AUTHOR INDEX

A

Acquisti, Alessandro, "Identity Management, Privacy, and Price Discrimination," Mar./Apr., pp. 46–50.

Adams, William J., see Trope, Roland L.

Ahmad, Dave, "The Confused Deputy and the Domain Hijacker," Jan./Feb., pp. 74–77.

Ahmad, David, "Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise," Sep./Oct., pp. 70–73.

Andrews, Dee H., see Greitzer, Frank L.

Ansari, Nirwan, Pitipatana Sakarindr, Ehsan Haghani, Chao Zhang, Aridaman K. Jain, and Yun Q. Shi, "Evaluating Electronic Voting Systems Equipped with Voter-Verified Paper Records," May/June, pp. 30–39.

Ansari, Nirwan, see Yan, Wei.

B

Baentsch, Michael, see Weigold, Thomas.

Baldwin, Rusty O., see Dube, Thomas E.

Balfe, Shane, Eimear Gallery, Chris J. Mitchell, and Kenneth G. Paterson, "Challenges for Trusted Computing," Nov./Dec., pp. 60–66.

Batten, Lynn, and Lei Pan, "Teaching Digital Forensics to Undergraduate Students," May/June, pp. 54–56.

Bellovin, Steven M., Terry V. Benzel, Bob Blakley, Dorothy E. Denning, Whitfield Diffie, Jeremy Epstein, and Paulo Verissimo, "Information Assurance Technology Forecast 2008," Jan./Feb., pp. 16–23.

Bellovin, Steven M., "The Puzzle of Privacy," Sep./Oct., pp. 88.

Bellovin, Steven M., Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, and Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act," Jan./Feb., pp. 24–33.

Bellovin, Steve, "Security by Checklist," Mar./Apr., pp. 88.

Bennington, Robert W., see Dube, Thomas E.

Benzel, Terry V., see Bellovin, Steven M.

Bermudez, Sergio, see Pai, Sameer.

Bessani, Alysson Neves, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, and Paulo Ver�ssimo, "The Crutial Way of Critical Infrastructure Protection," Nov./Dec., pp. 44–51.

Birrer, Bobby D., see Dube, Thomas E.

Bishop, Matt, see Yasinsac, Alec.

Bishop, Matt, and Deborah A. Frincke, "Information Assurance Education: A Work In Progress," Sep./Oct., pp. 54–57.

Bishop, Matt, see Nance, Kara.

Blakley, Bob, see Bellovin, Steven M.

Blaze, Matt, see Bellovin, Steven M.

Bonver, Edward, and Michael Cohen, "Developing and Retaining a Security Testing Mindset," Sep./Oct., pp. 82–85.

Bonver, Edward, "Security Testing of Internal Tools," Jan./Feb., pp. 81–83.

Bratus, Sergey, Chris Masone, and Sean W. Smith, "Why Do Street-Smart People Do Stupid Things Online?," May/June, pp. 71–74.

Brookes, Tim, see Hughes, Gordon.

Br�ndle, Markus, and Martin Naedele, "Security for Process Control Systems: An Overview," Nov./Dec., pp. 24–29.

Bulford, Carla, see Predd, Joel.

Burr, William E., "A New Hash Competition," May/June, pp. 60–62.

Byres, Eric James, see Leversage, David John.

C

Camp, Jean, see Viecco, Camilo.

Cappelli, Dawn M., see Greitzer, Frank L.

Carback, Richard, see Chaum, David.

Carbone, Martim, Diego Zamboni, and Wenke Lee, "Taming Virtualization," Jan./Feb., pp. 65–67.

Carroll, Lynn A., see Greitzer, Frank L.

Carvalho, Marco, "Security in Mobile Ad Hoc Networks," Mar./Apr., pp. 72–75.

Casassa-Mont, Marco, see Pearson, Siani.

Chakrabarti, Anirban, Anish Damodaran, and Shubhashis Sengupta, "Grid Computing Security: A Taxonomy," Jan./Feb., pp. 44–51.

Chan, Yuen-Yan, and Victor K. Wei, "Teaching for Conceptual Change in Security Awareness," Nov./Dec., pp. 67–69.

Chaum, David, Aleks Essex, Richard Carback, Jeremy Clark, Stefan Popoveniuc, Alan Sherman, and Poorvi Vora, "Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting," May/June, pp. 40–46.

Cheng, Lee Ming, see Razaq, Abdul (Ali).

Chu, Chengyun, "Introduction to Microsoft .NET Security," Nov./Dec., pp. 73–78.

Clark, Jeremy, see Chaum, David.

Cohen, Michael, see Bonver, Edward.

Conway, Daniel G., see Geer Jr., Daniel E.

Conway, Daniel G., see Geer Jr., Daniel E.

Conway, Daniel G., see Jr., Daniel E. Geer.

