Search For:

Displaying 1-13 out of 13 total
Hard Data Is Good to Find
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:March 2009
pp. 94-95
Indices are a common and useful way to summarize a changing field for both the lay and the specialist reader, and it's time that we had them for information security.
 
The 0wned Price Index
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:January 2009
pp. 86-87
This installment of For Good Measure examines the price index of the 12 days of Christmas items, based on the 0wned Price Index, an index of underground economy prices.
 
Type II Reverse Engineering
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:September 2008
pp. 86-87
There's reverse engineering to understand, and then there's reverse engineering to copy. Counterfeiting is a very old human temptation, but it is keeping up with the digital world very well indeed. Putting aside ordinary movie piracy, we thought that for t...
 
Strong Attractors
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:July 2008
pp. 78-79
Dan Geer and Dan Conway examine the metrics of where attackers are, and where they seek out victims.
 
Nothing Ventured, Nothing Gained
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:March 2010
pp. 86-87
Investors at all levels are pulling back from cybersecurity, which has serious consequences if and only if investment in cybersecurity matters. If it does, then trouble is brewing. If it does not, then radically different tactics are called for. Definitive...
 
Patch Grief with Proverbs
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:November 2009
pp. 86-87
What we know about immunization of people against infections has a lot in common with immunization of computers, especially when you ask
 
Risk Concentration
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:September 2009
pp. 86-87
Nature takes a variety of approaches regarding risk concentration. Stationary life tends to bend but not break, whereas mobile life tends toward risk concentration with stout border protection. Client and network devices tend to follow the latter model.
 
The Times, They Are a Changin'
Found in: IEEE Security & Privacy
By Daniel E. Geer Jr.,Daniel G. Conway
Issue Date:January 2013
pp. 94-95
Academic contributions to security and privacy's body of knowledge are quantitatively increasing in the aggregate while the half-life of individual articles is decreasing. Using citation half-life as a rate measure on knowledge diffusion, academic insight ...
 
A Life Is Short, a Half-Life Is Forever
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:January 2010
pp. 86-87
What we know about immunization of people against infections has a lot in common with immunization of computers, especially when you ask
 
A Doubt of the Benefit
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:May 2009
pp. 86-87
Cost-effectiveness analysis, which avoids the awkward problem of assigning a firm value to digital assets, is a more appropriate approach to measuring computer security than cost-benefit analysis.
 
Security Is a Subset of Reliability
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:November 2008
pp. 86-87
Dan Geer and Dan Conway discuss security as a subset of reliability. Security involves a subspace of reliability—only particular deviations—thus, security must be easier than reliability. Hastening over the delicate premise that the specification is always...
 
Beware the IDs of March
Found in: IEEE Security and Privacy
By Daniel E. Geer Jr., Daniel G. Conway
Issue Date:March 2008
pp. 87
In the latest numbers column, Dan Geer and Dan Conway examine the metrics of identity theft.
 
Security as a Systems Property
Found in: IEEE Security and Privacy
By Steven M. Bellovin, Daniel G. Conway
Issue Date:September 2009
pp. 88
How do we protect systems? The answer is straightforward: each component must be evaluated independently and protected as necessary. Beware the easy answers, such as deploying stronger encryption while ignoring vulnerable end points; that's too much like l...
 
 1