Search CSRC

Abstract: We introduce a framework for graphical security proofs in device-independent quantum cryptography using the methods of categorical quantum mechanics. We are optimistic that this approach will make some of the highly complex proofs in quantum cryptography more accessible, facilitate the discovery of...

Journal: Computer (IEEE Computer) Abstract: In the 1980's, the software quality community was all 'a buzz' with seemingly endless 'potential' approaches for producing higher quality software. At the forefront of that was software metrics, along with the corresponding software testing techniques and tools and process improvement schemes that r...

Abstract: This bulletin, based on NIST Special Publication (SP) 800-150, introduces cyber threat intelligence and information sharing concepts, describes the benefits and challenges of sharing, clarifies the importance of trust, and introduces specific data handling considerations. It also desc...

Abstract: This bulletin summarizes the information in NISTIR 8062: An Introduction to Privacy Engineering and Risk Management in Federal Information Systems which provides an introduction to the concepts of privacy engineering and risk management for federal information systems. NISTIR 8062 introduces two key...

Journal: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications Abstract: An important way to limit malicious insiders from distributing sensitive information is to restrict access as tightly as possible. This has always been the goal in the design of access control mechanisms, but individual approaches can be inadequate. Approaches that instantiate multiple methods simul...

Abstract: The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. It helps your organization identify strengths and opportunities for improvement in managing cybersecurit...

Abstract: NIST-approved cryptographic standards were designed to perform well on general-purpose computers. In recent years, there has been increased deployment of small computing devices that have limited resources with which to implement cryptography. When current NIST-approved algorithms can be engineered...

Conference: 2nd ACM Workshop on Attribute Based Access Control (ABAC '17) Abstract: In this paper, we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes access control at the data level, eliminating t...

Conference: 2nd ACM Workshop on Attribute-Based Access Control (ABAC'17) Abstract: Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined in the context of these models is their abi...

Abstract: This bulletin summarizes the information in NISTIR 7621, Revision 1: Small Business Information Security: The Fundamentals. The bulletin presents the fundamentals of a small business information security program.

Abstract: Industrial Control Systems (ICS) monitor and control physical processes in many different industries and sectors. Cyber attacks against ICS devices present a real threat to organizations that employ ICS to monitor and control manufacturing processes. The NIST Engineering Laboratory (EL), in conjunct...

Conference: NDSS Symposium 2017 Abstract: Online security experiences, perceptions, and behaviors are key to understanding users security practices. Users express that they are concerned about online security, but they also express frustration in navigating the often confusing and mentally taxing cybersecurity world. Thi...

Conference: 2016 IEEE Conference on Communications and Network Security (CNS) Abstract: Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi-step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero-day threats. In this paper, we propose a pro...

Journal: IEEE Systems Journal Abstract: The nature of healthcare and the computational and physical technologies and constraints present a number of challenges to systems designers and implementers. In spite of the challenges, there is a significant market for systems and products to support caregivers in their tasks as the number of peop...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-184, Guide for Cybersecurity Event Recovery. The publication provides organizations with strategic guidance for planning, playbook developing, testing and improvements of recovery planning following a cybers...

Abstract: The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classe...

Abstract: Entropy models are frequently utilized in tests identifying either qualities of randomness or randomness uniformity of formal and/or observed distributions. The NIST special publications SP 800-22 and SP 800-90 (A, B, & C) discuss tests and methods leveraging both Shannon and min entropies. Shan...

Abstract: The Middle Class Tax Relief Act of 2012 mandated the creation of the Nation’s first nationwide, high-speed communications network dedicated for public safety. The law instantiated a new federal entity, the Federal Responder Network Authority (FirstNet), to build, maintain, and operate a new Long Ter...

Conference: 2nd Annual Industrial Control System Security Workshop (ICSS '16), 2016 Annual Computer Security Applications Conference Abstract: Defense-in-depth is an important security architecture principle that has significant application to industrial control systems (ICS), cloud services, storehouses of sensitive data, and many other areas. We claim that an ideal defense-in-depth posture is 'deep', containing many layers of security, a...

Abstract: This bulletin summarized the information presented in NISTIR 8151: Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy. The publication starts by describing well known security risks and presents a list of specific technical approaches th...

Conference: RSA Conference 2017 Abstract: We revisit the problem of Full Disk Encryption (FDE), which refers to the encryption of each sector of a disk volume. In the context of FDE, it is assumed that there is no space to store additional data, such as an IV (Initialization Vector) or a MAC (Message Authentication Code) value. We formally...

Abstract: This document provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementat...

Journal: Journal of Integer Sequences Abstract: In this paper, we look at long arithmetic progressions on conics. By an arithmetic progression on a curve, we mean the existence of rational points on the curve whose x-coordinates are in arithmetic progression. We revisit arithmetic progressions on the unit circle, constructing 3-term progressions...

Abstract: In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Identifying and prioritizing organization resources helps to guide effective plans and realistic test scenarios. Th...

Abstract: This Recommendation specifies four SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash. cSHAKE is a customizable variant of the SHAKE functions defined in FIPS 202. KMAC (for KECCAK Message Authentication Code) is a variable-length message authentication code algorithm based on KECCAK...