IEEE Security and Privacy

In the early 2000s, computer systems were under threat from a variety of Internet worms. This malware attacked network-facing programs by exploiting their memory errors, hijacking their execution to perform malicious operations and propagate the malware ...

This special issue features six articles on addressing the privacy and security needs of diverse populations. These articles provide insights into design guidelines, techniques, and specific populations for building technologies for inclusive privacy and ...

This article outlines an approach to assist cybersecurity research involving excluded at-risk users or those whose needs are overlooked. Attention is devoted to “ethics in practice” as an enabler of inclusive experimentation accounting for “human ...

Policy pushes are essential in furthering moral needs; this also applies to inclusive security and privacy. Sen's capability approach is ideally placed to frame inclusive cybersecurity policies to facilitate an equitable and secure digital-first society.

Internet of Things (IoT) privacy labels present an opportunity for consumers to learn about the security and privacy of IoT devices, but they must be inclusive and serve all users in a manner that is accessible and valuable.

We emphasize the importance of inclusiveness in gamified cybersecurity education and training. By exploring current strategies and conducting an empirical study, we derived key design principles for promoting inclusive gamification, which are crucial for ...

We discuss the paradigm shift from restrictive approaches toward resilience-based solutions to promote adolescents’ online safety and well-being. We describe how restrictive strategies induce a tradeoff between teens’ privacy and online safety and present ...

Current phishing countermeasures depend strongly on vision, often inadequate for screen reader users. We conducted 10 semistructured interviews and 14 lab-based sessions with screen reader users to understand their phishing experiences and defenses.

Recent advances of artificial intelligence (AI) code generators are opening new opportunities in software security research, including misuse by malicious actors. We review use cases for AI code generators for security and introduce an evaluation ...

In this column, we illustrate real-world scenarios in which modern systems cannot preserve security during operation. We examine the notion of sustainable security and discuss the challenges to engineering sustainably secure systems.

Organizations worldwide face challenges in recruiting personnel with the necessary cybersecurity knowledge due to a global skills shortage. This article analyzes four knowledge frameworks—CyBOK, CSEC2017, NICE, and CST to guide educators, curriculum ...

This article explores the integration of shared responsibility and zero trust architecture models to enhance the cybersecurity of Industrial Internet of Things (IIoT) systems. It examines the foundational principles and challenges of each model, ...