AUTHOR INDEX

A

Alexander, J., and J. Smith, "Disinformation: A Taxonomy," Jan./Feb., pp. 58-63.

Alves-Foss, J., see Weis, J., Nov./Dec. pp. 49-55.

Applegate, S., "Cybermilitias and Political Hackers: Use of Irregular Forces in Cyberwarfare," Sep./Oct., pp. 16-22.

Arbaugh, W., and D.A. Frincke, "Living with Insecurity," Nov./Dec., pp. 12-13.

Arkin, B., "Never Waste a Crisis," May/June, pp. 82-85.

Arkin, B., see Chess, B., Mar./Apr. pp. 89-92.

B

Babbitt, T., see Conti, G., May/June pp. 56-59.

Bailey, M., see Dittrich, D., July/Aug. pp. 32-40.

Barrera, D., and P. Van Oorschot, "Secure Software Installation on Smartphones," May/June, pp. 42-48.

Bau, J., and J.C. Mitchell, "Security Modeling and Analysis," May/June, pp. 18-25.

Bayuk, J.L., "Systems Security Engineering," Mar./Apr., pp. 72-74.

Bejtlich, R., J. Steven, and G. Peterson, "Directions in Incident Detection and Response," Jan./Feb., pp. 91-92.

Bellovin, S.M., "Clouds from Both Sides," May/June, pp. 88.

Bellovin, S.M., see Stolfo, S., May/June pp. 60-65.

Bellovin, S.M., "Security Think," Nov./Dec., pp. 88.

Berson, T.A., and D.E. Denning, "Cyberwarfare," Sep./Oct., pp. 13-15.

Beyah, R., and A. Venkataraman, "Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions," Sep./Oct., pp. 56-61.

Bishop, M., "Teaching Security Stealthily," Mar./Apr., pp. 69-71.

Bloomfield, R.E., "Resilient to the Unexpected," May/June, pp. 3-4.

Bravo-Lillo, C., L.F. Cranor, J. Downs, and S. Komanduri, "Bridging the Gap in Computer Security Warnings: A Mental Model Approach," Mar./Apr., pp. 18-26.

C

Camp, L..J., see Liu, D., Nov./Dec. pp. 20-28.

Caroland, J., see Conti, G., July/Aug. pp. 48-51.

Cate, F.H., "A Transatlantic Convergence on Privacy?," Jan./Feb., pp. 76-79.

Chabanne, H., and M. Tibouchi, "Securing E-passports with Elliptic Curves," Mar./Apr., pp. 75-78.

Chess, B., and B. Arkin, "Software Security in Practice," Mar./Apr., pp. 89-92.

Cheung, S., "Securing Collaborative Intrusion Detection Systems," Nov./Dec., pp. 36-42.

Chu, C., see han, s., Sep./Oct. pp. 62-69.

Conti, G., and J. Caroland, "Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat," July/Aug., pp. 48-51.

Conti, G., T. Babbitt, and J. Nelson, "Hacking Competitions and Their Untapped Potential for Security Education," May/June, pp. 56-59.

Cova, M., see Stone-Gross, B., Jan./Feb. pp. 64-72.

Cox, L.P., "Truth in Crowdsourcing," Sep./Oct., pp. 74-76.

Cranor, L.F., see Bravo-Lillo, C., Mar./Apr. pp. 18-26.

D

Dale, O., see Fuglerud, K., Mar./Apr. pp. 27-34.

Datta, A., J. Franklin, D. Garg, L. Jia, and D. Kaynar, "On Adversary Models and Compositional Security," May/June, pp. 26-32.

DeFigueiredo, D., "The Case for Mobile Two-Factor Authentication," Sep./Oct., pp. 81-85.

Degabriele, J.P., K. Paterson, and G. Watson, "Provable Security in the Real World," May/June, pp. 33-41.

Denning, D.E., see Berson, T.A., Sep./Oct. pp. 13-15.

Dhillon, D., "Developer-Driven Threat Modeling: Lessons Learned in the Trenches," July/Aug., pp. 41-47.

Diamant, J., "Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities," July/Aug., pp. 80-84.

