ieee-sp.bib

@article{bellovin:is,
  author = {Steven M. Bellovin},
  date = {2023-07/2023-08},
  date-added = {2023-08-02 16:19:16 -0400},
  date-modified = {2023-08-02 16:23:47 -0400},
  journal = {{IEEE} Security \& Privacy},
  month = {July--August},
  number = {4},
  pages = {100},
  title = {Is Cybersecurity Liability a Liability?},
  url = {https://www.computer.org/csdl/magazine/sp/2023/04/10194482/1P4BGIbLAIg},
  volume = {21},
  year = {2023},
  bdsk-url-1 = {https://www.computer.org/csdl/magazine/sp/2023/04/10194482/1P4BGIbLAIg}
}
@article{bellovin:open,
  author = {Bellovin, Steven M.},
  date = {2022-03/2022-04},
  date-added = {2022-04-04 11:15:15 -0400},
  date-modified = {2022-04-04 11:19:15 -0400},
  doi = {10.1109/MSEC.2022.3142464},
  journal = {{IEEE} Security \& Privacy},
  month = {March-April},
  number = {2},
  pages = {107--108},
  title = {Open Source and Trust},
  url = {https://www.computer.org/csdl/magazine/sp/2022/02/09740705/1C0jgIoT20M},
  volume = {20},
  year = {2022},
  bdsk-url-1 = {https://www.computer.org/csdl/magazine/sp/2022/02/09740705/1C0jgIoT20M},
  bdsk-url-2 = {https://doi.org/10.1109/MSEC.2022.3142464}
}
@article{bellovin:layered,
  author = {Steven M. Bellovin},
  date = {2021-05/2021-06},
  date-added = {2021-05-19 17:55:41 -0400},
  date-modified = {2021-05-19 17:55:41 -0400},
  journal = {{IEEE} Security \& Privacy},
  month = {May-June},
  number = {3},
  pages = {96--95},
  title = {Layered Insecurity},
  url = {https://www.computer.org/csdl/magazine/sp/2019/03/08713284/19V25qsefeg},
  volume = {17},
  year = {2019},
  bdsk-url-1 = {https://www.computer.org/csdl/magazine/sp/2019/03/08713284/19V25qsefeg}
}
@article{bellovin:policies,
  address = {Los Alamitos, CA, USA},
  author = {Steven M. Bellovin},
  date = {2018-03/2018-04},
  date-added = {2020-04-06 14:04:28 -0400},
  date-modified = {2020-04-06 14:05:26 -0400},
  doi = {10.1109/MSEC.2020.2966900},
  issn = {1558-4046},
  journal = {{IEEE} Security \& Privacy},
  keywords = {computer security;privacy},
  month = {March--April},
  number = {2},
  pages = {76--76},
  publisher = {IEEE Computer Society},
  title = {Policies on Privacy},
  volume = {18},
  year = {2020},
  bdsk-url-1 = {https://doi.org/10.1109/MSEC.2020.2966900}
}
@article{bellovin:unnoticed,
  abstract = {Addresses the issue of information privacy in an era that
		  now has to deal with such regulations as the European
		  Union's General Data Protection Regulation (GDPR). For more
		  than 45 years, the root of privacy policy has been
		  transparency and agreement: the subject must be told what
		  is being collected and stored and then can assent or
		  decline. This has generally been called notice and consent.
		  The root is a 1973 U.S. government advisory committee
		  report, which held, among other things, that people had the
		  right to know what was being collected about them and to
		  limit or prevent secondary uses of the data. These notions,
		  the fair information practice principles (FIPPs), are the
		  basis for laws around the world, up to and including the
		  European Union's General Data Protection Regulation. These
		  ideas have been with us for so long that they sound
		  obviously correct. Perhaps they were, at the dawn of the
		  web 25 years ago, but they no longer fit the modern world.
