Search CSRC

Conference: 8th International Conference on Algorithms and Complexity (CIAC 2013) Abstract: Cryptographic applications, such as hashing, block ciphers and stream ciphers, make use of functions which are simple by some criteria (such as circuit implementations), yet hard to invert almost everywhere. A necessary condition for the latter property is to be "sufficiently distant" from linear, a...

Journal: Computer (IEEE Computer) Abstract: Although access control (AC) currently plays an important role in securing data services, if properly envisaged and designed, access control can serve a more vital role in computing than one might expect. The Policy Machine (PM), a framework for AC developed at NIST, was designed with this goal in m...

Abstract: The Computer Security Division (CSD) of NIST/ITL develops conformance test architectures (CTAs) and test suites (CTSs) to support users that require conformance to selected biometric standards. Product developers as well as testing laboratories can also benefit from the use of these tools. This proj...

Conference: Fifth International Workshop on Post-Quantum Cryptography (PQCrypto 2013) Abstract: Multivariate Public Key Cryptography(MPKC) has become one of a few options for security in the quantum model of computing. Though a few multivariate systems have resisted years of effort from the cryptanalytic community, many such systems have fallen to a surprisingly small pool of techniques. There...

Conference: 2013 Proceedings of the Annual Reliability and Maintainability Symposium (RAMS'13) Abstract: In this manuscript, we present our efforts towards a framework for exposing the functionality of a mobile application through a combination of static and dynamic program analysis that attempts to explore all available execution paths including libraries. We verified our approach by testing a large n...

Abstract: Combinatorial testing of software analyzes interactions among variables using a very small number of tests. This advanced approach has demonstrated success in providing strong, low-cost testing in real-world situations. Introduction to Combinatorial Testing presents a complete self-contain...

Conference: Seventh International Conference on Software Security and Reliability (SERE 2013) Abstract: Assessing security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and the software services. In many systems, the platform or the infrastructure on which the software will actually run may not be known or guaranteed. This implie...

Journal: Mathematical and Computer Modelling Abstract: This work describes the design and implementation of an auction system using secure multiparty computation techniques. Our aim is to produce a system that is practical under actual field constraints on computation, memory, and communication. The underlying protocol is privacy-preserving, that is, th...

Abstract: This ITL Bulletin for May 2013 announces the publication of NIST Special Publication 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Developed by the Joint Task Force Transformation Initiative Interagency Working Group, the publication is part of...

Abstract: This ITL Bulletin describes a new ITL publication, NISTIR 7511, Revision 3, Ssecurity Content Automation Protocol (SCAP) Version 1.2 Validation Program Test Requirements.

Journal: Journal of Cryptology Abstract: A new technique for combinational logic optimization is described. The technique is a two-step process. In the rst step, the non-linearity of a circuit { as measured by the number of non-linear gates it contains { is reduced. The second step reduces the number of gates in the linear components of th...

Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: Combinatorial testing has attracted a lot of attention from both industry and academia. A number of reports suggest that combinatorial testing can be effective for practical applications. However, there still seems to lack systematic, controlled studies on the effectiveness of combinatorial testing....

Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way combinations up to t <= n. This report desc...

Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: The input space of a system must be modeled before combinatorial testing can be applied to this system. The effectiveness of combinatorial testing to a large extent depends on the quality of the input space model. In this paper we introduce an input space modeling methodology for combinatorial testi...

Abstract: This ITL Bulletin describes the Cybersecurity Framework that NIST is developing to reduce cyber risks to our nation's critical infrastructure and announces the first Cybersecurity Framework Workshop.

Journal: Measurement Abstract: Software has become increasingly ubiquitous in tools and methods used for science, engineering, medicine, commerce, and human interactions. Extensive testing is required to assure that software works correctly. Combinatorial testing is a versatile methodology which is useful in a broad range of situ...

Conference: Seventh International Conference on Digital Society (ICDS 2013) Abstract: Virtualized hosts provide abstraction of the hardware resources (i.e., CPU, Memory etc) enabling multiple computing stacks to be run on a single physical machine. The Hypervisor is the core software that enables this virtualization and hence must be configured to ensure security robustness for the e...

Abstract: Proceedings of the Cybersecurity in Cyber-Physical Workshop, April 23 – 24, 2012, complete with abstracts and slides from presenters. Some of the cyber-physical systems covered during the first day of the workshop included networked automotive vehicles, networked medical devices, semi-conductor manu...

Abstract: This bulletin summarizes the information presented in NISTIR 7817, A Credential Reliability and Revocation Model for Federated Identities, written by Hildegard Ferraiolo. The publication analyzes the different types of digital credentials used in authenticating the identity of remote users of inform...

Conference: IEEE International Workshop on Information Forensics and Security 2012 (WIFS 2012) Abstract: Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them for forensic analysis. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for a...

Conference: Fifth International Workshop on Digital Forensics (WSDF 2012) Abstract: Attack graphs are used to compute potential attackpaths from a system configuration and known vulnerabilities of asystem. Attack graphs can be used to eliminate knownvulnerability sequences that can be eliminated to make attacksdifficult and help forensic examiners in identifying manypotential attac...

Journal: Cryptologia Abstract: This paper describes the changes between FIPS 180-3 and FIPS 180-4. FIPS 180-4 specifies two new secure cryptographic hash algorithms: SHA-512/224 and SHA-512/256; it also includes a method for determining initial value(s) for any future SHA-512-based hash algorithm(s). FIPS 180-4 also removes a req...

Abstract: A workshop was held on September 10-11, 2012 to discuss two documents that have been posted for public comment: SP 800-130 (A Framework for Designing Cryptographic Key Management Systems) and a table of proposed requirements for SP 800-152 (A Profile for U. S. Federal Cryptographic Key Management Sy...

Journal: International Journal of Biometrics Abstract: The paper discusses the current status of biometric standards development activities, with a focus on international standards developments. Published standards, as well as standards under development or planned for the near future, are addressed. The work of Joint Technical Committee 1 of ISO and IE...

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. The publication helps federal government organizations generate the cryptographic keys that are to be used with approved cryptographic algorithms to protect i...