Dietrich, S., see Dittrich, D., July/Aug. pp. 32-40.

Dinolt, G., see Garfinkel, S.L., Nov./Dec. pp. 43-48.

Dittrich, D., M. Bailey, and S. Dietrich, "Building an Active Computer Security Ethics Community," July/Aug., pp. 32-40.

Donner, M., "The Invisible Computers," Nov./Dec., pp. 3.

Donner, M., "Privacy and the System Life Cycle," Mar./Apr., pp. 3.

Downs, J., see Bravo-Lillo, C., Mar./Apr. pp. 18-26.

Du, W., "SEED: Hands-On Lab Exercises for Computer Security Education," Sep./Oct., pp. 70-73.

Duggan, D.P., see Parks, R.C., Sep./Oct. pp. 30-35.

E

Ekelhart, A., see Fenz, S., Mar./Apr. pp. 58-65.

Elliott, D., "Deterring Strategic Cyberattack," Sep./Oct., pp. 36-40.

Evans, D., and S. Stolfo, "Guest Editors' Introduction: The Science of Security," May/June, pp. 16-17.

Evans, D., see Stolfo, S., May/June pp. 60-65.

F

Fenz, S., and A. Ekelhart, "Verification, Validation, and Evaluation in Information Security Risk Management," Mar./Apr., pp. 58-65.

Ferguson-Boucher, K., "Cloud Computing: A Records and Information Management Perspective," Nov./Dec., pp. 63-66.

Fidler, D.P., "Was Stuxnet an Act of War? Decoding a Cyberattack," July/Aug., pp. 56-59.

Fly, R., "Detecting Fraud on Websites," Nov./Dec., pp. 80-85.

Franklin, J., see Datta, A., May/June pp. 26-32.

Frincke, D.A., see Arbaugh, W., Nov./Dec. pp. 12-13.

Fuglerud, K., and O. Dale, "Secure and Inclusive Authentication with a Talking Mobile One-Time-Password Client," Mar./Apr., pp. 27-34.

G

Garber, L., "News Briefs," Nov./Dec., pp. 9-11.

Garfinkel, S.L., and G. Dinolt, "Operations with Degraded Security," Nov./Dec., pp. 43-48.

Garg, D., see Datta, A., May/June pp. 26-32.

Geer Jr., D.E., "Attack Surface Inflation," July/Aug., pp. 85-86.

Geer Jr., D.E., "Correlation Is Not Causation," Mar./Apr., pp. 93-94.

Geer Jr., D.E., "Does a Rising Tide Lift All Boats?," Jan./Feb., pp. 93-94.

Geer Jr., D.E., "Eisenhower Revisited," July/Aug., pp. 88, 87.

Geer Jr., D.E., "New Measures," May/June, pp. 86-87.

Geer Jr., D.E., "Small Is Beautiful, Big Is Inevitable," Nov./Dec., pp. 86-87.

Geer Jr., D.E., "A Time for Choosing," Jan./Feb., pp. 96, 95.

Geer Jr., D.E., and P. Kuper, "When $80 Billion Is Not Enough," Sep./Oct., pp. 86-87.

Ghosh, A., see Greamo, C., Mar./Apr. pp. 79-82.

Gilbert, B., see Stone-Gross, B., Jan./Feb. pp. 64-72.

Greamo, C., and A. Ghosh, "Sandboxing and Virtualization: Modern Tools for Combating Malware," Mar./Apr., pp. 79-82.

Grigg, I., and P. Gutmann, "The Curse of Cryptographic Numerology," May/June, pp. 70-72.

Grobauer, B., T. Walloschek, and E. Stocker, "Understanding Cloud Computing Vulnerabilities," Mar./Apr., pp. 50-57.

Guido, D., "A Case Study of Intelligence-Driven Defense," Nov./Dec., pp. 67-70.

Gunter, C., D. Liebovitz, and B. Malin, "Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems," Sep./Oct., pp. 48-55.

Gutmann, P., see Grigg, I., May/June pp. 70-72.

H

han, s., C. Chu, and z. luo, "Tamper Detection in the EPC Network Using Digital Watermarking," Sep./Oct., pp. 62-69.

