Search CSRC

Abstract: The national need for a common lexicon to describe and organize the cybersecurity workforce and requisite knowledge, skills, and abilities (KSAs) led to the creation of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework). The NICE Framework d...

Journal: Quantum Science and Technology Abstract: A game is rigid if a near-optimal score guarantees, under the sole assumption of the validity of quantum mechanics, that the players are using an approximately unique quantum strategy. Rigidity has a vital role in quantum cryptography as it permits a strictly classical user to trust behavior in the...

Journal: Journal of Cyber Security and Information Systems Abstract: A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of programs with known weaknesses. SARD has progra...

Journal: Journal of Number Theory Abstract: In this paper we show that there are infinitely many pairs of integer isosceles triangles and integer parallelograms with a common (integral) area and common perimeter. We also show that there are infinitely many Heron triangles and integer rhombuses with common area and common perimeter. As a corol...

Abstract: This bulletin summarizes the information found in NIST SP 800-190, Application Container Security Guide and NISTIR 8176, Security Assurance Requirements for Linux Application Container Deployments. The bulletin offers an overview of application container technology and its most notable security chal...

Abstract: The National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) has created curated releases of the Reference Data Set (RDS) consisting of hashes of Kaspersky products. This is in response to the DHS directive on Kaspersky applications.

Abstract: Privileged Account Management (PAM) is a domain within Identity and Access Management (IdAM) focusing on monitoring and controlling the use of privileged accounts. Privileged accounts include local and domain administrative accounts, emergency accounts, application management, and service accounts....

Abstract: Application Containers are slowly finding adoption in enterprise IT infrastructures. Security guidelines and countermeasures have been proposed to address security concerns associated with the deployment of application container platforms. To assess the effectiveness of the security solutions implem...

Conference: 2017 IEEE Conference on Communications and Network Security (CNS): The Network Forensics Workshop Abstract: Business or military missions are supported by hardware and software systems. Unanticipated cyber activities occurring in supporting systems can impact such missions. In order to quantify such impact, we describe a layered graphical model as an extension of forensic investigation. Our model has thre...

Abstract: Phishing, the transmission of a message spoofing a legitimate sender about a legitimate subject with intent to perform malicious activity, causes a tremendous and rapidly-increasing amount of damage to information systems and users annually. This project implements an exploratory computational model...

Conference: 2017 IEEE Conference on Communications and Network Security (CNS) Abstract: Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential. To better identify these challenges, we expl...

Conference: International Symposium on Stabilization, Safety, and Security of Distributed Systems Abstract: Most modern electronic devices can produce a random number. However, it is difficult to see how a group of mutually distrusting entities can have confidence in any such hardware-produced stream of random numbers, since the producer could control the output to their gain. In this work, we use public...

Abstract: Until now, ABAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains ABAC's history and model, related standards, verification and assurance, applications, and deployment challenges; Specialized topics-including formal ABAC history, ABAC'...

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Abstract: To help maintain the reliability and integrity of the Internet's Domain Name System (DNS), NIST is working with specialists from around the world to update the keys used by the DNS Security Extensions (DNSSEC) protocol to authenticate DNS data and avoid integrity issues such as domain name hijacking...

Abstract: Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This publication explains the potential security con...

Journal: Computer (IEEE Computer) Abstract: Several recent incidents highlight significant security and privacy risks associated with intelligent virtual assistants (IVAs). Better diagnostic testing of IVA ecosystems can reveal such vulnerabilities and lead to more trustworthy systems.

Conference: 2017 Resilience Week (RWS) Abstract: Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber-security is important for ensuring the system funct...

Conference: 2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W) Abstract: Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest challenges for Cloud Service Providers (CSPs) and Clo...

Abstract: These proceedings document the July 11-12, 2017 "Enhancing Resilience of the Internet and Communications Ecosystem" workshop led by the National Institute of Standards and Technology. Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” required th...

Abstract: Hospitality organizations rely on Property Management Systems (PMS) for daily tasks, planning, and record keeping. As the operations hub, the PMS interfaces with several services and components within a hotel’s IT system, such as Point-of-Sale (POS) systems, door locks, Wi-Fi networks, and other gue...

Journal: Digital Investigation Abstract: Any investigation can have a digital dimension, often involving information from multiple data sources, organizations and jurisdictions. Existing approaches to representing and exchanging cyber-investigation information are inadequate, particularly when combining data sources from numerous organizat...

Conference: IFIP WG 11.3 International Conference on Digital Forensics Abstract: Cloud computing provides benefits such as increased flexibility, scalability and cost savings to enterprises. However, it introduces several challenges to digital forensic investigations. Current forensic analysis frameworks and tools are largely intended for off-line investigations and it is assume...

Abstract: This bulletin outlines the updates NIST recently made in its four-volume Special Publication (SP) 800-63, Digital Identity Guidelines, which provide agencies with technical guidelines regarding the digital authentication of users to federal networked systems.

Conference: 24th International Conference, Selected Areas in Cryptography (SAC 2017) Abstract: Multivariate Public Key Cryptography (MPKC) is one of the main candidates for secure communication in a post-quantum era. Recently, Yasuda and Sakurai proposed in [7] a new multivariate encryption scheme called SRP, which combines the Square encryption scheme with the Rainbow signature scheme and th...