Conway, Daniel G., see Geer Jr., Daniel E.

Conway, Daniel, see Geer, Dan.

Cooper, Alissa, see Hansen, Marit.

Correia, Miguel, see Bessani, Alysson Neves.

Costa, Regivaldo G., see Santin, Altair O.

Coyne, Ed, and Tim Weil, "An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model," Jan./Feb., pp. 84–87.

Crompton, Malcolm, see McKenzie, Robin.

D

Damodaran, Anish, see Chakrabarti, Anirban.

Dawson, Sophie, see Hughes, Gordon.

Denning, Dorothy E., see Bellovin, Steven M.

Dhamija, Rachna, and Lisa Dusseault, "The Seven Flaws of Identity Management: Usability and Security Challenges," Mar./Apr., pp. 24–29.

Diffie, Whitfield, see Bellovin, Steven M.

Diffie, Whitfield, see Bellovin, Steven M.

Donner, Marc, "Charge of the Light Brigade," Jan./Feb., pp. 5–5.

Donner, Marc, "Lessons from Electrification for Identification," Mar./Apr., pp. 3.

Dube, Thomas E., Bobby D. Birrer, Richard A. Raines, Rusty O. Baldwin, Barry E. Mullins, Robert W. Bennington, and Christopher E. Reuter, "Hindering Reverse Engineering: Thinking Outside the Box," Mar./Apr., pp. 58–65.

Dusseault, Lisa, see Dhamija, Rachna.

E

Emam, Khaled El, "Heuristics for De-identifying Health Data," July/Aug., pp. 58–61.

Epstein, Jeremy, see Bellovin, Steven M.

Epstein, Jeremy, "Security Lessons Learned from Soci�t� G�n�rale," May/June, pp. 80–82.

Espelid, Yngve, see Hole, Kjell J.

Essex, Aleks, see Chaum, David.

F

Figueroa, James, and Brandi Ortega, "Shaking Up the Cybersecurity Landscape," Nov./Dec., pp. 18–21.

Finn, Peter, see Jakobsson, Markus.

Frankel, Sheila, and David Green, "Internet Protocol Version 6," May/June, pp. 83–86.

Frincke, Deborah A., see Bishop, Matt.

G

Gallery, Eimear, see Balfe, Shane.

Garfinkel, Simson, "Sharp Figures, Fuzzy Purpose," Mar./Apr., pp. 5.

Geer, Jr., Daniel E., and Daniel G. Conway, "Beware the IDs of March," Mar./Apr., pp. 87.

Geer, Jr., Daniel E., "Complexity Is the Enemy," Nov./Dec., pp. 88.

Geer, Jr., Daniel E., "Learn by Analogy or Die Trying," May/June, pp. 88, 87.

Geer, Jr., Daniel E., and Daniel G. Conway, "Security Is a Subset of Reliability," Nov./Dec., pp. 86–87.

Geer, Jr., Daniel E., and Daniel G. Conway, "Type II Reverse Engineering," Sep./Oct., pp. 86–87.

Geer, Dan, and Daniel Conway, "What We Got for Christmas," Jan./Feb., pp. 88.

Goirizelaia, I�aki, Ted Selker, Maider Huarte, and Juanjo Unzilla, "An Optical Scan E-Voting System based on N-Version Programming," May/June, pp. 47–53.

Green, David, see Frankel, Sheila.

Greitzer, Frank L., Andrew P. Moore, Dawn M. Cappelli, Dee H. Andrews, Lynn A. Carroll, and Thomas D. Hull, "Combating the Insider Cyber Threat," Jan./Feb., pp. 61–64.

Grossman, Jeremiah, "Five User-Customizable Web Site Security Features," Nov./Dec., pp. 79–81.

H

Haghani, Ehsan, see Ansari, Nirwan.

Hansen, Marit, Ari Schwartz, and Alissa Cooper, "Privacy and Identity Management," Mar./Apr., pp. 38–45.

Harding, Patrick, Leif Johansson, and Nate Klingenstein, "Dynamic Security Assertion Markup Language: Simplifying Single Sign-On," Mar./Apr., pp. 83–85.

Hay, Brian, see Nance, Kara.

Helleseth, Hallvar, see Hole, Kjell J.

Henriksen, Jan B., see Hole, Kjell J.

Hilty, Manuel, see Pretschner, Alexander.

Hole, Kjell J., Lars-Helge Netland, Yngve Espelid, Andr� N. Klingsheim, Hallvar Helleseth, and Jan B. Henriksen, "Open Wireless Networks on University Campuses," July/Aug., pp. 14–20.

Howard, Michael, "Becoming a Security Expert," Jan./Feb., pp. 71–73.

Huarte, Maider, see Goirizelaia, I�aki.