Heckle, R.R., "Security Dilemma: Healthcare Clinicians at Work," Nov./Dec., pp. 14-19.

Heelan, S., "Vulnerability Detection Systems: Think Cyborg, Not Robot," May/June, pp. 74-77.

Hively, L., F. Sheldon, and A.C. Squicciarini, "Toward Scalable Trustworthy Computing Using the Human-Physiology-Immunity Metaphor," July/Aug., pp. 14-23.

I

Irvine, C., and J.R. Rao, "Guest Editors' Introduction: Engineering Secure Systems," Jan./Feb., pp. 18-21.

Irvine, C., "The Value of Capture-the-Flag Exercises in Education: An Interview with Chris Eagle," Nov./Dec., pp. 58-60.

J

Jaeger, T., see Schiffman, J., Jan./Feb. pp. 40-48.

Jia, L., see Datta, A., May/June pp. 26-32.

Johnson, M..E., and S. Pfleeger, "Addressing Information Risk in Turbulent Times," Jan./Feb., pp. 49-57.

Johnson, M..E., and N. Willey, "Usability Failures and Healthcare Data Hemorrhages," Mar./Apr., pp. 35-42.

K

Kaaniche, M., and A. van Moorsel, "It All Depends, and Increasingly So," Nov./Dec., pp. 56-57.

Karger, P., S. McIntosh, E. Palmer, D. Toll, and S. Weber, "Lessons Learned Building the Caernarvon High-Assurance Operating System," Jan./Feb., pp. 22-30.

Kaufman, L.M., "How Private Is the Internet?," Jan./Feb., pp. 73-75.

Kaynar, D., see Datta, A., May/June pp. 26-32.

Kemmerer, R., see Stone-Gross, B., Jan./Feb. pp. 64-72.

Komanduri, S., see Bravo-Lillo, C., Mar./Apr. pp. 18-26.

Kruegel, C., see Stone-Gross, B., Jan./Feb. pp. 64-72.

Kuper, P., see Geer Jr., D.E., Sep./Oct. pp. 86-87.

L

Langner, R., "Stuxnet: Dissecting a Cyberwarfare Weapon," May/June, pp. 49-51.

Lesk, M., "Cybersecurity and Economics," Nov./Dec., pp. 76-79.

Lesk, M., "Reading: From Paper to Pixels," July/Aug., pp. 76-79.

Lesk, M., "Salmon, Songs, and Blankets: Creativity on the Northwest Coast," May/June, pp. 78-81.

Lesk, M., "What Is Information Worth?," Jan./Feb., pp. 88-90.

Levin, T., see Weissman, C., Jan./Feb. pp. 31-39.

Lewis, J., "Cyberwar Thresholds and Effects," Sep./Oct., pp. 23-29.

Li, N., see Liu, D., Nov./Dec. pp. 20-28.

Liebovitz, D., see Gunter, C., Sep./Oct. pp. 48-55.

Little, M.C., see Locasto, M.E., July/Aug. pp. 71-75.

Liu, D., N. Li, X. Wang, and L..J. Camp, "Security Risk Management Using Incentives," Nov./Dec., pp. 20-28.

Locasto, M.E., and M.C. Little, "A Failure-Based Discipline of Trustworthy Information Systems," July/Aug., pp. 71-75.

luo, z., see han, s., Sep./Oct. pp. 62-69.

M

MacKie-Mason, J., "All Space Will Be Public Space," Sep./Oct., pp. 77-80.

Malin, B., see Gunter, C., Sep./Oct. pp. 48-55.

McDaniel, P., "Data Provenance and Security," Mar./Apr., pp. 83-85.

McDaniel, P., see Schiffman, J., Jan./Feb. pp. 40-48.

McGraw, G., "Silver Bullet Talks with David Rice," Mar./Apr., pp. 8-11.

McGraw, G., "Silver Bullet Talks with Elinor Mills," Sep./Oct., pp. 9-12.

McGraw, G., "Silver Bullet Talks with Halvar Flake," Nov./Dec., pp. 5-8.

