U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 1851 through 1875 of 13539 matching records.
Publications NISTIR 7697 August 19, 2011
https://csrc.nist.rip/publications/detail/nistir/7697/final

Abstract: This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. An individual CPE dictionary is a repository...

Publications NISTIR 7698 August 19, 2011
https://csrc.nist.rip/publications/detail/nistir/7698/final

Abstract: This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE Applicability L...

Publications NISTIR 7695 August 19, 2011
https://csrc.nist.rip/publications/detail/nistir/7695/final

Abstract: This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE Naming specification defines the logical stru...

Publications Conference Proceedings August 18, 2011
https://csrc.nist.rip/publications/detail/conference-paper/2011/08/18/an-empirical-study-of-a-vulnerability-metric-aggregation-method

Conference: 2011 International Conference on Security & Management (SAM 2011), WORLDCOMP'11 Abstract: Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating such metrics. We developed a quantitative mode...

Publications NISTIR 7788 August 1, 2011
https://csrc.nist.rip/publications/detail/nistir/7788/final

Abstract: Today’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities. To more accurately assess the security of...

Publications Journal Article July 21, 2011
https://csrc.nist.rip/publications/detail/journal-article/2011/vetting-mobile-apps

Journal: IT Professional Abstract: Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat of these vulnerabilities could be far great...

Publications Conference Proceedings July 21, 2011
https://csrc.nist.rip/publications/detail/conference-paper/2011/07/21/a-public-randomness-service

Conference: International Conference on Security and Cryptography (SECRYPT 2011) Abstract: We argue that it is time to design, implement, and deploy a trusted public randomness server on the Internet. NIST plans to deploy a prototype during 2011. We discuss some of the engineering choices that have been made as well as some of the issues currently under discussion.

Publications Conference Proceedings July 19, 2011
https://csrc.nist.rip/publications/detail/conference-paper/2011/07/19/cloud-service-feature-driven-security-policies-for-virtualized-i

Conference: World Multi-Conference on Systemics, Cybernetics and Informatics 2011 (WMSCI 2011) Abstract: With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of each cloud service configuration is coming i...

Publications Conference Proceedings July 14, 2011
https://csrc.nist.rip/publications/detail/conference-paper/2011/07/14/on-the-security-of-hash-functions-employing-blockcipher-postproc

Conference: Fast Software Encryption 2011 (FSE 2011) Abstract: Analyzing desired generic properties of hash functions is an important current area in cryptography. For example, in Eurocrypt 2009, Dodis, Ristenpart and Shrimpton introduced the elegant notion of "Preimage Awareness" (PrA) of a hash function H^P , and they showed that a PrA hash function followed...

Publications NISTIR 7815 July 1, 2011
https://csrc.nist.rip/publications/detail/nistir/7815/final

Abstract: The Access Control for SAR Systems (ACSS) project focused on developing a prototype privilege management system used to express and enforce policies for controlling access to Suspicious Activity Report (SAR) data within the law enforcement domain. This report details the work conducted for the ACSS...

Publications ITL Bulletin June 28, 2011
https://csrc.nist.rip/publications/detail/itl-bulletin/2011/06/guidelines-for-protecting-bios-firmware/final

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-147, BIOS Protection Guidelines: Recommendations of the National Institute of Standards and Technology. The publication was written by David Cooper, William Polk, Andrew Regenscheid, and Murugiah Souppaya of NIST...

Publications NISTIR 7791 June 22, 2011
https://csrc.nist.rip/publications/detail/nistir/7791/final

Abstract: The Computer Security Division of NIST/ITL supports the development of biometric conformance testing methodology standards and other conformity assessment efforts through active technical participation in the development of these standards and the associated conformance test architectures and test s...

Publications NISTIR 7694 June 21, 2011
https://csrc.nist.rip/publications/detail/nistir/7694/final

Abstract: This specification describes the Asset Reporting Format (ARF), a data model for expressing the transport format of information about assets and the relationships between assets and reports. The standardized data model facilitates the reporting, correlating, and fusing of asset information throughout...

Publications White Paper June 17, 2011
https://csrc.nist.rip/publications/detail/white-paper/2011/06/17/a-depth-16-circuit-for-the-aes-s-box/final

Abstract: New techniques for reducing the depth of circuits for cryptographic applications are described and applied to the AES S-box. These techniques also keep the number of gates quite small. The result, when applied to the AES S-box, is a circuit with depth 16 and only 128 gates. For the inverse, it is al...

