Search CSRC

Abstract: The Computer Security Division of NIST/ITL supports the development of biometric conformance testing methodology standards and other conformity assessment efforts through active technical participation in the development of these standards and the associated conformance test architectures and test s...

Abstract: The purpose of this document is to provide Federal agencies with background information on access control (AC) properties, and to help access control experts improve their evaluation of the highest security AC systems. This document discusses the administration, enforcement, performance, and support...

Conference: Annual NASA IV&V Workshop Abstract: This report describes some measures of combinatorial coverage that can be helpful in estimating this risk that we have applied to tests for spacecraft software but have general application to any combinatorial coverage problem. This method will be illustrated through a prior application to NASA spac...

Conference: Third Workshop on Mathematical Cryptology (WMC 2012) Abstract: Many new systems have been proposed which hide an easily invertible multivariate quadratic map in a larger structure by adding more variables and introducing some mixing of a random component to the structured system. While many systems which have been formed by attempting to hide the hidden structu...

Abstract: Hash functions that compute a fixed-length message digest from arbitrary length messages are widely used for many purposes in information security. This document provides security guidelines for achieving the required or desired security strengths when using cryptographic applications that employ th...

Abstract: This paper will present an overview of the work of the National Institute of Standards and Technology (NIST) in security and privacy for mobile technology as well as an overview on how NIST standards and guidelines can be applied in the mobile environment.

Journal: Cryptography and Communications Abstract: Linear Feedback Shift Registers (LFSRs) are the main building block of many classical stream ciphers; however due to their inherent linearity, most of the LFSR-based designs do not offer the desired security levels. In the last decade, using Nonlinear Feedback Shift Registers (NFSRs) in stream ciphe...

Abstract: This bulletin summarizes the information that is included in NIST Special Publication (SP) 121, Revision 1, Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. This guide was revised by John Padgette of Accenture, Karen Scarfone of Scarfone Cybersecuri...

Abstract: Computer security incident response has become an important component of information technology (IT) programs. Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. This publicati...

Abstract: This paper presents the findings of a PIV usability pilot study conducted at NIST during the summer of 2010. The study focused on factors that affected users' perceptions and adoption of PIV smartcards. Based on observation of the study participants, the researchers present recommendations that can...

Journal: Crosstalk (Hill AFB): the Journal of Defense Software Engineering Abstract: Many software testing problems involve sequences of events. The methods described in this paper were motivated by testing needs of mission critical systems that may accept multiple communication or sensor inputs and generate output to several communication links and other interfaces, where it is imp...

Conference: 6th IEEE International Conference on Software Security and Reliability (SERE'12) Abstract: Reducing power consumption has become a crucial design tenet for both mobile and other small computing devices that are not constantly connected to a power source. However, unlike devices that have a limited and predefined set of functionality, recent mobile smart phone devices have a very rich set...

Journal: FedTech Magazine Abstract: Recently, NIST completed a fundamental transformation of the traditional certification and accreditation process into a comprehensive, near real-time, security life cycle process as part of a Risk Management Framework (RMF). The RMF, described in NIST Special Publication 800-37, provides a dynamic,...

Abstract: Security Automation Essentials: Streamlined Enterprise Security Management & Monitoring with SCAP lays out comprehensive technical, administrative, and operational strategies for security management. Discover how to define baseline requirements, automatically confirm patches and updates, id...

Journal: Annales Mathematicae et Informaticae Abstract: We look at arithmetic progressions on elliptic curves known as Huff curves. By an arithmetic progression on an elliptic curve, we mean that either the x or y-coordinates of a sequence of rational points on the curve form an arithmetic progression. Previous work has found arithmetic progressions on W...

Conference: 4th ACM Workshop on Security and Artificial Intelligence (AISec '11) Abstract: A binary de Bruijn sequence of order n is a cyclic sequence of period 2^n, in which each n-bit pattern appears exactly once. These sequences are commonly used in applications such as stream cipher design, pseudo-random number generation, 3-D pattern recognition, network modeling, mainly due to their...

Journal: IT Professional Abstract: Although cloud security concerns have consistently ranked as one of the top challenges to cloud adoption, it's not clear what security issues are particular to cloud computing. To approach this question, the author attempts to derive cloud security issues from various cloud definitions and a referen...

Abstract: In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure. This set of test cards includes not only examples that are similar to cards that ar...

Abstract: As the use of Public Key Infrastructure (PKI) and digital certificates (e.g., the use of Transport Layer Security [TLS] and Secure Sockets Layer [SSL]) for the security of systems has increased, the certification authorities (CAs) that issue certificates have increasingly become targets for sophisti...

Abstract: The Common Misuse Scoring System (CMSS) is a set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to comp...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-146, Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology. The publication explains the different cloud computing technologies and configurations, an...

In: Encyclopedia of Software Engineering (2012) Abstract: Combinatorial testing is a method that can reduce cost and improve test effectiveness significantly for many applications. The key insight underlying this form of testing is that not every parameter contributes to every failure, and empirical data suggest that nearly all software failures are caused...

Journal: IT Professional Abstract: Today, a new Internet player is rowing more important: things-that is, inanimate objects that can be programmed to communicate, sense, and interact with other things. But will an increasingly fragile ecosystem be able to sustain the amount of power necessary to run all these gadgets? And what other...

Conference: National Symposium on Moving Target Research Abstract: Moving-target defense has been hypothesized as a potential game changer in cyber defense, including that for computer networks. However there has been little work to study how much proactively changing a network’s configuration can increase the difficulty for attackers and thus improve the resilienc...

Journal: IEEE Security & Privacy Abstract: The National Initiative for Cybersecurity Education (NICE) aims to create an operational, sustainable, and continually improving program for cybersecurity awareness, education, training, and workforce development. As part of the initiative, the NICE Cybersecurity Workforce Framework aims to codify c...