McGraw, G., "Silver Bullet Talks with John Savage," July/Aug., pp. 9-12.

McGraw, G., "Silver Bullet Talks with Paul Kocher," Jan./Feb., pp. 8-11.

McGraw, G., "Silver Bullet Talks with Ralph Langner," May/June, pp. 9-14.

McIntosh, S., see Karger, P., Jan./Feb. pp. 22-30.

McLaughlin, K., see O'Kane, P., Sep./Oct. pp. 41-47.

Miller, C., "Mobile Attacks and Defense," July/Aug., pp. 68-70.

Mitchell, J.C., see Bau, J., May/June pp. 18-25.

Moriarty, K.M., "Incident Coordination," Nov./Dec., pp. 71-75.

Moyer, T., see Schiffman, J., Jan./Feb. pp. 40-48.

Mulligan, D.K., see Schneider, F.B., July/Aug. pp. 3-4.

N

Nelson, J., see Conti, G., May/June pp. 56-59.

Nguyen, Q.L., and A. Sood, "A Comparison of Intrusion-Tolerant System Architectures," July/Aug., pp. 24-31.

O

O'Kane, P., S. Sezer, and K. McLaughlin, "Obfuscation: The Hidden Malware," Sep./Oct., pp. 41-47.

P

Palmer, E., see Karger, P., Jan./Feb. pp. 22-30.

Parks, R.C., and D.P. Duggan, "Principles of Cyberwarfare," Sep./Oct., pp. 30-35.

Paterson, K., see Degabriele, J.P., May/June pp. 33-41.

Peterson, G., see Bejtlich, R., Jan./Feb. pp. 91-92.

Pfleeger, S.L., see Theofanos, M.F., Mar./Apr. pp. 12-17.

Pfleeger, S., see Johnson, M..E., Jan./Feb. pp. 49-57.

R

Rao, J.R., see Irvine, C., Jan./Feb. pp. 18-21.

Raskin, A., "Your Life Experiences, Brought to You by Budweiser," Mar./Apr., pp. 86-88.

Reeder, R., and S. Schechter, "When the Password Doesn't Work: Secondary Authentication for Websites," Mar./Apr., pp. 43-49.

S

Schechter, S., see Reeder, R., Mar./Apr. pp. 43-49.

Schiffman, J., T. Moyer, T. Jaeger, and P. McDaniel, "Network-Based Root of Trust for Installation," Jan./Feb., pp. 40-48.

Schneider, F.B., and D.K. Mulligan, "A Doctrinal Thesis," July/Aug., pp. 3-4.

Schneier, B., "Detecting Cheaters," Mar./Apr., pp. 96, 95.

Schneier, B., "Empathy and Security," Sep./Oct., pp. 88.

Schwartz, P.M., "Privacy, Ethics, and Analytics," May/June, pp. 66-69.

Seltzer, W., "Exposing the Flaws of Censorship by Domain Name," Jan./Feb., pp. 83-87.

Sezer, S., see O'Kane, P., Sep./Oct. pp. 41-47.

Sheldon, F., see Hively, L., July/Aug. pp. 14-23.

Smith, J., see Alexander, J., Jan./Feb. pp. 58-63.

Smith, S.W., "Room at the Bottom: Authenticated Encryption on Slow Legacy Networks," July/Aug., pp. 60-63.

Sood, A., see Nguyen, Q.L., July/Aug. pp. 24-31.

Spring, J., "Monitoring Cloud Computing by Layer, Part 1," Mar./Apr., pp. 66-68.

Spring, J., "Monitoring Cloud Computing by Layer, Part 2," May/June, pp. 52-55.

Squicciarini, A.C., see Hively, L., July/Aug. pp. 14-23.

Steven, J., see Bejtlich, R., Jan./Feb. pp. 91-92.

Stevens, D., "Malicious PDF Documents Explained," Jan./Feb., pp. 80-82.

Stocker, E., see Grobauer, B., Mar./Apr. pp. 50-57.

Stolfo, S., see Evans, D., May/June pp. 16-17.

Stolfo, S., S.M. Bellovin, and D. Evans, "Measuring Security," May/June, pp. 60-65.