Hughes, Gordon, Sophie Dawson, and Tim Brookes, "Considering New Privacy Laws in Australia," May/June, pp. 57–59.

Hull, Thomas D., see Greitzer, Frank L.

Hunker, Jeffrey, see Predd, Joel.

J

Jain, Aridaman K., see Ansari, Nirwan.

Jakobsson, Markus, Nathaniel Johnson, and Peter Finn, "Why and How to Perform Fraud Experiments," Mar./Apr., pp. 66–68.

Jefferson, David R., see Rubin, Aviel D.

Johansson, Leif, see Harding, Patrick.

Johnson, Nathaniel, see Jakobsson, Markus.

Jr., Daniel E. Geer, and Daniel G. Conway, "Strong Attractors," July/Aug., pp. 78–79.

K

Karger, Paul A., and David R. Safford, "I/O for Virtual Machine Monitors: Security and Performance Issues," Sep./Oct., pp. 16–23.

King, Samuel T., and Sean W. Smith, "Virtualization and Security: Back to the Future," Sep./Oct., pp. 15.

Klingenstein, Nate, see Harding, Patrick.

Klingsheim, Andr� N., see Hole, Kjell J.

Kolupaev, Aleksey, and Juriy Ogijenko, "CAPTCHAs: Humans vs. Bots," Jan./Feb., pp. 68–70.

Kotzanikolaou, Panayiotis, "Data Retention and Privacy in Electronic Communications," Sep./Oct., pp. 46–52.

Kramp, Thorsten, see Weigold, Thomas.

L

Landau, Susan, and Deirdre K. Mulligan, "I'm Pc01002/SpringPeeper/ED288l.6; Who are You?," Mar./Apr., pp. 13–15.

Landau, Susan, see Bellovin, Steven M.

Landau, Susan, "Security and Privacy Landscape in Emerging Technologies," July/Aug., pp. 74–77.

Landwehr, Carl E., "Cybersecurity and Artificial Intelligence: From Fixing the Plumbing to Smart Water," Sep./Oct., pp. 3–4.

Landwehr, Carl E., "Up Scope," May/June, pp. 3–4.

Lee, Wenke, see Carbone, Martim.

Lesk, Michael, "Digital Rights Management and Individualized Pricing," May/June, pp. 76–79.

Lesk, Michael, "Forum Shopping on the Internet," Jan./Feb., pp. 78–80.

Leversage, David John, and Eric James Byres, "Estimating a System's Mean Time-to-Compromise," Jan./Feb., pp. 52–60.

Levieil, Eric, and David Naccache, "Cryptographic Test Correction," Mar./Apr., pp. 69–71.

Locasto, Michael E., and Angelos Stavrou, "The Hidden Difficulties of Watching and Rebuilding Networks," Mar./Apr., pp. 79–82.

Luk, Wai Tong, see Razaq, Abdul (Ali).

M

Maler, Eve, and Drummond Reed, "The Venn of Identity: Options and Issues in Federated Identity Management," Mar./Apr., pp. 16–23.

Martin, Luther, "Identity-Based Encryption and Beyond," Sep./Oct., pp. 62–64.

Masone, Chris, see Bratus, Sergey.

Mathieu, Bertrand, Saverio Niccolini, and Dorgham Sisalem, "SDRS: A Voice-over-IP Spam Detection and Reaction System," Nov./Dec., pp. 52–59.

Maziero, Carlos A., see Santin, Altair O.

McGraw, Gary, "Silver Bullet Talks with Adam Shostack," July/Aug., pp. 6–10.

McGraw, Gary, "Silver Bullet Talks with Bill Cheswick," Sep./Oct., pp. 7–11.

McGraw, Gary, "Silver Bullet Talks with Ed Amoroso," Mar./Apr., pp. 6–9.

McGraw, Gary, "Silver Bullet Talks with Eugene Spafford," Jan./Feb., pp. 10–15.

McGraw, Gary, "Silver Bullet Talks with Jon Swartz," May/June, pp. 9–11.

McGraw, Gary, "Silver Bullet Talks with Matt Bishop," Nov./Dec., pp. 6–10.

McKenzie, Robin, Malcolm Crompton, and Colin Wallis, "Use Cases for Identity Management in E-Government," Mar./Apr., pp. 51–57.

McKinney, David, "New Hurdles for Vulnerability Disclosure," Mar./Apr., pp. 76–78.

McLaughlin, Peter, "Cross-Border Data Flows and Increased Enforcement," Sep./Oct., pp. 58–61.

Meingast, Marci, see Pai, Sameer.

Meland, Per H�kon, see R�stad, Lillian.

Michael, Bret, "Are Governments Up to the Task?," Nov./Dec., pp. 4–5.

Michener, John R., "Common Permissions in Microsoft Windows Server 2008 and Windows Vista," May/June, pp. 63–67.

