Pub Date : 2024-09-13DOI: 10.1109/msec.2024.3427588
Trent Jaeger
In the early 2000s, computer systems were under threat from a variety of Internet worms. This malware attacked network-facing programs by exploiting their memory errors, hijacking their execution to perform malicious operations and propagate the malware to other systems. One key change that commercial systems adopted to prevent such attacks was in access control enforcement. With the enhanced access control (and other defenses), defenders were able to prevent Internet worm attacks, but a variety of other significant and catastrophic attacks (e.g., ransomware) have emerged since that time. But our access control infrastructure is essentially the same as that used to combat Internet worms. In this column, I want to look more closely at the current state of access control enforcement and where we might go from here.
{"title":"Has Access Control Become the Weak Link?","authors":"Trent Jaeger","doi":"10.1109/msec.2024.3427588","DOIUrl":"https://doi.org/10.1109/msec.2024.3427588","url":null,"abstract":"In the early 2000s, computer systems were under threat from a variety of Internet worms. This malware attacked network-facing programs by exploiting their memory errors, hijacking their execution to perform malicious operations and propagate the malware to other systems. One key change that commercial systems adopted to prevent such attacks was in access control enforcement. With the enhanced access control (and other defenses), defenders were able to prevent Internet worm attacks, but a variety of other significant and catastrophic attacks (e.g., ransomware) have emerged since that time. But our access control infrastructure is essentially the same as that used to combat Internet worms. In this column, I want to look more closely at the current state of access control enforcement and where we might go from here.","PeriodicalId":13152,"journal":{"name":"IEEE Security & Privacy","volume":"44 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142265419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-13DOI: 10.1109/msec.2024.3433708
Apu Kapadia, Yang Wang
This special issue features six articles on addressing the privacy and security needs of diverse populations. These articles provide insights into design guidelines, techniques, and specific populations for building technologies for inclusive privacy and security.
{"title":"Inclusive Privacy and Security","authors":"Apu Kapadia, Yang Wang","doi":"10.1109/msec.2024.3433708","DOIUrl":"https://doi.org/10.1109/msec.2024.3433708","url":null,"abstract":"This special issue features six articles on addressing the privacy and security needs of diverse populations. These articles provide insights into design guidelines, techniques, and specific populations for building technologies for inclusive privacy and security.","PeriodicalId":13152,"journal":{"name":"IEEE Security & Privacy","volume":"189 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142265413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-13DOI: 10.1109/msec.2024.3450029
{"title":"IEEE Computer Society Has You Covered!","authors":"","doi":"10.1109/msec.2024.3450029","DOIUrl":"https://doi.org/10.1109/msec.2024.3450029","url":null,"abstract":"","PeriodicalId":13152,"journal":{"name":"IEEE Security & Privacy","volume":"11 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142265418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-09-13DOI: 10.1109/msec.2024.3449986
{"title":"Get Published in the New IEEE Transaction on Privacy","authors":"","doi":"10.1109/msec.2024.3449986","DOIUrl":"https://doi.org/10.1109/msec.2024.3449986","url":null,"abstract":"","PeriodicalId":13152,"journal":{"name":"IEEE Security & Privacy","volume":"30 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142265271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this column, we illustrate real-world scenarios in which modern systems cannot preserve security during operation. We examine the notion of sustainable security and discuss the challenges to engineering sustainably secure systems.
{"title":"The Rocky Road to Sustainable Security","authors":"Liliana Pasquale, Kushal Ramkumar, Wanling Cai, John McCarthy, Gavin Doherty, Bashar Nuseibeh","doi":"10.1109/msec.2024.3429888","DOIUrl":"https://doi.org/10.1109/msec.2024.3429888","url":null,"abstract":"In this column, we illustrate real-world scenarios in which modern systems cannot preserve security during operation. We examine the notion of sustainable security and discuss the challenges to engineering sustainably secure systems.","PeriodicalId":13152,"journal":{"name":"IEEE Security & Privacy","volume":"2 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142265417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: