Search CSRC

Abstract: Big Data is a term used to describe the large amount of data in the networked, digitized, sensor-laden, information-driven world. While opportunities exist with Big Data, the data can overwhelm traditional technical approaches and the growth of data is outpacing scientific and technological advances...

Conference: Evaluation and Assessment in Software Engineering (EASE) Abstract: Combinatorial interaction testing (CIT) is a well-known technique, but industrial experience is needed to determine its effectiveness in different application domains. We present a case study introducing a unified framework for generating, executing and verifying CIT test suites, based on the open-s...

Abstract: The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and associated environments of operation. Configur...

Abstract: MSPs have become an attractive target for cyber criminals. As a result, an MSP could benefit from improving its own cybersecurity through implementing a secure IT architecture that reduces vulnerabilities to attacks such as ransomware. When an MSP is vulnerable to a cyber attack, it also increases t...

Abstract: The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57 candidate algorithms were submitted to NIST for con...

Abstract: This report presents the results of a project that conducted a technical review of security features in different categories of consumer home Internet-of-Things (IoT) devices. The categories of IoT devices included smart light bulbs, security lights, security cameras, doorbells, plugs, thermostats,...

Abstract: This guide provides general implementation guidance (Volume 1) and example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CS...

Abstract: This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in process-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Impa...

Abstract: This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Sec...

Journal: Computer (IEEE Computer) Abstract: I present a computationally efficient and accurate feedforward neural network for sentiment prediction capable of maintaining high transfer accuracy when coupled with an effective semantics model of the text. Experimental results show the advantages of the new approach. Applications to security vali...

Conference: International Conference on Machine Learning, Optimization, and Data Science Abstract: How to model and encode the semantics of human-written text and select the type of neural network to process it are not settled issues in sentiment analysis. Accuracy and transferability are critical issues in machine learning in general. These properties are closely related to the loss estimates fo...

Journal: Computer Communications Abstract: Diversity as a security mechanism is receiving renewed interest due to its potential for improving the resilience of software and networks against previously unknown attacks. Recent works show diversity can be modeled and quantified as a security metric at the network level. However, such efforts do...

Abstract: Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards...

Abstract: Federal Information Processing Standards (FIPS) Publication 201-2, “Personal Identity Verification (PIV) of Federal Employees and Contractors,” establishes a standard for a PIV system based on secure and reliable forms of identity credentials issued by the federal government to its employees and con...

Conference: International Cross-Domain Conference for Machine Learning and Knowledge Extraction (CD-MAKE) Abstract: We present a combinatorial coverage measurement analysis for test vectors provided by the NIST Cryptographic Algorithm Validation Program (CAVP), and in particular for test vectors targeting the AES block ciphers for different key sizes and cryptographic modes of operation. These test vectors are me...

Journal: Cryptography and Communications Abstract: A special metric of interest about Boolean functions is multiplicative complexity (MC): the minimum number of AND gates sufficient to implement a function with a Boolean circuit over the basis {XOR, AND, NOT}. In this paper we study the MC of symmetric Boolean functions, whose ou...

Abstract: This project explores several scenarios in which information exchanges among commercial- and utility-scale distributed energy resources (DERs) and electric distribution grid operations can be protected from certain cybersecurity compromises. Components of these infrastructures form what is commonly...

Conference: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) Abstract: Smart home devices are increasingly being used by nontechnical users who have little understanding of the technology, including privacy and security implications. To better understand perceptions of smart home privacy and security, we are conducting an interview study of individuals living in smart...

Conference: 5th Workshop on Security Information Workers (WSIW 2019) Abstract: The in-progress case study will allow for examination of a security awareness team from several perspectives via a multi-faceted approach involving: 1) interviews of security awareness team members, managers in the team’s chain-of-command, and agency employees who receive the security awareness...

Abstract: Through direct dialogue between NCCoE staff and members of the energy sector (composed mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environ...

Abstract: Microservices architecture is increasingly being used to develop application systems since its smaller codebase facilitates faster code development, testing, and deployment as well as optimization of the platform based on the type of microservice, support for independent development teams, and the a...

Abstract: This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, i...

Abstract: As retailers in the United States have adopted chip-and-signature and chip-and-PIN (personal identification number) point-of-sale (POS) security measures, there have been increases in fraudulent online card-not-present electronic commerce (e-commerce) transactions. The risk of increased fraudulent o...

Conference: Balisage: The Markup Conference 2019 Abstract: The Information Technology Lab at NIST is developing technical standards for documentation related to systems security. The Open Security Controls Assessment Language (OSCAL) defines lightweight schemas, along with related infrastructure, for tagging system security information to support routine ta...

Abstract: Recently, an article by Felke appeared in Cryptography and Communications discussing the security of biquadratic C* and a further generalization, k-ary C*. The article derives lower bounds for the complexity of an algebraic attack, directly inverting the public key, under an assumption that the firs...