Mitchell, Chris J., see Balfe, Shane.

Moore, Andrew P., see Greitzer, Frank L.

Mulligan, Deirdre K., see Landau, Susan.

Mulligan, Deirdre K., see Pai, Sameer.

Mullins, Barry E., see Dube, Thomas E.

N

Naccache, David, see Levieil, Eric.

Naedele, Martin, see Br�ndle, Markus.

Nahra, Kirk J., "HIPAA Security Enforcement Is Here," Nov./Dec., pp. 70–72.

Nance, Kara, Matt Bishop, and Brian Hay, "Virtual Machine Introspection: Observation or Interference?," Sep./Oct., pp. 32–37.

Netland, Lars-Helge, see Hole, Kjell J.

Neumann, Peter G., see Bellovin, Steven M.

Neves, Nuno Ferreira, see Bessani, Alysson Neves.

Niccolini, Saverio, see Mathieu, Bertrand.

Nicol, David M., William H. Sanders, Sankalp Singh, and Mouna Seri, "Usable Global Network Access Policy for Process Control Systems," Nov./Dec., pp. 30–36.

Novoa, Manny, see Pearson, Siani.

O

O'Donnell, Adam J., "When Malware Attacks (Anything but Windows)," May/June, pp. 68–70.

Ogijenko, Juriy, see Kolupaev, Aleksey.

Ortega, Brandi, "News Briefs," Sep./Oct., pp. 12–13.

Ortega, Brandi, see Figueroa, James.

P

Pai, Sameer, Marci Meingast, Tanya Roosta, Sergio Bermudez, Stephen B. Wicker, Deirdre K. Mulligan, and Shankar Sastry, "Transactional Confidentiality in Sensor Networks," July/Aug., pp. 28–35.

Palmer, Charles C., see Trellue, Ron.

Pan, Lei, see Batten, Lynn.

Parks, Raymond C., and Edmond Rogers, "Vulnerability Assessment for Critical Infrastructure Control Systems," Nov./Dec., pp. 37–43.

Paterson, Kenneth G., see Balfe, Shane.

Pearson, Siani, Marco Casassa-Mont, and Manny Novoa, "Securing Information Transfer in Distributed Computing Environments," Jan./Feb., pp. 34–42.

Perez, Ronald, Leendert van Doorn, and Reiner Sailer, "Virtualization and Hardware-Based Security," Sep./Oct., pp. 24–31.

Pfleeger, Shari Lawrence, see Predd, Joel.

Popoveniuc, Stefan, see Chaum, David.

Predd, Joel, Shari Lawrence Pfleeger, Jeffrey Hunker, and Carla Bulford, "Insiders Behaving Badly," July/Aug., pp. 66–70.

Pretschner, Alexander, Manuel Hilty, Florian Sch�tz, Christian Schaefer, and Thomas Walter, "Usage Control Enforcement: Present and Future," July/Aug., pp. 44–53.

R

Raines, Richard A., see Dube, Thomas E.

Razaq, Abdul (Ali), Wai Tong Luk, Kam Man Shum, Lee Ming Cheng, and Kai Ning Yung, "Second-Generation RFID," July/Aug., pp. 21–27.

Reed, Drummond, see Maler, Eve.

Reuter, Christopher E., see Dube, Thomas E.

Rexford, Jennifer, see Bellovin, Steven M.

Rogers, Edmond, see Parks, Raymond C.

Roosta, Tanya, see Pai, Sameer.

Rubin, Aviel D., and David R. Jefferson, "New Research Results for Electronic Voting," May/June, pp. 12–13.

Ryan, Daniel J., see Ryan, Julie J.C.H.

Ryan, Julie J.C.H., and Daniel J. Ryan, "Performance Metrics for Information Security Risk Management," Sep./Oct., pp. 38–44.

R�stad, Lillian, Inger Anne T�ndel, Per H�kon Meland, and Gunnar Ren� �ie, "Learning by Failing (and Fixing)," July/Aug., pp. 54–56.

S

Safford, David R., see Karger, Paul A.

Sailer, Reiner, see Perez, Ronald.

Sakarindr, Pitipatana, see Ansari, Nirwan.

Sanders, William H., see Nicol, David M.

Santin, Altair O., Regivaldo G. Costa, and Carlos A. Maziero, "A Three-Ballot-Based Secure Electronic Voting System," May/June, pp. 14–21.

Sastry, Shankar, see Pai, Sameer.

Saydjari, O. Sami, "Launching into the Cyberspace Race: An Interview with Melissa E. Hathaway," Nov./Dec., pp. 11–17.

Schaefer, Christian, see Pretschner, Alexander.

Schneider, Fred B., "Network Neutrality versus Internet Trustworthiness?," July/Aug., pp. 3–4.

