About IEEE Security & Privacy
IEEE Security & Privacy’s primary objective is to stimulate and track advances in security, privacy, and dependability and present these advances in a form that can be useful to a broad cross-section of the professional community — ranging from academic researchers to industry practitioners.
IEEE Security & Privacy aims to provide a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of security and dependability of computer-based systems, including legal and ethical issues, privacy concerns, tools to help secure information, methods for development and assessment of trustworthy systems, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology, and other topics of interest to a general, technically oriented readership.
All submissions in the magazine’s scope will be peer-reviewed, and accepted manuscripts will be professionally copy-edited to ensure a common style and level of content for the magazine.
Articles that report the latest advances in research, particularly those that address a narrow technical area and those that lack content reporting results of experimental validation or deployment of new methods or technologies, are generally not suitable for publication in IEEE Security & Privacy. Authors of such works are advised to submit them to research conferences and journals with the appropriate scope. IEEE Transactions on Reliability or IEEE Transactions on Secure and Dependable Systems, for example, might provide appropriate venues for some such submissions.
S&P is copublished by the IEEE Computer Society and the IEEE Reliability Society.
Technical cosponsors: IEEE Signal Processing Society, IEEE Engineering in Medicine & Biology Society, and IEEE Cybersecurity Initiative
S&P accepts commercial and classified advertisements.
Examples of topics appropriate for IEEE Security & Privacy include, but are not limited to, the topics below. Networks: Securing legacy networks, Rapid intrusion detection, Rapid intrusion containment, Post-intrusion recovery and re-validation, Strategies for continuing operations during an ongoing attack, Automated, dynamic reconfigurations of network and software topologies, Self-regulating service strategies (automated denial-of-service defenses), Strategies for effective use of certificates, Recognition of and response to network attack patterns. Software: Evaluating legacy software, Securing legacy software, Evaluating commercial software, Protecting commercial software, Subsystem level security techniques, Systems-level security techniques, Enterprise-level security techniques, Automated security evaluation techniques. Operating systems and security: Techniques for making existing operating systems more secure, Common security problems of operating systems. Hardware: Techniques for preventing undetected physical subversion of systems, Usability and security of hardware-to-hardware interfaces, Usability and security of hardware-to-human interfaces. Tools: User evaluations of tools, Techniques for effective use of tools, Avoiding misuse of tools. Decoys and misdirection: Building and instrumenting decoy targets, Multilevel decoy strategies, Acceptable loss strategies, Misdirection strategies. Preemptive defense strategies: Rapid automated responses to attacks, Scouting and remote instrumentation of hostile sites. Physical security: Role of physical security in protecting complex systems, Usability and security of physical security methods. Human security: Human fallibility and its implications for secure system design, How to allocate security roles between people and automated systems, Minimizing the impact of internal human threats, Monitoring and analysis of usage patterns. Security Usability: Overall security impacts of failing to make security “user friendly”, Techniques for making security easier to use, Techniques for making security inconspicuous, Risks and benefits of single-login strategies. Security policies: Recognizing self-defeating security policies, Making security policies work. Security Designer Topics – Networks: Integrated approaches to evaluating and designing network security, Distributed network security architectures, Multilevel network security architectures. Software: Recursive and multilevel (from enterprise down to code) security design, Code-level security techniques. Computer languages and security: Security implications of computer languages (such as overflows in C/C++), Evaluating and selecting secure computer languages- Designing secure computer languages, Computer languages for expressing and enforcing security policies. Security policies: Automated policies and policy (rule) languages, Scalability of automated policy-based methods, Computer-assisted creation of automated policy rule sets, Testing of policy-rule based systems, including risks of adding new rules. Hardware: Designing security-first computer and network hardware, Security and the design of real (e.g., Intel) and virtual (e.g., Java) instruction sets. Wireless security: Strategies for increasing wireless security, Evaluations of off-the-shelf wireless technologies, Techniques for hardening off-the-shelf wireless technologies for secure use, Comparisons of the security features of multiple wireless technologies, Designing architectures to minimize security risks from the wireless components. Integrated security design methods: Physical, procedural, electronic, and software limitations and tradeoffs, Implications of human limitations for technical system design, Training versus system tradeoffs- Designing hardware to support software security, Common-sense rules for good hardware and software design. Developer training: Academic strategies to increase awareness of security issues, Integrated approaches to security training (security as a fundamental constraint), Commonsense approaches to security (avoiding the obvious holes). Security Theory: Security evaluation models, Cross-disciplinary security evaluation models, Mathematical representations of trust and trustability, Mathematical representations of attack and response spaces, Probabilistic models of system behaviors under attack, “Hydraulic pressure” enterprise-wide models of security intrusion threats, Fallback theory (estimating level of protection provided by multiple layers), Integrating models of physical, human, and electronic security, Payoff maximization approaches (e.g., using kernel call patterns vs. code patterns), Scalability analysis and theory as applied to security. Security economics: Estimating potential losses due to security flaws, Validity of example-based arguments for security investment, Cost of implementing security, Designing to maximize benefits of security investments, Cost impact of using or reusing validated secure components, Cost tradeoffs between security and other system attributes (e.g., usability), Synergies between security and other system attributes (e.g., reliability). User training: Exploring security implications of inadequate training, Techniques for effective training of users, Exploring security implications of difficult, cumbersome, and stressful policies, Training systems that show users the security consequences of their actions. Infrastructure Security- Telecommunications, Financial, Energy/utilities, Emergency response, Health care and vital human services, Commerce, Transportation.