		  The FIPPs no longer work, and, if we are to retain (or
		  regain) privacy, we need a different basic structure.},
  author = {S. M. {Bellovin}},
  date = {2018-11/2018-12},
  date-added = {2019-03-06 07:48:28 -0500},
  date-modified = {2019-03-06 07:48:46 -0500},
  doi = {10.1109/MSEC.2018.2882121},
  issn = {1540-7993},
  journal = {IEEE Security Privacy},
  keywords = {Privacy;Data privacy;Data protection;Best
		  practices;General Data Protection Regulation;Government
		  policies;Legislation},
  month = {Nov--Dec},
  number = {6},
  pages = {80-79},
  title = {Unnoticed Consent [Last Word]},
  volume = {16},
  year = {2018},
  bdsk-url-1 = {https://doi.org/10.1109/MSEC.2018.2882121}
}
@article{bellovin:key,
  author = {Steven M. Bellovin},
  date = {2015-11/2015-12},
  date-added = {2018-08-20 22:48:56 -0400},
  date-modified = {2018-08-20 22:50:00 -0400},
  doi = {10.1109/MSP.2015.120},
  issn = {1540-7993},
  journal = {IEEE Security Privacy},
  keywords = {cryptography;cybersecurity;encryption},
  month = {Nov--Dec},
  number = {6},
  pages = {96-96},
  title = {The Key to the Key},
  volume = {13},
  year = {2015},
  bdsk-url-1 = {https://doi.org/10.1109/MSP.2015.120}
}
@article{bellovin:attack,
  author = {Steven M. Bellovin},
  date = {2016-05/2016-16},
  date-added = {2018-08-20 22:47:46 -0400},
  date-modified = {2018-08-20 22:50:18 -0400},
  doi = {10.1109/MSP.2016.55},
  issn = {1540-7993},
  journal = {IEEE Security Privacy},
  keywords = {security;attack surface;cryptography;cybersecurity},
  month = {May--June},
  number = {3},
  pages = {88-88},
  title = {Attack Surfaces},
  volume = {14},
  year = {2016},
  bdsk-url-1 = {https://doi.org/10.1109/MSP.2016.55}
}
@article{bellovin:toward,
  author = {Steven M. Bellovin},
  date = {2018-05/2018-06},
  date-added = {2018-07-05 11:39:13 +0000},
  date-modified = {2018-07-05 11:39:36 +0000},
  doi = {10.1109/MSP.2018.2701148},
  issn = {1540-7993},
  journal = {IEEE Security Privacy},
  keywords = {Last Word;policy;security},
  month = {May--June},
  number = {3},
  pages = {108-108},
  title = {Toward a National Cybersecurity Policy},
  volume = {16},
  year = {2018},
  bdsk-url-1 = {https://doi.org/10.1109/MSP.2018.2701148}
}
@article{bellovin:who*1,
  author = {Steven M. Bellovin},
  date = {2017-11/2017-12},
  date-added = {2017-12-05 15:40:35 +0000},
  date-modified = {2017-12-05 15:41:58 +0000},
  journal = {{IEEE} Security \& Privacy},
  month = {November--December},
  number = {6},
  title = {Who Are You?},
  url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8123469},
  volume = {15},
  year = {2017},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/01668014.pdf}
}
@article{bellovin:easy,
  author = {Steven M. Bellovin},
  date = {2016-11/2016-12},
  date-added = {2016-11-13 03:15:05 +0000},
  date-modified = {2019-06-13 13:38:23 -0400},
  journal = {{IEEE} Security \& Privacy},
  month = {November--December},
  number = {6},
  title = {Easy Email Encryption},
  url = {https://doi.ieeecomputersociety.org/10.1109/MSP.2016.132},
  volume = {14},
  year = {2016},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/01668014.pdf}
}
@article{bellovin:what,
  author = {Bellovin, Steven M.},
  date = {2015-05/2015-06},
  date-modified = {2023-03-16 15:55:32 -0400},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  pages = {88--88},
  title = {What a Real Cybersecurity Bill Should Address},
  url = {https://www.computer.org/csdl/magazine/sp/2015/03/msp2015030092/13rRUwcAqoA},
  volume = {13},
  year = {2015},
  bdsk-url-1 = {http://www.computer.org/cms/Computer.org/ComputingNow/pdfs/real-cybersecurity-bill.pdf}
}
@article{bellovin:what*1,
  author = {Bellovin, Steven M.},
  date = {2014-11/2014-12},
  date-added = {2015-03-31 19:59:01 +0000},
  date-modified = {2015-03-31 20:15:53 +0000},
  doi = {10.1109/MSP.2014.131},
  issn = {1540-7993},
  journal = {{IEEE} Security \& Privacy},
  keywords = {Computer security;Cryptography;Electronic
