Use this form to search content on CSRC pages.
Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...
Abstract: The Standard specifies a suite of algorithms that can be used to generate a digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence...
Abstract: This ITL Bulletin announces the publication of NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Movile Devices in the Enterprise. The revised guidelines will assist organizations in managing the security of mobile devices such as smart phones and tablets.
Abstract: Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors [HSPD-12], called for new standards to be adopted governing interoperable use of identity credentials to allow physical and logical access to Federal government locatio...
Abstract: There is a great demand from federal departments and agencies for supply chain risk management (SCRM) guidance. This document is a summary of a workshop held October 15-16, 2012 to broadly engage all stakeholders in an effort to set a foundation for NIST's future work on Information and Communicatio...
Conference: 8th International Conference on Algorithms and Complexity (CIAC 2013) Abstract: Cryptographic applications, such as hashing, block ciphers and stream ciphers, make use of functions which are simple by some criteria (such as circuit implementations), yet hard to invert almost everywhere. A necessary condition for the latter property is to be "sufficiently distant" from linear, a...
Journal: Computer (IEEE Computer) Abstract: Although access control (AC) currently plays an important role in securing data services, if properly envisaged and designed, access control can serve a more vital role in computing than one might expect. The Policy Machine (PM), a framework for AC developed at NIST, was designed with this goal in m...
Conference: 2013 Proceedings of the Annual Reliability and Maintainability Symposium (RAMS'13) Abstract: In this manuscript, we present our efforts towards a framework for exposing the functionality of a mobile application through a combination of static and dynamic program analysis that attempts to explore all available execution paths including libraries. We verified our approach by testing a large n...
Abstract: The purpose of this publication is to help organizations centrally manage and secure mobile devices against a variety of threats. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mo...
Conference: Fifth International Workshop on Post-Quantum Cryptography (PQCrypto 2013) Abstract: Multivariate Public Key Cryptography(MPKC) has become one of a few options for security in the quantum model of computing. Though a few multivariate systems have resisted years of effort from the cryptanalytic community, many such systems have fallen to a surprisingly small pool of techniques. There...
Abstract: The Computer Security Division (CSD) of NIST/ITL develops conformance test architectures (CTAs) and test suites (CTSs) to support users that require conformance to selected biometric standards. Product developers as well as testing laboratories can also benefit from the use of these tools. This proj...
Conference: Seventh International Conference on Software Security and Reliability (SERE 2013) Abstract: Assessing security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and the software services. In many systems, the platform or the infrastructure on which the software will actually run may not be known or guaranteed. This implie...
Abstract: Combinatorial testing of software analyzes interactions among variables using a very small number of tests. This advanced approach has demonstrated success in providing strong, low-cost testing in real-world situations. Introduction to Combinatorial Testing presents a complete self-contain...
Journal: Mathematical and Computer Modelling Abstract: This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, th...
Abstract: This ITL Bulletin for May 2013 announces the publication of NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Developed by the Joint Task Force Transformation Initiative Interagency Working Group, the publication is part of...
Abstract: This ITL Bulletin describes a new ITL publication, NISTIR 7511, Revision 3, Ssecurity Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements.
Journal: Journal of Cryptology Abstract: A new technique for combinational logic optimization is described. The technique is a two-step process. In the rst step, the non-linearity of a circuit { as measured by the number of non-linear gates it contains { is reduced. The second step reduces the number of gates in the linear components of th...
Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: Combinatorial testing has attracted a lot of attention from both industry and academia. A number of reports suggest that combinatorial testing can be effective for practical applications. However, there still seems to lack systematic, controlled studies on the effectiveness of combinatorial testing....
Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way combinations up to t <= n. This report desc...
Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: The input space of a system must be modeled before combinatorial testing can be applied to this system. The effectiveness of combinatorial testing to a large extent depends on the quality of the input space model. In this paper we introduce an input space modeling methodology for combinatorial testi...
Abstract: This ITL Bulletin describes the Cybersecurity Framework that NIST is developing to reduce cyber risks to our nation's critical infrastructure and announces the first Cybersecurity Framework Workshop.
Journal: Measurement Abstract: Software has become increasingly ubiquitous in tools and methods used for science, engineering, medicine, commerce, and human interactions. Extensive testing is required to assure that software works correctly. Combinatorial testing is a versatile methodology which is useful in a broad range of situ...
Conference: Seventh International Conference on Digital Society (ICDS 2013) Abstract: Virtualized hosts provide abstraction of the hardware resources (i.e., CPU, Memory etc) enabling multiple computing stacks to be run on a single physical machine. The Hypervisor is the core software that enables this virtualization and hence must be configured to ensure security robustness for the e...
Abstract: Proceedings of the Cybersecurity in Cyber-Physical Workshop, April 23 – 24, 2012, complete with abstracts and slides from presenters. Some of the cyber-physical systems covered during the first day of the workshop included networked automotive vehicles, networked medical devices, semi-conductor manu...
Abstract: This bulletin summarizes the information presented in NISTIR 7817, A Credential Reliability and Revocation Model for Federated Identities, written by Hildegard Ferraiolo. The publication analyzes the different types of digital credentials used in authenticating the identity of remote users of inform...