U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 2001 through 2025 of 13539 matching records.
Publications Journal Article September 1, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/refining-the-in-parameter-order-strategy-for-constructing-coveri

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: Covering arrays are structures for well-representing extremely large input spaces and are used to efficiently implement blackbox testing for software and hardware. This paper proposes refinements over the In-Parameter-Order strategy (for arbitrary $t$). When constructing homogeneous-alphabet coverin...

Publications Conference Proceedings August 29, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/08/29/shortest-linear-straight-line-program-for-computing-linear-forms

Conference: 33rd International Symposium, MFCS 2008 Abstract: We study the complexity of the Shortest Linear Program (SLP) problem, which is to the number of linear operations necessary to compute a set of linear forms. SLP is shown to be NP-hard. Furthermore, a special case of the corresponding decision problem is shown to be Max SNP-Complete. Algorithms prod...

Publications NISTIR 7516 August 27, 2008
https://csrc.nist.rip/publications/detail/nistir/7516/final

Abstract: Phone managers are non-forensic software tools designed to carry out a range of tasks for the user, such as reading and updating the contents of a phone, using one or more of the communications protocols supported by the phone. Phone managers are sometimes used by forensic investigators to recover d...

Publications Conference Paper August 4, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/08/04/evidence-based-good-enough-and-open

Conference: Third Workshop on Security Metrics (Metricon 3.0) Abstract: One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enou...

Publications SP 800-60 Vol. 2 Rev. 1 August 1, 2008
https://csrc.nist.rip/publications/detail/sp/800-60/vol-2-rev-1/final

Abstract: Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by or on behalf of each agency based on the obj...

Publications SP 800-60 Vol. 1 Rev. 1 August 1, 2008
https://csrc.nist.rip/publications/detail/sp/800-60/vol-1-rev-1/final

Abstract: Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by or on behalf of each agency based on the obj...

Publications SP 800-123 July 25, 2008
https://csrc.nist.rip/publications/detail/sp/800-123/final

Abstract: The purpose of this document is to assist organizations in understanding the fundamental activities performed as part of securing and maintaining the security of servers that provide services over network communications as a main function. The document discusses the need to secure servers and provid...

Publications Conference Proceedings July 24, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/07/24/forensic-protocol-filtering-of-phone-managers

Conference: 2008 International Conference on Security and Management (SAM 2008) Abstract: Phone managers are non-forensic tools sometimes used by forensic investigators to recover data from a cell phone when no suitable forensic tool is available for the device. While precautions can be taken to preserve the integrity of data on a cell phone, inherent risks exist. Applying a forensic fil...

Publications ITL Bulletin July 23, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/07/guidelines-on-implementing-a-secure-sockets-layer-ssl-virtual-/final

Abstract: Secure Sockets Layer (SSL) Virtual Private Networks (VPNs) provide users with secure remote access to an organization's resources. An SSL VPN consists of one or more VPN devices to which users connect using their Web browsers. The traffic between the Web browser and SSL VPN device is encrypted with...

Publications Conference Proceedings July 21, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/07/21/web-services-security-techniques-and-challenges-extended-abstr

Conference: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security Abstract: Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web services a reality. This talk will present...

Publications Conference Proceedings July 16, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/07/16/an-attack-graph-based-probabilistic-security-metric

Conference: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security Abstract: In today's networked environments, protecting critical resources usually requires us to understand and measure the likelihood of multi-step attacks that combine different vulnerabilities for reaching the attack goal.  Such a measurement is now feasible due to a qualitative model of causal relationsh...

Publications SP 800-55 Rev. 1 July 16, 2008
https://csrc.nist.rip/publications/detail/sp/800-55/rev-1/final

Abstract: This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate...

Publications FIPS 198-1 July 16, 2008
https://csrc.nist.rip/publications/detail/fips/198/1/final

Abstract: This Standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared secret key.

Publications SP 800-113 July 1, 2008
https://csrc.nist.rip/publications/detail/sp/800-113/final

Abstract: Secure Sockets Layer (SSL) Virtual Private Networks (VPNs) provide users with secure remote access to an organization's resources. An SSL VPN consists of one or more VPN devices to which users connect using their Web browsers. The traffic between the Web browser and SSL VPN device is encrypted with...