Schneier, Bruce, "How the Human Brain Buys Security," July/Aug., pp. 80.

Schwartz, Ari, see Hansen, Marit.

Sch�tz, Florian, see Pretschner, Alexander.

Selker, Ted, see Goirizelaia, I�aki.

Sengupta, Shubhashis, see Chakrabarti, Anirban.

Seri, Mouna, see Nicol, David M.

Sherman, Alan, see Chaum, David.

Shi, Yun Q., see Ansari, Nirwan.

Shum, Kam Man, see Razaq, Abdul (Ali).

Singh, Sankalp, see Nicol, David M.

Sisalem, Dorgham, see Mathieu, Bertrand.

Smith, Sean W., see King, Samuel T.

Smith, Sean W., see Bratus, Sergey.

Sousa, Paulo, see Bessani, Alysson Neves.

Spafford, Eugene, "James P. Anderson: An Information Security Pioneer," Jan./Feb., pp. 9.

Stavrou, Angelos, see Locasto, Michael E.

Steven, John, "State of Application Assessment," Nov./Dec., pp. 82–85.

Stytz, Martin R., "The Shape of Crimeware to Come," Sep./Oct., pp. 5.

T

Trellue, Ron, and Charles C. Palmer, "Process Control System Security: Bootstrapping a Legacy," Nov./Dec., pp. 22–23.

Trope, Roland L., Monique Witt, and William J. Adams, "Hardening the Target," Sep./Oct., pp. 77–81.

Troutman, Justin, "The Virtues of Mature and Minimalist Cryptography," July/Aug., pp. 62–65.

T�ndel, Inger Anne, see R�stad, Lillian.

U

Unzilla, Juanjo, see Goirizelaia, I�aki.

V

van, Doorn, Leendert, see Perez, Ronald.

Verissimo, Paulo, see Bellovin, Steven M.

Ver�ssimo, Paulo, see Bessani, Alysson Neves.

Viecco, Camilo, and Jean Camp, "A Life or Death InfoSec Subversion," Sep./Oct., pp. 74–76.

Vora, Poorvi, see Chaum, David.

W

Wallis, Colin, see McKenzie, Robin.

Walter, Thomas, see Pretschner, Alexander.

Wayman, James L., "Biometrics in Identity Management Systems," Mar./Apr., pp. 30–37.

Wei, Victor K., see Chan, Yuen-Yan.

Weigold, Thomas, Thorsten Kramp, and Michael Baentsch, "Remote Client Authentication," July/Aug., pp. 36–43.

Weil, Tim, see Coyne, Ed.

Wicker, Stephen B., see Pai, Sameer.

Witt, Monique, see Trope, Roland L.

Y

Yan, Wei, Zheng Zhang, and Nirwan Ansari, "Revealing Packed Malware," Sep./Oct., pp. 65–69.

Yasinsac, Alec, and Matt Bishop, "The Dynamics of Counting and Recounting Votes," May/June, pp. 22–29.

Yung, Kai Ning, see Razaq, Abdul (Ali).

Z

Zamboni, Diego, see Carbone, Martim.

Zhang, Chao, see Ansari, Nirwan.

Zhang, Zheng, see Yan, Wei.

�ie, Gunnar Ren�, see R�stad, Lillian.

Subject Index

A

Air Interface Protocols

"Second-Generation RFID," Abdul (Ali) Razaq, Wai Tong Luk, Kam Man Shum, Lee Ming Cheng, and Kai Ning Yung, July/Aug., pp. 21–27.

Attack Trends

"The Confused Deputy and the Domain Hijacker," Dave Ahmad, Jan./Feb., pp. 74–77.

"Five User-Customizable Web Site Security Features," Jeremiah Grossman, Nov./Dec., pp. 79–81.

"New Hurdles for Vulnerability Disclosure," David McKinney, Mar./Apr., pp. 76–78.

"Two Years of Broken Crypto: Debian's Dress Rehearsal for a Global PKI Compromise," David Ahmad, Sep./Oct., pp. 70–73.

"When Malware Attacks (Anything but Windows)," Adam J. O'Donnell, May/June, pp. 68–70.

B

Basic Training

"Becoming a Security Expert," Michael Howard, Jan./Feb., pp. 71–73.

"Common Permissions in Microsoft Windows Server 2008 and Windows Vista," John R. Michener, May/June, pp. 63–67.

"Introduction to Microsoft .NET Security," Chengyun Chu, Nov./Dec., pp. 73–78.

"Revealing Packed Malware," Wei Yan, Zheng Zhang, and Nirwan Ansari, Sep./Oct., pp. 65–69.

"Security in Mobile Ad Hoc Networks," Marco Carvalho, Mar./Apr., pp. 72–75.

Book Reviews

"The Shape of Crimeware to Come," Martin R. Stytz, Sep./Oct., pp. 5.

