IEEE Security and Privacy

Subscribe to IEEE Security and Privacy feed IEEE Security and Privacy
IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community — ranging from academic researchers to industry practitioners.
Updated: 1 hour 35 min ago

Quantum Computing: Codebreaking and Beyond

Wed, 02/06/2019 - 18:26
We survey recent developments in quantum algorithms, focusing on resource estimates for breaking cryptographic protocols on a quantum computer, which in turn can be used to derive quantum security parameters for various schemes. We contrast these cryptographic applications with applications based on a quantum computer's supreme ability to efficiently simulate other quantum mechanical systems.

The Need for Speed: An Analysis of Brazilian Malware Classifers

Wed, 02/06/2019 - 17:04
Using a dataset containing about 50,000 samples from Brazilian cyberspace, we show that relying solely on conventional machine-learning systems without taking into account the change of the subject's concept decreases the performance of classification, emphasizing the need to update the decision model immediately after concept drift occurs.

Research in Security and Privacy in Brazil

Wed, 02/06/2019 - 17:04
The main research groups in Brazil working on the topics of security and privacy are characterized by both geographical distribution and research areas. The objective is to highlight the main contributions from these groups to the international community and discuss aspects of the research environment and the challenges ahead.

The Good, the Bad, and the Ugly: Two Decades of E-Voting in Brazil

Wed, 02/06/2019 - 17:04
Brazil pioneered the adoption of nationwide electronic voting 20 years ago. However, today its system is outdated in terms of recent properties. We discuss the system's organization and transparency mechanisms in the context of security requirements derived from a conventional election.

Silver Bullet Talks With Kathleen Fisher [Interview]

Wed, 02/06/2019 - 17:04
Kathleen Fisher is a professor in and chair of the Tufts Department of Computer Science. Previously, Dr. Fisher was a program manager at DARPA, where she started and managed High-Assurance Cyber Military Systems (HACMS) and Probabilistic Programming for Advancing Machine Learning (PPAML). She also has been a faculty member at Stanford University and a principal member of the technical staff at AT&T Labs Research. Kathleen's research focuses on advancing the theory and practice of programming languages. Recently, she's been exploring synergies between machine learning and programming languages with an emphasis on building more secure systems.

IEEE Computer Society information

Wed, 02/06/2019 - 17:04

Staff List

Wed, 02/06/2019 - 17:04

Toward Cyberresiliency in the Context of Cloud Computing [Resilient Security]

Wed, 02/06/2019 - 17:04
Cyberresiliency is the capability of an enterprise network to continuously provide (the supported missions and business processes with) essential functions in the midst of an attack campaign. It is defined as "the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that include cyber resources."<sup>1</sup> Conceptually speaking, the capability can be measured by whether the supported missions and business processes can succeed in spite of the various effects being caused by the attack campaign.

Unnoticed Consent [Last Word]

Wed, 02/06/2019 - 17:04

Cybersecurity and Privacy Issues in Brazil: Back, Now, and Then [Guest Editors' Introduction]

Wed, 02/06/2019 - 17:04
The goal of this special issue is to showcase cutting-edge research on security and privacy issues in Brazil, with a focus on topics that reflect Brazil's unique security and privacy challenges. Why Brazil? First, Brazil is the largest country in Latin America, with more than 200 million people. It is the fifth largest and the sixth most populous country in the world, with a rapidly developing economy (the world's eighth richest). Brazil is also a major player in cybersecurity. Further, Brazil's capabilities in cybersecurity have grown in the past several years, as reflected by a recent joint government- and academia-led pair of workshops involving the security communities of Brazil and the US (www.usbrazilsec.org) as well as a US-Brazil program funded by the US National Science Foundation (NSF) and the Brazilian Ministry of Science, Technology, Innovation and Communication (MCTIC).<sup>1</sup> Many peculiarities and challenges related to cybersecurity and privacy are unique to Brazil and so warrant special attention from the international cybersecurity community because of their potential to inform future global cybersecurity initiatives.

A Europe-Brazil Context for Secure Data Analytics in the Cloud

Wed, 02/06/2019 - 17:03
Intercontinental data processing cloud systems raise stringent security and privacy challenges, particularly due to legislation differences. We propose solutions for these challenges with elastic AAA, efficient privacy and anonymization techniques in multiple phases, and security assessment for trustworthiness estimation.

NIZKCTF: A Noninteractive Zero-Knowledge Capture-the-Flag Platform

Wed, 02/06/2019 - 17:03
Capture-the-flag (CTF) competitions are increasingly important for the Brazilian cybersecurity community as educational and professional tools. Unfortunately, CTF platforms may suffer from security issues, giving an unfair advantage to competitors. To mitigate this, we propose NIZKCTF, the first open-audit CTF platform based on noninteractive zero-knowledge proofs.

Teaching Authentication as a Life Skill

Tue, 01/08/2019 - 15:55
As more and more of the activities of daily living move into the digital realm, the importance of securing those activities grows. Where once an understanding of password security might have been considered a useful bonus, it is now becoming an integral life skill. Users of all ages need to be aware of what information is shared online and how to secure it. It is crucially important that security be taught at an early age, before users are faced with the full magnitude of security management tasks. In this article, we present our work developing security curriculum modules for teenagers, and discuss our attempt to teach life skills for security to Swiss high schoolers.

Fingerprinting for Cyber-Physical System Security: Device Physics Matters Too

Thu, 11/29/2018 - 20:12
Due to the increasing attacks against cyber-physical systems, it is important to develop novel solutions to secure these critical systems. System security can be improved by using the physics of process actuators (that is, devices). Device physics can be used to generate device fingerprints to increase the integrity of responses from process actuators.

Privacy and Civilian Drone Use: The Need for Further Regulation

Thu, 11/29/2018 - 20:05
Current US regulation is not equipped to provide explicit privacy protection for drone use in an era of sophisticated audio/video and social media. In 2016, the National Telecommunications and Information Association recognized this deficit by releasing a set of best practices, which we examine in light of the current privacy concerns with drone use in the US.