stephen H. Conrad and   
          Gregory N. Conrad and   
            David P. Duggan and   
              Edward Bruce Held   Building a System for Insider Security   30--38
                Brian Bowen and   
            Malek Ben Salem and   
            Shlomo Hershkop and   
          Angelos Keromytis and   
               Salvatore Stolfo   Designing Host and Network Sensors to
                                  Mitigate the Insider Threat  . . . . . . 22--29
                Saar Drimer and   
          Steven J. Murdoch and   
                  Ross Anderson   Failures of Tamper-Proofing in PIN Entry
                                  Devices  . . . . . . . . . . . . . . . . 39--45
                  Eric Bier and   
               Richard Chow and   
             Philippe Golle and   
        Tracy Holloway King and   
                Jessica Staddon   The Rules of Redaction: Identify,
                                  Protect, Review (and Repeat) . . . . . . 46--53
                   Bruce Potter   High Time for Trusted Computing  . . . . 54--56
             Adam Goldstein and   
                 David Bucciero   The Dartmouth Cyber Security Initiative:
                                  Faculty, Staff, and Students Work
                                  Together . . . . . . . . . . . . . . . . 57--59
           O. Sami Saydjari and   
              Cynthia E. Irvine   A Tale of Three Cyber-Defense Workshops  60--64
                    Nate Lawson   Side-Channel Attacks on Cryptographic
                                  Software . . . . . . . . . . . . . . . . 65--68
               Richard Ford and   
               William H. Allen   Malware Shall Greatly Increase \ldots    69--71
           Franco Callegati and   
                  Marco Ramilli   Frightened by Links  . . . . . . . . . . 72--76
         Michael E. Locasto and   
              Sergey Bratus and   
                  Brian Schulte   Bickering In-Depth: Rethinking the
                                  Composition of Competing Security
                                  Systems  . . . . . . . . . . . . . . . . 77--81
            Alessandro Acquisti   Nudging Privacy: The Behavioral
                                  Economics of Personal Information  . . . 82--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   Patch Grief with Proverbs  . . . . . . . 86--87
            Daniel E. Geer, Jr.   Deskilling Digital Security  . . . . . . 88
                      Anonymous   Annual Index . . . . . . . . . . . . . . 1


IEEE Security & Privacy
Volume 8, Number 1, January / February, 2010

               Carl E. Landwehr   Drawing the Line . . . . . . . . . . . . 3--4
                 James Figueroa   News Briefs  . . . . . . . . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Christofer Hoff  . . . . . . . . . . . . 8--10
        Mikhail A. Lisovich and   
        Deirdre K. Mulligan and   
              Stephen B. Wicker   Inferring Personal Information from
                                  Demand-Response Systems  . . . . . . . . 11--20
             Annie I. Anton and   
              Julia B. Earp and   
               Jessica D. Young   How Internet Users' Privacy Concerns
                                  Have Evolved since 2002  . . . . . . . . 21--27
                 Mark Strembeck   Scenario-Driven Role Engineering . . . . 28--35
  Francis Kofi Andoh-Baidoo and   
       Kwasi Amoako-Gyampah and   
        Kweku-Muata Osei-Bryson   How Internet Security Breaches Harm
                                  Market Value . . . . . . . . . . . . . . 36--42
             Jorgen Hansson and   
                 Lutz Wrage and   
            Peter H. Feiler and   
                John Morley and   
                Bruce Lewis and   
                  Jerome Hugues   Architectural Modeling to Verify
                                  Security and Nonfunctional Behavior  . . 43--49
                Lori M. Kaufman   Can a Trusted Environment Provide
                                  Security?  . . . . . . . . . . . . . . . 50--52
               Rainer Bohme and   
                    Tyler Moore   The Iterated Weakest Link  . . . . . . . 53--55
          Cynthia E. Irvine and   
              Charles C. Palmer   Call in the Cyber National Guard!  . . . 56--59
                     Fred Cohen   The Smarter Grid . . . . . . . . . . . . 60--63
                   Wil Michiels   Opportunities in White-Box Cryptography  64--67
               Richard Ford and   
             Deborah A. Frincke   Building a Better Boot Camp  . . . . . . 68--71
                 Mark Fabro and   
                  Tim Roxey and   
                Michael Assante   No Grid Left Behind  . . . . . . . . . . 72--76
               Trent Jaeger and   
               Joshua Schiffman   Outlook: Cloudy with a Chance of
                                  Security Challenges and Improvements . . 77--80
           Himanshu Khurana and   
                Mark Hadley and   
                    Ning Lu and   
             Deborah A. Frincke   Smart-Grid Security Issues . . . . . . . 81--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   A Life Is Short, a Half-Life Is Forever  86--87
                 Bruce Schneier   Security and Function Creep  . . . . . . 88

IEEE Security & Privacy
Volume 8, Number 2, March / April, 2010

                    Marc Donner   International Blues  . . . . . . . . . . 3
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Gillian Hayes  . . . . . . . . . . . . . 5--7
                 James Figueroa   News Briefs  . . . . . . . . . . . . . . 8--10
                 John Viega and   
                   Bret Michael   Guest Editors' Introduction: Mobile
                                  Device Security  . . . . . . . . . . . . 11--12
            Ricardo Ribalda and   
Guillermo Gonzalez de Rivera and   
            Angel de Castro and   
                 Javier Garrido   A Mobile Biometric System-on-Token
                                  System for Signing Digital Transactions  13--19
              John Paul Dunning   Taming the Blue Beast: a Survey of
                                  Bluetooth Based Threats  . . . . . . . . 20--27
                H. Karen Lu and   
                    Asad M. Ali   Making Smart Cards Truly Portable  . . . 28--34
               Asaf Shabtai and   
               Yuval Fledel and   
                Uri Kanonov and   
              Yuval Elovici and   
               Shlomi Dolev and   
                  Chanan Glezer   Google Android: a Comprehensive Security
                                  Assessment . . . . . . . . . . . . . . . 35--44
            Christoph Sorge and   
          Saverio Niccolini and   
                    Jan Seedorf   The Legal Ramifications of
                                  Call-Filtering Solutions . . . . . . . . 45--50
                   Bruce Potter   My Information, Your Code  . . . . . . . 51--53
                    Matt Bishop   A Clinic for ``Secure'' Programming  . . 54--56
          Marjory S. Blumenthal   Hide and Seek in the Cloud . . . . . . . 57--58
                   Fred H. Cate   The Limits of Notice and Choice  . . . . 59--62
            Charles P. Pfleeger   Crypto: Not Just for the Defensive Team  63--66
        Andrea M. Matwyshyn and   
                    Ang Cui and   
       Angelos D. Keromytis and   
            Salvatore J. Stolfo   Ethics in Security Vulnerability
                                  Research . . . . . . . . . . . . . . . . 67--72
              Marco Ramilli and   
                 Marco Prandini   Always the Same, Never the Same  . . . . 73--75
           Angelos D. Keromytis   Voice-over-IP Security: Research and
                                  Practice . . . . . . . . . . . . . . . . 76--78
              J. Alex Halderman   To Strengthen Security, Change
                                  Developers' Incentives . . . . . . . . . 79--82
             James McGovern and   
                Gunnar Peterson   10 Quick, Dirty, and Cheap Things to
                                  Improve Enterprise Security  . . . . . . 83--85
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   Nothing Ventured, Nothing Gained . . . . 86--87
             Steven M. Bellovin   Identity and Security  . . . . . . . . . 88

IEEE Security & Privacy
Volume 8, Number 3, May / June, 2010

                  Bret Michaels   Balancing Liberty, Stability, and
                                  Security . . . . . . . . . . . . . . . . 3
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Steven Kent  . . . . . . . . . . . . . . 5--9
           Linda Dailey Paulson   News Briefs  . . . . . . . . . . . . . . 11--13
            Laurie Williams and   
             Andrew Meneely and   
                  Grant Shipley   Protection Poker: The New Software
                                  Security ``Game''  . . . . . . . . . . . 14--20
                 Kjell Hole and   
             Lars-Helge Netland   Toward Risk Assessment of Large-Impact
                                  and Rare Events  . . . . . . . . . . . . 21--27
                Ian P. Cook and   
        Shari Lawrence Pfleeger   Security Decision Support Challenges in
                                  Data Collection and Use  . . . . . . . . 28--35
               Asaf Shabtai and   
               Yuval Fledel and   
                  Yuval Elovici   Securing Android-Powered Mobile Devices
                                  Using SELinux  . . . . . . . . . . . . . 36--44
                    Nir Kshetri   The Economics of Click Fraud . . . . . . 45--53
                   Bruce Potter   Thinking Operationally . . . . . . . . . 54--55
           Edward B. Talbot and   
            Deborah Frincke and   
                    Matt Bishop   Demythifying Cybersecurity . . . . . . . 56--59
                     Fred Cohen   The Virtualization Solution  . . . . . . 60--63
                 Khaled El Emam   Risk-Based De-Identification of Health
                                  Data . . . . . . . . . . . . . . . . . . 64--67
                  Luther Martin   XTS: a Mode of AES for Encrypting Hard
                                  Disks  . . . . . . . . . . . . . . . . . 68--69
                  Tom Kellerman   Cyber-Threat Proliferation: Today's
                                  Truly Pervasive Global Epidemic  . . . . 70--73
                     Jon Giffin   The Next Malware Battleground: Recovery
                                  After Unknown Infection  . . . . . . . . 74--76
                   Michael Lesk   Son of Carterfone: Network Neutrality or
                                  Regulation?  . . . . . . . . . . . . . . 77--82
                    John Steven   Threat Modeling  . . . . . . . . . . . . 83--86
            Daniel E. Geer, Jr.   Fratricide . . . . . . . . . . . . . . . 88, 87

IEEE Security & Privacy
Volume 8, Number 4, July / August, 2010

              Fred B. Schneider   Fumbling the Future, Again . . . . . . . 3
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Richard Clarke . . . . . . . . . . . . . 5--11
           Linda Dailey Paulson   News Briefs  . . . . . . . . . . . . . . 12--14
        Salvatore J. Stolfo and   
                    Gene Tsudik   Privacy-Preserving Sharing of Sensitive
                                  Information  . . . . . . . . . . . . . . 16--17
     Emiliano De Cristofaro and   
                      Jihye Kim   Some Like It Private: Sharing
                                  Confidential Information Based on
                                  Oblivious Authorization  . . . . . . . . 18--24
               Lalana Kagal and   
                       Joe Pato   Preserving Privacy Based on Semantic
                                  Policy Tools . . . . . . . . . . . . . . 25--30
                  Kc Claffy and   
                 Erin Kenneally   Dialing Privacy and Utility: a Proposed
                                  Data-Sharing Framework to Advance
                                  Internet Research  . . . . . . . . . . . 31--39
                  Tal Moran and   
                    Tyler Moore   The Phish-Market Protocol: Secure
                                  Sharing Between Competitors  . . . . . . 40--45
             Shari Pfleeger and   
              Robert Cunningham   Why Measuring Security Is Hard . . . . . 46--54
                Lori M. Kaufman   Can Public-Cloud Security Meet Its
                                  Unique Challenges? . . . . . . . . . . . 55--57
             Cynthia Irvine and   
                 Thuy D. Nguyen   Educating the Systems Security
                                  Engineer's Apprentice  . . . . . . . . . 58--61
             Vijay Varadharajan   Internet Filtering . . . . . . . . . . . 62--65
           Christian Cachin and   
                  Jan Camenisch   Encrypting Keys Securely . . . . . . . . 66--69
                   Daniel Bilar   Degradation and Subversion through
                                  Subsystem Attacks  . . . . . . . . . . . 70--73
              Sara Sinclair and   
                  Sean W. Smith   What's Wrong with Access Control in the
                                  Real World?  . . . . . . . . . . . . . . 74--77
               Benjamin Edelman   Least-Cost Avoiders in Online Fraud and
                                  Abuse  . . . . . . . . . . . . . . . . . 78--81
             Anton Chuvakin and   
                Gunnar Peterson   How to Do Application Logging Right  . . 82--85
            Daniel E. Geer, Jr.   A Time to Rethink  . . . . . . . . . . . 86--87
                 Bruce Schneier   A Taxonomy of Social Networking Data . . 88

IEEE Security & Privacy
Volume 8, Number 5, September / October, 2010

                    Marc Donner   Phagocytes in Cyberspace . . . . . . . . 3--4
                    Gary McGraw   Interview: Silver Bullet Talks with Greg
                                  Morrisett  . . . . . . . . . . . . . . . 6--9
                  George Lawton   News Briefs  . . . . . . . . . . . . . . 10--11
             Ram Chillarege and   
                   Jeffrey Voas   Guest Editors' Introduction: Reliability
                                  of Embedded and Cyber-Physical Systems   12--13
                     Hui Jun Wu   Kernel Service Protection for Client
                                  Security . . . . . . . . . . . . . . . . 14--19
              J. Ryan Kenny and   
                 Craig Robinson   Embedded Software Assurance for
                                  Configuring Secure Hardware  . . . . . . 20--26
                Sean Barnum and   
             Shankar Sastry and   
              John A. Stankovic   Roundtable: Reliability of Embedded and
                                  Cyber-Physical Systems . . . . . . . . . 27--32
               Kevin Butler and   
           Steve McLaughlin and   
               Thomas Moyer and   
               Patrick McDaniel   New Security Architectures Based on
                                  Emerging Disk Functionality  . . . . . . 34--41
            Saeed Abu-Nimeh and   
                    Thomas Chen   Proliferation and Detection of Blog Spam 42--47
               Corrado Visaggio   Session Management Vulnerabilities in
                                  Today's Web  . . . . . . . . . . . . . . 48--56
                   Bruce Potter   Necessary but Not Sufficient . . . . . . 57--58
           Gregory B. White and   
            Dwayne Williams and   
                 Keith Harrison   The CyberPatriot National High School
                                  Cyber Defense Competition  . . . . . . . 59--61
                     Fred Cohen   Automated Control System Security  . . . 62--63
          Paula J. Bruening and   
            K. Krasnow Waterman   Data Tagging for New Information
                                  Governance Models  . . . . . . . . . . . 64--68
                Teddy Furon and   
                  Gwenael Doerr   Tracing Pirated Content on the Internet:
                                  Unwinding Ariadne's Thread . . . . . . . 69--71
                    Matt Bishop   Technology, Training, and Transformation 72--75
           Patrick McDaniel and   
                   William Enck   Not So Great Expectations: Why
                                  Application Markets Haven't Failed
                                  Security . . . . . . . . . . . . . . . . 76--78
                   Michael Lesk   Do the Luddites Ever Win?  . . . . . . . 79--82
                Gunnar Peterson   Don't Trust. And Verify: a Security
                                  Architecture Stack for the Cloud . . . . 83--86
             Steven M. Bellovin   Perceptions and Reality  . . . . . . . . 88, 87

IEEE Security & Privacy
Volume 8, Number 6, November / December, 2010

               Carl E. Landwehr   Sailing Away!  . . . . . . . . . . . . . 3--4
               Roger Schell and   
               Steve Lipner and   
           Mary Ellen Zurko and   
           Elaine R. Palmer and   
              David Safford and   
          Charles C. Palmer and   
               Carl E. Landwehr   In Memoriam: Paul Karger . . . . . . . . 5
                  George Lawton   News Briefs  . . . . . . . . . . . . . . 7--8
                    Gary McGraw   Silver Bullet Talks with Ivan Arce . . . 9--13
                 Anup Ghosh and   
                      Ivan Arce   Guest Editors' Introduction: In Cloud
                                  Computing We Trust --- But Should We?    14--16
                Eric Grosse and   
                 John Howie and   
              James Ransome and   
                 Jim Reavis and   
                  Steve Schmidt   Cloud Computing Roundtable . . . . . . . 17--23
              Hassan Takabi and   
          James B. D. Joshi and   
                  Gail-Joon Ahn   Security and Privacy Challenges in Cloud
                                  Computing Environments . . . . . . . . . 24--31
                   Wayne Pauley   Cloud Provider Transparency: An
                                  Empirical Evaluation . . . . . . . . . . 32--39
               Danny Harnik and   
               Benny Pinkas and   
        Alexandra Shulman-Peleg   Side Channels in Cloud Services:
                                  Deduplication in Cloud Storage . . . . . 40--47
     Jose M. Alcaraz Calero and   
              Nigel Edwards and   
        Johannes Kirschnick and   
           Lawrence Wilcock and   
                      Mike Wray   Toward a Multi-Tenancy Authorization
                                  System for Cloud Services  . . . . . . . 48--55
                   Qian Liu and   
              Chuliang Weng and   
                  Minglu Li and   
                       Yuan Luo   An In-VM Measuring Framework for
                                  Increasing Virtual Machine Security in
                                  Clouds . . . . . . . . . . . . . . . . . 56--62
              Paul C. Clark and   
              Glenn R. Cook and   
           Edward L. Fisher and   
               John D. Fulp and   
            Valerie Linhoff and   
              Cynthia E. Irvine   New Pathways in Identity Management  . . 64--67
                   Fred H. Cate   Government Access to Private-Sector Data 68--71
                Joan Daemen and   
                 Vincent Rijmen   The First 10 Years of Advanced
                                  Encryption . . . . . . . . . . . . . . . 72--74
                 Liam M. Mayron   Secure Multimedia Communications . . . . 76--79
             Marco Prandini and   
              Marco Ramilli and   
             Walter Cerroni and   
               Franco Callegati   Splitting the HTTPS Stream to Attack
                                  Secure Web Connections . . . . . . . . . 80--84
                   Anupam Datta   Logical Methods in Security and Privacy  86--89
                      Jean Camp   Identity Management's Misaligned
                                  Incentives . . . . . . . . . . . . . . . 90--94
            Daniel E. Geer, Jr.   An Index of Cybersecurity  . . . . . . . 96, 95


IEEE Security & Privacy
Volume 9, Number 1, January / February, 2011

                     John Viega   Reality Check  . . . . . . . . . . . . . 3--4
                      Anonymous   2010 Reviewer Thanks . . . . . . . . . . 5--6
                    Gary McGraw   Interview: Silver Bullet Talks with Paul
                                  Kocher . . . . . . . . . . . . . . . . . 8--11
                 Giovanni Vigna   The 2010 International Capture the Flag
                                  Competition  . . . . . . . . . . . . . . 12--14
                     Lee Garber   News Briefs  . . . . . . . . . . . . . . 15--17
             Cynthia Irvine and   
                      J. R. Rao   Guest Editors' Introduction: Engineering
                                  Secure Systems . . . . . . . . . . . . . 18--21
                Paul Karger and   
           Suzanne McIntosh and   
              Elaine Palmer and   
                 David Toll and   
                   Samuel Weber   Lessons Learned: Building the Caernarvon
                                  High-Assurance Operating System  . . . . 22--30
             Clark Weissman and   
                  Timothy Levin   Lessons Learned from Building a
                                  High-Assurance Crypto Gateway  . . . . . 31--39
           Joshua Schiffman and   
               Thomas Moyer and   
               Trent Jaeger and   
               Patrick McDaniel   Network-Based Root of Trust for
                                  Installation . . . . . . . . . . . . . . 40--48
            M. Eric Johnson and   
                 Shari Pfleeger   Addressing Information Risk in Turbulent
                                  Times  . . . . . . . . . . . . . . . . . 49--57
            James Alexander and   
                 Jonathan Smith   Disinformation: a Taxonomy . . . . . . . 58--63
          Brett Stone-Gross and   
                 Marco Cova and   
                Bob Gilbert and   
           Richard Kemmerer and   
        Christopher Kruegel and   
                 Giovanni Vigna   Analysis of a Botnet Takeover  . . . . . 64--72
                Lori M. Kaufman   How Private Is the Internet? . . . . . . 73--75
                   Fred H. Cate   A Transatlantic Convergence on Privacy?  76--79
                 Didier Stevens   Malicious PDF Documents Explained  . . . 80--82
                  Wendy Seltzer   Exposing the Flaws of Censorship by
                                  Domain Name  . . . . . . . . . . . . . . 83--87
                   Michael Lesk   What Is Information Worth? . . . . . . . 88--90
           Richard Bejtlich and   
                John Steven and   
                Gunnar Peterson   Directions in Incident Detection and
                                  Response . . . . . . . . . . . . . . . . 91--92
            Daniel E. Geer, Jr.   Does a Rising Tide Lift All Boats? . . . 93--94
            Daniel E. Geer, Jr.   A Time for Choosing  . . . . . . . . . . 96, 95

IEEE Security & Privacy
Volume 9, Number 2, March / April, 2011

                    Marc Donner   Privacy and the System Life Cycle  . . . 3
                     Lee Garber   News Briefs  . . . . . . . . . . . . . . 5--7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  David Rice . . . . . . . . . . . . . . . 8--11
     Mary Frances Theofanos and   
        Shari Lawrence Pfleeger   Guest Editors' Introduction: Shouldn't
                                  All Security Be Usable?  . . . . . . . . 12--17
       Cristian Bravo-Lillo and   
        Lorrie Faith Cranor and   
                Julie Downs and   
              Saranga Komanduri   Bridging the Gap in Computer Security
                                  Warnings: a Mental Model Approach  . . . 18--26
           Kristin Fuglerud and   
            Òystein Dale   Secure and Inclusive Authentication with
                                  a Talking Mobile One-Time-Password
                                  Client . . . . . . . . . . . . . . . . . 27--34
            M. Eric Johnson and   
             Nicholas D. Willey   Usability Failures and Healthcare Data
                                  Hemorrhages  . . . . . . . . . . . . . . 35--42
           Robert W. Reeder and   
               Stuart Schechter   When the Password Doesn't Work:
                                  Secondary Authentication for Websites    43--49
             Bernd Grobauer and   
          Tobias Walloschek and   
                  Elmar Stocker   Understanding Cloud Computing
                                  Vulnerabilities  . . . . . . . . . . . . 50--57
                Stefan Fenz and   
               Andreas Ekelhart   Verification, Validation, and Evaluation
                                  in Information Security Risk Management  58--65
                Jonathan Spring   Monitoring Cloud Computing by Layer,
                                  Part 1 . . . . . . . . . . . . . . . . . 66--68
                    Matt Bishop   Teaching Security Stealthily . . . . . . 69--71
              Jennifer L. Bayuk   Systems Security Engineering . . . . . . 72--74
             Herve Chabanne and   
                 Mehdi Tibouchi   Securing E-passports with Elliptic
                                  Curves . . . . . . . . . . . . . . . . . 75--78
               Chris Greamo and   
                     Anup Ghosh   Sandboxing and Virtualization: Modern
                                  Tools for Combating Malware  . . . . . . 79--82
               Patrick McDaniel   Data Provenance and Security . . . . . . 83--85
                     Aza Raskin   Your Life Experiences, Brought to You by
                                  Budweiser  . . . . . . . . . . . . . . . 86--88
                Brian Chess and   
                     Brad Arkin   Software Security in Practice  . . . . . 89--92
            Daniel E. Geer, Jr.   Correlation Is Not Causation . . . . . . 93--94
                 Bruce Schneier   Detecting Cheaters . . . . . . . . . . . 96, 95

IEEE Security & Privacy
Volume 9, Number 3, May / June, 2011

            Robin E. Bloomfield   Resilient to the Unexpected  . . . . . . 3--4
                     Lee Garber   News Briefs  . . . . . . . . . . . . . . 6--8
                    Gary McGraw   Silver Bullet Talks with Ralph Langner   9--14
                David Evans and   
                     Sal Stolfo   Guest Editors' Introduction: The Science
                                  of Security  . . . . . . . . . . . . . . 16--17
                  Jason Bau and   
               John C. Mitchell   Security Modeling and Analysis . . . . . 18--25
               Anupam Datta and   
             Jason Franklin and   
                Deepak Garg and   
                  Limin Jia and   
                  Dilsun Kaynar   On Adversary Models and Compositional
                                  Security . . . . . . . . . . . . . . . . 26--32
       Jean Paul Degabriele and   
             Kenny Paterson and   
                Gaven J. Watson   Provable Security in the Real World  . . 33--41
              David Barrera and   
              Paul Van Oorschot   Secure Software Installation on
                                  Smartphones  . . . . . . . . . . . . . . 42--48
                  Ralph Langner   Stuxnet: Dissecting a Cyberwarfare
                                  Weapon . . . . . . . . . . . . . . . . . 49--51
                Jonathan Spring   Monitoring Cloud Computing by Layer,
                                  Part 2 . . . . . . . . . . . . . . . . . 52--55
              Gregory Conti and   
             Thomas Babbitt and   
                    John Nelson   Hacking Competitions and Their Untapped
                                  Potential for Security Education . . . . 56--59
                 Sal Stolfo and   
         Steven M. Bellovin and   
                    David Evans   Measuring Security . . . . . . . . . . . 60--65
               Paul M. Schwartz   Privacy, Ethics, and Analytics . . . . . 66--69
                  Ian Grigg and   
                  Peter Gutmann   The Curse of Cryptographic Numerology    70--72
                    Sean Heelan   Vulnerability Detection Systems: Think
                                  Cyborg, Not Robot  . . . . . . . . . . . 74--77
                   Michael Lesk   Salmon, Songs, and Blankets: Creativity
                                  on the Northwest Coast . . . . . . . . . 78--81
                     Brad Arkin   Never Waste a Crisis . . . . . . . . . . 82--85
            Daniel E. Geer, Jr.   New Measures . . . . . . . . . . . . . . 86--87
             Steven M. Bellovin   Clouds from Both Sides . . . . . . . . . 88

IEEE Security & Privacy
Volume 9, Number 4, July / August, 2011

          Fred B. Schneider and   
            Deirdre K. Mulligan   A Doctrinal Thesis . . . . . . . . . . . 3--4
                     Lee Garber   News Briefs  . . . . . . . . . . . . . . 6--8
                    Gary McGraw   Interview: Silver Bullet Talks with John
                                  Savage . . . . . . . . . . . . . . . . . 9--12
                 Lee Hively and   
          Frederick Sheldon and   
       Anna Cinzia Squicciarini   Toward Scalable Trustworthy Computing
                                  Using the Human-Physiology-Immunity
                                  Metaphor . . . . . . . . . . . . . . . . 14--23
            Quyen L. Nguyen and   
                      Arun Sood   A Comparison of Intrusion-Tolerant
                                  System Architectures . . . . . . . . . . 24--31
             David Dittrich and   
             Michael Bailey and   
                  Sven Dietrich   Building an Active Computer Security
                                  Ethics Community . . . . . . . . . . . . 32--40
                  Danny Dhillon   Developer-Driven Threat Modeling:
                                  Lessons Learned in the Trenches  . . . . 41--47
              Gregory Conti and   
                 James Caroland   Embracing the Kobayashi Maru: Why You
                                  Should Teach Your Students to Cheat  . . 48--51
                  Denis Tr\vcek   Trust Management in the Pervasive
                                  Computing Era  . . . . . . . . . . . . . 52--55
                David P. Fidler   Was Stuxnet an Act of War? Decoding a
                                  Cyberattack  . . . . . . . . . . . . . . 56--59
                  Sean W. Smith   Room at the Bottom: Authenticated
                                  Encryption on Slow Legacy Networks . . . 60--63
                    Tara Whalen   Security as if People Mattered . . . . . 64--67
                 Charlie Miller   Mobile Attacks and Defense . . . . . . . 68--70
         Michael E. Locasto and   
              Matthew C. Little   A Failure-Based Discipline of
                                  Trustworthy Information Systems  . . . . 71--75
                   Michael Lesk   Reading: From Paper to Pixels  . . . . . 76--79
                   John Diamant   Resilient Security Architecture: a
                                  Complementary Approach to Reducing
                                  Vulnerabilities  . . . . . . . . . . . . 80--84
            Daniel E. Geer, Jr.   Attack Surface Inflation . . . . . . . . 85--86
            Daniel E. Geer, Jr.   Eisenhower Revisited . . . . . . . . . . 88, 87

IEEE Security & Privacy
Volume 9, Number 5, September / October, 2011

                     John Viega   Ten Years of Trustworthy Computing:
                                  Lessons Learned  . . . . . . . . . . . . 3--4
                     Lee Garber   News Briefs  . . . . . . . . . . . . . . 6--8
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Elinor Mills . . . . . . . . . . . . . . 9--12
           Thomas A. Berson and   
             Dorothy E. Denning   Cyberwarfare . . . . . . . . . . . . . . 13--15
             Scott D. Applegate   Cybermilitias and Political Hackers: Use
                                  of Irregular Forces in Cyberwarfare  . . 16--22
                 James A. Lewis   Cyberwar Thresholds and Effects  . . . . 23--29
           Raymond C. Parks and   
                David P. Duggan   Principles of Cyberwarfare . . . . . . . 30--35
                  David Elliott   Deterring Strategic Cyberattack  . . . . 36--40
              Philip O'Kane and   
                Sakir Sezer and   
              Kieran McLaughlin   Obfuscation: The Hidden Malware  . . . . 41--47
             Carl A. Gunter and   
         David M. Liebovitz and   
                  Bradley Malin   Experience-Based Access Management: a
                                  Life-Cycle Framework for Identity and
                                  Access Management Systems  . . . . . . . 48--55
               Raheem Beyah and   
           Aravind Venkataraman   Rogue-Access-Point Detection:
                                  Challenges, Solutions, and Future
                                  Directions . . . . . . . . . . . . . . . 56--61
                ShuiHua Han and   
             Chao-Hsien Chu and   
                    Zongwei Luo   Tamper Detection in the EPC Network
                                  Using Digital Watermarking . . . . . . . 62--69
                    Wenliang Du   SEED: Hands-On Lab Exercises for
                                  Computer Security Education  . . . . . . 70--73
                  Landon P. Cox   Truth in Crowdsourcing . . . . . . . . . 74--76
           Jeffrey MacKie-Mason   All Space Will Be Public Space . . . . . 77--80
           Dimitri DeFigueiredo   The Case for Mobile Two-Factor
                                  Authentication . . . . . . . . . . . . . 81--85
        Daniel E. Geer, Jr. and   
                    Peter Kuper   When \$80 Billion Is Not Enough  . . . . 86--87
                 Bruce Schneier   Empathy and Security . . . . . . . . . . 88--88

IEEE Security & Privacy
Volume 9, Number 6, November / December, 2011

                    Marc Donner   The Invisible Computers  . . . . . . . . 3
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Halvar Flake . . . . . . . . . . . . . . 5--8
                     Lee Garber   News Briefs  . . . . . . . . . . . . . . 9--11
            William Arbaugh and   
             Deborah A. Frincke   Living with Insecurity . . . . . . . . . 12--13
                 Rosa R. Heckle   Security Dilemma: Healthcare Clinicians
                                  at Work  . . . . . . . . . . . . . . . . 14--19
                  Debin Liu and   
                 Ninghui Li and   
              XiaoFeng Wang and   
                   L. Jean Camp   Security Risk Management Using
                                  Incentives . . . . . . . . . . . . . . . 20--28
Antonio Manuel Fernandez Villamor and   
Antonio Manuel Fernandez Villamor and   
                 Juan Yelmo and   
                  Juan C. Yelmo   Helping Users Deal with Digital Threats:
                                  The Online User Supervision Architecture 29--35
                  Steven Cheung   Securing Collaborative Intrusion
                                  Detection Systems  . . . . . . . . . . . 36--42
        Simson L. Garfinkel and   
                  George Dinolt   Operations with Degraded Security  . . . 43--48
                  Joel Weis and   
                 Jim Alves-Foss   Securing Database as a Service: Issues
                                  and Compromises  . . . . . . . . . . . . 49--55
           Mohamed Kaaniche and   
                Aad van Moorsel   It All Depends, and Increasingly So  . . 56--57
                 Cynthia Irvine   The Value of Capture-the-Flag Exercises
                                  in Education: An Interview with Chris
                                  Eagle  . . . . . . . . . . . . . . . . . 58--60
                    Tara Whalen   Mobile Devices and Location Privacy:
                                  Where Do We Go from Here?  . . . . . . . 61--62
       Kirsten Ferguson-Boucher   Cloud Computing: a Records and
                                  Information Management Perspective . . . 63--66
                      Dan Guido   A Case Study of Intelligence-Driven
                                  Defense  . . . . . . . . . . . . . . . . 67--70
           Kathleen M. Moriarty   Incident Coordination  . . . . . . . . . 71--75
                   Michael Lesk   Cybersecurity and Economics  . . . . . . 76--79
                     Robert Fly   Detecting Fraud on Websites  . . . . . . 80--85
            Daniel E. Geer, Jr.   Small Is Beautiful, Big Is Inevitable    86--87
             Steven M. Bellovin   Security Think . . . . . . . . . . . . . 88


IEEE Security & Privacy
Volume 10, Number 1, January / February, 2012

                     John Viega   Happy Anniversary! . . . . . . . . . . . 3--4
                 Anup Ghosh and   
                    Gary McGraw   Lost Decade or Golden Era: Computer
                                  Security since 9/11  . . . . . . . . . . 6--10
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Deborah Frincke  . . . . . . . . . . . . 11--14
                     Lee Garber   Security, Privacy, and Policy Roundup    15--17
           Markus Jakobsson and   
               Richard Chow and   
                   Jesus Molina   Authentication --- Are We Doing Well
                                  Enough?  . . . . . . . . . . . . . . . . 19--21
               Dirk Balfanz and   
               Richard Chow and   
                  Ori Eisen and   
           Markus Jakobsson and   
               Steve Kirsch and   
            Scott Matsumoto and   
               Jesus Molina and   
              Paul van Oorschot   The Future of Authentication . . . . . . 22--27
              Cormac Herley and   
              Paul van Oorschot   A Research Agenda Acknowledging the
                                  Persistence of Passwords . . . . . . . . 28--36
              Amir Herzberg and   
                Ronen Margulies   Training Johnny to Authenticate (Safely) 37--45
             Andreas Poller and   
            Ulrich Waldmann and   
                  Sven Vowe and   
                     Sven Turpe   Electronic Identity Cards for User
                                  Authentication --- Promise and Practice  46--54
              Idoia Aguirre and   
                  Sergio Alonso   Improving the Automation of Security
                                  Information Management: a Collaborative
                                  Approach . . . . . . . . . . . . . . . . 55--59
     James A. Pettigrew III and   
            Julie J. C. H. Ryan   Making Successful Security Decisions: a
                                  Qualitative Evaluation . . . . . . . . . 60--68
                 Jean Arlat and   
        Zbigniew Kalbarczyk and   
                  Takashi Nanya   Nanocomputing: Small Devices, Large
                                  Dependability Challenges . . . . . . . . 69--72
            Jelena Mirkovic and   
                   Terry Benzel   Teaching Cybersecurity with DeterLab . . 73--76
                    Tara Whalen   This Time, It's Personal: Recent
                                  Discussions on Concepts of Personal
                                  Information  . . . . . . . . . . . . . . 77--79
              Jan Camenisch and   
               Anja Lehmann and   
                  Gregory Neven   Electronic Identities Need Private
                                  Credentials  . . . . . . . . . . . . . . 80--83
                  Don A. Bailey   Moving 2 Mishap: M2M's Impact on Privacy
                                  and Safety . . . . . . . . . . . . . . . 84--87
                   Michael Lesk   Your Memory Is Now a Vendor Service  . . 88--90
               Bronwen Matthews   Optimizing Product Improvement Spending
                                  with Third-Party Security Consultants    91--93
            Daniel E. Geer, Jr.   Power. Law.  . . . . . . . . . . . . . . 94--95
            Daniel E. Geer, Jr.   More or Less . . . . . . . . . . . . . . 96

IEEE Security & Privacy
Volume 10, Number 2, March / April, 2012

                 Jeremy Epstein   Can We Be Too Careful? . . . . . . . . . 3--5
                 Jeremy Epstein   Reflecting on Some Past Predictions  . . 7--10
                    Gary McGraw   Interview: Silver Bullet Talks with Neil
                                  Daswani  . . . . . . . . . . . . . . . . 11--14
                     Lee Garber   Security, Privacy, and Policy Roundup    15--17
    Shari Lawrence Pfleeger and   
             Cynthia Irvine and   
                   Mischel Kwon   Guest Editors' Introduction  . . . . . . 19--23
          Iacovos Kirlappos and   
                M. Angela Sasse   Security Education against Phishing: a
                                  Modest Proposal for a Major Rethink  . . 24--32
           Lance J. Hoffman and   
            Diana L. Burley and   
                 Costis Toregas   Holistically Building the Cybersecurity
                                  Workforce  . . . . . . . . . . . . . . . 33--39
          Susanne M. Furman and   
     Mary Frances Theofanos and   
             Yee-Yin Choong and   
                  Brian Stanton   Basing Cybersecurity Training on User
                                  Perceptions  . . . . . . . . . . . . . . 40--49
               Mischel Kwon and   
          Michael J. Jacobs and   
            David Cullinane and   
       Christopher G. Ipsen and   
                    James Foley   Educating Cyber Professionals: a View
                                  from Academia, the Private Sector, and
                                  Government . . . . . . . . . . . . . . . 50--53
                  Scott Charney   Collective Defense: Applying the
                                  Public-Health Model to the Internet  . . 54--59
              Sanjeev Kumar and   
              Sirisha Surisetty   Microsoft vs. Apple: Resilience against
                                  Distributed Denial-of-Service Attacks    60--64
           Peter G. Neumann and   
                  Ulf Lindqvist   The IEEE Symposium on Security and
                                  Privacy Is Moving to San Francisco . . . 65--66
              Gernot Heiser and   
                Toby Murray and   
                   Gerwin Klein   It's Time for Trustworthy Systems  . . . 67--70
             Michael Bailey and   
             David Dittrich and   
             Erin Kenneally and   
                   Doug Maughan   The Menlo Report . . . . . . . . . . . . 71--75
               Diana Maimut and   
                   Khaled Ouafi   Lightweight Cryptography for RFID Tags   76--79
  Barbara Endicott-Popovsky and   
             Donald J. Horowitz   Unintended Consequences: Digital
                                  Evidence in Our Legal System . . . . . . 80--83
                Chris Rohlf and   
                  Yan Ivnitskiy   The Security Challenges of Client-Side
                                  Just-in-Time Engines . . . . . . . . . . 84--86
               Len Sassaman and   
      Meredith L. Patterson and   
                  Sergey Bratus   A Patch for Postel's Robustness
                                  Principle  . . . . . . . . . . . . . . . 87--91
            Lorrie Faith Cranor   Can Users Control Online Behavioral
                                  Advertising Effectively? . . . . . . . . 93--96
         Barbara Fichtinger and   
           Frances Paulisch and   
                Peter Panholzer   Driving Secure Software Development
                                  Experience in a Diverse Product
                                  Environment  . . . . . . . . . . . . . . 97--101
            Daniel E. Geer, Jr.   Numbers Worth Having . . . . . . . . . . 102--103
                 Bruce Schneier   How Changing Technology Affects Security 104

IEEE Security & Privacy
Volume 10, Number 3, May / June, 2012

        Shari Lawrence Pfleeger   A Key to the Castle  . . . . . . . . . . 3
             George Cybenko and   
               Carl E. Landwehr   Security Analytics and Measurements  . . 5--8
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Giovanni Vigna . . . . . . . . . . . . . 9--11
                     Lee Garber   Security, Privacy, and Policy Roundup    12--13
                Brian Chess and   
                  Chris Wysopal   Software Assurance for the Masses  . . . 14--15
         Cristina Cifuentes and   
              Nathan Keynes and   
                    Lian Li and   
               Nathan Hawes and   
              Manuel Valdiviezo   Transitioning Parfait into a Development
                                  Tool . . . . . . . . . . . . . . . . . . 16--23
           Robert A. Martin and   
             Steven M. Christey   The Software Industry's ``Clean Water
                                  Act'' Alternative  . . . . . . . . . . . 24--31
                Brian Chess and   
               Kris Britton and   
                  Chris Eng and   
                  Bill Pugh and   
      Lakshmikanth Raghavan and   
                     Jacob West   Static Analysis in Motion  . . . . . . . 53--56
                  Paul Anderson   Measuring the Value of Static-Analysis
                                  Tool Deployments . . . . . . . . . . . . 40--47
                   Karen Renaud   Blaming Noncompliance Is Too Convenient:
                                  What Really Causes Information Breaches? 57--63
              Rohan M. Amin and   
        Julie J. C. H. Ryan and   
            Johan Rene van Dorp   Detecting Targeted Malicious Email . . . 64--71
               Lorenzo Strigini   Resilience: What Is It, and How Much Do
                                  We Want? . . . . . . . . . . . . . . . . 72--75
              Celia Paulsen and   
            Ernest McDuffie and   
           William Newhouse and   
                  Patricia Toth   NICE: Creating a Cybersecurity Workforce
                                  and Aware Public . . . . . . . . . . . . 76--79
               Helena Handschuh   Hardware-Anchored Security Based on SRAM
                                  PUFs, Part 1 . . . . . . . . . . . . . . 80--83
                   Michael Lesk   The Clouds Roll By . . . . . . . . . . . 84--87
                     Eric Baize   Developing Secure Products in the Age of
                                  Advanced Persistent Threats  . . . . . . 88--92
        Daniel E. Geer, Jr. and   
                   Mukul Pareek   ICS Update . . . . . . . . . . . . . . . 93--95
             Steven M. Bellovin   Fighting the Last War  . . . . . . . . . 96

IEEE Security & Privacy
Volume 10, Number 4, July / August, 2012

                     John Viega   Cloud Security: Not a Problem  . . . . . 3--3
        Shari Lawrence Pfleeger   Security Measurement Steps, Missteps,
                                  and Next Steps . . . . . . . . . . . . . 5--9
    Shari Lawrence Pfleeger and   
                Marc Rogers and   
             Masooda Bashir and   
                Kelly Caine and   
              Deanna Caputo and   
            Michael Losavio and   
                     Sal Stolfo   Does Profiling Make Us More Secure?  . . 10--15
                     Lee Garber   Security, Privacy, and Policy Roundup    16--18
               Jose Nazario and   
                  John Kristoff   Internet Infrastructure Security . . . . 24--25
             Ahmad AlSa'deh and   
               Christoph Meinel   Secure Neighbor Discovery: Review,
                                  Challenges, Perspectives, and
                                  Recommendations  . . . . . . . . . . . . 26--34
             Matthew Dunlop and   
              Stephen Groat and   
           William Urbanski and   
             Randy Marchany and   
                   Joseph Tront   The Blind Man's Bluff Approach to
                                  Security Using IPv6  . . . . . . . . . . 35--43
      Sergio Sanchez Garcia and   
            Ana Gomez Oliva and   
         Emilia Perez-Belleboni   Is Europe Ready for a Pan-European
                                  Identity Management System?  . . . . . . 44--49
                   Jan Kallberg   The Common Criteria Meets Realpolitik:
                                  Trust, Alliances, and Potential Betrayal 50--53
       Frederick T. Sheldon and   
            John Mark Weber and   
              Seong-Moo Yoo and   
                   W. David Pan   The Insecurity of Wireless Networks  . . 54--61
                 Gyorgy Dan and   
            Henrik Sandberg and   
            Mathias Ekstedt and   
                Gunnar Bjorkman   Challenges in Power System Information
                                  Security . . . . . . . . . . . . . . . . 62--70
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Randy Sabett . . . . . . . . . . . . . . 19--22
      Anthony Dessiatnikoff and   
              Yves Deswarte and   
                 Eric Alata and   
              Vincent Nicomette   Potential Attacks on Onboard Aerospace
                                  Systems  . . . . . . . . . . . . . . . . 71--74
           Efstratios Gavas and   
                Nasir Memon and   
                Douglas Britton   Winning Cybersecurity One Challenge at a
                                  Time . . . . . . . . . . . . . . . . . . 75--79
             Daniel E. Geer and   
                    Bob Blakley   Are You Smarter than the TSA? (Hint: No) 94--95
               Helena Handschuh   Hardware-Anchored Security Based on SRAM
                                  PUFs, Part 2 . . . . . . . . . . . . . . 80--81
             Daniel E. Geer and   
                   Jerry Archer   Stand Your Ground  . . . . . . . . . . . 96
                  Chris Valasek   Primitive-Chaining Exploits: a
                                  Real-World Example . . . . . . . . . . . 82--84
               Patrick McDaniel   Bloatware Comes to the Smartphone  . . . 85--87
                   Michael Lesk   Georgia on My Mind . . . . . . . . . . . 88--90
              Jeremiah Grossman   The State of Website Security  . . . . . 91--93

IEEE Security & Privacy
Volume 10, Number 5, September / October, 2012

               Robin Bloomfield   Are Things Getting Worse?  . . . . . . . 3
                    Gary McGraw   Interview: Silver Bullet Talks with Kay
                                  Connelly . . . . . . . . . . . . . . . . 5--7
                     Lee Garber   Security, Privacy, and Policy Roundup    8--9
              Ann Cavoukian and   
              Alan Davidson and   
                  Ed Felton and   
               Marit Hansen and   
               Susan Landau and   
                  Anna Slomovic   Privacy: Front and Center  . . . . . . . 10--15
             Michael Shamos and   
                  Alec Yasinsac   Realities of E-voting Security . . . . . 16--17
           Aleksander Essex and   
                 Urs Hengartner   Hover: Trustworthy Elections with
                                  Hash-Only Verification . . . . . . . . . 18--24
           Richard Buckland and   
                     Roland Wen   The Future of E-voting in Australia  . . 25--32
            Philip B. Stark and   
                   David Wagner   Evidence-Based Elections . . . . . . . . 33--41
              Mark Lindeman and   
                Philip B. Stark   A Gentle Introduction to Risk-Limiting
                                  Audits . . . . . . . . . . . . . . . . . 42--49
              Merle S. King and   
                  Brian Hancock   Electronic Voting Security 10 Years
                                  after the Help America Vote Act  . . . . 50--52
            Mariana Raykova and   
                    Ang Cui and   
                    Binh Vo and   
                    Bin Liu and   
                 Tal Malkin and   
         Steven M. Bellovin and   
            Salvatore J. Stolfo   Usable, Secure, Private Search . . . . . 53--60
Krishna K. Venkatasubramanian and   
        Eugene Y. Vasserman and   
              Oleg Sokolsky and   
                      Insup Lee   Security and
                                  Interoperable-Medical-Device Systems,
                                  Part 1 . . . . . . . . . . . . . . . . . 61--63
                Matt Bishop and   
                   Sean Peisert   Security and Elections . . . . . . . . . 64--67
                 John Viega and   
                  Hugh Thompson   The State of Embedded-Device Security
                                  (Spoiler Alert: It's Bad)  . . . . . . . 68--70
                 Josh Pauli and   
            Patrick Engebretson   Filling Your Cyber Operations Training
                                  Toolbox  . . . . . . . . . . . . . . . . 71--74
                  Sean W. Smith   Security and Cognitive Bias: Exploring
                                  the Role of the Mind . . . . . . . . . . 75--78
                   Michael Lesk   The Price of Privacy . . . . . . . . . . 79--81
         \vZeljko Obrenovic and   
                  Bart den Haak   Integrating User Customization and
                                  Authentication: The Identity Crisis  . . 82--85
            Daniel E. Geer, Jr.   Risk Aversion  . . . . . . . . . . . . . 86--87
                 Bruce Schneier   The Importance of Security Engineering   88

IEEE Security & Privacy
Volume 10, Number 6, November / December, 2012

                     John Viega   Giving Back  . . . . . . . . . . . . . . 3--4
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 6--8
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Howard Schmidt . . . . . . . . . . . . . 9--12
                     John Viega   Ten Years On, How Are We Doing? (Spoiler
                                  Alert: We Have No Clue)  . . . . . . . . 13--16
                Dan Thomsen and   
             Jeremy Epstein and   
               Peter G. Neumann   Lost Treasures . . . . . . . . . . . . . 17--19
               Richard E. Smith   A Contemporary Look at Saltzer and
                                  Schroeder's 1975 \booktitleDesign
                                  Principles . . . . . . . . . . . . . . . 20--25
               Steve Lipner and   
               Trent Jaeger and   
               Mary Ellen Zurko   Lessons from VAX/SVS for High-Assurance
                                  VM Systems . . . . . . . . . . . . . . . 26--35
              Howard Shrobe and   
                   Daniel Adams   Suppose We Got a Do-Over: a Revolution
                                  for Secure Computing . . . . . . . . . . 36--39
          Steven J. Murdoch and   
                  Mike Bond and   
                  Ross Anderson   How Certification Systems Fail: Lessons
                                  from the Ware Report . . . . . . . . . . 40--44
        Jeffrey T. McDonald and   
                  Todd R. Andel   Integrating Historical Security Jewels
                                  in Information Assurance Education . . . 45--50
  Fernando Alonso-Fernandez and   
             Julian Fierrez and   
           Javier Ortega-Garcia   Quality Measures in Biometric Systems    52--62
            Dinei Florencio and   
                  Cormac Herley   Is Everything We Know about Password
                                  Stealing Wrong?  . . . . . . . . . . . . 63--69
        Eugene Y. Vasserman and   
Krishna K. Venkatasubramanian and   
              Oleg Sokolsky and   
                      Insup Lee   Security and
                                  Interoperable-Medical-Device Systems,
                                  Part 2: Failures, Consequences, and
                                  Classification . . . . . . . . . . . . . 70--73
                Susan Older and   
                  Shiu-Kai Chin   Engineering Assurance at the
                                  Undergraduate Level  . . . . . . . . . . 74--77
                Michael Brennan   Academic Impact at the Federal Trade
                                  Commission . . . . . . . . . . . . . . . 78--82
             Marco Prandini and   
                  Marco Ramilli   Return-Oriented Programming  . . . . . . 84--87
                      Rick Wash   Folk Security  . . . . . . . . . . . . . 88--90
               Josh Kebbel-Wyen   Training an Army of Security Ninjas  . . 91--93
        Daniel E. Geer, Jr. and   
            Daniel B. Larremore   Progress Is Infectious . . . . . . . . . 94--95
             Steven M. Bellovin   The Major Cyberincident Investigations
                                  Board  . . . . . . . . . . . . . . . . . 96


IEEE Security & Privacy
Volume 11, Number 1, January / February, 2013

        Shari Lawrence Pfleeger   Enlightened Security: Shedding Light on
                                  What Works and Why . . . . . . . . . . . 3--4
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Per-Olof Persson . . . . . . . . . . . . 8--10
          Edward G. Amoroso and   
                  Hugh Thompson   A View from the C-Suite  . . . . . . . . 11--12
                    Dave Martin   Implementing Effective Controls in a
                                  Mobile, Agile, Cloud-Enabled Enterprise  13--14
                Eric Grosse and   
                Mayank Upadhyay   Authentication at Scale  . . . . . . . . 15--22
              Edward G. Amoroso   From the Enterprise Perimeter to a
                                  Mobility-Enabled Secure Cloud  . . . . . 23--31
                  Hugh Thompson   The Human Element of Information
                                  Security . . . . . . . . . . . . . . . . 32--35
                   Lukasz Kufel   Security Event Monitoring in a
                                  Distributed Systems Environment  . . . . 36--43
               Khaled Salah and   
     Jose M. Alcaraz Calero and   
           Sherali Zeadally and   
           Sameera Al-Mulla and   
               Mohammed Alzaabi   Using Cloud Computing to Implement a
                                  Security Overlay Network . . . . . . . . 44--53
             Aditya K. Sood and   
              Richard J. Enbody   Targeted Cyberattacks: A Superset of
                                  Advanced Persistent Threats  . . . . . . 54--61
         Steven M. Bellovin and   
                 Matt Blaze and   
                Sandy Clark and   
                   Susan Landau   Going Bright: Wiretapping without
                                  Weakening Communications Infrastructure  62--72
              Alec Yasinsac and   
                 Cynthia Irvine   Help! Is There a Trustworthy-Systems
                                  Doctor in the House? . . . . . . . . . . 73--77
                    Qing Li and   
                     Greg Clark   Mobile Security: A Look Ahead  . . . . . 78--81
  Frederik Zuiderveen Borgesius   Behavioral Targeting: A European Legal
                                  Perspective  . . . . . . . . . . . . . . 82--85
                  Matthew Green   The Threat in the Cloud  . . . . . . . . 86--89
             Alexander Kott and   
                  Curtis Arnold   The Promises and Challenges of
                                  Continuous Monitoring and Risk Scoring   90--93
        Daniel E. Geer, Jr. and   
               Daniel G. Conway   The Times, They Are a Changin' . . . . . 94--95
            Daniel E. Geer, Jr.   Last Word: Identity as Privacy . . . . . 96

IEEE Security & Privacy
Volume 11, Number 2, March / April, 2013

              Fred B. Schneider   Breaking-in Research . . . . . . . . . . 3--4
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Steve Bellovin . . . . . . . . . . . . . 8--11
            Terry V. Benzel and   
                   Steve Lipner   Crossing the Great Divide: Transferring
                                  Security Technology from Research to the
                                  Market . . . . . . . . . . . . . . . . . 12--13
            Douglas Maughan and   
             David Balenson and   
              Ulf Lindqvist and   
                  Zachary Tudor   Crossing the ``Valley of Death'':
                                  Transitioning Cybersecurity Research
                                  into Practice  . . . . . . . . . . . . . 14--23
              Anita D'Amico and   
            Brianne O'Brien and   
                    Mark Larkin   Building a Bridge across the Transition
                                  Chasm  . . . . . . . . . . . . . . . . . 24--33
             Jostein Jensen and   
            Martin Gilje Jaatun   Federated Identity Management --- We
                                  Built It; Why Won't They Come? . . . . . 34--41
            Terry V. Benzel and   
               Eric O'Brien and   
           Robert Rodriguez and   
            William Arbaugh and   
                     John Sebes   Crossing the Great Divide: From Research
                                  to Market  . . . . . . . . . . . . . . . 42--46
               Bart Coppens and   
            Bjorn De Sutter and   
              Koen De Bosschere   Protecting Your Software Updates . . . . 47--54
        Anastasios N. Bikos and   
                Nicolas Sklavos   LTE/SAE Security Issues on $4$G Wireless
                                  Networks . . . . . . . . . . . . . . . . 55--62
            Roland L. Trope and   
               Stephen J. Humes   By Executive Order: Delivery of Cyber
                                  Intelligence Imparts Cyber
                                  Responsibilities . . . . . . . . . . . . 63--67
          Anatoliy Gorbenko and   
           Alexander Romanovsky   Time-Outing Internet Services  . . . . . 68--71
                   Ian Koss and   
                   Richard Ford   Authorship Is Continuous: Managing Code
                                  Plagiarism . . . . . . . . . . . . . . . 72--74
               Arvind Narayanan   What Happened to the Crypto Dream?, Part
                                  1  . . . . . . . . . . . . . . . . . . . 75--76
        Lorrie Faith Cranor and   
                   Norman Sadeh   A Shortage of Privacy Engineers  . . . . 77--79
                   Adrian Hayes   Network Service Authentication Timing
                                  Attacks  . . . . . . . . . . . . . . . . 80--82
              Sergey Bratus and   
                   Anna Shubina   Avoiding a War on Unauthorized
                                  Computation  . . . . . . . . . . . . . . 83--88
                  Cormac Herley   When Does Targeting Make Sense for an
                                  Attacker?  . . . . . . . . . . . . . . . 89--92
            Alessandro Acquisti   Complementary Perspectives on Privacy
                                  and Security: Economics  . . . . . . . . 93--95
                 Bruce Schneier   IT for Oppression  . . . . . . . . . . . 96

