Presents the front cover for this issue of the publication.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

The articles in this special section focus on hardware assisted security systems. During the past two decades, the use of hardware assistance for improving security and privacy has been steadily increasing. In particular, hardware-assisted trusted execution environments (TEEs), such as Arm TrustZone and Intel Software Guard Extensions, are now widely deployed. This has led to many new initiatives in

Advertisement.

Advertisement.

Advertisement.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Cyber intelligence requires analytic and technical skills. It is a pillar of U.S. national security and is needed in the private sector. We outline a framework for cyber intelligence education, including a dual-track model to balance the technical and analytic requirements.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Security flaws in cyberphysical systems are expensive. The key to creating secure but affordable industrial cyber systems is to understand the various points at which security can be implemented to build security into a product. This article is written from the perspective of a practitioner and addresses several components of product security that work together to build security into cyberphysical

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input— financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Advertisement.

Advertisement.

Advertisement, IEEE.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Advertisement, IEEE.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Advertisement. IEEE Security & Privacy magazine provides articles with both a practical and research bent by the top thinkers in the field. Stay current on the latest security tools and theories and gain invaluable practical and research knowledge; learn more about the latest techniques and cutting-edge technology; and discover case studies, tutorials, columns, and in-depth interviews and podcasts

Presents information on the upcomming HOST 2000 Conference. Includes topics to be covered and a calls for papers.

Advertisement. Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Presents the front cover for this issue of the publication.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Advertisement.

Internet of Things (IoT) security depends on the kindness of strangers, including in discovering, disclosing, and mitigating vulnerabilities. Multiple organizations have published best practices for producing secure IoT devices. We analyze two hubs, identify vulnerabilities, and detail how best practices would have prevented the flaws.

The divide between IT security and software security can result in the neglect of proper software security. This divide can be bridged by establishing a formal security champion role in the development team and conducting collaborative risk-based security activities.

Advertisement.

Access to individual-level health data is going to be critical for managing the COVID-19 pandemic and enabling society to return to some form of (new) normal functioning. Broader data access is already starting to happen. At the same time, there has been growing alarm by the privacy community about the extent and manner of the level of data sharing that is going on with such sensitive information.

Acquisition is the most common method for introducing new technology into organizations, but security and integrity are difficult to guarantee using conventional acquisition techniques. Best practices for secure acquisition are an essential part of the general education process in cybersecurity.

Why can't we send encrypted email (secure, private correspondence that even our mail providers can't read)? Why do our health-care providers require us to use secure portals to correspond with us instead of directly emailing us? Why are messaging apps the only way to send encrypted messages directly to friends, and why can't we send private messages without agreeing to using a single platform (WhatsApp

Are we (the experts) fooling ourselves that our security approaches are effective or appropriate to protect today?s and future IT environments? Are our old recipes still suitable? After working in IT security for more than 20 years, we started to realize that something had fundamentally changed. We tried to match the growing expectations of customers and consumers (the market), technological development

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the front cover for this issue of the publication.

Advertisement.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Advertisement.

The articles from this special section were presented at the 2019 IEEE European Symposium on Security and Privacy that was held in Stockholm, Sweden.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

This article provides a high-level, introductory description of the biological sciences and technology landscape to enable a more complete understanding of the digital-physical connections that may be vulnerable to cyberattack.

Presents revisions to biographical information in the "Education" column of the March/April 2020 issue of IEEE Security & Privacy.

Today's cyberdefense tools are mostly watchers. They are not active doers. To be sure, watching is a demanding affair also. These tools monitor traffic and events; detect malicious signatures, patterns, and anomalies; may classify and characterize what they observe; and issue alerts. They might even learn while doing all this. But they don't act. They do little to plan and execute responses to attacks

Past and recent cases of data misuses and data breaches, and the central role that data plays today for artificial intelligence (AI) systems, are pushing the notion of data transparency at the forefront in several contexts. However, data transparency is still patchy and does not even have a comprehensive definition; rather, there are different definitions.

Advertisement.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

The increasing complexity of modern computing devices has rendered security architectures vulnerable to recent side-channel and transient-execution attacks. We discuss the most relevant defenses as well as their drawbacks and how to overcome them for next-generation secure processor design.

Computer hardware is usually perceived as more secure than software. However, recent trends lead us to reexamine this belief. We draw attention to the "firmwarization" of hardware and argue for revisiting the role of hardware and software in systems security.

Trusted execution environments (TEEs) enabled research in scenarios where highest-privileged attackers had precise control over systems and microarchitecture. Insights gained from such attacks facilitated the discovery of non-TEE attacks, such as Spectre (as well as Foreshadow from within virtual machines).

Historically, fault injection was the realm of adversaries with physical access. This changed when research revealed that remote attackers could use software to inject faults. Plundervolt is a new software-based attack on Intel's trusted execution technology (SGX). Plundervolt can break cryptography and inject memory-safety bugs into secure code.

Trusted execution environments (TEEs) are a growing part of the security ecosystem. Unfortunately, widely available TEEs are hampered by closed designs and a lack of flexibility. We outline the challenges to TEEs, advocate for extensible and portable open TEEs, and detail current efforts.

Secure enclave architectures have become prevalent in modern CPUs. Enclaves provide a flexible way to implement various hardware-assisted security services. But special-purpose security chips can still have advantages. Interestingly, dedicated security chips can also assist enclaves and improve their security.

Today's computer systems trace their roots to an era of trusted users and highly constrained hardware; thus, their designs fundamentally emphasize performance and discount security. This article presents a vision for how small steps using existing technologies can be combined into one giant leap for computer security.

Although smart contracts inherit the availability and other security assurances of the blockchain, they are impeded by lack of confidentiality and poor performance. We present Ekiden, a system that aims to close these critical gaps by combining the blockchain with trusted execution environments.