U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Search CSRC

Use this form to search content on CSRC pages.

For a phrase search, use " "


Limit results to content tagged with of the following topics:
Showing 2026 through 2050 of 13602 matching records.
Publications Conference Proceedings June 11, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/06/11/a-meta-model-for-access-control

Conference: 13th ACM Symposium on Access Control Models and Technologies (SACMAT '08) Abstract: Security policy enforcement is instrumental in preventing the unauthorized disclosure of sensitive data, protecting the integrity of vital data, mitigating the likelihood of fraud, and ultimately enabling the secure sharing of information. In accessing a given resource, policy may dictate, for examp...

Publications Conference Proceedings June 3, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/06/03/policy-specification-and-enforcement-for-smart-id-cards-deployme

Conference: IEEE Workshop on Policies for Distributed Systems and Networks (IEEE Policy 2008) Abstract: Deployment of Smart Cards for Identity Verification requires collection of credentials and provisioning of credentials from and to heterogeneous and sometimes legacy systems. To facilitate this process, a centralized identity store called Identity Management System (IDMS) is often used. To protect t...

Publications Journal Article June 2, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/automated-combinatorial-test-methods-beyond-pairwise-testing

Journal: Crosstalk (Hill AFB): the Journal of Defense Software Engineering Abstract: Pairwise testing has become a popular approach to software quality assurance because it often provides effective error detection at low cost. However, pairwise (2-way) coverage is not sufficient for assurance of mission-critical software. Combinatorial testing beyond pairwise is rarely used because...

Publications Journal Article June 1, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/practical-combinatorial-testing-beyond-pairwise

Journal: IT Professional Abstract: With new algorithms and tools, developers can apply high-strength combinatorial testing to detect elusive failures that occur only when multiple components interact. In pairwise testing, all possible pairs of parameter values are covered by at least one test, and good tools are available to generate...

Publications Journal Article May 30, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/internet-protocol-version-6-ipv6

Journal: IEEE Security & Privacy Abstract: Recognizing that the 32-bit addresses used by the current version of the Internet Protocol (IPv4) would soon be depleted, the Internet Engineering Task Force (IETF) has been developing its successor, Internet Protocol version 6 (IPv6). This has been a more complex undertaking than simply changing im...

Publications ITL Bulletin May 28, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/05/new-cryptographic-hash-algorithm-family-nist-holds-a-public-com/final

Abstract: This bulletin summarizes the information that was disseminated by the National Institute of Standards and Technology (NIST) in a November 2007 Federal Register Notice. NIST is soliciting candidates for a new and robust cryptographic hash algorithm for use by Federal government agencies in protecting...

Publications Journal Article May 20, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/a-new-hash-competition

Journal: IEEE Security & Privacy Abstract: Since the discovery of collision attacks against several well-known cryptographic hash functions in 2004, a rush of new cryptanalytic results cast doubt on the current hash function standards. The relatively new NIST SHA-2 standards aren't yet immediately threatened, but their long-term viability is...

Publications Journal Article April 28, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/tight-bounds-for-mult-complexity-of-symmetric-functions

Journal: Theoretical Computer Science Abstract: The multiplicative complexity of a Boolean function f is defined as the minimum number of binary conjunction (AND) gates required to construct a circuit representing f, when only exclusive-or, conjunction and negation gates may be used. This article explores in detail the multiplicative complexity o...

Publications ITL Bulletin April 24, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/04/using-active-content-and-mobile-code-and-safeguarding-the-securi/final

Abstract: This bulletin summarizes information disseminated in revised NIST Special Publication (SP) 800-28-2, Guidelines on Active Content and Mobile Code: Recommendations of the National Institute of Standards and Technology. Written by Wayne A. Jansen and Karen Scarfone of NIST and by Theodore Winograd of...

Publications Conference Proceedings April 19, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/04/19/infrastructure-system-design-methodology-for-smart-id-cards-depl

Conference: IADIS International Conference Information Systems Abstract: With the increasing use of smart cards for identity verification of individuals, it has become imperative for organizations to properly design and engineer the expensive infrastructure system that supports smart card deployment. Apart from sound system design principles, this class of system (which...

Publications Conference Proceedings April 17, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/04/17/second-preimage-attacks-on-dithered-hash-functions

Conference: 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT 2008) Abstract: We develop a new generic long-message second preimage attack, based on combining the techniques in the second preimage attacks of Dean and Kelsey and Schneier with the herding attack of Kelsey and Kohno. We show that these generic attacks apply to hash functions using the Merkle-Damgard construction...

Publications Conference Proceedings April 17, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/04/17/linear-xor-and-additive-checksums-don't-protect-damgard-merkle-h

Conference: The Cryptographers’ Track at the RSA Conference 2008 Abstract: We consider the security of Damgard-Merkle variants which compute linear-XOR or additive checksums over message blocks, intermediate hash values, or both, and process these checksums in computing the final hash value.  We show that these Damgard-Merkle variants gain almost no security against generi...

Publications Journal Article April 2, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/implementing-interactive-analysis-of-attack-graphs-using-rdbs

Journal: Journal of Computer Security Abstract: An attack graph models the causal relationships between vulnerabilities. Attack graphs have important applications in protecting critical resources in networks against sophisticated multi-step intrusions. Currently, analyses of attack graphs largely depend on proprietary implementations of specializ...

Publications NISTIR 7442 April 1, 2008
https://csrc.nist.rip/publications/detail/nistir/7442/final

Abstract: Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The prim...

Publications Journal Article March 27, 2008
https://csrc.nist.rip/publications/detail/journal-article/2008/two-tier-bloom-filter-to-achieve-faster-membership-testing

Journal: Electronics Letters Abstract: Testing for element membership in a Bloom Filter requires hashing of a test element (e.g., a string) and multiple look-ups in memory. A design of a new two-tier Bloom filter with on-chip hash functions and cache is described. For elements with a heavy-tailed distribution for popularity, membership t...

Publications SP 800-28 Version 2 March 7, 2008
https://csrc.nist.rip/publications/detail/sp/800-28/version-2/final

Abstract: Active content technologies allow code, in the form of a script, macro, or other kind of portable instruction representation, to execute when the document is rendered. Like any technology, active content can be used to deliver essential services, but it can also become a source of vulnerability for...

Publications ITL Bulletin February 27, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/02/federal-desktop-core-configuration-fdcc-improving-security-fo/final

Abstract: The Federal Desktop Core Configuration (FDCC) was jointly developed by the National Institute of Standards and Technology (NIST), the Department of Defense (DOD), and the Department of Homeland Security (DHS) to help Federal organizations improve their information security and reduce the information...

Publications ITL Bulletin January 31, 2008
https://csrc.nist.rip/publications/detail/itl-bulletin/2008/01/secure-web-servers-protecting-web-sites-that-are-accessed-by-the/final

Abstract: This bulletin summarizes the contents of NIST Special Publication 800-44, Version 2, Guidelines on Securing Public Web Servers. The publication details the steps that organizations should take to plan, install, and maintain secure Web server software and their underlying operating systems. The bulle...

Publications Conference Proceedings January 16, 2008
https://csrc.nist.rip/publications/detail/conference-paper/2008/01/16/overcoming-impediments-to-cell-phone-forensics

Conference: 41st Hawaii International Conference on System Sciences (HICSS) Abstract: Cell phones are an emerging but rapidly growing area of computer forensics. While cell phones are becoming more like desktop computers functionally, their organization and operation are quite different in certain areas. For example, most cell phones do not contain a hard drive and rely instead on fl...

Publications NISTIR 7275 Rev. 3 January 1, 2008
https://csrc.nist.rip/publications/detail/nistir/7275/rev-3/final

Abstract: This report specifies the data model and Extensible Markup Language (XML) representation for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specifi...

Publications Journal Article December 12, 2007
https://csrc.nist.rip/publications/detail/journal-article/2007/rbac-standard-rationale-comments-on-"a-critique-of-the-ansi-sta

Journal: IEEE Security & Privacy Abstract: [This is a response to comments on INCITS Standard 359-2004, Role Based Access Control. For original paper see Ninghui Li et al., IEEE Security & Privacy, vol. 5, no. 6, p.41, (2007).]

Publications NISTIR 7452 November 30, 2007
https://csrc.nist.rip/publications/detail/nistir/7452/final

Abstract: FIPS 201, "Personal Identity Verification (PIV) of Federal Employees and Contractors," and its associated special publications define a method to perform biometric match-off-card authentication of a PIV cardholder when the PIV card is inserted into a contact smart card reader. Today, many smart card...

Publications Journal Article November 29, 2007
https://csrc.nist.rip/publications/detail/journal-article/2007/ipog/ipod-efficient-test-generation-for-multi-way-combinatorial

Journal: Software Testing, Verification, and Reliability Abstract: We present two strategies for multi-way testing (i.e., t-way testing with t > 2). The first strategy generalizes an existing strategy, called In-Parameter-Order, from pairwise testing to multi-way testing. This strategy requires all t-way combinations to be explicitly enumerated. When the number of...

Publications SP 800-38D November 28, 2007
https://csrc.nist.rip/publications/detail/sp/800-38d/final

Abstract: This Recommendation specifies the Galois/Counter Mode (GCM), an algorithm for authenticated encryption with associated data, and its specialization, GMAC, for generating a message authentication code (MAC) on data that is not encrypted. GCM and GMAC are modes of operation for an underlying approved...

Publications ITL Bulletin November 26, 2007
https://csrc.nist.rip/publications/detail/itl-bulletin/2007/11/using-storage-encryption-technologies-to-protect-end-user-device/final

Abstract: This bulletin summarizes the guidance developed by NIST and published in SP 800-111 to help organizations secure their end user devices, and deter unauthorized parties from accessing the stored information. The bulletin explains three classes of storage encryption techniques (full disk encryption, v...

<< first   < previous   70     71     72     73     74     75     76     77     78     79     80     81     82     83     84     85     86     87     88     89     90     91     92     93     94  next >  last >>