Search CSRC

Journal: Software Quality Professional Abstract: The need for human review often causes high costs for testing of graphical interface software. Some testers advocate combinatorial testing, combining strong fault detection with a small number of tests. This article compares combinatorial testing with the traditional method of exhaustive human testi...

Abstract: This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and ri...

Journal: Finite Fields and Their Applications Abstract: Edwards curves are a new model for elliptic curves, which have attracted notice in cryptography. We give exact formulas for the number of F_q-isomorphism classes of Edwards curves and twisted Edwards curves. This answers a question recently asked by R. Farashahi and I. Shparlinski.

Abstract: This bulletin summarizes the information that is included in revised Federal Information Processing Standard 180-4, Secure Hash Standard. The revised standard, announced in a March 6, 2012, Federal Register notice, was approved by the Secretary of Commerce to replace an earlier standard, FIPS 180-3....

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Abstract: NISTIR 7848 defines the Asset Summary Reporting (ASR) format version 1.0, a data model for expressing the data exchange format of summary information relative to one or more metrics. ASR reduces the bandwidth requirement to report information about assets in the aggregate since it allows for reporti...

Conference: First International Workshop on Combinatorial Testing (CT 2012) Abstract: Combinatorial Testing (CT) is a systematic way of sampling input parameters of the software under test (SUT). A t-way combinatorial test set can exercise all behaviors of the SUT caused by interactions between t input parameters or less. Although combinatorial testing can provide fault detection cap...

Conference: First International Workshop on Combinatorial Testing (CT 2012) Abstract: In this paper we present a case study of applying combinatorial testing to test a combinatorial test generation tool called ACTS. The purpose of this study is two-fold. First, we want to gain experience and insights about how to apply combinatorial testing in practice. Second, we want to evaluate th...

Conference: First International Workshop on Combinatorial Testing (CT 2012) Abstract: Many software testing problems involve sequences. This paper presents an application of combinatorial methods to testing problems for which it is important to test multiple configurations, but also to test the order in which events occur. For example, the methods described in this paper were motivat...

Abstract: In the last few years, the need to design new cryptographic hash functions has led to the intense study of when desired hash multi-properties are preserved or assured under compositions and domain extensions. In this area, it is important to identify the exact notions and provide often complex proof...

Conference: 5th IAPR International Conference on Biometrics (ICB 2012) Abstract: Traditional criteria used in biometric performance evaluation do not cover all the performance aspects of biometric template protection (BTP) and the lack of well-defined metrics inhibits the proper evaluation of such methods. Previous work in the literature focuses, in general, on a limited set of...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-144, Guidelines on Security and Privacy in Public Cloud Computing. These new guidelines, which were written by Wayne Jansen of Booz Allen Hamilton and Tim Grance of NIST, present an overview of public cloud compu...

Journal: IT Professional Abstract: To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine...

Conference: The Third SHA-3 Candidate Conference Abstract: The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent. The designers give a keyed sponge construction by prepending the message with key and prove a bound on its pseudorandomness in the ideal permu...

Conference: The Third SHA-3 Candidate Conference Abstract: The JH hash function is one of the five finalists of the ongoing NIST SHA3 hash function competition. Despite several earlier attempts, and years of analysis, the indifferentiability security bound of the JH mode has so far remained remarkably low, only up to n/3 bits. Using a recent technique intro...

Abstract: This document provides the definitive technical specification for version 1.2 of the Security Content Automation Protocol (SCAP). SCAP consists of a suite of specifications for standardizing the format and nomenclature by which information about software flaws and security configurations is communic...

Journal: IEEE Security & Privacy Abstract: The authors investigated users' understanding of online security by conducting in-depth interviews to identify correct perceptions, myths, and potential misperceptions. Participants were aware of and concerned with online and computer security but lacked a complete skill set to protect their compute...

Abstract: This report specifies the data model and Extensible Markup Language (XML) representation for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specifica...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs): Recommendations of the National Institute of Standards and Technology. The publication was written by Murugiah Souppaya of NIST and Karen Scarfon...

Abstract: A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each WLAN component—including client devices, acces...

Journal: Computer (IEEE Computer) Abstract: Recent advancements in hardware have increased the computing power, memory, storage, and wireless connectivity of handheld mobile devices. Smart-phone devices are used for everyday activities that range from Maps and Geo-location tagging to banking. Indeed, these new hand-held devices are capable of...

Journal: Journal of Mathematical Cryptology Abstract: In this paper we look at three families of elliptic curves with rational 3-torsion over a finite field. These families include Hessian curves, twisted Hessian curves, and a new family we call generalized DIK curves. We find the number of Fq-isogeny classes of each family, as well as the number of...

Conference: Sixth International Conference on Digital Society (ICDS 2012) Abstract: Smart cards are now being extensively deployed for identity verification(smart identity tokens) for controlling access to Information Technology (IT) as well as physical resources. Depending upon the sensitivity of the resources and the risk of wrong identification, different authentication uses are...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-126 Rev. 2, The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2. This publication was written by David Waltermire and Stephen Quinn of NIST, Karen Scarfone of Scarfon...

Abstract: This publication binds together the Continuous Monitoring workflows and capabilities described in NIST IR 7799 to specific data domains. It focuses on the Asset Management, Configuration and Vulnerability data domains. It leverages the Security Content Automation Protocol (SCAP) version 1.2 for conf...