IEEE Security & Privacy
Volume 11, Number 3, May / June, 2013

                 Jeremy Epstein   From the Editors: Are all types of
                                  Internet voting unsafe?  . . . . . . . . 3--4
                     Lee Garber   Security, privacy, policy, and
                                  dependability roundup  . . . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet talks with
                                  Thomas Rid . . . . . . . . . . . . . . . 8--10
                   Susan Landau   Guest Editor's Introduction: Politics,
                                  love, and death in a world of no privacy 11--13
      Balachander Krishnamurthy   Privacy and online social networks: can
                                  colorless green ideas sleep furiously?   14--20
Norberto Nuno Gomes de Andrade and   
               Aaron Martin and   
               Shara Monteleone   ``All the better to see you with, my
                                  dear'': Facial recognition and privacy
                                  in online social networks  . . . . . . . 21--28
                Seda Gurses and   
                   Claudia Diaz   Two tales of privacy in online social
                                  networks . . . . . . . . . . . . . . . . 29--37
           Eszter Hargittai and   
                      Eden Litt   New strategies for employment? Internet
                                  skills and online privacy practices
                                  during people's job search . . . . . . . 38--45
            Indrajeet Singh and   
         Michael Butkiewicz and   
       Harsha V. Madhyastha and   
  Srikanth V. Krishnamurthy and   
              Sateesh Addepalli   Twitsper: Tweeting privately . . . . . . 46--50
          Jonathan Anderson and   
                  Frank Stajano   Must social networking conflict with
                                  privacy? . . . . . . . . . . . . . . . . 51--60
             Philip Koopman and   
           Christopher Szilagyi   Integrity in embedded control networks   61--63
               Mark Gondree and   
     Zachary N. J. Peterson and   
                 Tamara Denning   Security through play  . . . . . . . . . 64--67
               Arvind Narayanan   What Happened to the Crypto Dream?, Part
                                  2  . . . . . . . . . . . . . . . . . . . 68--71
              Travis Breaux and   
                   David Gordon   What engineers should know about US
                                  security and privacy law . . . . . . . . 72--76
            Benedikt Koppel and   
                Stephan Neuhaus   Crypto Corner: Analysis of a hardware
                                  security module's high-availability
                                  setting  . . . . . . . . . . . . . . . . 77--80
                   Michael Lesk   Security & Privacy Economics: Privateers
                                  in cyberspace: Aargh!  . . . . . . . . . 81--84
        Shari Lawrence Pfleeger   In Our Orbit: Ramsey theory: Learning
                                  about the needle in the haystack . . . . 85--87
             Steven M. Bellovin   Last Word: Military cybersomethings  . . 88

IEEE Security & Privacy
Volume 11, Number 4, July / August, 2013

              Fred B. Schneider   Cybersecurity Education in Universities  3--4
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet Talks with Gary
                                  Warzala  . . . . . . . . . . . . . . . . 8--10
           Robin Bloomfield and   
                       Jay Lala   Safety-Critical Systems: The Next
                                  Generation . . . . . . . . . . . . . . . 11--13
             Homa Alemzadeh and   
        Ravishankar K. Iyer and   
        Zbigniew Kalbarczyk and   
                      Jai Raman   Analysis of Safety-Critical Computer
                                  Failures in Medical Devices  . . . . . . 14--26
                Sayan Mitra and   
    Tichakorn Wongpiromsarn and   
              Richard M. Murray   Verifying Cyber-Physical Interactions in
                                  Safety-Critical Systems  . . . . . . . . 28--37
          Domenico Cotroneo and   
                Roberto Natella   Fault Injection for Software
                                  Certification  . . . . . . . . . . . . . 38--45
         Thiago Mattos Rosa and   
        Altair Olivo Santin and   
              Andreia Malucelli   Mitigating XML Injection 0-Day Attacks
                                  through Strategy-Based Detection Systems 46--53
                   Susan Landau   Making Sense from Snowden: What's
                                  Significant in the NSA Surveillance
                                  Revelations  . . . . . . . . . . . . . . 54--63
                     Jeff Stein   The End of National Security Reporting?  64--68
                    Chris Eagle   Computer Security Competitions:
                                  Expanding Educational Outcomes . . . . . 69--71
        Alessandro Acquisti and   
              Idris Adjerid and   
              Laura Brandimarte   Gone in 15 Seconds: The Limits of
                                  Privacy Transparency and Control . . . . 72--74
                 Stefan Mangard   Keeping Secrets on Low-Cost Chips  . . . 75--77
                   Rebecca Bace   Pain Management for Entrepreneurs:
                                  Working with Venture Capital . . . . . . 78--81
             Stephen McLaughlin   Securing Control Systems from the
                                  Inside: A Case for Mediating Physical
                                  Behaviors  . . . . . . . . . . . . . . . 82--84
                   Michael Lesk   Big Data, Big Brother, Big Money . . . . 85--89
                     Susan Dery   Using Whitelisting to Combat Malware
                                  Attacks at Fannie Mae  . . . . . . . . . 90--92
                   Rafe Sagarin   Bio-hacking: Tapping Life's Code to Deal
                                  with Unpredictable Risk  . . . . . . . . 93--95
                 Daniel E. Geer   On Abandonment . . . . . . . . . . . . . 96

IEEE Security & Privacy
Volume 11, Number 5, September / October, 2013

               Robin Bloomfield   Open Assurance . . . . . . . . . . . . . 3--4
                     Lee Garber   News Briefs: Security, Privacy, Policy,
                                  and Dependability Roundup  . . . . . . . 6--7
                    Gary McGraw   Interview: Silver Bullet Talks with
                                  Wenyuan Xu . . . . . . . . . . . . . . . 8--10
                Tom Kirkham and   
            Sandra Winfield and   
                Serge Ravet and   
           Sampo Kellomäki   The Personal Data Store Approach to
                                  Personal Data Security . . . . . . . . . 12--19
             Keith Harrison and   
               Gregory B. White   Anonymous and Distributed Community
                                  Cyberincident Detection  . . . . . . . . 20--27
                 Weihan Goh and   
                  Chai Kiat Yeo   Teaching an Old TPM New Tricks:
                                  Repurposing for Identity-Based
                                  Signatures . . . . . . . . . . . . . . . 28--35
            Eleanor Birrell and   
              Fred B. Schneider   Federated Identity Management Systems: A
                                  Privacy-Based Characterization . . . . . 36--48
               Wei-dong Qiu and   
                    Qian Su and   
                   Bo-zhong Liu   iOS Data Recovery Using Low-Level NAND
                                  Images . . . . . . . . . . . . . . . . . 49--55
                   Gary T. Marx   The Public as Partner? Technology Can
                                  Make Us Auxiliaries as Well as
                                  Vigilantes . . . . . . . . . . . . . . . 56--61
         Boudewijn R. Haverkort   The Dependable Systems-of-Systems Design
                                  Challenge  . . . . . . . . . . . . . . . 62--65
                 Cynthia Irvine   A Cyberoperations Program  . . . . . . . 66--69
                      Ryan Calo   Tiny Salespeople: Mediated Transactions
                                  and the Internet of Things . . . . . . . 70--72
     Vashek Matyá\vs and   
            Ji\vrí K\rur   Conflicts between Intrusion Detection
                                  and Privacy Mechanisms for Wireless
                                  Sensor Networks  . . . . . . . . . . . . 73--76
             Jim Alves-Foss and   
                      Paul Oman   The Known Unknowns . . . . . . . . . . . 77--79
                 Jim Blythe and   
                Ross Koppel and   
                  Sean W. Smith   Circumvention of Security: Good Users Do
                                  Bad Things . . . . . . . . . . . . . . . 80--83
          Nicole B. Ellison and   
             Jeffrey T. Hancock   Profile as Promise: Honest and Deceptive
                                  Signals in Online Dating . . . . . . . . 84--88
          Thomas B. Hilburn and   
                  Nancy R. Mead   Building Security In: A Road to
                                  Competency . . . . . . . . . . . . . . . 89--92
                  Kacper Gradon   Crime Science and the Internet
                                  Battlefield: Securing the Analog World
                                  from Digital Crime . . . . . . . . . . . 93--95
                 Bruce Schneier   Last word: Trust in Man/Machine Security
                                  Systems  . . . . . . . . . . . . . . . . 96--96

IEEE Security & Privacy
Volume 11, Number 6, November / December, 2013

                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Usenix [House Advertisement] . . . . . . c2--c2
                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
        Shari Lawrence Pfleeger   Focus on Policy  . . . . . . . . . . . . 3--3
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 4
                    Gary McGraw   Interview: Silver Bullet Talks with W.
                                  Hord Tipton  . . . . . . . . . . . . . . 5--7
                     Lee Garber   News Briefs: Security, Privacy, Policy,
                                  and Dependability Roundup  . . . . . . . 8--9
                Kelly Caine and   
                   Michael Lesk   Security and Privacy in Health IT [Guest
                                  editors' introduction] . . . . . . . . . 10--11
              Mark Chignell and   
           Mahsa Rouzbahman and   
                Ryan Kealey and   
                Reza Samavi and   
                    Erin Yu and   
              Tammy Sieminowski   Nonconfidential Patient Types in
                                  Emergency Clinical Decision Support  . . 12--18
                   Michael Lesk   Electronic Medical Records:
                                  Confidentiality, Care, and Epidemiology  19--24
             Denise Anthony and   
         Andrew T. Campbell and   
              Thomas Candon and   
           Andrew Gettinger and   
                 David Kotz and   
             Lisa A. Marsch and   
      Andres Molina-Markham and   
                 Karen Page and   
              Sean W. Smith and   
             Carl A. Gunter and   
                M. Eric Johnson   Securing Information Technology in
                                  Healthcare . . . . . . . . . . . . . . . 25--33
         Gines Dolera Tormo and   
         Felix Gomez Marmol and   
                 Joao Girao and   
        Gregorio Martinez Perez   Identity Management --- In Privacy We
                                  Trust: Bridging the Trust Gap in eHealth
                                  Environments . . . . . . . . . . . . . . 34--41
                Deborah C. Peel   Point/Counterpoint: The Consequences of
                                  the Lack of Privacy in Today's
                                  Electronic Health Systems  . . . . . . . 42--44
                   Deven McGraw   Point/Counterpoint: Privacy and Security
                                  as Enable, Not Barrier, to Responsible
                                  Health Data Uses . . . . . . . . . . . . 42--44
       Abdulghani Ali Ahmed and   
                Aman Jantan and   
                   Tat-Chee Wan   Real-Time Detection of Intrusive Traffic
                                  in QoS Network Domains . . . . . . . . . 45--53
               Sanmeet Kaur and   
                 Maninder Singh   Automatic Attack Signature Generation
                                  Systems: A Review  . . . . . . . . . . . 54--61
    Paulo Esteves Verissimo and   
                Alysson Bessani   E-biobanking: What Have You Done to My
                                  Cell Samples?  . . . . . . . . . . . . . 62--65
              Andrew McGettrick   Toward Effective Cybersecurity Education 66--68
          Heather Dewey-Hagborg   Stranger Visions: A Provocation  . . . . 69--70
     Jean-Michel Cioranesco and   
              Houda Ferradi and   
                 David Naccache   Crypto Corner: Communicating Covertly
                                  through CPU Monitoring . . . . . . . . . 71--73
         Alvaro A. Cardenas and   
      Pratyusa K. Manadhata and   
             Sreeranga P. Rajan   Systems Security: Big Data Analytics for
                                  Security . . . . . . . . . . . . . . . . 74--76
                   Michael Lesk   Security & Privacy Economics: The Old Is
                                  New Again  . . . . . . . . . . . . . . . 77--79
              Nancy R. Mead and   
              Thomas B. Hilburn   Building Security In: Preparing for a
                                  Software Security Career . . . . . . . . 80--83
                 Harvey Molotch   Everyday Security: Default to Decency    84--87
             Steven M. Bellovin   The Last Word: Walls and Gates . . . . . 88--88
                      Anonymous   InfoSec World Conference 2014 Trade
                                  Advertisement  . . . . . . . . . . . . . c3--c3
                      Anonymous   Magazine Subscribe [House Advertisement] c4--c4


IEEE Security & Privacy
Volume 12, Number 1, January / February, 2014

                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1
                      Anonymous   Rock Stars of Mobile Cloud [House
                                  Advertisement] . . . . . . . . . . . . . c2
                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                     Bill Horne   Humans in the Loop . . . . . . . . . . . 3--4
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 5
                    Gary McGraw   Silver Bullet Talks with Jon Callas  . . 6--8
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 9--10
            M. Angela Sasse and   
              Charles C. Palmer   Protecting You . . . . . . . . . . . . . 11--13
                  Cormac Herley   More Is Not the Answer . . . . . . . . . 14--19
            Simson L. Garfinkel   Leaking Sensitive Information in Complex
                                  Document Files--and How to Prevent It    20--27
           Deanna D. Caputo and   
    Shari Lawrence Pfleeger and   
           Jesse D. Freeman and   
                M. Eric Johnson   Going Spear Phishing: Exploring Embedded
                                  Training and Awareness . . . . . . . . . 28--38
            M. Angela Sasse and   
          Charles C. Palmer and   
           Markus Jakobsson and   
             Sunny Consolvo and   
                  Rick Wash and   
                   L. Jean Camp   Helping You Protect You  . . . . . . . . 39--42
               Ying-Dar Lin and   
               Chia-Yin Lee and   
                 Hao-Chuan Tsai   Redefining Security Criteria for
                                  Networking Devices with Case Studies . . 43--53
                  Moti Geva and   
              Amir Herzberg and   
                   Yehoshua Gev   Bandwidth Distributed Denial of Service:
                                  Attacks and Defenses . . . . . . . . . . 54--61
                   Susan Landau   Highlights from Making Sense of Snowden,
                                  Part II: What's Significant in the NSA
                                  Revelations  . . . . . . . . . . . . . . 62--64
                  George Candea   The Tests-versus-Proofs Conundrum  . . . 65--68
        Prabir Bhattacharya and   
                    Li Yang and   
                 Minzhe Guo and   
                   Kai Qian and   
                      Ming Yang   Learning Mobile Security with Labware    69--72
                       Paul Ohm   Should Sniffing Wi-Fi Be Illegal?  . . . 73--76
              David Eckhoff and   
               Christoph Sommer   Driving for Big Data? Privacy Concerns
                                  in Vehicular Networking  . . . . . . . . 77--79
               Richard Ford and   
                 Marco Carvalho   Protecting Me  . . . . . . . . . . . . . 80--82
              Sergey Bratus and   
                Trey Darley and   
            Michael Locasto and   
      Meredith L. Patterson and   
     Rebecca ``bx'' Shapiro and   
                   Anna Shubina   Beyond Planted Bugs in `Trusting Trust':
                                  The Input-Processing Frontier  . . . . . 83--87
                 Daniel E. Geer   Last Word: Polarization  . . . . . . . . 88
                      Anonymous   Subscribe to \booktitleIEEE Security &
                                  Privacy [House Advertisement]  . . . . . c3

IEEE Security & Privacy
Volume 12, Number 2, March / April, 2014

                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1
                      Anonymous   Magazine Subscribe [House Advertisement] c2
                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   Taking Action to Build Trust in Security 3--4
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 5
                      Anonymous   Membership Matters [House Advertisement] 6
                    Gary McGraw   Silver Bullet Talks with Matthew Green   7--10
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 11--13
            Luanne Goldrich and   
               Carl E. Landwehr   Moving Target [Guest Editors'
                                  introduction]  . . . . . . . . . . . . . 14--15
              Hamed Okhravi and   
              Thomas Hobson and   
              David Bigelow and   
              William Streilein   Finding Focus in the Blur of
                                  Moving-Target Techniques . . . . . . . . 16--26
                      Anonymous   Jobs Board [House Advertisement] . . . . 27
              Glenn A. Fink and   
            Jereme N. Haack and   
          A. David McKinnon and   
                  Errin W. Fulp   Defense on the Move: Ant-Based Cyber
                                  Defense  . . . . . . . . . . . . . . . . 36--43
            Cherita Corbett and   
                 Jason Uher and   
               Jarriel Cook and   
                  Angela Dalton   Countering Intelligent Jamming with Full
                                  Protocol Stack Agility . . . . . . . . . 44--50
          Fernand Lone Sang and   
          Vincent Nicomette and   
                  Yves Deswarte   A Tool to Analyze Potential I/O Attacks
                                  against PCs  . . . . . . . . . . . . . . 60--66
             William H. Sanders   Quantitative Security Metrics:
                                  Unattainable Holy Grail or a Vital
                                  Breakthrough within Our Reach? . . . . . 67--69
               Diana Maimut and   
              Reza Reyhanitabar   Authenticated Encryption: Toward
                                  Next-Generation Algorithms . . . . . . . 70--72
             Marco Carvalho and   
                   Richard Ford   Moving-Target Defenses for Computer
                                  Networks . . . . . . . . . . . . . . . . 73--76
                   Michael Lesk   Caller ID: Whose Privacy?  . . . . . . . 77--79
         Emiliano De Cristofaro   Genomic Privacy and the Rise of a New
                                  Research Community . . . . . . . . . . . 80--83
                 Bruce Schneier   Metadata $=$ Surveillance  . . . . . . . 84
                      Anonymous   Software Experts Summit [House
                                  Advertisement] . . . . . . . . . . . . . c3
                      Anonymous   Rock Stars of Mobile Cloud [House
                                  Advertisement] . . . . . . . . . . . . . c4

IEEE Security & Privacy
Volume 12, Number 3, May / June, 2014

                      Anonymous   Focus on Your Job Search [House
                                  Advertisement] . . . . . . . . . . . . . c2--c2
                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                 Jeremy Epstein   Phishing Our Employees . . . . . . . . . 3--4
                      Anonymous   [Masthead] . . . . . . . . . . . . . . . 5
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 6--8
                    Gary McGraw   Silver Bullet Talks with Yoshi Kohno . . 9--12
                   Terry Benzel   A Symposium, a Magazine, and a Community
                                  [Guest editorial]  . . . . . . . . . . . 13--14
           Peter G. Neumann and   
               Sean Peisert and   
                Marvin Schaefer   The IEEE Symposium on Security and
                                  Privacy, in Retrospect . . . . . . . . . 15--17
             George Cybenko and   
             Kathy Clark-Fisher   IEEE Security & Privacy: The Early Years  18--19
             Michael Z. Lee and   
               Alan M. Dunn and   
              Jonathan Katz and   
               Brent Waters and   
                 Emmett Witchel   Anon-Pass: Practical Anonymous
                                  Subscriptions  . . . . . . . . . . . . . 20--27
           Nick Nikiforakis and   
      Alexandros Kapravelos and   
              Wouter Joosen and   
        Christopher Kruegel and   
             Frank Piessens and   
                 Giovanni Vigna   On the Workings and Current Practices of
                                  Web-Based Device Fingerprinting  . . . . 28--36
               Joel Reardon and   
                David Basin and   
                  Srdjan Capkun   On Secure Data Deletion  . . . . . . . . 37--44
            Laszlo Szekeres and   
              Mathias Payer and   
               Lenx Tao Wei and   
                       R. Sekar   Eternal War in Memory  . . . . . . . . . 45--53
             Arthur Gervais and   
          Ghassan O. Karame and   
              Vedran Capkun and   
                  Srdjan Capkun   Is Bitcoin a Decentralized Currency? . . 54--60
            Deirdre K. Mulligan   The Enduring Importance of Transparency  61--65
                   Susan Landau   Educating Engineers: Teaching Privacy in
                                  a World of Open Doors  . . . . . . . . . 66--70
                  Anna Slomovic   Privacy Issues in Identity Verification  71--73
                 Milan Broz and   
                  Vashek Matyas   The TrueCrypt On-Disk Format --- An
                                  Independent View . . . . . . . . . . . . 74--77
                   Michael Lesk   Does the Cloud of Surveillance Have a
                                  Silver Lining? . . . . . . . . . . . . . 78--81
            Chris Bonebrake and   
               Lori Ross O'Neil   Attacks on GPS Time Reliability  . . . . 82--84
                 Martin Ortlieb   The Anthropologist's View on Privacy . . 85--87
             Steven M. Bellovin   Dr. Strangecode  . . . . . . . . . . . . 88
                      Anonymous   IEEE Security & Privacy [Advertisement]   c3
                      Anonymous   Rock Stars of Cybersecurity [House
                                  Advertisement] . . . . . . . . . . . . . c4