"Sharp Figures, Fuzzy Purpose," Simson Garfinkel, Mar./Apr., pp. 5.

Building Security In

"Developing and Retaining a Security Testing Mindset," Edward Bonver, and Michael Cohen, Sep./Oct., pp. 82–85.

"Dynamic Security Assertion Markup Language: Simplifying Single Sign-On," Patrick Harding, Leif Johansson, and Nate Klingenstein, Mar./Apr., pp. 83–85.

"Security Lessons Learned from Soci�t� G�n�rale," Jeremy Epstein, May/June, pp. 80–82.

"Security Testing of Internal Tools," Edward Bonver, Jan./Feb., pp. 81–83.

"State of Application Assessment," John Steven, Nov./Dec., pp. 82–85.

C

Clear Text

"Complexity Is the Enemy," Daniel E. Geer Jr., Nov./Dec., pp. 88.

"How the Human Brain Buys Security," Bruce Schneier, July/Aug., pp. 80.

"Learn by Analogy or Die Trying," Daniel E. Geer Jr., May/June, pp. 88, 87.

"The Puzzle of Privacy," Steven M. Bellovin, Sep./Oct., pp. 88.

"Security by Checklist," Steve Bellovin, Mar./Apr., pp. 88.

Communications Security

"Risking Communications Security: Potential Hazards of the Protect America Act," Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, and Jennifer Rexford, Jan./Feb., pp. 24–33.

Crypto Corner

"CAPTCHAs: Humans vs. Bots," Aleksey Kolupaev, and Juriy Ogijenko, Jan./Feb., pp. 68–70.

"Cryptographic Test Correction," Eric Levieil, and David Naccache, Mar./Apr., pp. 69–71.

"Identity-Based Encryption and Beyond," Luther Martin, Sep./Oct., pp. 62–64.

"A New Hash Competition," William E. Burr, May/June, pp. 60–62.

"The Virtues of Mature and Minimalist Cryptography," Justin Troutman, July/Aug., pp. 62–65.

D

Data Privacy

"Data Retention and Privacy in Electronic Communications," Panayiotis Kotzanikolaou, Sep./Oct., pp. 46–52.

Digital Protection

"Digital Rights Management and Individualized Pricing," Michael Lesk, May/June, pp. 76–79.

"Forum Shopping on the Internet," Michael Lesk, Jan./Feb., pp. 78–80.

"Hardening the Target," Roland L. Trope, Monique Witt, and William J. Adams, Sep./Oct., pp. 77–81.

E

E-Voting

"An Optical Scan E-Voting System based on N-Version Programming," I�aki Goirizelaia, Ted Selker, Maider Huarte, and Juanjo Unzilla, May/June, pp. 47–53.

"The Dynamics of Counting and Recounting Votes," Alec Yasinsac, and Matt Bishop, May/June, pp. 22–29.

"Evaluating Electronic Voting Systems Equipped with Voter-Verified Paper Records," Nirwan Ansari, Pitipatana Sakarindr, Ehsan Haghani, Chao Zhang, Aridaman K. Jain, and Yun Q. Shi, May/June, pp. 30–39.

"Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting," David Chaum, Aleks Essex, Richard Carback, Jeremy Clark, Stefan Popoveniuc, Alan Sherman, and Poorvi Vora, May/June, pp. 40–46.

"A Three-Ballot-Based Secure Electronic Voting System," Altair O. Santin, Regivaldo G. Costa, and Carlos A. Maziero, May/June, pp. 14–21.

Education

"Combating the Insider Cyber Threat," Frank L. Greitzer, Andrew P. Moore, Dawn M. Cappelli, Dee H. Andrews, Lynn A. Carroll, and Thomas D. Hull, Jan./Feb., pp. 61–64.

"Information Assurance Education: A Work In Progress," Matt Bishop, and Deborah A. Frincke, Sep./Oct., pp. 54–57.

"Learning by Failing (and Fixing)," Lillian R�stad, Inger Anne T�ndel, Per H�kon Meland, and Gunnar Ren� �ie, July/Aug., pp. 54–56.

"Teaching Digital Forensics to Undergraduate Students," Lynn Batten, and Lei Pan, May/June, pp. 54–56.

"Teaching for Conceptual Change in Security Awareness," Yuen-Yan Chan, and Victor K. Wei, Nov./Dec., pp. 67–69.

"Why and How to Perform Fraud Experiments," Markus Jakobsson, Nathaniel Johnson, and Peter Finn, Mar./Apr., pp. 66–68.

Emerging Standards

"An RBAC Implementation and Interoperability Standard: The INCITS Cyber Security 1.1 Model," Ed Coyne, and Tim Weil, Jan./Feb., pp. 84–87.

"Internet Protocol Version 6," Sheila Frankel, and David Green, May/June, pp. 83–86.