Publications Conference Proceedings June 30, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/06/30/a-framework-for-measuring-the-vulnerability-of-hosts

Conference: 1st International Conference on Information Technology, 2008 (IT 2008) Abstract: This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually constructed models, and most approaches have examin...

Publications Conference Proceedings June 11, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/06/11/a-meta-model-for-access-control

Conference: 13th ACM Symposium on Access Control Models and Technologies (SACMAT '08) Abstract: Security policy enforcement is instrumental in preventing the unauthorized disclosure of sensitive data, protecting the integrity of vital data, mitigating the likelihood of fraud, and ultimately enabling the secure sharing of information. In accessing a given resource, policy may dictate, for examp...

Publications Conference Proceedings June 3, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/06/03/policy-specification-and-enforcement-for-smart-id-cards-deployme

Conference: IEEE Workshop on Policies for Distributed Systems and Networks (IEEE Policy 2008) Abstract: Deployment of Smart Cards for Identity Verification requires collection of credentials and provisioning of credentials from and to heterogeneous and sometimes legacy systems. To facilitate this process, a centralized identity store called Identity Management System (IDMS) is often used. To protect t...

Publications Journal Article June 2, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/automated-combinatorial-test-methods-beyond-pairwise-testing

Journal: Crosstalk (Hill AFB): the Journal of Defense Software Engineering Abstract: Pairwise testing has become a popular approach to software quality assurance because it often provides effective error detection at low cost. However, pairwise (2-way) coverage is not sufficient for assurance of mission-critical software. Combinatorial testing beyond pairwise is rarely used because...

Publications Journal Article June 1, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/practical-combinatorial-testing-beyond-pairwise

Journal: IT Professional Abstract: With new algorithms and tools, developers can apply high-strength combinatorial testing to detect elusive failures that occur only when multiple components interact. In pairwise testing, all possible pairs of parameter values are covered by at least one test, and good tools are available to generate...

Publications Journal Article May 30, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/internet-protocol-version-6-ipv6

Journal: IEEE Security & Privacy Abstract: Recognizing that the 32-bit addresses used by the current version of the Internet Protocol (IPv4) would soon be depleted, the Internet Engineering Task Force (IETF) has been developing its successor, Internet Protocol version 6 (IPv6). This has been a more complex undertaking than simply changing im...

Publications ITL Bulletin May 28, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/05/new-cryptographic-hash-algorithm-family-nist-holds-a-public-com/final

Abstract: This bulletin summarizes the information that was disseminated by the National Institute of Standards and Technology (NIST) in a November 2007 Federal Register Notice. NIST is soliciting candidates for a new and robust cryptographic hash algorithm for use by Federal government agencies in protecting...

Publications Journal Article May 20, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/a-new-hash-competition

Journal: IEEE Security & Privacy Abstract: Since the discovery of collision attacks against several well-known cryptographic hash functions in 2004, a rush of new cryptanalytic results cast doubt on the current hash function standards. The relatively new NIST SHA-2 standards aren't yet immediately threatened, but their long-term viability is...

Publications Journal Article April 28, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/tight-bounds-for-mult-complexity-of-symmetric-functions

Journal: Theoretical Computer Science Abstract: The multiplicative complexity of a Boolean function f is defined as the minimum number of binary conjunction (AND) gates required to construct a circuit representing f, when only exclusive-or, conjunction and negation gates may be used. This article explores in detail the multiplicative complexity o...

Publications ITL Bulletin April 24, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/04/using-active-content-and-mobile-code-and-safeguarding-the-securi/final

Abstract: This bulletin summarizes information disseminated in revised NIST Special Publication (SP) 800-28-2, Guidelines on Active Content and Mobile Code: Recommendations of the National Institute of Standards and Technology. Written by Wayne A. Jansen and Karen Scarfone of NIST and by Theodore Winograd of...

Publications Conference Proceedings April 19, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/04/19/infrastructure-system-design-methodology-for-smart-id-cards-depl

Conference: IADIS International Conference Information Systems Abstract: With the increasing use of smart cards for identity verification of individuals, it has become imperative for organizations to properly design and engineer the expensive infrastructure system that supports smart card deployment. Apart from sound system design principles, this class of system (which...

<< first   < previous   69     70     71     72     73     74     75     76     77     78     79     80     81     82     83     84     85     86     87     88     89     90     91     92     93  next >  last >>