Presents the front cover for this issue of the publication.

Advertisement.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Advertisement.

The articles from this special section were presented at the 2019 IEEE European Symposium on Security and Privacy that was held in Stockholm, Sweden.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

This article provides a high-level, introductory description of the biological sciences and technology landscape to enable a more complete understanding of the digital-physical connections that may be vulnerable to cyberattack.

Presents revisions to biographical information in the "Education" column of the March/April 2020 issue of IEEE Security & Privacy.

Today's cyberdefense tools are mostly watchers. They are not active doers. To be sure, watching is a demanding affair also. These tools monitor traffic and events; detect malicious signatures, patterns, and anomalies; may classify and characterize what they observe; and issue alerts. They might even learn while doing all this. But they don't act. They do little to plan and execute responses to attacks

Past and recent cases of data misuses and data breaches, and the central role that data plays today for artificial intelligence (AI) systems, are pushing the notion of data transparency at the forefront in several contexts. However, data transparency is still patchy and does not even have a comprehensive definition; rather, there are different definitions.

Advertisement.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Although smart contracts inherit the availability and other security assurances of the blockchain, they are impeded by lack of confidentiality and poor performance. We present Ekiden, a system that aims to close these critical gaps by combining the blockchain with trusted execution environments.

Practitioners who are seeking to defend against online password-guessing attacks usually find a shortage of techniques. We present an open source system to defend against password-guessing attacks using information ignored previously: the guessed passwords themselves. We examine passwords to detect and are more forgiving of login failures caused by users mistyping their passwords.

Benchmarking systems is difficult. Mistakes can compromise guarantees and threaten reproducibility and comparability. We conduct a study to show that benchmarking flaws are widespread in systems security defense papers, even at tier-1 venues. We aim to raise awareness and provide recommendations for safeguarding the scientific process in our community.

The speculative execution of side-channel vulnerabilities in microarchitecture processors has raised concerns about the security of Intel's Software Guard eXtensions (SGX). We present SgxPectre attacks, the SGX variants of Spectre attacks, which exploit speculative execution vulnerabilities to subvert the confidentiality of SGX enclaves; evaluate Intel's existing countermeasures against SgxPectre attacks;

We propose a methodology to leverage machine learning (ML) for the detection of web application vulnerabilities. We use it in the design of Mitch, the first ML solution for the black-box detection of cross-site request forgery vulnerabilities. Finally, we show the effectiveness of Mitch on real software.

Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake

Dartmouth College's Institute for Security, Technology, and Society conducted three workshops on securing information technology in healthcare, attended by a diverse range of experts in the field. This article summarizes the three workshops.

Experience-based access management incorporates models, techniques, and tools to reconcile differences between the ideal access model and the enforced access control.