IEEE Security & Privacy
Volume 12, Number 4, July / August, 2014

                      Anonymous   Table of contents  . . . . . . . . . . . 1--2
                   Susan Landau   Security and Privacy: Facing Ethical
                                  Choices  . . . . . . . . . . . . . . . . 3--6
                      Anonymous   [Masthead] . . . . . . . . . . . . . . . 7--7
                     Lee Garber   Security, Privacy, Policy, and
                                  Dependability Roundup  . . . . . . . . . 8--10
                    Gary McGraw   Silver Bullet Talks with Nate Fick . . . 11--13
               Michael Kerr and   
               Ron van Schyndel   Adapting Law Enforcement Frameworks to
                                  Address the Ethical Problems of CCTV
                                  Product Propagation  . . . . . . . . . . 14--21
        Simson L. Garfinkel and   
               Michael McCarrin   Can We Sniff Wi-Fi?: Implications of
                                  Joffe v. Google  . . . . . . . . . . . . 22--28
            Jan-Erik Ekberg and   
            Kari Kostiainen and   
                      N. Asokan   The Untapped Potential of Trusted
                                  Execution Environments on Mobile Devices 29--37
                    Nir Kshetri   China's Data Privacy Regulations: A
                                  Tricky Tradeoff between ICT's Productive
                                  Utilization and Cybercontrol . . . . . . 38--45
             Daniel E. Geer and   
              Poul-Henning Kamp   Inviting More Heartbleed . . . . . . . . 46--50
                 Robert Gellman   Willis Ware's Lasting Contribution to
                                  Privacy: Fair Information Practices  . . 51--54
           Rebecca Balebako and   
                  Lorrie Cranor   Improving App Privacy: Nudging App
                                  Developers to Protect User Privacy . . . 55--58
                  Ari Juels and   
              Thomas Ristenpart   Honey Encryption: Encryption beyond the
                                  Brute-Force Barrier  . . . . . . . . . . 59--62
             Marco Carvalho and   
               Jared DeMott and   
               Richard Ford and   
               David A. Wheeler   Heartbleed 101 . . . . . . . . . . . . . 63--67
           Patrick McDaniel and   
               Brian Rivera and   
                Ananthram Swami   Toward a Science of Secure Environments  68--70
                   Michael Lesk   Staffing for Security: Don't Optimize    71--73
        Shari Lawrence Pfleeger   The Eyes Have It: Surveillance and How
                                  It Evolved . . . . . . . . . . . . . . . 74--79
             Steven M. Bellovin   By Any Means Possible: How Intelligence
                                  Agencies Have Gotten Their Data  . . . . 80--84
                    John DeLong   Aligning the Compasses: A Journey
                                  through Compliance and Technology  . . . 85--89
                 Daniel E. Geer   Personal Data and Government
                                  Surveillance . . . . . . . . . . . . . . 90--96
                      Anonymous   [Front cover]  . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy [Advertisement]   c3--c3
                      Anonymous   Rock Stars of Cybersecurity
                                  [Advertisement]  . . . . . . . . . . . . c4--c4
                      Anonymous   Seeking IEEE Security & Security Editor
                                  in Chief . . . . . . . . . . . . . . . . c2--c2

IEEE Security & Privacy
Volume 12, Number 5, September / October, 2014

                      Anonymous   Table of contents  . . . . . . . . . . . 1--2
        Shari Lawrence Pfleeger   Expanding to Meet Readers' Needs . . . . 3--4
                      Anonymous   [Masthead] . . . . . . . . . . . . . . . 5--5
                    Gary McGraw   Silver Bullet Talks with Bart Miller . . 6--8
               Sean Peisert and   
         Jonathan Margulies and   
             David M. Nicol and   
           Himanshu Khurana and   
                   Chris Sawall   Designed-in Security for Cyber-Physical
                                  Systems  . . . . . . . . . . . . . . . . 9--12
                     Bill Horne   On Computer Security Incident Response
                                  Teams  . . . . . . . . . . . . . . . . . 13--15
               Robin Ruefle and   
             Audrey Dorofee and   
               David Mundie and   
       Allen D. Householder and   
             Michael Murray and   
                 Samuel J. Perl   Computer Security Incident Response Team
                                  Development and Evolution  . . . . . . . 16--26
                  Kas Clark and   
              Don Stikvoort and   
           Eelco Stofbergen and   
            Elly van den Heuvel   A Dutch Approach to Cybersecurity
                                  through Participation  . . . . . . . . . 27--34
              Sandeep Bhatt and   
      Pratyusa K. Manadhata and   
                    Loai Zomlot   The Operational Role of Security
                                  Information and Event Management Systems 35--41
               Panos Kampanakis   Security Automation and Threat
                                  Information-Sharing Options  . . . . . . 42--51
Sathya Chandran Sundaramurthy and   
                John McHugh and   
           Xinming Simon Ou and   
         S. Raj Rajagopalan and   
                  Michael Wesch   An Anthropological Approach to Studying
                                  CSIRTs . . . . . . . . . . . . . . . . . 52--60
            Tiffani R. Chen and   
            Daniel B. Shore and   
         Stephen J. Zaccaro and   
           Reeshad S. Dalal and   
            Lois E. Tetrick and   
                  Aiva K. Gorab   An Organizational Psychology Perspective
                                  to Examining Computer Security Incident
                                  Response Teams . . . . . . . . . . . . . 61--67
                Yossi Gilad and   
              Amir Herzberg and   
                   Haya Shulman   Off-Path Hacking: The Illusion of
                                  Challenge--Response Authentication . . . 68--77
                  Katrine Evans   Where in the World Is My Information?:
                                  Giving People Access to Their Data . . . 78--81
                 Cuong Pham and   
         Zachary J. Estrada and   
                 Phuong Cao and   
        Zbigniew Kalbarczyk and   
            Ravishankar K. Iyer   Building Reliable and Secure Virtual
                                  Machines Using Architectural Invariants  82--85
           Jeffrey MacKie-Mason   Can We Afford Privacy from Surveillance? 86--89
             Aaron Beuhring and   
                    Kyle Salous   Beyond Blacklisting: Cyberdefense in the
                                  Era of Advanced Persistent Threats . . . 90--93
                      Anonymous   Intelect [Advertisement] . . . . . . . . 94--94
                 Bruce Schneier   The Future of Incident Response  . . . . 96--96
                      Anonymous   Co3 Systems Advertisement  . . . . . . . c2--c2
                      Anonymous   IEEE Security & Privacy [Advertisement]   c3--c3
                      Anonymous   Rock Stars of Big Data Analytics
                                  [Advertisement]  . . . . . . . . . . . . c4--c4

IEEE Security & Privacy
Volume 12, Number 6, November / December, 2014

                      Anonymous   Table of contents  . . . . . . . . . . . 1--2
        Shari Lawrence Pfleeger   Technology, Transparency, and Trust  . . 3--5
                      Anonymous   [Masthead] . . . . . . . . . . . . . . . 6--6
                      Anonymous   Reviewer Thanks  . . . . . . . . . . . . 7--8
                    Gary McGraw   Silver Bullet Talks with the IEEE Center
                                  for Secure Design  . . . . . . . . . . . 9--12
               Sean Peisert and   
             Jonathan Margulies   Closing the Gap on Securing Energy
                                  Sector Control Systems [Guest Editors'
                                  introduction]  . . . . . . . . . . . . . 13--14
             Carlos Barreto and   
              Jairo Giraldo and   
         Alvaro A. Cardenas and   
        Eduardo Mojica-Nava and   
                Nicanor Quijano   Control Systems for the Power Grid and
                                  Their Resiliency to Attacks  . . . . . . 15--23
             Moses Schwartz and   
                John Mulder and   
           Adrian R. Chavez and   
              Benjamin A. Allan   Emerging Techniques for Field Device
                                  Security . . . . . . . . . . . . . . . . 24--31
            Chuck McParland and   
               Sean Peisert and   
                 Anna Scaglione   Monitoring Security of Networked Control
                                  Systems: It's the Physics  . . . . . . . 32--39
               Saman Zonouz and   
              Julian Rrushi and   
             Stephen McLaughlin   Detecting Industrial Control Malware
                                  Using Automated PLC Code Analytics . . . 40--47
                     Ryan Ellis   Regulating Cybersecurity: Institutional
                                  Learning or a Lesson in Futility?  . . . 48--54
               Sean Peisert and   
         Jonathan Margulies and   
                 Eric Byres and   
                 Paul Dorey and   
              Dale Peterson and   
                     Zach Tudor   Control Systems Security from the Front
                                  Lines  . . . . . . . . . . . . . . . . . 55--58
          Francien Dechesne and   
        Dina Hadziosmanovic and   
                 Wolter Pieters   Experimenting with Incentives: Security
                                  in Pilots for Future Grids . . . . . . . 59--66
                      Anonymous   IEEE Computer Society [Advertisement]    67--67
               Jungwoo Ryoo and   
                 Syed Rizvi and   
              William Aiken and   
                   John Kissell   Cloud Security Auditing: Challenges and
                                  Emerging Approaches  . . . . . . . . . . 68--74
                Frank Kargl and   
    Rens W. van der Heijden and   
              Hartmut Konig and   
             Alfonso Valdes and   
                 Marc C. Dacier   Insights on the Security and
                                  Dependability of Industrial Control
                                  Systems  . . . . . . . . . . . . . . . . 75--78
                   Melissa Dark   Advancing Cybersecurity Education  . . . 79--83
              Wendy M. Grossman   ``Emergency'' Ushers in a New Era in
                                  British Communications Surveillance  . . 84--88
        Lorrie Faith Cranor and   
                 Norbou Buchler   Better Together: Usability and Security
                                  Go Hand in Hand  . . . . . . . . . . . . 89--93
                   Michael Lesk   Trust, but Verify  . . . . . . . . . . . 94--96
                 Todd Bauer and   
                   Jason Hamlet   Physical Unclonable Functions: A Primer  97--101
               Benjamin Edelman   Accountable? The Problems and Solutions
                                  of Online Ad Optimization  . . . . . . . 102--107
             Steven M. Bellovin   What Should Crypto Look Like?  . . . . . 108--108
                      Anonymous   [Advertisement]  . . . . . . . . . . . . c4--c4
                      Anonymous   [Front cover]  . . . . . . . . . . . . . c1--c1
                      Anonymous   Focus on Your Job Search [Advertisement] c2--c2
                      Anonymous   IEEE Security & Privacy [Advertisement]   c3--c3


IEEE Security & Privacy
Volume 13, Number 1, January / February, 2015

                     Bill Horne   Umbrellas and Octopuses  . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6--6
                    Gary McGraw   Silver Bullet Talks with Brian Krebs . . 7--11
              Hilarie Orman and   
            Charles P. Pfleeger   Mathematics and Physics Build a New
                                  Future for Secure Communication [Guest
                                  Editors' introduction] . . . . . . . . . 12--13
                Wade Trappe and   
             Richard Howard and   
                Robert S. Moore   Low-Energy Security: Limits and
                                  Opportunities in the Internet of Things  14--21
            David W. Archer and   
                   Kurt Rohloff   Computing with Data Privacy: Steps
                                  toward Realization . . . . . . . . . . . 22--29
          Logan O. Mailloux and   
        Michael R. Grimaila and   
          Douglas D. Hodson and   
         Gerald Baumgartner and   
               Colin McLaughlin   Performance Evaluations of Quantum Key
                                  Distribution System Architectures  . . . 30--40
             Ioana Boureanu and   
                 Serge Vaudenay   Challenges in Distance Bounding  . . . . 41--48
                   Mark Maybury   Toward the Assured Cyberspace Advantage:
                                  Air Force Cyber Vision 2025  . . . . . . 49--56
            Ricardo Padilha and   
                Fernando Pedone   Confidentiality in the Cloud . . . . . . 57--60
                   Melissa Dark   Thinking about Cybersecurity . . . . . . 61--65
                    Emil Simion   The Relevance of Statistical Tests in
                                  Cryptography . . . . . . . . . . . . . . 66--70
                 Budi Arief and   
       Mohd Azeem Bin Adzmi and   
                   Thomas Gross   Understanding Cybercrime from Its
                                  Stakeholders' Perspectives: Part 1 ---
                                  Attackers  . . . . . . . . . . . . . . . 71--76
                   Rahul Telang   Policy Framework for Data Breaches . . . 77--79
             Daniel E. Geer Jr.   Less Is More: Saving the Internet from
                                  Itself . . . . . . . . . . . . . . . . . 80--80
                      Anonymous   3rd Annual Best Scientific Cybersecurity
                                  Paper Competition [House Advertisement]  c4--c4
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Mark Your Calendars [House
                                  Advertisement] . . . . . . . . . . . . . c2--c2
                      Anonymous   Startup Rock Stars [House Advertisement] c3--c3

IEEE Security & Privacy
Volume 13, Number 2, March / April, 2015

                 Jeremy Epstein   The Whole Is Less than the Sum of the
                                  Parts  . . . . . . . . . . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6--6
                    Gary McGraw   Silver Bullet Talks with Whitfield
                                  Diffie . . . . . . . . . . . . . . . . . 7--10
                      Anonymous   39th Annual International Computers,
                                  Software & Applications Conference House
                                  Advertisement  . . . . . . . . . . . . . 11--11
                   Terry Benzel   An Enduring Symposium for Leading
                                  Research in Security and Privacy . . . . 12--13
          Sai Teja Peddinti and   
        Aleksandra Korolova and   
             Elie Bursztein and   
           Geetanjali Sampemane   Understanding Sensitivity by Analyzing
                                  Anonymity [Guest Editor's introduction]  14--21
          Susan Hohenberger and   
               Steven Myers and   
                Rafael Pass and   
                    Abhi Shelat   An Overview of ANONIZE: A Large-Scale
                                  Anonymous Survey System  . . . . . . . . 22--29
                 Per Larsen and   
          Stefan Brunthaler and   
                  Michael Franz   Automatic Software Diversity . . . . . . 30--37
               Zongwei Zhou and   
                    Miao Yu and   
               Virgil D. Gligor   Dancing with Giants: Wimpy Kernels for
                                  On-Demand I/O Isolation  . . . . . . . . 38--46
                      Anonymous   Focus on Your Job Search House
                                  Advertisement  . . . . . . . . . . . . . 47--47
               Bhushan Jain and   
           Mirza Basim Baig and   
               Dongli Zhang and   
           Donald E. Porter and   
                      Radu Sion   Introspections on the Semantic Gap . . . 48--55
                  Mike Bond and   
         Marios O. Choudary and   
          Steven J. Murdoch and   
        Sergei Skorobogatov and   
                  Ross Anderson   Be Prepared: The EMV Preplay Attack  . . 56--64
            Vincent Lenders and   
                Axel Tanner and   
                  Albert Blarer   Gaining an Edge in Cyberspace with
                                  Advanced Situational Awareness . . . . . 65--74
               Melissa Dark and   
                Jelena Mirkovic   Evaluation Theory and Practice Applied
                                  to Cybersecurity Education . . . . . . . 75--80
                   Graham Steel   Automated Proof and Flaw-Finding Tools
                                  in Cryptography  . . . . . . . . . . . . 81--83
                 Budi Arief and   
           Mohd Azeem Bin Adzmi   Understanding Cybercrime from Its
                                  Stakeholders' Perspectives: Part 2 ---
                                  Defenders and Victims  . . . . . . . . . 84--88
         Wojciech Mazurczyk and   
                Luca Caviglione   Information Hiding as a Challenge for
                                  Malware Detection  . . . . . . . . . . . 89--93
              Sean W. Smith and   
               John S. Erickson   Never Mind Pearl Harbor --- What about a
                                  Cyber Love Canal?  . . . . . . . . . . . 94--98
                   Michael Lesk   Safety Risks --- Human Error or
                                  Mechanical Failure?: Lessons from
                                  Railways . . . . . . . . . . . . . . . . 99--102
  Frederik Zuiderveen Borgesius   Informed Consent: We Can Do Better to
                                  Defend Privacy . . . . . . . . . . . . . 103--107
                 Bruce Schneier   The Security Value of Muddling Through   108--108
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Get More, for Less! House Advertisement  c4--c4
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c3--c3
                      Anonymous   Rock Stars of Cyber Security
                                  [Advertisement]  . . . . . . . . . . . . c2--c2

IEEE Security & Privacy
Volume 13, Number 3, May / June, 2015

                   Susan Landau   What Was Samsung Thinking? . . . . . . . 3--4
                    Gary McGraw   Silver Bullet Talks with L. Jean Camp    5--7
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 8--8
          Kleanthis Dellios and   
        Dimitrios Papanikas and   
                 Despina Polemi   Information Security Compliance over
                                  Intelligent Transport Systems: Is IT
                                  Possible?  . . . . . . . . . . . . . . . 9--15
                    Nir Kshetri   India's Cybersecurity Landscape: The
                                  Roles of the Private Sector and
                                  Public-Private Partnership . . . . . . . 16--23
                David Basin and   
                Cas Cremers and   
          Kunihiko Miyazaki and   
           Sasa Radomirovic and   
                   Dai Watanabe   Improving the Security of Cryptographic
                                  Protocol Standards . . . . . . . . . . . 24--31
    Patricia Arias-Cabarcos and   
          Florina Almenarez and   
              Ruben Trapero and   
        Daniel Diaz-Sanchez and   
                   Andres Marin   Blended Identity: Pervasive IdM for
                                  Continuous Authentication  . . . . . . . 32--39
            Hamilton Turner and   
                Jules White and   
           Jaime A. Camelio and   
       Christopher Williams and   
               Brandon Amos and   
                  Robert Parker   Bad Parts: Are Our Manufacturing Systems
                                  at Risk of Silent Cyberattacks?  . . . . 40--47
              Kjell Jorgen Hole   Diversity Reduces the Impact of Malware  48--54
                 Jeremy Epstein   Weakness in Depth: A Voting Machine's
                                  Demise . . . . . . . . . . . . . . . . . 55--58
           Peter Y. A. Ryan and   
            Steve Schneider and   
                 Vanessa Teague   End-to-End Verifiability in Voting
                                  Systems, from Theory to Practice . . . . 59--62
            Jelena Mirkovic and   
               Melissa Dark and   
                Wenliang Du and   
             Giovanni Vigna and   
                 Tamara Denning   Evaluating Cybersecurity Education
                                  Interventions: Three Case Studies  . . . 63--69
                 Liam M. Mayron   Biometric Authentication on Mobile
                                  Devices  . . . . . . . . . . . . . . . . 70--73
              J. Adam Crain and   
                  Sergey Bratus   Bolt-On Security Extensions for
                                  Industrial Control System Protocols: A
                                  Case Study of DNP3 SAv5  . . . . . . . . 74--79
                   Angela Sasse   Scaring and Bullying People into
                                  Security Won't Work  . . . . . . . . . . 80--83
             Jonathan Margulies   A Developer's Guide to Audit Logging . . 84--86
                      Anonymous   Focus on Your Job Search House
                                  Advertisement  . . . . . . . . . . . . . 87--87
                   Kat Krol and   
                Soren Preibusch   Effortless Privacy Negotiations  . . . . 88--91
             Steven M. Bellovin   What a Real Cybersecurity Bill Should
                                  Address  . . . . . . . . . . . . . . . . 92--92
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Get more, for less! House Advertisement  c4--c4
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c3--c3
                      Anonymous   Rock Stars of Cybersecurity House
                                  Advertisement  . . . . . . . . . . . . . c2--c2

IEEE Security & Privacy
Volume 13, Number 4, July / August, 2015

                   Terry Benzel   A Strategic Plan for Cybersecurity
                                  Research and Development . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6--6
                    Gary McGraw   Silver Bullet Talks with Katie
                                  Moussouris . . . . . . . . . . . . . . . 7--9
        Shari Lawrence Pfleeger   Learning from Other Disciplines  . . . . 10--11
             Denise Anthony and   
           Timothy Stablein and   
                Emily K. Carian   Big Brother in the Information Age:
                                  Concerns about Government Information
                                  Gathering over Time  . . . . . . . . . . 12--19
              Julie Steinke and   
             Balca Bolunmez and   
             Laura Fletcher and   
                 Vicki Wang and   
         Alan J. Tomassetti and   
        Kristin M. Repchick and   
         Stephen J. Zaccaro and   
           Reeshad S. Dalal and   
                Lois E. Tetrick   Improving Cybersecurity Incident
                                  Response Team Effectiveness Using
                                  Teams-Based Research . . . . . . . . . . 20--29
           Bilal Al Sabbagh and   
               Stewart Kowalski   A Socio-technical Framework for Threat
                                  Modeling a Software Supply Chain . . . . 30--39
              Kjell Jorgen Hole   Toward Anti-fragility: A Malware-Halting
                                  Technique  . . . . . . . . . . . . . . . 40--46
      Christos Dimitrakakis and   
          Aikaterini Mitrokotsa   Distance-Bounding Protocols: Are You
                                  Close Enough?  . . . . . . . . . . . . . 47--51
            David Gugelmann and   
            Pascal Studerus and   
            Vincent Lenders and   
                  Bernhard Ager   Can Content-Based Data Loss Prevention
                                  Solutions Prevent Data Leakage in Web
                                  Traffic? . . . . . . . . . . . . . . . . 52--59
                Rohit Tyagi and   
                 Tuhin Paul and   
                B. S. Manoj and   
                    B. Thanudas   Packet Inspection for Unauthorized OS
                                  Detection in Enterprises . . . . . . . . 60--65
                   Jared DeMott   Bypassing EMET 4.1 . . . . . . . . . . . 66--72
                    John Knight   The Importance of Security Cases: Proof
                                  Is Good, But Not Enough  . . . . . . . . 73--75
                   Michael Lesk   Ideas Ahead of Their Time: Digital Time
                                  Stamping . . . . . . . . . . . . . . . . 76--79
             Jonathan Margulies   Garage Door Openers: An Internet of
                                  Things Case Study  . . . . . . . . . . . 80--83
               Monica T. Whitty   Mass-Marketing Fraud: A Growing Concern  84--87
                 Daniel E. Geer   The Right to Be Unobserved . . . . . . . 88--88
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Computer Society House
                                  Advertisement  . . . . . . . . . . . . . c3--c3
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c4--c4
                      Anonymous   2016 Richard E. Merwin Distinguished
                                  Service Award House Advertisement  . . . c2--c2

IEEE Security & Privacy
Volume 13, Number 5, September / October, 2015

            Robin E. Bloomfield   Autonomy, Robotics, and Dependability    3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6--6
                      Anonymous   Focus on Your Job Search House
                                  Advertisement  . . . . . . . . . . . . . 7--7
                    Gary McGraw   Silver Bullet Talks with Bart Preneel    8--10
                      Anonymous   2016 Richard E. Merwin Distinguished
                                  Service Award House Advertisement  . . . 11--11
             Massimo Felici and   
            Nick Wainwright and   
              Fabio Bisogni and   
               Simona Cavallini   What's New in the Economics of
                                  Cybersecurity?: Observational and
                                  Empirical Studies  . . . . . . . . . . . 12--15
               Hadi Asghari and   
     Michel J. G. van Eeten and   
              Johannes M. Bauer   Economics of Fighting Botnets: Lessons
                                  from a Decade of Mitigation  . . . . . . 16--23
                Soren Preibusch   The Value of Web Search Privacy  . . . . 24--32
                      Anonymous   IEEE Computer Society 2015 Call for
                                  Major Award Nominations House
                                  Advertisement  . . . . . . . . . . . . . 33--33
          Tristan Caulfield and   
                      David Pym   Improving Security Policy Decisions with
                                  Models . . . . . . . . . . . . . . . . . 34--41
           Clementina Bruno and   
                 Luca Guidi and   
      Azahara Lorite-Espejo and   
              Daniela Pestonesi   Assessing a Potential Cyberattack on the
                                  Italian Electric System  . . . . . . . . 42--51
       Martina De Gramatica and   
             Fabio Massacci and   
               Woohyun Shim and   
        Alessandra Tedeschi and   
                Julian Williams   IT Interdependence and the Economic
                                  Fairness of Cybersecurity Regulations
                                  for Civil Aviation . . . . . . . . . . . 52--61
                      Anonymous   Call for Standards Award Nominations
                                  House Advertisement  . . . . . . . . . . 62--62
               Zahid Akhtar and   
        Christian Micheloni and   
              Gian Luca Foresti   Biometric Liveness Detection: Challenges
                                  and Research Opportunities . . . . . . . 63--72
                      Anonymous   Call for Nominees House Advertisement    73--73
             Masooda Bashir and   
              April Lambert and   
                   Boyi Guo and   
                Nasir Memon and   
                 Tzipora Halevi   Cybersecurity Competitions: The Human
                                  Angle  . . . . . . . . . . . . . . . . . 74--79
                  Katrine Evans   Vidal--Hall and Risk Management for
                                  Privacy Breaches . . . . . . . . . . . . 80--84
                      Anonymous   Software Experts Summit House
                                  Advertisement  . . . . . . . . . . . . . 85--85
                  Gilles Barthe   High-Assurance Cryptography:
                                  Cryptographic Software We Can Trust  . . 86--89
                 Juhee Kwon and   
                M. Eric Johnson   Protecting Patient Data --- The Economic
                                  Perspective of Healthcare Security . . . 90--95
             Jonathan Margulies   Securing Cloud-Based Applications, Part
                                  1  . . . . . . . . . . . . . . . . . . . 96--98
                David Modic and   
                  Ross Anderson   It's All Over but the Crying: The
                                  Emotional and Financial Impact of
                                  Internet Fraud . . . . . . . . . . . . . 99--103
                 Daniel E. Geer   Children of the Magenta  . . . . . . . . 104--104
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c4--c4
                      Anonymous   Keep Your Career Moving Forward House
                                  Advertisement  . . . . . . . . . . . . . c3--c3
                      Anonymous   Rock Stars of Cybersecurity House
                                  Advertisement  . . . . . . . . . . . . . c2--c2

IEEE Security & Privacy
Volume 13, Number 6, November / December, 2015

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                 S. L. Pfleeger   Spider-Man, Hubris, and the Future of
                                  Security and Privacy . . . . . . . . . . 3--10
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 11
                    Gary McGraw   Silver Bullet Talks with Steven M.
                                  Bellovin and Matthew Green . . . . . . . 12--15
        Shari Lawrence Pfleeger   Lessons Learned by Our Editorial Board   16--17
                    R. Oppliger   Quantitative Risk Analysis in
                                  Information Security Management: A
                                  Modern Fairy Tale  . . . . . . . . . . . 18--21
                 C. P. Pfleeger   Lesson Learned: Security is Inevitable   22--28
                      Anonymous   Get the Recognition You Deserve House
                                  Advertisement  . . . . . . . . . . . . . 29
                V. Bellandi and   
                  S. Cimato and   
                 E. Damiani and   
                 G. Gianini and   
                       A. Zilli   Toward Economic-Aware Risk Assessment on
                                  the Cloud  . . . . . . . . . . . . . . . 30--37
               P. H. Meland and   
               I. A. Tondel and   
                     B. Solhaug   Mitigating Risk with Cyberinsurance  . . 38--43
              A. D. Avgerou and   
                Y. C. Stamatiou   Privacy Awareness Diffusion in Social
                                  Networks . . . . . . . . . . . . . . . . 44--50
                      Anonymous   Call for Papers House Advertisement  . . 51
               Jungwoo Ryoo and   
                  R. Kazman and   
                       P. Anand   Architectural Analysis for Security  . . 52--59
                   R. Verma and   
            M. Kantarcioglu and   
               D. Marchette and   
                   E. Leiss and   
                     T. Solorio   Security Analytics: Essential Data
                                  Analytics Knowledge for Cybersecurity
                                  Professionals and Students . . . . . . . 60--65
                     J. Kosseff   A New Legal Framework for Online
                                  Anonymity: California's Privacy-Based
                                  Approach . . . . . . . . . . . . . . . . 66--70
                      Anonymous   Watch the World's Leading Experts Take
                                  Multi-Core Strategies to New Heights
                                  House Advertisement  . . . . . . . . . . 71
                   Jia Song and   
                  J. Alves-Foss   The DARPA Cyber Grand Challenge: A
                                  Competitor's Perspective . . . . . . . . 72--76
                A. M. Memon and   
                       A. Anwar   Colluding Apps: Tomorrow's Mobile
                                  Malware Threat . . . . . . . . . . . . . 77--81
               H. Thimbleby and   
                      R. Koppel   The Healthtech Declaration . . . . . . . 82--84
                        M. Lesk   License Creep  . . . . . . . . . . . . . 85--88
                    A. A. Adams   Possessing Mobile Devices  . . . . . . . 89--95
             Steven M. Bellovin   The Key to the Key . . . . . . . . . . . 96
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1
                      Anonymous   Focus on Your Job Search House
                                  Advertisement  . . . . . . . . . . . . . c3
                      Anonymous   IEEE Computer Society: Be at the Center
                                  of It All House Advertisement  . . . . . c2
                      Anonymous   Sponsor  . . . . . . . . . . . . . . . . ??
                Editor-in-Chief   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c4


IEEE Security & Privacy
Volume 14, Number 1, January / February, 2016

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
             Ahmad-Reza Sadeghi   Games without Frontiers: Whither
                                  Information Security and Privacy?  . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6--6
                    Gary McGraw   Silver Bullet Talks with Peiter (Mudge)
                                  Zatko  . . . . . . . . . . . . . . . . . 7--10
        Shari Lawrence Pfleeger   Software Everywhere [Guest editors'
                                  introduction]  . . . . . . . . . . . . . 11--11
              Eugene K. Ressler   Mettle Fatigue: VW's
                                  Single-Point-of-Failure Ethics . . . . . 12--30
            Charles P. Pfleeger   Looking into Software Transparency . . . 31--36
                   Richard Kuhn   Learning Internet-of-Things Security
                                  ``Hands-On'' . . . . . . . . . . . . . . 37--46
                Jeffrey H. Reed   A communications jamming taxonomy  . . . 47--54
               Noboru Babaguchi   Evaluating Protection Capability for
                                  Visual Privacy Information . . . . . . . 55--61
                      Anonymous   Special Issue on Real-World Cryptography
                                  Call for Papers House Advertisement  . . 62
                 David Naccache   Fully Homomorphic Encryption:
                                  Computations with a Blindfold  . . . . . 63--67
                    Herbert Bos   Binary Rejuvenation: Applications and
                                  Challenges . . . . . . . . . . . . . . . 68--71
                      Laura Amo   Addressing Gender Gaps in Teens'
                                  Cybersecurity Engagement and
                                  Self-Efficacy  . . . . . . . . . . . . . 72--75
                 Jim Alves-Foss   The DARPA Cyber Grand Challenge: A
                                  Competitor's Perspective, Part 2 . . . . 76--81
                Julian Williams   Action, Inaction, Trust, and
                                  Cybersecurity's Common Property Problem  82--86
                 Bruce Schneier   Cryptography Is Harder than It Looks . . 87--88
                      Anonymous   4th Annual Best Scientific Cybersecurity
                                  Paper Competition  . . . . . . . . . . . c4--c4
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Computer Society: Be at the Center
                                  of It All House Advertisement  . . . . . c3--c3
                      Anonymous   IEEE Security & Privacy Qmags
                                  Subscription House Advertisement . . . . c2--c2

IEEE Security & Privacy
Volume 14, Number 2, March / April, 2016

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                 Jeremy Epstein   Reflections of an NSF Program Officer    3--6
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 7--7
                    Gary McGraw   Silver Bullet Talks with Jamie Butler    8--10
                      Anonymous   Call for nominees  . . . . . . . . . . . 11--11
                   Terry Benzel   The IEEE Security and Privacy Symposium
                                  Workshops  . . . . . . . . . . . . . . . 12--14
                  Griffin Boyce   Bake in .onion for Tear-Free and
                                  Stronger Website Authentication  . . . . 15--21
                      Dan Boneh   Stickler: Defending against Malicious
                                  Content Distribution Networks in an
                                  Unmodified Browser . . . . . . . . . . . 22--28
                      Anonymous   Rock Stars of Risk-Based Security House
                                  Advertisement  . . . . . . . . . . . . . 29
                  Anton Puzanov   Analysis and Mitigation of NoSQL
                                  Injections . . . . . . . . . . . . . . . 30--39
              Jose M. del Alamo   Privacy Engineering: Shaping an Emerging
                                  Field of Research and Practice . . . . . 40--46
                      Anonymous   IEEE Computer Society 2016 Call for
                                  Major Award Nominations House
                                  Advertisement  . . . . . . . . . . . . . 47--47
                 Falko Dressler   Cleaning up Web 2.0's Security Mess ---
                                  at Least Partly  . . . . . . . . . . . . 48--57
            Chris Jay Hoofnagle   Assessing the Federal Trade Commission's
                                  Privacy Assessments  . . . . . . . . . . 58--64
                      Anonymous   Call for Papers Special Issue on Genome
                                  Privacy and Security House Advertisement 65--65
                    Ali Sunyaev   Dynamic Certification of Cloud Services:
                                  Trust, but Verify! . . . . . . . . . . . 66--71
                      Anonymous   IEEE Computer Society Richard E. Merwin
                                  Student Leadership Scholarship House
                                  Advertisement  . . . . . . . . . . . . . 72--72
                    Sarah Zatko   Rethinking the Role of Security in
                                  Undergraduate Education  . . . . . . . . 73--78
             John Scott-Railton   Security for the High-Risk User:
                                  Separate and Unequal . . . . . . . . . . 79--87
                 Daniel E. Geer   Provenance . . . . . . . . . . . . . . . 88--88
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Got flaws? House Advertisement . . . . . c2--c2
                      Anonymous   IEEE Computer Society: Be at the Center
                                  of It All House Advertisement  . . . . . c3--c3
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c4--c4

IEEE Security & Privacy
Volume 14, Number 3, May / June, 2016

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                     Bill Horne   Trust Me. Trust Me Not . . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6--6
                    Gary McGraw   Silver Bullet Talks with Jacob West  . . 7--10
                  Fabio Bisogni   What's New in the Economics of
                                  Cybersecurity? . . . . . . . . . . . . . 11--13
                    Ruud Verbij   The Navigation Metaphor in Security
                                  Economics  . . . . . . . . . . . . . . . 14--21
              Stephane Grumbach   Chasing Data in the Intermediation Era:
                                  Economy and Security at Stake  . . . . . 22--31
                     Hongxin Hu   Mules, Seals, and Attacking Tools:
                                  Analyzing 12 Online Marketplaces . . . . 32--43
    Panayotis A. Yannakogeorgos   Designing Cybersecurity into Defense
                                  Systems: An Information Economics
                                  Approach . . . . . . . . . . . . . . . . 44--51
                Julian Williams   Economic Impacts of Rules- versus
                                  Risk-Based Cybersecurity Regulations for
                                  Critical Infrastructure Providers  . . . 52--60
                Michael Waidner   HbbTV Security and Privacy: Issues and
                                  Challenges . . . . . . . . . . . . . . . 61--67
                Z. Berkay Celik   Machine Learning in Adversarial Settings 68--72
                    Neeraj Suri   Quantifiably Trusting the Cloud: Putting
                                  Metrics to Work  . . . . . . . . . . . . 73--77
                Darren Lawrence   Security Dialogues: Building Better
                                  Relationships between Security and
                                  Business . . . . . . . . . . . . . . . . 82--87
             Steven M. Bellovin   Attack Surfaces  . . . . . . . . . . . . 88--88
                      Anonymous   Call for Papers Special Issue on
                                  Electronic Voting House Advertisement    c3--c3
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Got flaws? House Advertisement . . . . . c2--c2
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c4--c4

IEEE Security & Privacy
Volume 14, Number 4, July / August, 2016

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                   Terry Benzel   The Growth of a Conference, a Community,
                                  and an Industry  . . . . . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                    Gary McGraw   Silver Bullet Talks with Martin Hellman  7--11
                Qing-Yun Li and   
                      Lei Zhang   The Public Security and Personal Privacy
                                  Survey: Biometric Technology in Hong
                                  Kong . . . . . . . . . . . . . . . . . . 12--21
            Jussi Laakkonen and   
             Janne Parkkila and   
             Pekka Jappinen and   
               Jouni Ikonen and   
                   Ahmed Seffah   Incorporating Privacy into Digital Game
                                  Platform Design: The What, Why, and How  22--32
                      Anonymous   IEEE Computer Society: Be at the Center
                                  of It All House Advertisement  . . . . . 33
        Madhusanka Liyanage and   
             Ahmed Bux Abro and   
            Mika Ylianttila and   
                  Andrei Gurtov   Opportunities and Challenges of
                                  Software-Defined Mobile Networks in
                                  Network Security . . . . . . . . . . . . 34--44
                      Anonymous   Call for Papers Special Issue on
                                  Electronic Voting  . . . . . . . . . . . 45
             Aditya K. Sood and   
               Sherali Zeadally   A Taxonomy of Domain-Generation
                                  Algorithms . . . . . . . . . . . . . . . 46--53
           Diego A. Ortiz-Yepes   A Review of Technical Approaches to
                                  Realizing Near-Field Communication
                                  Mobile Payments  . . . . . . . . . . . . 54--62
                      Anonymous   Call for Papers Special Issue on
                                  Postquantum Cryptography . . . . . . . . 63
               Craig Burton and   
              Chris Culnane and   
                Steve Schneider   vVote: Verifiable Electronic Voting in
                                  Practice . . . . . . . . . . . . . . . . 64--73
        Baijian Justin Yang and   
                     Brian Kirk   Try-CybSI: A Platform for Trying Out
                                  Cybersecurity  . . . . . . . . . . . . . 74--75
          Logan O. Mailloux and   
       Michael A. McEvilley and   
               Stephen Khou and   
               John M. Pecarina   Putting the `Systems' in Security
                                  Engineering: An Examination of NIST
                                  Special Publication 800-160  . . . . . . 76--80
                      Anonymous   IEEE Computer Society 2016 Call for
                                  Major Award Nominations House
                                  Advertisement  . . . . . . . . . . . . . 81
          Robert Cunningham and   
               Pamela Gupta and   
              Ulf Lindqvist and   
 Stelios Sidiroglou-Douskos and   
                  Michael Hicks   IEEE SecDev 2016: Prioritizing Secure
                                  Development  . . . . . . . . . . . . . . 82--84
                      Anonymous   Computer Entrepreneur Award House
                                  Advertisement  . . . . . . . . . . . . . 85
                      Anonymous   Call for Nominees Education Awards
                                  Nominations House Advertisement  . . . . 86
                 Daniel E. Geer   Privacy's Paradigm . . . . . . . . . . . 87--88
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Got flaws? House Advertisement . . . . . c3--c3
                      Anonymous   IEEE Security & Privacy House
                                  Advertisement  . . . . . . . . . . . . . c4--c4
                      Anonymous   Rock Stars of Cybersecurity House
                                  Advertisement  . . . . . . . . . . . . . c2--c2

IEEE Security & Privacy
Volume 14, Number 5, September / October, 2016

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                   Susan Landau   Is It Legal? Is It Right? The Can and
                                  Should of Use  . . . . . . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                   Marcus Ranum   Silver Bullet Talks with Gary McGraw . . 7--10
            M. Angela Sasse and   
                  Matthew Smith   The Security--Usability Tradeoff Myth
                                  [Guest Editors' introduction]  . . . . . 11--13
             Mary Theofanos and   
           Simson Garfinkel and   
                 Yee-Yin Choong   Secure and Usable Enterprise
                                  Authentication: Lessons from the Field   14--21
           Deanna D. Caputo and   
    Shari Lawrence Pfleeger and   
            M. Angela Sasse and   
                Paul Ammann and   
                Jeff Offutt and   
                       Lin Deng   Barriers to Usable Security? Three
                                  Organizational Case Studies  . . . . . . 22--32
            M. Angela Sasse and   
              Matthew Smith and   
              Cormac Herley and   
            Heather Lipford and   
                    Kami Vaniea   Debunking Security--Usability Tradeoff
                                  Myths  . . . . . . . . . . . . . . . . . 33--39
              Matthew Green and   
                  Matthew Smith   Developers are Not the Enemy!: The Need
                                  for Usable Security APIs . . . . . . . . 40--46
                      Anonymous   Rock Stars of Pervasive, Predictive
                                  Analytics  . . . . . . . . . . . . . . . 47
            David W. Archer and   
               Dan Bogdanov and   
               Benny Pinkas and   
                 Pille Pullonen   Maturity and Performance of Programmable
                                  Secure Computation . . . . . . . . . . . 48--56
                      Anonymous   Call for Papers Special Issue on
                                  Postquantum Cryptography . . . . . . . . 57
         Ahmad-Reza Sadeghi and   
                 Ghada Dessouky   Security & Privacy Week Interviews, Part
                                  1  . . . . . . . . . . . . . . . . . . . 58--67
                    Rita Heimes   Global InfoSec and Breach Standards  . . 68--72
                    Ivo Flammer   Genteel Wearables: Bystander-Centered
                                  Design . . . . . . . . . . . . . . . . . 73--79
                     Hui Xu and   
                 Michael R. Lyu   Assessing the Security Properties of
                                  Software Obfuscation . . . . . . . . . . 80--83
            Tina Ladabouche and   
               Steve LaFountain   GenCyber: Inspiring the Next Generation
                                  of Cyber Stars . . . . . . . . . . . . . 84--86
                      Anonymous   Got flaws? . . . . . . . . . . . . . . . 87
            Marc Beunardeau and   
           Aisling Connolly and   
                Remi Geraud and   
                 David Naccache   White-Box Cryptography: Security in an
                                  Insecure Environment . . . . . . . . . . 88--92
         Jonathan Margulies and   
                   Michael Berg   That Certificate You Bought Could Get
                                  You Hacked . . . . . . . . . . . . . . . 93--95
                 Bruce Schneier   Stop Trying to Fix the User  . . . . . . 96
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Cybersecurity Development SecDev
                                  2016 . . . . . . . . . . . . . . . . . . c2--c2
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4
                      Anonymous   New Membership Options for A Better Fit  c3--c3

IEEE Security & Privacy
Volume 14, Number 6, November / December, 2016

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                    Gary McGraw   Silver Bullet Talks with Jim Manico  . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                  Dan Boneh and   
             Kenny Paterson and   
                 Nigel P. Smart   Building a Community of Real-World
                                  Cryptographers . . . . . . . . . . . . . 7--9
                Phillip Rogaway   Practice-Oriented Provable Security and
                                  the Social Construction of Cryptography  10--17
      Karthikeyan Bhargavan and   
             Cedric Fournet and   
              Markulf Kohlweiss   miTLS: Verifying Protocol
                                  Implementations against Real-World
                                  Attacks  . . . . . . . . . . . . . . . . 18--25
                     Aaron Tomb   Automated Verification of Real-World
                                  Cryptographic Implementations  . . . . . 26--33
               Neal Koblitz and   
                 Alfred Menezes   A Riddle Wrapped in an Enigma  . . . . . 34--42
                Lucas Dixon and   
          Thomas Ristenpart and   
               Thomas Shrimpton   Network Traffic Obfuscation and
                                  Automated Internet Censorship  . . . . . 43--53
                    Shay Gueron   Memory Encryption for General-Purpose
                                  Processors . . . . . . . . . . . . . . . 54--62
              Jingqiang Lin and   
                     Bo Luo and   
                    Le Guan and   
                      Jiwu Jing   Secure Computing Using Registers and
                                  Caches: The Problem, Challenges, and
                                  Solutions  . . . . . . . . . . . . . . . 63--70
         Ahmad-Reza Sadeghi and   
                 Ghada Dessouky   Security & Privacy Week Interviews, Part
                                  2  . . . . . . . . . . . . . . . . . . . 71--80
                      Omer Tene   Microsoft v. USA: Location of Data and
                                  the Law of the Horse . . . . . . . . . . 81--85
                Christof Fetzer   Building Critical Applications Using
                                  Microservices  . . . . . . . . . . . . . 86--89
               Portia Pusey and   
               Mark Gondree and   
               Zachary Peterson   The Outcomes of Cybersecurity
                                  Competitions and Implications for
                                  Underrepresented Populations . . . . . . 90--95
             Steven M. Bellovin   Easy Email Encryption  . . . . . . . . . 96--96
                      Anonymous   Can You Invent a Better World through
                                  Technologies?  . . . . . . . . . . . . . c4--c4
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   New Membership Options for a Better Fit  c2--c2
                      Anonymous   TechIgnite . . . . . . . . . . . . . . . c3--c3


IEEE Security & Privacy
Volume 15, Number 1, January / February, 2017

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
             Ahmad-Reza Sadeghi   Security and Privacy More Crucial than
                                  Ever . . . . . . . . . . . . . . . . . . 3--4
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 5
                      Anonymous   Reviewer Thanks  . . . . . . . . . . . . 6--7
                    Gary McGraw   Silver Bullet Talks with Marie Moe . . . 8--11
             Jacob Bellatti and   
             Andrew Brunner and   
               Joseph Lewis and   
            Prasad Annadata and   
           Wisam Eltarjaman and   
                Rinku Dewri and   
         Ramakrishna Thurimella   Driving Habits Data: Location Privacy
                                  Implications and Solutions . . . . . . . 12--20
                      Anonymous   Call for Papers: Special Issue on
                                  Hacking without Humans . . . . . . . . . 21
       Oyindamola Oluwatimi and   
               Daniele Midi and   
                  Elisa Bertino   Overview of Mobile Containerization
                                  Approaches and Open Research Directions  22--31
             Pawel Lubomski and   
                Henryk Krawczyk   Practical Evaluation of Internet
                                  Systems' Security Mechanisms . . . . . . 32--40
                      Anonymous   Call for Papers: Special Issue on
                                  Digital Forensics  . . . . . . . . . . . 41
              Manjur Kolhar and   
        Mosleh M. Abu-Alhaj and   
           Saied M. Abd El-atty   Cloud Data Auditing Techniques with a
                                  Focus on Privacy and Security  . . . . . 42--51
          Ezhil Kalaimannan and   
           Jatinder N. D. Gupta   The Security Development Lifecycle in
                                  the Context of Accreditation Policies
                                  and Standards  . . . . . . . . . . . . . 52--57
             Hossein Homaei and   
           Hamid Reza Shahriari   Seven Years of Software Vulnerabilities:
                                  The Ebb and Flow . . . . . . . . . . . . 58--65
         Ahmad-Reza Sadeghi and   
                 Ghada Dessouky   Security & Privacy Week Interviews, Part
                                  3  . . . . . . . . . . . . . . . . . . . 66--74
              Franziska Roesner   Designing Application Permission Models
                                  that Meet User Expectations  . . . . . . 75--79
                    Nir Kshetri   An Opinion on the ``Report on Securing
                                  and Growing the Digital Economy''  . . . 80--85
                      Anonymous   Focus on Your Job Search . . . . . . . . 86
             Daniel E. Geer and   
                 Richard Danzig   Mutual Dependence Demands Mutual Sharing 87--88
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   TechIgnite . . . . . . . . . . . . . . . c2--c2
                      Anonymous   New Membership Options for a Better Fit  c3--c3
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4

IEEE Security & Privacy
Volume 15, Number 2, March / April, 2017

                      Anonymous   Unwavering Mission Unwavering Commitment
                                  Advertisement  . . . . . . . . . . . . . 1
                      Anonymous   Not so Secure House Advertisement  . . . 2
                      Anonymous   Table of Contents  . . . . . . . . . . . 3--4
                 Jeremy Epstein   Privacy is Context Dependent . . . . . . 5--6
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 7
                    Gary McGraw   Silver Bullet Talks with Lesley Carhart  8--10
                   Terry Benzel   Selected Papers from the 2016 IEEE
                                  Symposium on Security and Privacy  . . . 11--13
                      Anonymous   Prepose: Privacy, Security, and
                                  Reliability for Gesture-Based
                                  Programming  . . . . . . . . . . . . . . 14--23
                      Anonymous   Security Implications of Permission
                                  Models in Smart-Home Application
                                  Frameworks . . . . . . . . . . . . . . . 24--30
                      Anonymous   Focus on Your Job Search House
                                  Advertisement  . . . . . . . . . . . . . 31
                      Anonymous   The Perils of User Tracking Using
                                  Zero-Permission Mobile Apps  . . . . . . 32--41
                      Anonymous   Apple ZeroConf Holes: How Hackers Can
                                  Steal iPhone Photos  . . . . . . . . . . 42--49
                      Anonymous   How Internet Resources Might Be Helping
                                  You Develop Faster but Less Securely . . 50--60
                      Anonymous   2017 B. Ramakrishna Rau Award Call for
                                  Nominations House Advertisement  . . . . 61
                      Anonymous   The Danger of USB Drives . . . . . . . . 62--69
                      Anonymous   Dawn of the Dead Domain: Measuring the
                                  Exploitation of Residual Trust in
                                  Domains  . . . . . . . . . . . . . . . . 70--77
                      Anonymous   Does the Online Card Payment Landscape
                                  Unwittingly Facilitate Fraud?  . . . . . 78--86
                      Anonymous   myCS House Advertisement . . . . . . . . 87
         Ahmad-Reza Sadeghi and   
                 Shaza Zeitouni   ACM CCS 2016 Interviews, Part 1  . . . . 88--91
                      Anonymous   Does Industry Self-Regulation of
                                  Consumer Data Privacy Work?  . . . . . . 92--95
                      Anonymous   Security Challenges and Opportunities of
                                  Software-Defined Networking  . . . . . . 96--100
                      Anonymous   Call for Nominees Education Awards
                                  Nominations House Advertisement  . . . . 101
                      Anonymous   How Businesses Can Speed Up
                                  International Cybercrime Investigation   102--106
                      Anonymous   IEEE Computer Society 2017 Call for
                                  Major Award Nominations House
                                  Advertisement  . . . . . . . . . . . . . 107
                 Bruce Schneier   The Internet of Things Will Upend Our
                                  Industry . . . . . . . . . . . . . . . . 108
                      Anonymous   Behind the Scenes at NSA Advertisement   c2--c2
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4
                      Anonymous   New Membership Options for A Better Fit.
                                  House Advertisement  . . . . . . . . . . c3--c3

IEEE Security & Privacy
Volume 15, Number 3, May / June, 2017

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   Ethics in Information Security . . . . . 3--4
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 5
                    Gary McGraw   Silver Bullet Talks with Kate Pearce . . 6--9
                      Anonymous   New Membership Options for A Better Fit  10
                      Anonymous   Achieve your career goals with the fit
                                  that's right for you.  . . . . . . . . . 11
               Josh Benaloh and   
           Peter Y. A. Ryan and   
            Steve Schneider and   
                 Vanessa Teague   A Vote of Confidence?  . . . . . . . . . 12--13
            Aggelos Kiayias and   
           Thomas Zacharias and   
                Bingsheng Zhang   An Efficient E2E Verifiable E-voting
                                  System without Setup Assumptions . . . . 14--23
               Oksana Kulyk and   
            Stephan Neumann and   
          Jurlind Budurushi and   
               Melanie Volkamer   Nothing Comes for Free: How Much
                                  Usability Can You Sacrifice for
                                  Security?  . . . . . . . . . . . . . . . 24--29
               Aleksander Essex   Detecting the Detectable: Unintended
                                  Consequences of Cryptographic Election
                                  Verification . . . . . . . . . . . . . . 30--38
                      Anonymous   Call for Papers: Special Issue on AI
                                  Ethics: The Privacy Challenge  . . . . . 39
            Jeroen van de Graaf   Long-Term Threats to Ballot Privacy  . . 40--47
           Ronald L. Rivest and   
                Philip B. Stark   When Is an Election Verifiable?  . . . . 48--50
                      Anonymous   Call for Nominees: Education Awards
                                  Nominations  . . . . . . . . . . . . . . 51
        Aanjhan Ranganathan and   
                  Srdjan Capkun   Are We Really Close? Verifying Proximity
                                  in Wireless Systems  . . . . . . . . . . 52--58
                      Anonymous   IEEE Computer Society 2017 Call for
                                  Major Award Nominations  . . . . . . . . 59
                  Jay Aikat and   
              Aditya Akella and   
           Jeffrey S. Chase and   
                  Ari Juels and   
          Michael K. Reiter and   
          Thomas Ristenpart and   
                 Vyas Sekar and   
                  Michael Swift   Rethinking Security in the Era of Cloud
                                  Computing  . . . . . . . . . . . . . . . 60--69
         Ahmad-Reza Sadeghi and   
                 Shaza Zeitouni   ACM CCS 2016 Interviews, Part 2  . . . . 70--76
                      Anonymous   IEEE Computer Society  . . . . . . . . . 77
                   Chetan Gupta   The Market's Law of Privacy: Case
                                  Studies in Privacy and Security Adoption 78--83
          Sai Teja Peddinti and   
              Keith W. Ross and   
                  Justin Cappos   User Anonymity on Twitter  . . . . . . . 84--87
                      Anonymous   myCS . . . . . . . . . . . . . . . . . . 88
                      Anonymous   IEEE Computer Society Harlan D. Mills
                                  Award  . . . . . . . . . . . . . . . . . 89
              Richard Weiss and   
            Franklyn Turbak and   
                 Jens Mache and   
             Michael E. Locasto   Cybersecurity Education and Assessment
                                  in EDURange  . . . . . . . . . . . . . . 90--95
             Steven M. Bellovin   Jurisdiction and the Internet  . . . . . 96
                      Anonymous   Call for Papers: Special Issue on
                                  Hacking without Humans . . . . . . . . . c2--c2
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Focus on Your Job Search . . . . . . . . c3--c3
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4

IEEE Security & Privacy
Volume 15, Number 4, July / August, 2017

                      Anonymous   Table of contents  . . . . . . . . . . . 1--2
                      Anonymous   Authorship Integrity and Attacks . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                    Gary McGraw   Silver Bullet Talks with Kelly Lum . . . 7--10
                      Anonymous   Looking for the BEST Tech Job for You?
                                  [advertisement]  . . . . . . . . . . . . 11
          Johannes Buchmann and   
             Kristin Lauter and   
                  Michele Mosca   Postquantum Cryptography --- State of
                                  the Art  . . . . . . . . . . . . . . . . 12--13
            John Mulholland and   
              Michele Mosca and   
                 Johannes Braun   The Day the Cryptography Dies  . . . . . 14--21
                 Kristin Lauter   Postquantum Opportunities: Lattices,
                                  Homomorphic Encryption, and
                                  Supersingular Isogeny Graphs . . . . . . 22--27
                Jintai Ding and   
              Albrecht Petzoldt   Current State of Multivariate
                                  Cryptography . . . . . . . . . . . . . . 28--36
                    Denis Butin   Hash-Based Signatures: State of Play . . 37--43
               Nicolas Sendrier   Code-Based Cryptography: State of the
                                  Art and Perspectives . . . . . . . . . . 44--50
                    Lidong Chen   Cryptography Standards in Quantum Time:
                                  New Wine in an Old Wineskin? . . . . . . 51--57
         Ahmad-Reza Sadeghi and   
                 Shaza Zeitouni   ACM CCS 2016 Interview, Part 3 . . . . . 58--61
            Bart P. Knijnenburg   Privacy? I Can't Even! Making a Case for
                                  User-Tailored Privacy  . . . . . . . . . 62--67
             Bryan Reinicke and   
           Jeffrey Cummings and   
               Howard Kleinberg   The Right to Digital Self-Defense  . . . 68--71
               Alan Sherman and   
               Melissa Dark and   
                 Agnes Chan and   
                Rylan Chong and   
              Thomas Morris and   
                Linda Oliva and   
              John Springer and   
      Bhavani Thuraisingham and   
        Christopher Vatcher and   
               Rakesh Verma and   
                 Susanne Wetzel   INSuRE: Collaborating Centers of
                                  Academic Excellence Engage Students in
                                  Cybersecurity Research . . . . . . . . . 72--78
         Earlence Fernandes and   
               Amir Rahmati and   
              Kevin Eykholt and   
                   Atul Prakash   Internet of Things Security Research: A
                                  Rehash of Old Ideas or New Intellectual
                                  Challenges?  . . . . . . . . . . . . . . 79--84
          Archer Batcheller and   
        Summer Craze Fowler and   
          Robert Cunningham and   
               Dinara Doyle and   
               Trent Jaeger and   
                  Ulf Lindqvist   Building on the Success of Building
                                  Security In  . . . . . . . . . . . . . . 85--87
                 Daniel E. Geer   Attribution  . . . . . . . . . . . . . . 88
                      Anonymous   Call for Papers Special Issue on AI
                                  Ethics: The Privacy Challenge  . . . . . c2--c2
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4
                      Anonymous   New membership options for a better fit
                                  [advertisement]  . . . . . . . . . . . . c3--c3

