Search For:

Displaying 1-40 out of 40 total
Type II Reverse Engineering
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:September 2008
pp. 86-87
There's reverse engineering to understand, and then there's reverse engineering to copy. Counterfeiting is a very old human temptation, but it is keeping up with the digital world very well indeed. Putting aside ordinary movie piracy, we thought that for t...
 
The 0wned Price Index
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:January 2009
pp. 86-87
This installment of For Good Measure examines the price index of the 12 days of Christmas items, based on the 0wned Price Index, an index of underground economy prices.
 
Strong Attractors
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:July 2008
pp. 78-79
Dan Geer and Dan Conway examine the metrics of where attackers are, and where they seek out victims.
 
Security Is a Subset of Reliability
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:November 2008
pp. 86-87
Dan Geer and Dan Conway discuss security as a subset of reliability. Security involves a subspace of reliability—only particular deviations—thus, security must be easier than reliability. Hastening over the delicate premise that the specification is always...
 
Hard Data Is Good to Find
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:March 2009
pp. 94-95
Indices are a common and useful way to summarize a changing field for both the lay and the specialist reader, and it's time that we had them for information security.
 
Complexity Is the Enemy
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:November 2008
pp. 88
Dan Geer expounds on complexity, defining it as the density of feedback loops. Nature is an existence proof that complexity isn't the enemy of life, but complexity is the enemy of stasis. Our problem is that we've pretty much equated security with stasis, ...
 
Evidently Evidentiary
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:November 2006
pp. 96
1 December 2006, new rules of civil procedure take effect in the US court system. The product of nearly 10 years' effort, the core purpose of these rules is that if digital information is to be used as evidence with legal value, a set of procedures must go...
 
Mobile Code Security
Found in: IEEE Internet Computing
By Aviel D. Rubin, Daniel E. Geer, Jr.
Issue Date:November 1998
pp. 30-34
<p>Sandboxes, code signing, firewalls, and proof-carrying code are all techniques that address the inherent security risks of mobile code. This survey summarizes the relative merits of each.</p>
 
A Survey of Web Security
Found in: Computer
By Aviel D. Rubin, Daniel E. Geer Jr.
Issue Date:September 1998
pp. 34-41
With no insult intended to the early Web designers, security was an afterthought. At the outset, the Web's highest goal was seamless availability. Vendors engaged in retrofitting security must contend with the Web environment's peculiarities, which include...
 
Project Athena as a Distributed Computer System
Found in: Computer
By George A. Champine, Daniel E. Geer, Jr., William N. Ruh
Issue Date:September 1990
pp. 40-51
<p>Project Athena, established in 1983 to improve the quality of education at MIT (Massachussetts Institute of Technology) by providing campuswide, high-quality computing based on a large network of workstations, is discussed, focusing on the design ...
 
Progress Is Infectious
Found in: IEEE Security & Privacy
By Daniel E. Geer Jr.,Daniel B. Larremore
Issue Date:November 2012
pp. 94-95
Models in network science, public health, and immunology can and should inspire developments in cybersecurity but could also inspire nefarious players. It would be wise to explore this in future research sooner rather than later.
 
Eisenhower Revisited
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:July 2011
pp. 88, 87
Information security is fast becoming a cyber-industrial complex, and as we know, complex systems have notable side effects. The potential for the disastrous rise of misplaced power exists and will persist
 
A Life Is Short, a Half-Life Is Forever
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:January 2010
pp. 86-87
What we know about immunization of people against infections has a lot in common with immunization of computers, especially when you ask
 
Risk Concentration
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:September 2009
pp. 86-87
Nature takes a variety of approaches regarding risk concentration. Stationary life tends to bend but not break, whereas mobile life tends toward risk concentration with stout border protection. Client and network devices tend to follow the latter model.
 
Correlation Is Not Causation
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:March 2011
pp. 93-94
Vulnerability reporting rates don't seem overtly predictive of data loss events. Alternate, perhaps complex, hypotheses are needed if there is to be any further argument that data loss has as a causal component the existence of software vulnerabilities in ...
 
Nothing Ventured, Nothing Gained
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:March 2010
pp. 86-87
Investors at all levels are pulling back from cybersecurity, which has serious consequences if and only if investment in cybersecurity matters. If it does, then trouble is brewing. If it does not, then radically different tactics are called for. Definitive...
 
Convergence
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:May 2006
pp. 88
Convergence is the idea of merging the duties and responsibilities of physical security with that of digital security to make them part of a common reporting structure--to employ tools and techniques that are parallel if not collinear.
 
The Times, They Are a Changin'
Found in: IEEE Security & Privacy
By Daniel E. Geer Jr.,Daniel G. Conway
Issue Date:January 2013
pp. 94-95
Academic contributions to security and privacy's body of knowledge are quantitatively increasing in the aggregate while the half-life of individual articles is decreasing. Using citation half-life as a rate measure on knowledge diffusion, academic insight ...
 
