Search CSRC

Journal: International Journal of Network Security & Its Applications (IJNSA) Abstract: Previous work introduced the idea of grouping alerts at a Hamming distance of 1 to achieve alert aggregation; such aggregated meta-alerts were shown to increase alert interpret-ability. However, a mean of 84,023 daily Snort alerts were reduced to a still formidable 14,099 meta-alerts. In this work,...

Abstract: The United States has embarked on a major transformation of its electric power infrastructure. This vast infrastructure upgrade--extending from homes and businesses to fossil-fuel-powered generating plants and wind farms--is central to national efforts to increase energy efficiency, reliability, and...

Abstract: This three-volume report, Guidelines for Smart Grid Cybersecurity, presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of Smart Grid-related characteristics, risks, and vulnerabilities. Organizations in t...

Conference: 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014) Abstract: Enterprise networks are migrating to the public cloud to acquire computing resources for promising benefits in terms of efficiency, expense, and flexibility. Except for some public services, the enterprise network islands in cloud are expected to be absolutely isolated from each other. However, some...

Abstract: Traditionally, enterprises established boundaries to separate their trusted internal IT network(s) from untrusted external networks. When employees consume and generate corporate information on mobile devices, this traditional boundary erodes. Due to the rapid changes in today’s mobile platforms, co...

Conference: 19th European Symposium on Research in Computer Security (ESORICS 2014) Abstract: The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on formally modeling diversity have focused on...

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Abstract: Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the hypervisor or operating system. Unauthorized modification of BIOS firmware by malicious software constitutes a...

Abstract: The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a comprehensive range of policy persists. While resear...

Journal: Computer Abstract: By fostering public–private partnerships in cybersecurity education, the U.S. government is motivating federal agencies, industry, and academia to work more closely together to defend cyberspace.

Conference: 15th IEEE Conference on Information Reuse and Integration (IRI 2014) Abstract: A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file and access control management. Although acce...

Abstract: FIPS201 describes a variety of data model components as a part of the PIV logical credentials. Such components include biometric elements in the form of fingerprint information and facial imagery and security elements such as electronic keys, certificates, and signatures. FIPS201 incorporates by ref...

Journal: IT Professional Abstract: Approximately 100 IT professionals participated in the 2014 IT Pro Conference on Information Systems Governance, held at the National Institute of Standards and Technology (NIST) on May 22, 2014 (www.computer.org/itproconf). Information systems governance focuses on properly managing IT resources to...

Journal: Bulletin of the Australian Mathematical Society Abstract: A Brahmagupta quadrilateral is a cyclic quadrilateral whose sides, diagonals, and area are all integer values. In this article, we characterize the notions of Brahmagupta, introduced by K. R. S. Sastry, by means of elliptic curves. Motivated by these characterizations, we use Brahmagupta quadrilater...

Abstract: The Common Vulnerability Scoring System (CVSS) is an open standard designed to convey severity and risk of information system vulnerabilities. CVSS was commissioned by the National Infrastructure Advisory Council (NIAC) in support of the global Vulnerability Disclosure Framework. It is currently mai...

Abstract: Approximate matching is a promising technology for designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find objects that are contained in another object. This can be very useful for filtering data for security monitoring, digital...

Conference: Eighth International Conference on Software Security and Reliability (SERE 2014) Abstract: This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is a dynamically changing defense-in-depth map...

Conference: Second International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS 2014) Abstract: Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password, using the password to authenticate, then to the...

Conference: Second International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS 2014) Abstract: Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of passwords. The thinking is that longer passwords wi...

Conference: 8th International Conference on Universal Access in Human-Computer Interaction (UAHCI 2014) Abstract: Social media has become a mainstream activity where people share all kinds of personal and intimate details about their lives. These social networking sites (SNS) allow users to conveniently authenticate to the third-party website by using their SNS credentials, thus eliminating the need of creating...

Conference: 6th International Conference Cross-Cultural Design (CCD 2014) Abstract: Institutions often require or recommend that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords containing a mix of letters, numbers, and other symbol characters ma...

Conference: Second International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS 2014) Abstract: Given the numerous constraints of onscreen keyboards, such as smaller keys and lack of tactile feedback, remembering and typing long, complex passwords—an already burdensome task on desktop computing systems—becomes nearly unbearable on small mobile touchscreens. Complex passwords require numerous s...

Abstract: Forensic science provides the methodologies for understanding crime scenes. It is used for analyzing evidence, identifying suspects, and prosecuting and convicting criminals while exonerating innocent people. To maintain the integrity of the U.S. criminal justice system, the validity and reliability...

Journal: ei Magazine Abstract: On February 12, 2014 President Obama issued a statement that, "[c]yber threats pose one the gravest national security dangers that the United States faces. To better defend our nation against this systemic challenge, one year ago I signed an Executive Order directing the Administration to take steps...

Conference: The Fifth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2014) Abstract: Infrastructure as a Service (IaaS) is one of the three main cloud service types where the cloud consumer consumes a great variety of resources such as computing (Virtual Machines or VMs), virtual network, storage and utility programs (DBMS). Any large-scale offering of this service is feasible only...