In response to COVID-19, Korea has implemented digital contact tracing and patient route disclosure schemes. While the former has been embraced more willingly, the latter has been shunned due to privacy concerns, demonstrating that privacy is highly dynamic and is of contextual value.

Cybersecurity needs radical rethinking to change its current landscape. This article charts a vision for a cybersecurity moonshot based on radical but feasible technologies that can prevent the largest classes of vulnerabilities in modern systems.

Ransomware attacks on energy systems are on the rise. We consider ransomware attacks within an IT system's operational technology side, reference some known ransomware incidents, consider attack vectors, and comment on the work still to be done.

In this article, we summarize our recent research findings related to infrastructure as code (IaC) scripts, where we have identified 67,801 occurrences of security smells that include 9,175 hard-coded passwords. We hope our work will facilitate awareness among practitioners who use IaC.

One year ago, Mack and Schroer captured in this column1 the current crisis faced by software security quality control:

Can we prevent the abuses of anonymous communication networks without affecting their ability to enhance privacy and evade censorship? We evaluate approaches for balancing the need for anonymity with the desire to mitigate anonymous abuses.

Designing custom secure function evaluation compilers has been an active research area. However, intelligent adaptation of the integrated circuit synthesis tools outperforms these compilers. It is time for the custom compilers to embrace this trend.

Cyberattacks have become more common, sophisticated, and harmful, while, at the same time, there is a critical shortage of cybersecurity professionals. For example, from October 2019 to September 2020, there were more than 40,000 unfilled positions for information security analysts.2 While educational organizations have responded to this burgeoning demand, cybersecurity education and training institutions

Anonymity networks, also referred to as anonymous networks or darknets are an example of privacy-enhancing technology, the historical goal of which is to avoid censorship, preserve user privacy, and promote freedom of speech. The Tor network, undoubtedly the most popular anonymization technology at the time of this writing, according to its website, has several categories of users: individuals who

Most apps and merchants do not want to deal with financial fraud, but, if they accept payments, they will eventually have to. Our position is that credit card fraud prevention is a technical problem that needs technical solutions.

Cryptography as a field of study is exciting because it brings together beautiful mathematics and many cutting-edge areas of computer science and engineering to find solutions that touch all aspects of life in a digital era. In a single day at a cryptography conference, one can hear talks on election security and legislation on regulating encryption, new mathematical constructions that might yield

According to its creators, the Common Vulnerability Scoring System (CVSS) "provides a way to capture the principal characteristics of a vulnerability ... reflecting its severity ... to help organizations properly assess and prioritize their vulnerability management processes."1 However, the CVSS scoring algorithm is not justified, either formally or empirically. According to the specification, using

This article reviews several exploits of input-handling vulnerabilities and categorizes these vulnerabilities based on their root causes. We describe the language-theoretic security paradigm and discuss how it can be used to tackle these categories of vulnerabilities.

This article discusses a recently developed test suite for checking timingbased vulnerabilities in processor caches, which has revealed the insecurity of today's processor caches. The susceptibility of caches to these vulnerabilities calls for more research on secure processor caches.

Presents the front cover for this issue of the publication.

Advertisement.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Advertisement.

The articles in this special section focus on system requirements for security, privacy, and trust for the Internet of Things (IoT). IoT has huge potential to push monitoring, computing, and communication deeply into the home, the workplace, medicine, manufacturing, and critical infrastructure. This increased capability offers the hope that urban settings can be transformed in various ways through

Presents a message from the outgoing Editor in Chief.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

We suggest a method to determine whether a passing drone is used for spying or not. It can be used to detect spying drones when the victim is in a house or driving a car.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

The 2020 election revealed the interdependence of election systems and the risk management challenges of decentralization. Future risk management will need an update to deal with new threats, both complexity and adversary driven.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

We present a review of European master of science programs in cybersecurity and reflect on the presence (and lack) of knowledge and skills needed to build security in.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

The novel severe acute respiratory syndrome coronavirus 2 and its associated disease, COVID-19, have increased the amount of time that people spend working from home and in social isolation. In 2020, the number of users worldwide who relied on the Internet for work, education, and entertainment increased significantly. This growth is causing a substantial rise in bandwidth usage, with a sudden spike

In early 2018, the disclosure of Spectre1 and Meltdown2 exposed the security risks inherent in speculative and out-of-order execution, which were hitherto considered harmless and valuable performance optimizations. In a nutshell, these attacks demonstrated that transient execution, where the computer executes code speculatively before reverting execution, leaves side effects on the microarchitecture

In 2019, the new European Union (EU) cybersecurity regulation "Cybersecurity Act" ("CSA")1 entered into force to create a common framework for the certification of any information and communication technology (ICT) system, including products, services, and processes. The main purpose of this framework is to reduce the current fragmentation of cybersecurity certification schemes2 as well as to increase

Presents corrections to biographical data in in the article,“Forensic event analysis: From seemingly unrelated data to understanding,” (Padhilha, R., et al), IEEE Security Privacy, vol. 18, no. 6, pp. 23–31, Nov./Dec. 2020. doi: 10.1109/MSEC.2020.3000446.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Advertisement.

Federated learning is a privacy-by-design framework that enables training deep neural networks from decentralized sources of data, but it is fraught with innumerable attack surfaces. We provide a taxonomy of recent attacks on federated learning systems and detail the need for more robust threat modeling in federated learning environments.

People who use secure messaging apps are vulnerable to a hacked or malicious server unless they manually complete an authentication ceremony. In this article, we describe the usability challenges of the authentication ceremony and research to improve it. We conclude with recommendations for service providers and directions for research.

Are papers in computer security reproducible? The health of the reproducibility culture in a subfield of security biometrics was assessed in a reproducibility audit of all papers published in the first quarter of 2020. Many papers met some reproducibility criteria, but none met them all. Even in a culture of faster, better, cheaper, reproducibility needn't cost much, but its benefits can be substantial

In 2014, the Secretary and Chief of Staff of the Army established the Cyber branch and the U.S. Army Cyber School (USACyS). Quickly building USACyS from scratch required building courseware to fill workforce-oriented curricula. Before we could finish creating sufficient and suitable content, the Army assigned students and scheduled classes. As we worked rapidly to create content, we turned to cloud-hosted

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Advertisement.

Presents the front cover for this issue of the publication.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for the Reliability Society.

Prospective authors are requested to submit new, unpublished manuscripts for inclusion in the upcoming event described in this call for papers.

Rapidly identifying attacks and selecting and applying appropriate remediation represent a significant challenge for mitigating cyberattacks on Internet of Things devices. We present a novel self-healing framework that collaboratively trains a neural network-based remediation selection agent to recover from malfunctions and cyberattacks automatically.

Presents the front cover for this issue of the publication.

Presents the table of contents for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.

Presents the introductory editorial for this issue of the publication.

Presents a listing of the editorial board, board of governors, current staff, committee members, and/or society editors for this issue of the publication.