Stone-Gross, B., M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, "Analysis of a Botnet Takeover," Jan./Feb., pp. 64-72.

T

Theofanos, M.F., and S.L. Pfleeger, "Guest Editors' Introduction: Shouldn't All Security Be Usable?," Mar./Apr., pp. 12-17.

Tibouchi, M., see Chabanne, H., Mar./Apr. pp. 75-78.

Toll, D., see Karger, P., Jan./Feb. pp. 22-30.

Trcek, D., "Trust Management in the Pervasive Computing Era," July/Aug., pp. 52-55.

V

van Moorsel, A., see Kaaniche, M., Nov./Dec. pp. 56-57.

Van Oorschot, P., see Barrera, D., May/June pp. 42-48.

Venkataraman, A., see Beyah, R., Sep./Oct. pp. 56-61.

Viega, J., "Reality Check," Jan./Feb., pp. 3-4.

Viega, J., "Ten Years of Trustworthy Computing: Lessons Learned," Sep./Oct., pp. 3-4.

Vigna, G., "The 2010 International Capture the Flag Competition," Jan./Feb., pp. 12-14.

Vigna, G., see Stone-Gross, B., Jan./Feb. pp. 64-72.

Villamor, A.M.F., and J.C. Yelmo, "Helping Users Deal with Digital Threats: The Online User Supervision Architecture," Nov./Dec., pp. 29-35.

W

Walloschek, T., see Grobauer, B., Mar./Apr. pp. 50-57.

Wang, X., see Liu, D., Nov./Dec. pp. 20-28.

Watson, G., see Degabriele, J.P., May/June pp. 33-41.

Weber, S., see Karger, P., Jan./Feb. pp. 22-30.

Weis, J., and J. Alves-Foss, "Securing Database as a Service: Issues and Compromises," Nov./Dec., pp. 49-55.

Weissman, C., and T. Levin, "Lessons Learned from Building a High-Assurance Crypto Gateway," Jan./Feb., pp. 31-39.

Whalen, T., "Mobile Devices and Location Privacy: Where Do We Go from Here?," Nov./Dec., pp. 61-62.

Whalen, T., "Security as if People Mattered," July/Aug., pp. 64-67.

Willey, N., see Johnson, M..E., Mar./Apr. pp. 35-42.

Y

Yelmo, J.C., see Villamor, A.M.F., Nov./Dec. pp. 29-35.

Subject Index

A

Access Control

"Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems," C. Gunter, D. Liebovitz, and B. Malin, Sep./Oct., pp. 48-55.

Attack Trends

"A Case Study of Intelligence-Driven Defense," D. Guido, Nov./Dec., pp. 67-70.

"Malicious PDF Documents Explained," D. Stevens, Jan./Feb., pp. 80-82.

"Mobile Attacks and Defense," C. Miller, July/Aug., pp. 68-70.

"Vulnerability Detection Systems: Think Cyborg, Not Robot," S. Heelan, May/June, pp. 74-77.

B

Basic Training

"Cloud Computing: A Records and Information Management Perspective," K. Ferguson-Boucher, Nov./Dec., pp. 63-66.

"Sandboxing and Virtualization: Modern Tools for Combating Malware," C. Greamo, and A. Ghosh, Mar./Apr., pp. 79-82.

"Security as if People Mattered," T. Whalen, July/Aug., pp. 64-67.

Building Security In

"The Case for Mobile Two-Factor Authentication," D. DeFigueiredo, Sep./Oct., pp. 81-85.

"Detecting Fraud on Websites," R. Fly, Nov./Dec., pp. 80-85.

"Directions in Incident Detection and Response," R. Bejtlich, J. Steven, and G. Peterson, Jan./Feb., pp. 91-92.

"Never Waste a Crisis," B. Arkin, May/June, pp. 82-85.

"Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities," J. Diamant, July/Aug., pp. 80-84.

"Software Security in Practice," B. Chess, and B. Arkin, Mar./Apr., pp. 89-92.

C

ClearText

"Clouds from Both Sides," S.M. Bellovin, May/June, pp. 88.

"Detecting Cheaters," B. Schneier, Mar./Apr., pp. 96, 95.