"Security and Privacy Landscape in Emerging Technologies," Susan Landau, July/Aug., pp. 74–77.

F

For Good Measure

"Beware the IDs of March," Daniel E. Geer Jr., and Daniel G. Conway, Mar./Apr., pp. 87.

"Security Is a Subset of Reliability," Daniel E. Geer Jr., and Daniel G. Conway, Nov./Dec., pp. 86–87.

"Strong Attractors," Daniel E. Geer Jr., and Daniel G. Conway, July/Aug., pp. 78–79.

"Type II Reverse Engineering," Daniel E. Geer Jr., and Daniel G. Conway, Sep./Oct., pp. 86–87.

"What We Got for Christmas," Dan Geer, and Daniel Conway, Jan./Feb., pp. 88.

From the Editors

"Are Governments Up to the Task?," Bret Michael, Nov./Dec., pp. 4–5.

"Charge of the Light Brigade," Marc Donner, Jan./Feb., pp. 5–5.

"Cybersecurity and Artificial Intelligence: From Fixing the Plumbing to Smart Water," Carl E. Landwehr, Sep./Oct., pp. 3–4.

"Lessons from Electrification for Identification," Marc Donner, Mar./Apr., pp. 3.

"Network Neutrality versus Internet Trustworthiness?," Fred B. Schneider, July/Aug., pp. 3–4.

"Up Scope," Carl E. Landwehr, May/June, pp. 3–4.

G

Grid Computing

"Grid Computing Security: A Taxonomy," Anirban Chakrabarti, Anish Damodaran, and Shubhashis Sengupta, Jan./Feb., pp. 44–51.

Guest Editors' Introductions

"I'm Pc01002/SpringPeeper/ED288l.6; Who are You?," Susan Landau, and Deirdre K. Mulligan, Mar./Apr., pp. 13–15.

"New Research Results for Electronic Voting," Aviel D. Rubin, and David R. Jefferson, May/June, pp. 12–13.

"Process Control System Security: Bootstrapping a Legacy," Ron Trellue, and Charles C. Palmer, Nov./Dec., pp. 22–23.

"Virtualization and Security: Back to the Future," Samuel T. King, and Sean W. Smith, Sep./Oct., pp. 15.

I

Identity Management

"Biometrics in Identity Management Systems," James L. Wayman, Mar./Apr., pp. 30–37.

"Identity Management, Privacy, and Price Discrimination," Alessandro Acquisti, Mar./Apr., pp. 46–50.

"Privacy and Identity Management," Marit Hansen, Ari Schwartz, and Alissa Cooper, Mar./Apr., pp. 38–45.

"The Seven Flaws of Identity Management: Usability and Security Challenges," Rachna Dhamija, and Lisa Dusseault, Mar./Apr., pp. 24–29.

"Use Cases for Identity Management in E-Government," Robin McKenzie, Malcolm Crompton, and Colin Wallis, Mar./Apr., pp. 51–57.

"The Venn of Identity: Options and Issues in Federated Identity Management," Eve Maler, and Drummond Reed, Mar./Apr., pp. 16–23.

In Memoriam

"James P. Anderson: An Information Security Pioneer," Eugene Spafford, Jan./Feb., pp. 9.

Interview

"Silver Bullet Talks with Adam Shostack," Gary McGraw, July/Aug., pp. 6–10.

"Silver Bullet Talks with Bill Cheswick," Gary McGraw, Sep./Oct., pp. 7–11.

"Silver Bullet Talks with Ed Amoroso," Gary McGraw, Mar./Apr., pp. 6–9.

"Silver Bullet Talks with Eugene Spafford," Gary McGraw, Jan./Feb., pp. 10–15.

"Silver Bullet Talks with Jon Swartz," Gary McGraw, May/June, pp. 9–11.

"Silver Bullet Talks with Matt Bishop," Gary McGraw, Nov./Dec., pp. 6–10.

N

News

"News Briefs," Brandi Ortega, Jan./Feb., pp. 6–8.

"News Briefs," Brandi Ortega, Mar./Apr., pp. 10–12.

"News Briefs," Brandi Ortega, May/June, pp. 6–8.

"News Briefs," Brandi Ortega, July/Aug., pp. 11–13.

"News Briefs," Brandi Ortega, Sep./Oct., pp. 12–13.

"Shaking Up the Cybersecurity Landscape," James Figueroa, and Brandi Ortega, Nov./Dec., pp. 18–21.

O

On the Horizon

"Taming Virtualization," Martim Carbone, Diego Zamboni, and Wenke Lee, Jan./Feb., pp. 65–67.

P

Privacy Interests

"Considering New Privacy Laws in Australia," Gordon Hughes, Sophie Dawson, and Tim Brookes, May/June, pp. 57–59.