Patch Grief with Proverbs
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:November 2009
pp. 86-87
What we know about immunization of people against infections has a lot in common with immunization of computers, especially when you ask
 
A Doubt of the Benefit
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:May 2009
pp. 86-87
Cost-effectiveness analysis, which avoids the awkward problem of assigning a firm value to digital assets, is a more appropriate approach to measuring computer security than cost-benefit analysis.
 
Beware the IDs of March
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:March 2008
pp. 87
In the latest numbers column, Dan Geer and Dan Conway examine the metrics of identity theft.
 
New Measures
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:May 2011
pp. 86-87
This column describes the Index of Cyber Security—a structured, transparent, orderly mechanism that reflects what experts deem to be the most current situation in cybersecurity and communicates this in a straightforward way.
 
When $80 Billion Is Not Enough
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.,Peter Kuper
Issue Date:September 2011
pp. 86-87
The exploitation of cyberinsecurity is shown to be a nation-state activity thus asking whether private initiative must driven to risk-commensurate reaction or ignored as having missed its chance.
 
Deskilling Digital Security
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:November 2009
pp. 88
Should security be automated or will it bring about the advent of the semi-skilled to keep us safe?
 
Learn by Analogy or Die Trying
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:May 2008
pp. 88, 87
The security field, as we mean it here in IEEE S&amp;P, is both new and old. It is new in the spectacular sense of a positive feedback loop; everything in the computer world is itself designed by computers and thus everything grows geometrically, not j...
 
Monoculture
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Dave Aucsmith, James A. Whittaker
Issue Date:November 2003
pp. 14-19
<p>A recent position paper on software monocultures has generated heated discussions about whether monocultures exist and what the portend for us. Dan Geer and Dave Aucsmith address some of the issues in a Point/Counterpoint exchange while James Whit...
 
More or Less
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:January 2012
pp. 96
We are vastly short of skilled security people. Therefore, we will never have more than we do now and those we have will never again make as much money as now they do.
 
Identity as Privacy
Found in: IEEE Security & Privacy
By Daniel E. Geer Jr.
Issue Date:January 2013
pp. 96
The class structure of the future is based not on money but on privacy.
 
Power. Law.
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:January 2012
pp. 94-95
Research on networks is an area that we should watch more closely than any other. Perhaps more important than the borrowing of techniques, however, is paying close attention to the ferment over whether new network designs with security in mind are worth th...
 
Fratricide
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:May 2010
pp. 88, 87
When you deploy a new security tool, throw one away. If the new one is particularly invasive, then throw two away. Do what you can to drive your mean time to repair toward zero—the more powerful your security tools, the more collateral damage when they col...
 
Numbers Worth Having
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:March 2012
pp. 102-103
We all talk about the reality of a fast-changing cybersecurity environment driven by the overlap of new attackers and new technology. There is, at the same time, a lot of good academic work going on. But wouldn't it be nice to have a measure of how the cyb...
 
Attack Surface Inflation
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:July 2011
pp. 85-86
Security is a tax of $500-$1500 per user per year, more than the devices, connectivity services, and software license costs combined, and all the while the attack surface inflates. Can measurement help?
 
Does a Rising Tide Lift All Boats?
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:January 2011
pp. 93-94
This department considers the trajectory of the advance of security knowledge, as measured by paper counts in the DBLP database. If we are so much smarter than we were, why are we not so much more secure?
 
A Time to Rethink
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:July 2010
pp. 86-87
This issue's column revisits For Good Measure's two primary indices: an index for stolen information one on the day-to-day pressure under which information security professionals operate, and looks for ways to improve and modify them going forward.
 
ICS Update
Found in: IEEE Security & Privacy
By Daniel E. Geer Jr.,Mukul Pareek
Issue Date:May 2012
pp. 93-95
One year after the debut of the Index of Cyber Security (ICS), its creators discuss what it has tracked to date and put out an open call for participants.
 
Small Is Beautiful, Big Is Inevitable
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:November 2011
pp. 86-87
Data volume is growing fast enough that it will force a change in the paradigms of cybersecurity.
 
An Index of Cybersecurity
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:November 2010
pp. 96, 95
This issue of FGM adds a prong to the CISO's rack of antlers by creating a cybersecurity index instrumental to hedging that CISO's risks. How? By engaging collaborators in economics and finance—where there is no shortage of indices representing different t...
 
Risk Aversion
Found in: IEEE Security & Privacy
By Daniel E. Geer Jr.
Issue Date:September 2012
pp. 86-87
There's some risk aversion at play in cybersecurity; risk aversion is why a General Counsel will say that if you might have lost data, then you have to act as if you did lose it. Risk aversion is why some firms (and some people) keep no records. We're livi...
 
A Time for Choosing
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:January 2011
pp. 96, 95
Keeping policy out of Internet protocol design is important to preserve freedom of speech and freedom of information.
 
Digital Endosymbiosis
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr.
Issue Date:May 2009
pp. 88
The science behind evolution suggests that the transition from cells without a nucleus to cells with a nucleus is perhaps the single greatest leap between there and here, and that it came about by the inclusion of some cells in some other cells. The term o...
 
 1