"Eisenhower Revisited," D.E. Geer Jr., July/Aug., pp. 88, 87.

"Empathy and Security," B. Schneier, Sep./Oct., pp. 88.

"Security Think," S.M. Bellovin, Nov./Dec., pp. 88.

"A Time for Choosing," D.E. Geer Jr., Jan./Feb., pp. 96, 95.

Cloud Computing

"Understanding Cloud Computing Vulnerabilities," B. Grobauer, T. Walloschek, and E. Stocker, Mar./Apr., pp. 50-57.

Crypto Corner

"The Curse of Cryptographic Numerology," I. Grigg, and P. Gutmann, May/June, pp. 70-72.

"Room at the Bottom: Authenticated Encryption on Slow Legacy Networks," S.W. Smith, July/Aug., pp. 60-63.

"Securing E-passports with Elliptic Curves," H. Chabanne, and M. Tibouchi, Mar./Apr., pp. 75-78.

Cyberwarfare

"Cybermilitias and Political Hackers: Use of Irregular Forces in Cyberwarfare," S. Applegate, Sep./Oct., pp. 16-22.

"Cyberwar Thresholds and Effects," J. Lewis, Sep./Oct., pp. 23-29.

"Deterring Strategic Cyberattack," D. Elliott, Sep./Oct., pp. 36-40.

"Principles of Cyberwarfare," R.C. Parks, and D.P. Duggan, Sep./Oct., pp. 30-35.

D

Data Tampering

"Tamper Detection in the EPC Network Using Digital Watermarking," s. han, C. Chu, and z. luo, Sep./Oct., pp. 62-69.

Deception and Surveillance

"Disinformation: A Taxonomy," J. Alexander, and J. Smith, Jan./Feb., pp. 58-63.

E

Education

"Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat," G. Conti, and J. Caroland, July/Aug., pp. 48-51.

"Hacking Competitions and Their Untapped Potential for Security Education," G. Conti, T. Babbitt, and J. Nelson, May/June, pp. 56-59.

"SEED: Hands-On Lab Exercises for Computer Security Education," W. Du, Sep./Oct., pp. 70-73.

"Teaching Security Stealthily," M. Bishop, Mar./Apr., pp. 69-71.

"The Value of Capture-the-Flag Exercises in Education: An Interview with Chris Eagle," C. Irvine, Nov./Dec., pp. 58-60.

Engineering Secure Systems

"Guest Editors' Introduction: Engineering Secure Systems," C. Irvine, and J.R. Rao, Jan./Feb., pp. 18-21.

"Lessons Learned Building the Caernarvon High-Assurance Operating System," P. Karger, S. McIntosh, E. Palmer, D. Toll, and S. Weber, Jan./Feb., pp. 22-30.

"Lessons Learned from Building a High-Assurance Crypto Gateway," C. Weissman, and T. Levin, Jan./Feb., pp. 31-39.

"Network-Based Root of Trust for Installation," J. Schiffman, T. Moyer, T. Jaeger, and P. McDaniel, Jan./Feb., pp. 40-48.

Ethics

"Building an Active Computer Security Ethics Community," D. Dittrich, M. Bailey, and S. Dietrich, July/Aug., pp. 32-40.

F

Focus

"The 2010 International Capture the Flag Competition," G. Vigna, Jan./Feb., pp. 12-14.

"Stuxnet: Dissecting a Cyberwarfare Weapon," R. Langner, May/June, pp. 49-51.

For Good Measure

"Attack Surface Inflation," D.E. Geer Jr., July/Aug., pp. 85-86.

"Correlation Is Not Causation," D.E. Geer Jr., Mar./Apr., pp. 93-94.

"Does a Rising Tide Lift All Boats?," D.E. Geer Jr., Jan./Feb., pp. 93-94.

"New Measures," D.E. Geer Jr., May/June, pp. 86-87.

"Small Is Beautiful, Big Is Inevitable," D.E. Geer Jr., Nov./Dec., pp. 86-87.

"When $80 Billion Is Not Enough," D.E. Geer Jr., and P. Kuper, Sep./Oct., pp. 86-87.