		  mail;Encryption;Failure
		  analysis;Usability;cryptanalysis;cryptography;email
		  security;encryption;key handling;security},
  month = {November--December},
  number = {6},
  pages = {108--108},
  title = {What Should Crypto Look Like?},
  volume = {12},
  year = {2014},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2014.131}
}
@article{bellovin:major,
  author = {Bellovin, Steven M.},
  date = {2012-11/2012-12},
  doi = {10.1109/MSP.2012.158},
  issn = {1540-7993},
  journal = {{IEEE} Security \& Privacy},
  month = {November--December},
  number = {6},
  pages = {96},
  title = {The Major Cyberincident Investigations Board},
  volume = {10},
  year = {2012},
  bdsk-url-1 = {http://dx.doi.org/10.1109/MSP.2012.158}
}
@article{bellovin:military,
  author = {Bellovin, Steven M.},
  date = {2013-05/2013-06},
  date-modified = {2014-08-07 18:11:54 +0000},
  journal = {IEEE Security \& Privacy},
  month = {May--June},
  number = {3},
  pages = {88},
  publisher = {IEEE Computer Society},
  title = {Military Cybersomethings},
  url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6521321},
  volume = {11},
  year = {2013},
  bdsk-url-1 = {https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6521321}
}
@article{bellovin:dr--strangecode,
  author = {Bellovin, Steven M.},
  date = {2014-05/2014-06},
  date-added = {2014-08-07 18:08:58 +0000},
  date-modified = {2014-08-14 02:43:22 +0000},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  publisher = {IEEE Computer Society},
  title = {{Dr. Strangecode}},
  url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6824548},
  volume = {12},
  year = {2014},
  bdsk-url-1 = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6824548}
}
@article{bellovin:walls,
  author = {Steven M. Bellovin},
  date = {2013-11/2013-12},
  journal = {{IEEE} Security \& Privacy},
  month = {November--December},
  number = {11},
  title = {Walls and Gates},
  url = {https://www.cs.columbia.edu/~smb/papers/Walls_and_Gates.pdf},
  volume = {6},
  year = {2013},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/Walls_and_Gates.pdf}
}
@article{bellovin:security,
  author = {Steven M. Bellovin},
  date = {2005-05/2005-06},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  title = {Security and Privacy: Enemies or Allies?},
  url = {https://www.cs.columbia.edu/~smb/papers/01439512.pdf},
  volume = {3},
  year = {2005},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/01439512.pdf}
}
@article{bellovin:unconventional,
  author = {Steven M. Bellovin},
  date = {2006-01/2006-02},
  journal = {{IEEE} Security \& Privacy},
  month = {January--February},
  number = {1},
  title = {Unconventional Wisdom},
  url = {https://www.cs.columbia.edu/~smb/papers/01588836.pdf},
  volume = {4},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/01588836.pdf}
}
@article{bellovin:on,
  author = {Steven M. Bellovin},
  date = {2006-07/2006-08},
  journal = {{IEEE} Security \& Privacy},
  month = {July--August},
  number = {4},
  title = {On the Brittleness of Software and the Infeasibility of
		  Security Metrics},
  url = {https://www.cs.columbia.edu/~smb/papers/01668014.pdf},
  volume = {4},
  year = {2006},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/01668014.pdf}
}
@article{bellovin:jurisdiction,
  author = {Steven M. Bellovin},
  date = {2006-05/2006-06},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  title = {Jurisdiction and the Internet},
  url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7945231},
  volume = {15},
  year = 2017,
  bdsk-url-1 = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7945231}
}
@article{bellovin:drm,
  author = {Steven M. Bellovin},
  date = {2007-01/2007-02},
  journal = {{IEEE} Security \& Privacy},
  month = {January--February},
  number = {1},
  title = {{DRM}, Complexity, and Correctness},
  url = {https://www.cs.columbia.edu/~smb/papers/04085601.pdf},
  volume = {5},
  year = {2007},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/04085601.pdf}