Publications NISTIR 7693 June 17, 2011
https://csrc.nist.rip/publications/detail/nistir/7693/final

Abstract: Asset identification plays an important role in an organization?s ability to quickly correlate different sets of information about assets. This specification provides the necessary constructs to uniquely identify assets based on known identifiers and/or known information about the assets. This speci...

Publications Conference Proceedings June 13, 2011
https://csrc.nist.rip/publications/detail/conference-paper/2011/06/13/division-polynomials-for-jacobi-quartic-curves

Conference: 36th International Symposium on Symbolic and Algebraic Computation (ISSAC '11) Abstract: In this paper we find division polynomials for Jacobi quartics. These curves are an alternate model for elliptic curves to the more common Weierstrass equation. Division polynomials for Weierstrass curves are well known, and the division polynomials we find are analogues for Jacobi quartics. Using t...

Publications NISTIR 7751 May 31, 2011
https://csrc.nist.rip/publications/detail/nistir/7751/final

Abstract: This annual report covers the work conducted within the National Institute of Standards and Technology's Computer Security Division during Fiscal Year 2010. It discusses all projects and programs within the Division, staff highlights, and publications.

Publications ITL Bulletin May 25, 2011
https://csrc.nist.rip/publications/detail/itl-bulletin/2011/05/using-security-configuration-checklists-and-the-national-checkli/final

Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-70 Rev. 2, National Checklist Program for IT Products—Guidelines for Checklist Users and Developers: Recommendations of the National Institute of Standards and Technology. The publication was written by Stephen D...

Publications Journal Article May 2, 2011
https://csrc.nist.rip/publications/detail/journal-article/2011/encryption-basics

Journal: Journal of AHIMA Abstract: Healthcare and health information technology professionals are entrusted with patient data which, because of its personal nature, requires protection to ensure its confidentiality. To provide this protection, these professionals frequently look to commonly accepted technologies and methodologies to...

Publications SP 800-147 April 29, 2011
https://csrc.nist.rip/publications/detail/sp/800-147/final

Abstract: This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position wit...

Publications ITL Bulletin April 25, 2011
https://csrc.nist.rip/publications/detail/itl-bulletin/2011/04/full-virtualization-technologies-guidelines-for-secure-implemen/final

Abstract: This bulletin summarizes the information presented in NIST SP 800-125, Guide To Security for Full Virtualization Technologies: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone of G2, Inc., Murugiah Souppaya of NIST, and Paul Hoffman of the VP...

Publications Journal Article April 7, 2011
https://csrc.nist.rip/publications/detail/journal-article/2011/a-survey-of-binary-covering-arrays

Journal: Electronic Journal of Combinatorics Abstract: Two-valued covering arrays of strength t are 0--1 matrices having the property that for each t columns and each of the possible 2t sequences of t 0's and 1's, there exists a row having that sequence in that set of t columns. Covering arrays are an important tool in certain applications, for example,...

Publications NISTIR 7692 April 7, 2011
https://csrc.nist.rip/publications/detail/nistir/7692/final

Abstract: This report defines version 2.0 of the Open Checklist Interactive Language (OCIL). The intent of OCIL is to provide a standardized basis for expressing questionnaires and related information, such as answers to questions and final questionnaire results, so that the questionnaires can use a standardi...

Publications Journal Article April 4, 2011
https://csrc.nist.rip/publications/detail/journal-article/2011/research-directions-in-security-metrics

Journal: Journal of Information System Security Abstract: More than 100 years ago, Lord Kelvin observed that measurement is vital to deep knowledge and understanding in physical science. During the last few decades, researchers have made various attempts to develop measures and systems of measurement for computer security with varying degrees of success. T...

Publications Journal Article April 1, 2011
https://csrc.nist.rip/publications/detail/journal-article/2011/the-policy-machine-a-novel-architecture-and-framework-for-acces

Journal: Journal of Systems Architecture Abstract: The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practi...

<< first   < previous   63     64     65     66     67     68     69     70     71     72     73     74     75     76     77     78     79     80     81     82     83     84     85     86     87  next >  last >>