From the Editors

"A Doctrinal Thesis," F.B. Schneider, and D.K. Mulligan, July/Aug., pp. 3-4.

"The Invisible Computers," M. Donner, Nov./Dec., pp. 3.

"Privacy and the System Life Cycle," M. Donner, Mar./Apr., pp. 3.

"Reality Check," J. Viega, Jan./Feb., pp. 3-4.

"Resilient to the Unexpected," R.E. Bloomfield, May/June, pp. 3-4.

"Ten Years of Trustworthy Computing: Lessons Learned," J. Viega, Sep./Oct., pp. 3-4.

G

Guest Editors' Introduction

"Cyberwarfare," T.A. Berson, and D.E. Denning, Sep./Oct., pp. 13-15.

"Living with Insecurity," W. Arbaugh, and D.A. Frincke, Nov./Dec., pp. 12-13.

I

Information Security Risk Management

"Verification, Validation, and Evaluation in Information Security Risk Management," S. Fenz, and A. Ekelhart, Mar./Apr., pp. 58-65.

Insider Attacks

"Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions," R. Beyah, and A. Venkataraman, Sep./Oct., pp. 56-61.

Interview

"Silver Bullet Talks with David Rice," G. McGraw, Mar./Apr., pp. 8-11.

"Silver Bullet Talks with Elinor Mills," G. McGraw, Sep./Oct., pp. 9-12.

"Silver Bullet Talks with Halvar Flake," G. McGraw, Nov./Dec., pp. 5-8.

"Silver Bullet Talks with John Savage," G. McGraw, July/Aug., pp. 9-12.

"Silver Bullet Talks with Paul Kocher," G. McGraw, Jan./Feb., pp. 8-11.

"Silver Bullet Talks with Ralph Langner," G. McGraw, May/June, pp. 9-14.

Intrusion-Tolerant Systems

"A Comparison of Intrusion-Tolerant System Architectures," Q.L. Nguyen, and A. Sood, July/Aug., pp. 24-31.

It All Depends

"How Private Is the Internet?," L.M. Kaufman, Jan./Feb., pp. 73-75.

"It All Depends, and Increasingly So," M. Kaaniche, and A. van Moorsel, Nov./Dec., pp. 56-57.

"Monitoring Cloud Computing by Layer, Part 1," J. Spring, Mar./Apr., pp. 66-68.

"Monitoring Cloud Computing by Layer, Part 2," J. Spring, May/June, pp. 52-55.

L

Living with Insecurity

"Helping Users Deal with Digital Threats: The Online User Supervision Architecture," A.M.F. Villamor, and J.C. Yelmo, Nov./Dec., pp. 29-35.

"Operations with Degraded Security," S.L. Garfinkel, and G. Dinolt, Nov./Dec., pp. 43-48.

"Securing Collaborative Intrusion Detection Systems," S. Cheung, Nov./Dec., pp. 36-42.

"Securing Database as a Service: Issues and Compromises," J. Weis, and J. Alves-Foss, Nov./Dec., pp. 49-55.

"Security Dilemma: Healthcare Clinicians at Work," R.R. Heckle, Nov./Dec., pp. 14-19.

"Security Risk Management Using Incentives," D. Liu, N. Li, X. Wang, and L..J. Camp, Nov./Dec., pp. 20-28.

M

Malware Analysis

"Analysis of a Botnet Takeover," B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna, Jan./Feb., pp. 64-72.

Malware

"Obfuscation: The Hidden Malware," P. O'Kane, S. Sezer, and K. McLaughlin, Sep./Oct., pp. 41-47.

N

News Briefs

"News Briefs," L. Garber, Jan./Feb., pp. 15-17.

"News Briefs," L. Garber, Mar./Apr., pp. 5-7.

"News Briefs," L. Garber, May/June, pp. 6-8.

"News Briefs," L. Garber, July/Aug., pp. 6-8.

"News Briefs," L. Garber, Sep./Oct., pp. 6-8.

"News Briefs," L. Garber, Nov./Dec., pp. 9-11.