}
@article{bellovin:seers,
  author = {Steven M. Bellovin},
  date = {2007-09/2007-10},
  journal = {{IEEE} Security \& Privacy},
  month = {September--October},
  number = {5},
  title = {Seers and Craftspeople},
  url = {https://www.cs.columbia.edu/~smb/papers/04336288.pdf},
  volume = {5},
  year = {2007},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/04336288.pdf}
}
@article{bellovin:security*1,
  author = {Steven M. Bellovin},
  date = {2008-03/2008-04},
  journal = {{IEEE} Security \& Privacy},
  month = {March--April},
  number = {2},
  title = {Security by Checklist},
  url = {https://www.cs.columbia.edu/~smb/papers/04489860.pdf},
  volume = {6},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/04489860.pdf}
}
@article{bellovin:puzzle,
  author = {Steven M. Bellovin},
  date = {2008-09/2008-10},
  journal = {{IEEE} Security \& Privacy},
  month = {September--October},
  number = {5},
  title = {The Puzzle of Privacy},
  url = {https://www.cs.columbia.edu/~smb/papers/cleartext-2008-09.pdf},
  volume = {6},
  year = {2008},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cleartext-2008-09.pdf}
}
@article{bellovin:government,
  author = {Steven M. Bellovin},
  date = {2009-03/2009-04},
  journal = {{IEEE} Security \& Privacy},
  month = {March--April},
  note = {(Ignore the part that says I work for Microsoft---I
		  don't\ldots The editor and I both missed that in the
		  galleys.)},
  number = {2},
  title = {The Government and Cybersecurity},
  url = {https://www.cs.columbia.edu/~smb/papers/cleartext-2009-03.pdf},
  volume = {7},
  year = {2009},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cleartext-2009-03.pdf}
}
@article{bellovin:security*2,
  author = {Steven M. Bellovin},
  date = {2009-09/2009-10},
  journal = {{IEEE} Security \& Privacy},
  month = {September--October},
  number = {5},
  title = {Security as a Systems Property},
  url = {https://www.cs.columbia.edu/~smb/papers/cleartext-2009-09.pdf},
  volume = {7},
  year = {2009},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cleartext-2009-09.pdf}
}
@article{bellovin:identity,
  author = {Steven M. Bellovin},
  date = {2010-03/2010-04},
  journal = {{IEEE} Security \& Privacy},
  month = {March--April},
  number = {2},
  title = {Identity and Security},
  url = {https://www.cs.columbia.edu/~smb/papers/cleartext-2010-02.pdf},
  volume = {8},
  year = {2010},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cleartext-2010-02.pdf}
}
@article{bellovin:perceptions,
  author = {Steven M. Bellovin},
  date = {2010-09/2010-10},
  journal = {{IEEE} Security \& Privacy},
  month = {September--October},
  number = {5},
  title = {Perceptions and Reality},
  url = {https://www.cs.columbia.edu/~smb/papers/cleartext-2010-09.pdf},
  volume = {8},
  year = {2010},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cleartext-2010-09.pdf}
}
@article{bellovin:clouds,
  author = {Steven M. Bellovin},
  date = {2011-05/2011-06},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  title = {Clouds from Both Sides},
  url = {https://www.cs.columbia.edu/~smb/papers/cloud.pdf},
  volume = {9},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cloud.pdf}
}
@article{bellovin:security*3,
  author = {Steven M. Bellovin},
  date = {2011-11/2011-12},
  journal = {{IEEE} Security \& Privacy},
  month = {November--December},
  number = {6},
  title = {Security Think},
  url = {https://www.cs.columbia.edu/~smb/papers/cleartext-2011-12.pdf},
  volume = {9},
  year = {2011},
  bdsk-url-1 = {https://www.cs.columbia.edu/~smb/papers/cleartext-2011-12.pdf}
}
@article{bellovin:fighting,
  author = {Steven M. Bellovin},
  date = {2012-05/2012-06},
  journal = {{IEEE} Security \& Privacy},
  month = {May--June},
  number = {3},
  title = {Fighting the Last War},
  url = {http://doi.ieeecomputersociety.org/10.1109/MSP.2012.66},
  volume = {10},
  year = {2012},
  bdsk-url-1 = {http://doi.ieeecomputersociety.org/10.1109/MSP.2012.66}
}