Search CSRC

Conference: 4th ACM Workshop on Security and Artificial Intelligence (AISec '11) Abstract: A binary de Bruijn sequence of order n is a cyclic sequence of period 2^n, in which each n-bit pattern appears exactly once. These sequences are commonly used in applications such as stream cipher design, pseudo-random number generation, 3-D pattern recognition, network modeling, mainly due to their...

Journal: IT Professional Abstract: Although cloud security concerns have consistently ranked as one of the top challenges to cloud adoption, it's not clear what security issues are particular to cloud computing. To approach this question, the author attempts to derive cloud security issues from various cloud definitions and a referen...

Abstract: In order to facilitate the development of applications and middleware that support the Personal Identity Verification (PIV) Card, NIST has developed a set of test PIV Cards and a supporting public key infrastructure. This set of test cards includes not only examples that are similar to cards that ar...

Abstract: As the use of Public Key Infrastructure (PKI) and digital certificates (e.g., the use of Transport Layer Security [TLS] and Secure Sockets Layer [SSL]) for the security of systems has increased, the certification authorities (CAs) that issue certificates have increasingly become targets for sophisti...

Abstract: The Common Misuse Scoring System (CMSS) is a set of measures of the severity of software feature misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature misuse vulnerability is a vulnerability in which the feature also provides an avenue to comp...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-146, Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology. The publication explains the different cloud computing technologies and configurations, an...

In: Encyclopedia of Software Engineering (2012) Abstract: Combinatorial testing is a method that can reduce cost and improve test effectiveness significantly for many applications. The key insight underlying this form of testing is that not every parameter contributes to every failure, and empirical data suggest that nearly all software failures are caused...

Journal: IT Professional Abstract: Today, a new Internet player is rowing more important: things-that is, inanimate objects that can be programmed to communicate, sense, and interact with other things. But will an increasingly fragile ecosystem be able to sustain the amount of power necessary to run all these gadgets? And what other...

Conference: National Symposium on Moving Target Research Abstract: Moving-target defense has been hypothesized as a potential game changer in cyber defense, including that for computer networks. However there has been little work to study how much proactively changing a network’s configuration can increase the difficulty for attackers and thus improve the resilienc...

Journal: IEEE Security & Privacy Abstract: The National Initiative for Cybersecurity Education (NICE) aims to create an operational, sustainable, and continually improving program for cybersecurity awareness, education, training, and workforce development. As part of the initiative, the NICE Cybersecurity Workforce Framework aims to codify c...

Journal: Software Quality Professional Abstract: The need for human review often causes high costs for testing of graphical interface software. Some testers advocate combinatorial testing, combining strong fault detection with a small number of tests. This article compares combinatorial testing with the traditional method of exhaustive human testi...

Abstract: This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and ri...

Journal: Finite Fields and Their Applications Abstract: Edwards curves are a new model for elliptic curves, which have attracted notice in cryptography. We give exact formulas for the number of F_q-isomorphism classes of Edwards curves and twisted Edwards curves. This answers a question recently asked by R. Farashahi and I. Shparlinski.

Abstract: This bulletin summarizes the information that is included in revised Federal Information Processing Standard 180-4, Secure Hash Standard. The revised standard, announced in a March 6, 2012, Federal Register notice, was approved by the Secretary of Commerce to replace an earlier standard, FIPS 180-3....

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Abstract: NISTIR 7848 defines the Asset Summary Reporting (ASR) format version 1.0, a data model for expressing the data exchange format of summary information relative to one or more metrics. ASR reduces the bandwidth requirement to report information about assets in the aggregate since it allows for reporti...

Conference: First International Workshop on Combinatorial Testing (CT 2012) Abstract: Combinatorial Testing (CT) is a systematic way of sampling input parameters of the software under test (SUT). A t-way combinatorial test set can exercise all behaviors of the SUT caused by interactions between t input parameters or less. Although combinatorial testing can provide fault detection cap...

Conference: First International Workshop on Combinatorial Testing (CT 2012) Abstract: In this paper we present a case study of applying combinatorial testing to test a combinatorial test generation tool called ACTS. The purpose of this study is two-fold. First, we want to gain experience and insights about how to apply combinatorial testing in practice. Second, we want to evaluate th...

Conference: First International Workshop on Combinatorial Testing (CT 2012) Abstract: Many software testing problems involve sequences. This paper presents an application of combinatorial methods to testing problems for which it is important to test multiple configurations, but also to test the order in which events occur. For example, the methods described in this paper were motivat...

Abstract: In the last few years, the need to design new cryptographic hash functions has led to the intense study of when desired hash multi-properties are preserved or assured under compositions and domain extensions. In this area, it is important to identify the exact notions and provide often complex proof...

Conference: 5th IAPR International Conference on Biometrics (ICB 2012) Abstract: Traditional criteria used in biometric performance evaluation do not cover all the performance aspects of biometric template protection (BTP) and the lack of well-defined metrics inhibits the proper evaluation of such methods. Previous work in the literature focuses, in general, on a limited set of...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-144, Guidelines on Security and Privacy in Public Cloud Computing. These new guidelines, which were written by Wayne Jansen of Booz Allen Hamilton and Tim Grance of NIST, present an overview of public cloud compu...

Journal: IT Professional Abstract: To many, system policy is a statement posted on a website indicating intention to protect personal data. In reality, policy is much broader, and its enforcement far more consequential. What if policy-derived rule sets could be rigorously defined and automated for software-intensive systems? Imagine...

Conference: The Third SHA-3 Candidate Conference Abstract: The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent. The designers give a keyed sponge construction by prepending the message with key and prove a bound on its pseudorandomness in the ideal permu...

Conference: The Third SHA-3 Candidate Conference Abstract: The JH hash function is one of the five finalists of the ongoing NIST SHA3 hash function competition. Despite several earlier attempts, and years of analysis, the indifferentiability security bound of the JH mode has so far remained remarkably low, only up to n/3 bits. Using a recent technique intro...