IEEE Security & Privacy
Volume 15, Number 5, September / October, 2017

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   AI Industrial Complex: The Challenge of
                                  AI Ethics  . . . . . . . . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                    Gary McGraw   Silver Bullet Talks with Ksenia
                                  Dmitrieva-Peguero  . . . . . . . . . . . 7--9
         Jean-Pierre Hubaux and   
       Stefan Katzenbeisser and   
                  Bradley Malin   Genomic Data Privacy and Security: Where
                                  We Stand and Where We Are Heading  . . . 10--12
                      Anonymous   Call for Nominees Education Awards
                                  Nominations  . . . . . . . . . . . . . . 13
              Sara Renee Savage   Characterizing the Risks and Harms of
                                  Linking Genomic Information to
                                  Individuals  . . . . . . . . . . . . . . 14--19
             Marina Blanton and   
       Fattaneh Bayatbabolghani   Improving the Security and Efficiency of
                                  Private Genomic Computation Using Server
                                  Aid  . . . . . . . . . . . . . . . . . . 20--28
                Erman Ayday and   
                Mathias Humbert   Inference Attacks against Kin Genomic
                                  Privacy  . . . . . . . . . . . . . . . . 29--37
            Tatiana Bradley and   
                 Xuhua Ding and   
                    Gene Tsudik   Genomic Security (Lest We Forget)  . . . 38--46
                Adenekan Dedeke   Cybersecurity Framework Adoption: Using
                                  Capability Levels for Implementation
                                  Tiers and Profiles . . . . . . . . . . . 47--54
           Robert W. Reeder and   
                  Iulia Ion and   
                 Sunny Consolvo   152 Simple Steps to Stay Safe Online:
                                  Security Advice for Non-Tech-Savvy Users 55--64
             Alexander Kott and   
             Jackson Ludwig and   
                     Mona Lange   Assessing Mission Impact of
                                  Cyberattacks: Toward a Model-Driven
                                  Paradigm . . . . . . . . . . . . . . . . 65--74
                      Anonymous   Take the CS Library wherever you go! . . 75
              Tara Matthews and   
            Kathleen OLeary and   
                Anna Turner and   
              Manya Sleeper and   
      Jill Palzkill Woelfer and   
             Martin Shelton and   
             Cori Manthorne and   
     Elizabeth F. Churchill and   
                 Sunny Consolvo   Security and Privacy Experiences and
                                  Practices of Survivors of Intimate
                                  Partner Abuse  . . . . . . . . . . . . . 76--81
                  Rolf Oppliger   Disillusioning Alice and Bob . . . . . . 82--84
            Patrick Traynor and   
               Kevin Butler and   
             Jasmine Bowers and   
                 Bradley Reaves   FinTechSec: Addressing the Security
                                  Challenges of Digital Financial Services 85--89
                  David OReilly   Availability of Required Data to Support
                                  Criminal Investigations Involving
                                  Large-Scale IP Address-Sharing
                                  Technologies . . . . . . . . . . . . . . 90--93
               Sean Peisert and   
                      Von Welch   The Open Science Cyber Risk Profile: The
                                  Rosetta Stone for Open Science and
                                  Cybersecurity  . . . . . . . . . . . . . 94--95
                 Bruce Schneier   IoT Security: What's Plan B? . . . . . . 96
                      Anonymous   Call for Papers Special Issue on
                                  Security and Privacy Research in Brazil  c2--c2
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   \booktitleIEEE Security & Privacy . . . . c4--c4
                      Anonymous   New Membership Options for a Better Fit  c3--c3

IEEE Security & Privacy
Volume 15, Number 6, November / December, 2017

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   Security Advice That Can Be Followed . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                    Gary McGraw   Silver Bullet Talks with Nicole Perlroth 7--9
         Wojciech Mazurczyk and   
            Luca Caviglione and   
                Steffen Wendzel   Recent Advancements in Digital Forensics 10--11
                      Anonymous   The Future of Digital Forensics:
                                  Challenges and the Road Ahead  . . . . . 12--17
                      Anonymous   Programmable Logic Controller Forensics  18--24
                      Anonymous   Botnet Fingerprinting: Anomaly Detection
                                  in SMTP Conversations  . . . . . . . . . 25--32
                      Anonymous   PROFORMA: Proactive Forensics with
                                  Message Analytics  . . . . . . . . . . . 33--41
                      Anonymous   Mobile Forensics: Advances, Challenges,
                                  and Research Opportunities . . . . . . . 42--51
                      Anonymous   An Exploration of the Effects of Sensory
                                  Stimuli on the Completion of Security
                                  Tasks  . . . . . . . . . . . . . . . . . 52--60
                      Anonymous   Faster Secure Cloud Computations with a
                                  Trusted Proxy  . . . . . . . . . . . . . 61--67
                      Anonymous   Decision and Experienced Utility:
                                  Computational Applications in Privacy
                                  Decision Making  . . . . . . . . . . . . 68--72
                      Anonymous   The Last Mile for IoT Privacy  . . . . . 73--76
                      Anonymous   Securing Binary Code . . . . . . . . . . 77--81
                      Anonymous   NAND Flash Memory Forensic Analysis and
                                  the Growing Challenge of Bit Errors  . . 82--87
             Steven M. Bellovin   Who Are You? . . . . . . . . . . . . . . 88
                      Anonymous   Call for Papers Special Issue on
                                  Security and Privacy Research in Brazil  c2--c2
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   Got flaws? . . . . . . . . . . . . . . . c4--c4
                      Anonymous   #SP18 is back in San Francisco!  . . . . c3--c3


IEEE Security & Privacy
Volume 16, Number 1, January / February, 2018

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   Reviewer Thanks  . . . . . . . . . . . . 3--4
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 5
                    Gary McGraw   Silver Bullet Talks with Wafaa Mamilli   6--9
               Terry Benzel and   
                   Sean Peisert   Selected Papers from the 2017 IEEE
                                  Symposium on Security and Privacy  . . . 10--11
              Cormac Herley and   
             P. C. van Oorschot   Science of Security: Combining Theory
                                  and Measurement to Reflect the
                                  Observable . . . . . . . . . . . . . . . 12--22
                      Anonymous   Cross-pollinate your ideas.  . . . . . . 23
                Paul Pearce and   
                Roya Ensafi and   
                   Frank Li and   
              Nick Feamster and   
                    Vern Paxson   Toward Continual Measurement of Global
                                  Network-Level Censorship . . . . . . . . 24--33
            Mathias Lecuyer and   
                Riley Spahn and   
            Roxana Geambasu and   
              Tzu-Kuo Huang and   
                 Siddhartha Sen   Enhancing Selectivity in Big Data  . . . 34--42
                      Anonymous   COMPSAC 2018 . . . . . . . . . . . . . . 43
               Kiron Lebeck and   
              Kimberly Ruth and   
            Tadayoshi Kohno and   
              Franziska Roesner   Arya: Operating System Support for
                                  Securely Augmenting Reality  . . . . . . 44--53
                 Eyal Ronen and   
                 Adi Shamir and   
         Achi-Or Weingarten and   
                   Colin OFlynn   IoT Goes Nuclear: Creating a Zigbee
                                  Chain Reaction . . . . . . . . . . . . . 54--62
                      Anonymous   \booktitleIEEE Transactions on
                                  Sustainable Computing  . . . . . . . . . 63
          Primal Wijesekera and   
               Arjun Baokar and   
                  Lynn Tsai and   
               Joel Reardon and   
              Serge Egelman and   
               David Wagner and   
            Konstantin Beznosov   Dynamically Regulating Mobile
                                  Application Permissions  . . . . . . . . 64--71
                   Feng Hao and   
               Dylan Clarke and   
              Brian Randell and   
         Siamak F. Shahandashti   Verifiable Classroom Voting in Practice  72--81
              Rick Hofstede and   
                  Aiko Pras and   
              Anna Sperotto and   
              Gabi Dreo Rodosek   Flow-Based Compromise Detection: Lessons
                                  Learned  . . . . . . . . . . . . . . . . 82--89
                      Anonymous   myCS . . . . . . . . . . . . . . . . . . 90
                      Anonymous   Prepare to Connect . . . . . . . . . . . 91
      Massimiliano Albanese and   
             Sushil Jajodia and   
             Sridhar Venkatesan   Defending from Stealthy Botnets Using
                                  Moving Target Defenses . . . . . . . . . 92--97
             Siddharth Kaza and   
               Blair Taylor and   
                  Kyle Sherbert   Hello, World! --- Code Responsibly . . . 98--100
                      Anonymous   IEEE Computer Society: Be at the Center
                                  of It All  . . . . . . . . . . . . . . . 101
               Aisling Connolly   Freedom of Encryption  . . . . . . . . . 102--103
                 Daniel E. Geer   Trading Places . . . . . . . . . . . . . 104
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Computer Society  . . . . . . . . . c3--c3
                      Anonymous   SP18 is back in San Francisco! . . . . . c2--c2
                      Anonymous   Take the CS Library wherever you go! . . c4--c4

IEEE Security & Privacy
Volume 16, Number 2, March / April, 2018

                      Anonymous   Table of contents  . . . . . . . . . . . 1--2
                      Anonymous   Introduction from the New EIC  . . . . . 3--4
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 5
                    Gary McGraw   Silver Bullet Talks with Craig Froelich  6--8
                      Anonymous   IEEE Computer Society  . . . . . . . . . 9
              Timothy Vidas and   
                 Per Larsen and   
              Hamed Okhravi and   
             Ahmad-Reza Sadeghi   Changing the Game of Software Security   10--11
        Yan Shoshitaishvili and   
            Antonio Bianchi and   
             Kevin Borgolte and   
                  Amat Cama and   
            Jacopo Corbetta and   
        Francesco Disperati and   
             Audrey Dutcher and   
                John Grosen and   
                Paul Grosen and   
            Aravind Machiry and   
                Chris Salls and   
              Nick Stephens and   
                 Ruoyu Wang and   
                 Giovanni Vigna   Mechanical Phish: Resilient Autonomous
                                  Hacking  . . . . . . . . . . . . . . . . 12--22
             Benjamin Price and   
            Michael Zhivich and   
           Michael Thompson and   
                    Chris Eagle   House Rules: Designing the Scoring
                                  Algorithm for Cyber Grand Challenge  . . 23--31
             Timothy Bryant and   
                Shaun Davenport   A Honeybug for Automated Cyber Reasoning
                                  Systems  . . . . . . . . . . . . . . . . 32--36
            Michael F. Thompson   Effects of a Honeypot on the Cyber Grand
                                  Challenge Final Event  . . . . . . . . . 37--41
           Anh Nguyen-Tuong and   
               David Melski and   
           Jack W. Davidson and   
                 Michele Co and   
            William Hawkins and   
             Jason D. Hiser and   
               Derek Morris and   
              Ducson Nguyen and   
                     Eric Rizzi   Xandra: An Autonomous Cyber Battle
                                  System for the Cyber Grand Challenge . . 42--51
        Thanassis Avgerinos and   
              David Brumley and   
                 John Davis and   
               Ryan Goulden and   
          Tyler Nighswander and   
                Alex Rebert and   
                 Ned Williamson   The Mayhem Cyber Reasoning System  . . . 52--60
              Peter Goodman and   
                 Artem Dinaburg   The Past, Present, and Future of
                                  Cyberdyne  . . . . . . . . . . . . . . . 61--69
                Peter Blank and   
            Sabrina Kirrane and   
              Sarah Spiekermann   Privacy-Aware Restricted Areas for
                                  Unmanned Aerial Systems  . . . . . . . . 70--79
                 Cliff Wang and   
                        Zhuo Lu   Cyber Deception: Overview and the Road
                                  Ahead  . . . . . . . . . . . . . . . . . 80--85
              Pamela Wisniewski   The Privacy Paradox of Adolescent Online
                                  Safety: A Matter of Risk Prevention or
                                  Risk Resilience? . . . . . . . . . . . . 86--90
        Michael F. Thompson and   
              Cynthia E. Irvine   Individualizing Cybersecurity Lab
                                  Exercises with Labtainers  . . . . . . . 91--95
                 Bruce Schneier   Artificial Intelligence and the
                                  Attack/Defense Balance . . . . . . . . . 96
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4
                      Anonymous   Seymour Cray, Sidney Fernbach & Ken
                                  Kennedy Awards . . . . . . . . . . . . . c2--c2
                      Anonymous   Share the gift of knowledge: give your
                                  favorite student a membership to the
                                  IEEE Computer Society! . . . . . . . . . c3--c3

IEEE Security & Privacy
Volume 16, Number 3, May / June, 2018

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   How Many Is Too Many Candidates? . . . . 3--5
             John D. McLean and   
              Cormac Herley and   
             P. C. Van Oorschot   Letter to the Editor . . . . . . . . . . 6--10
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 11
                    Gary McGraw   Silver Bullet Talks with Bruce Potter    12--14
                  Omer Tene and   
           Jules Polonetsky and   
             Ahmad-Reza Sadeghi   Five Freedoms for the Homo Deus  . . . . 15--17
            Robert H. Sloan and   
                 Richard Warner   When Is an Algorithm Transparent?
                                  Predictive Analytics, Privacy, and
                                  Public Policy  . . . . . . . . . . . . . 18--25
        Bernd Carsten Stahl and   
                   David Wright   Ethics and Privacy in AI and Big Data:
                                  Implementing Responsible Research and
                                  Innovation . . . . . . . . . . . . . . . 26--33
               Micah Altman and   
             Alexandra Wood and   
                    Effy Vayena   A Harm-Reduction Framework for
                                  Algorithmic Fairness . . . . . . . . . . 34--45
             Lilian Edwards and   
                  Michael Veale   Enslaving the Algorithm: From a ``Right
                                  to an Explanation'' to a ``Right to
                                  Better Decisions''?  . . . . . . . . . . 46--54
                      Anonymous   IEEE Computer Society  . . . . . . . . . 55
           Dawn E. Schrader and   
                  Dipayan Ghosh   Proactively Protecting Against the
                                  Singularity: Ethical Decision Making in
                                  AI . . . . . . . . . . . . . . . . . . . 56--63
             Meg Leta Jones and   
              Ellen Kaufman and   
             Elizabeth Edenberg   AI and the Ethics of Automating Consent  64--72
                   Reuben Binns   What Can Political Philosophy Teach Us
                                  about Algorithmic Fairness?  . . . . . . 73--80
                   Jian Liu and   
                 Wenting Li and   
          Ghassan O. Karame and   
                      N. Asokan   Toward Fairness of Cryptocurrency
                                  Payments . . . . . . . . . . . . . . . . 81--89
                  Michael Franz   Making Multivariant Programming
                                  Practical and Inexpensive  . . . . . . . 90--94
                      Anonymous   Computing in Science & Engineering  . . . 95
               Awais Rashid and   
             George Danezis and   
             Howard Chivers and   
                  Emil Lupu and   
              Andrew Martin and   
              Makayla Lewis and   
               Claudia Peersman   Scoping the Cyber Security Body of
                                  Knowledge  . . . . . . . . . . . . . . . 96--102
               Amin Kharraz and   
          William Robertson and   
                    Engin Kirda   Protecting against Ransomware: A New
                                  Line of Research or Restating Classic
                                  Ideas? . . . . . . . . . . . . . . . . . 103--107
             Steven M. Bellovin   Toward a National Cybersecurity Policy   108
                      Anonymous   Connect on Interface . . . . . . . . . . c2--c2
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c4--c4
                      Anonymous   One membership. Unlimited knowledge. . . c3--c3

IEEE Security & Privacy
Volume 16, Number 4, July / August, 2018

                      Anonymous   Table of Contents  . . . . . . . . . . . 1--2
                      Anonymous   Encouraging Diversity in Security and
                                  Privacy Research . . . . . . . . . . . . 3--5
                      Anonymous   Masthead . . . . . . . . . . . . . . . . 6
                    Gary McGraw   Silver Bullet Talks with Nick Weaver . . 7--10
             Ghassan Karame and   
                  Srdjan Capkun   Blockchain Security and Privacy  . . . . 11--12
               Sarah Meiklejohn   Top Ten Obstacles along Distributed
                                  Ledgers Path to Adoption . . . . . . . . 13--19
                Paul Dunphy and   
        Fabien A. P. Petitcolas   A First Look at Identity Management
                                  Schemes on the Blockchain  . . . . . . . 20--29
                   Lin Chen and   
                     Lei Xu and   
                 Zhimin Gao and   
                    Yang Lu and   
                    Weidong Shi   Tyranny of the Majority: On the
                                  (Im)possibility of Correctness of Smart
                                  Contracts  . . . . . . . . . . . . . . . 30--37
                 Ryan Henry and   
              Amir Herzberg and   
                    Aniket Kate   Blockchain Access Privacy: Challenges
                                  and Directions . . . . . . . . . . . . . 38--45
          Ilias Giechaskiel and   
                Cas Cremers and   
            Kasper B. Rasmussen   When the Crypto in Cryptocurrencies
                                  Breaks: Bitcoin Security under Broken
                                  Primitives . . . . . . . . . . . . . . . 46--56
      Rachid El Bansarkhani and   
             Matthias Geihs and   
              Johannes Buchmann   PQChain: Strategic Design Decisions for
                                  Distributed Ledger Technologies against
                                  Future Threats . . . . . . . . . . . . . 57--65
         Raffaello Perrotta and   
                       Feng Hao   Botnet in the Browser: Understanding
                                  Threats Caused by Malicious Browser
                                  Extensions . . . . . . . . . . . . . . . 66--81
                      Yang Wang   Inclusive Security and Privacy . . . . . 82--87
                Irfan Ahmed and   
                 Vassil Roussev   Peer Instruction Teaching Methodology
                                  for Cybersecurity Education  . . . . . . 88--91
             Giannis Tziakouris   Cryptocurrencies --- A Forensic
                                  Challenge or Opportunity for Law
                                  Enforcement? An INTERPOL Perspective . . 92--94
                      Anonymous   IEEE Computer Society Information  . . . 95
                 Daniel E. Geer   You Are What You Eat . . . . . . . . . . 96
                      Anonymous   Front Cover  . . . . . . . . . . . . . . c1--c1
                      Anonymous   IEEE Security & Privacy . . . . . . . . . c2--c2
                      Anonymous   Stay Connected . . . . . . . . . . . . . c4--c4
                      Anonymous   Share The Gift Of Knowledge: Give Your
                                  Favorite Student a Membership to the
                                  IEEE Computer Society! . . . . . . . . . c3--c3