"Cross-Border Data Flows and Increased Enforcement," Peter McLaughlin, Sep./Oct., pp. 58–61.

"Heuristics for De-identifying Health Data," Khaled El Emam, July/Aug., pp. 58–61.

"HIPAA Security Enforcement Is Here," Kirk J. Nahra, Nov./Dec., pp. 70–72.

Process Control Security

"The Crutial Way of Critical Infrastructure Protection," Alysson Neves Bessani, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, and Paulo Ver�ssimo, Nov./Dec., pp. 44–51.

"Security for Process Control Systems: An Overview," Markus Br�ndle, and Martin Naedele, Nov./Dec., pp. 24–29.

"Usable Global Network Access Policy for Process Control Systems," David M. Nicol, William H. Sanders, Sankalp Singh, and Mouna Seri, Nov./Dec., pp. 30–36.

"Vulnerability Assessment for Critical Infrastructure Control Systems," Raymond C. Parks, and Edmond Rogers, Nov./Dec., pp. 37–43.

R

Reverse Engineering

"Hindering Reverse Engineering: Thinking Outside the Box," Thomas E. Dube, Bobby D. Birrer, Richard A. Raines, Rusty O. Baldwin, Barry E. Mullins, Robert W. Bennington, and Christopher E. Reuter, Mar./Apr., pp. 58–65.

Risk Management

"Performance Metrics for Information Security Risk Management," Julie J.C.H. Ryan, and Daniel J. Ryan, Sep./Oct., pp. 38–44.

S

Secure Authentication

"Remote Client Authentication," Thomas Weigold, Thorsten Kramp, and Michael Baentsch, July/Aug., pp. 36–43.

Secure Systems

"The Hidden Difficulties of Watching and Rebuilding Networks," Michael E. Locasto, and Angelos Stavrou, Mar./Apr., pp. 79–82.

"Insiders Behaving Badly," Joel Predd, Shari Lawrence Pfleeger, Jeffrey Hunker, and Carla Bulford, July/Aug., pp. 66–70.

"A Life or Death InfoSec Subversion," Camilo Viecco, and Jean Camp, Sep./Oct., pp. 74–76.

"Why Do Street-Smart People Do Stupid Things Online?," Sergey Bratus, Chris Masone, and Sean W. Smith, May/June, pp. 71–74.

Securing Information

"Securing Information Transfer in Distributed Computing Environments," Siani Pearson, Marco Casassa-Mont, and Manny Novoa, Jan./Feb., pp. 34–42.

Security Metrics

"Estimating a System's Mean Time-to-Compromise," David John Leversage, and Eric James Byres, Jan./Feb., pp. 52–60.

Sensor Networks

"Transactional Confidentiality in Sensor Networks," Sameer Pai, Marci Meingast, Tanya Roosta, Sergio Bermudez, Stephen B. Wicker, Deirdre K. Mulligan, and Shankar Sastry, July/Aug., pp. 28–35.

Spotlight

"Launching into the Cyberspace Race: An Interview with Melissa E. Hathaway," O. Sami Saydjari, Nov./Dec., pp. 11–17.

T

Trusted Computing

"Challenges for Trusted Computing," Shane Balfe, Eimear Gallery, Chris J. Mitchell, and Kenneth G. Paterson, Nov./Dec., pp. 60–66.

U

Usage Control

"Usage Control Enforcement: Present and Future," Alexander Pretschner, Manuel Hilty, Florian Sch�tz, Christian Schaefer, and Thomas Walter, July/Aug., pp. 44–53.

V

Virtual Roundtable

"Information Assurance Technology Forecast 2008," Steven M. Bellovin, Terry V. Benzel, Bob Blakley, Dorothy E. Denning, Whitfield Diffie, Jeremy Epstein, and Paulo Verissimo, Jan./Feb., pp. 16–23.

Virtualization

"I/O for Virtual Machine Monitors: Security and Performance Issues," Paul A. Karger, and David R. Safford, Sep./Oct., pp. 16–23.

"Virtual Machine Introspection: Observation or Interference?," Kara Nance, Matt Bishop, and Brian Hay, Sep./Oct., pp. 32–37.

"Virtualization and Hardware-Based Security," Ronald Perez, Leendert van Doorn, and Reiner Sailer, Sep./Oct., pp. 24–31.

Voice over IP

"SDRS: A Voice-over-IP Spam Detection and Reaction System," Bertrand Mathieu, Saverio Niccolini, and Dorgham Sisalem, Nov./Dec., pp. 52–59.

W

Wireless Network Security

"Open Wireless Networks on University Campuses," Kjell J. Hole, Lars-Helge Netland, Yngve Espelid, Andr� N. Klingsheim, Hallvar Helleseth, and Jan B. Henriksen, July/Aug., pp. 14–20.