O

On the Horizon

"Measuring Security," S. Stolfo, S.M. Bellovin, and D. Evans, May/June, pp. 60-65.

"Systems Security Engineering," J.L. Bayuk, Mar./Apr., pp. 72-74.

"Trust Management in the Pervasive Computing Era," D. Trcek, July/Aug., pp. 52-55.

P

Privacy Interests

"Mobile Devices and Location Privacy: Where Do We Go from Here?," T. Whalen, Nov./Dec., pp. 61-62.

"Privacy, Ethics, and Analytics," P.M. Schwartz, May/June, pp. 66-69.

"A Transatlantic Convergence on Privacy?," F.H. Cate, Jan./Feb., pp. 76-79.

"Was Stuxnet an Act of War? Decoding a Cyberattack," D.P. Fidler, July/Aug., pp. 56-59.

R

Risk Assessment

"Addressing Information Risk in Turbulent Times," M..E. Johnson, and S. Pfleeger, Jan./Feb., pp. 49-57.

S

Secure Systems

"Data Provenance and Security," P. McDaniel, Mar./Apr., pp. 83-85.

"Exposing the Flaws of Censorship by Domain Name," W. Seltzer, Jan./Feb., pp. 83-87.

"A Failure-Based Discipline of Trustworthy Information Systems," M.E. Locasto, and M.C. Little, July/Aug., pp. 71-75.

"Incident Coordination," K.M. Moriarty, Nov./Dec., pp. 71-75.

"Truth in Crowdsourcing," L.P. Cox, Sep./Oct., pp. 74-76.

Security & Privacy Economics

"Your Life Experiences, Brought to You by Budweiser," A. Raskin, Mar./Apr., pp. 86-88.

Security & Privacy Economics

"Reading: From Paper to Pixels," M. Lesk, July/Aug., pp. 76-79.

Security & Privacy Economics

"All Space Will Be Public Space," J. MacKie-Mason, Sep./Oct., pp. 77-80.

"Cybersecurity and Economics," M. Lesk, Nov./Dec., pp. 76-79.

"Salmon, Songs, and Blankets: Creativity on the Northwest Coast," M. Lesk, May/June, pp. 78-81.

"What Is Information Worth?," M. Lesk, Jan./Feb., pp. 88-90.

Smartphone Security

"Secure Software Installation on Smartphones," D. Barrera, and P. Van Oorschot, May/June, pp. 42-48.

T

The Science of Security

"Guest Editors' Introduction: The Science of Security," D. Evans, and S. Stolfo, May/June, pp. 16-17.

"On Adversary Models and Compositional Security," A. Datta, J. Franklin, D. Garg, L. Jia, and D. Kaynar, May/June, pp. 26-32.

"Provable Security in the Real World," J.P. Degabriele, K. Paterson, and G. Watson, May/June, pp. 33-41.

"Security Modeling and Analysis," J. Bau, and J.C. Mitchell, May/June, pp. 18-25.

Threat Modeling

"Developer-Driven Threat Modeling: Lessons Learned in the Trenches," D. Dhillon, July/Aug., pp. 41-47.

Trustworthy Computing

"Toward Scalable Trustworthy Computing Using the Human-Physiology-Immunity Metaphor," L. Hively, F. Sheldon, and A.C. Squicciarini, July/Aug., pp. 14-23.

U

Usability of Security

"Bridging the Gap in Computer Security Warnings: A Mental Model Approach," C. Bravo-Lillo, L.F. Cranor, J. Downs, and S. Komanduri, Mar./Apr., pp. 18-26.

"Guest Editors' Introduction: Shouldn't All Security Be Usable?," M.F. Theofanos, and S.L. Pfleeger, Mar./Apr., pp. 12-17.

"Secure and Inclusive Authentication with a Talking Mobile One-Time-Password Client," K. Fuglerud, and O. Dale, Mar./Apr., pp. 27-34.

"Usability Failures and Healthcare Data Hemorrhages," M..E. Johnson, and N. Willey, Mar./Apr., pp. 35-42.

"When the Password Doesn't Work: Secondary Authentication for Websites," R. Reeder, and S. Schechter, Mar./Apr., pp. 43-49.