Search CSRC

Conference: 2008 IEEE/IFIP International Symposium on Trust, Security and Privacy for Pervasive Applications (TSP-08) Abstract: To formally and precisely capture the security properties that access control should adhere to, access control models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a new general approach for property verification for acces...

In: Identity & Policy: a Common Platform for a Pervasive Policy Paradigm (2008) Abstract: The primary motivation behind formulation of any privacy policy (policy in the context of this chapter refers to technical policies defined, specified and enforced within the relevant information systems) is to restrict the disclosure of identity of an individual (in certain locations, events or tra...

Abstract: This report contains the results of NIST s research into technologies to improve the voting process for United States citizens living overseas. It splits the overseas voting process into three stages: voter registration and ballot request, blank ballot delivery, and voted ballot return. For each sta...

In: Identity & Policy: a Common Platform for a Pervasive Policy Paradigm (2008) Abstract: In this chapter, we describe an authorization policy validation framework. Authorization (or access control) policies, just like device policies and privacy policies, are an important class of policies for safeguarding enterprise resources. Specifically, authorization policies provide confidentialit...

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by...

Conference: 9th International Conference on Cryptology in India (INDOCRYPT 2008) Abstract: Online ciphers are those ciphers whose ciphertexts can be computed in an online manner. HCBC1 and HCBC2 are two known examples of Hash Cipher Block Chaining online ciphers. HCBC1 is secure against chosen plaintext adversary (or called CPA-secure) whereas HCBC2 is secure against chosen ciphertext adv...

Conference: 4th International ICST Conference on Wireless Interet (WICON 2008) Abstract: In this paper, we discuss key management challenges for seamless handovers across heterogeneous wireless networks. We focus on fast access authentication protocols that allow expedited network entry by utilizing existing keying material from previous access authentications. For a seamless handover,...

Conference: 2008 International Computer Symposium (ICS 2008) Abstract: The availability of global, pervasive information relies on seamless access to federated resources through sharing and trust between the participating members. However, most of the current architectures for federation networks are designed based on a centralized authorization management schema that...

Conference: 4th ACM Workshop on Quality of Protection (QoP'08) Abstract: The best-known vulnerability scoring standard, the Common Vulnerability Scoring System (CVSS), is designed to quantify the severity of security-related software flaw vulnerabilities. This paper describes our efforts to determine if CVSS could be adapted for use with a different type of vulnerability...

Abstract: Special Publication 800-66 Rev. 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security...

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-123, Guide to General Server Security: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Wayne Jansen of NIST and by Miles Tracy of Federal Reserve Info...

In: Encyclopaedia Britannica Online (2009) Abstract: Definition of electronic voting. General discussion of issues related to the deployment of this technology in different countries.

Abstract: The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical info...

Abstract: This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on devel...

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: Covering arrays are structures for well-representing extremely large input spaces and are used to efficiently implement blackbox testing for software and hardware. This paper proposes refinements over the In-Parameter-Order strategy (for arbitrary $t$). When constructing homogeneous-alphabet coverin...

Conference: 33rd International Symposium, MFCS 2008 Abstract: We study the complexity of the Shortest Linear Program (SLP) problem, which is to the number of linear operations necessary to compute a set of linear forms. SLP is shown to be NP-hard. Furthermore, a special case of the corresponding decision problem is shown to be Max SNP-Complete. Algorithms prod...

Abstract: Phone managers are non-forensic software tools designed to carry out a range of tasks for the user, such as reading and updating the contents of a phone, using one or more of the communications protocols supported by the phone. Phone managers are sometimes used by forensic investigators to recover d...

Conference: Third Workshop on Security Metrics (Metricon 3.0) Abstract: One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enou...

Abstract: Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by or on behalf of each agency based on the obj...

Abstract: Title III of the E-Government Act, titled the Federal Information Security Management Act (FISMA) of 2002, tasked NIST to develop (1) standards to be used by all Federal agencies to categorize information and information systems collected or maintained by or on behalf of each agency based on the obj...

Abstract: The purpose of this document is to assist organizations in understanding the fundamental activities performed as part of securing and maintaining the security of servers that provide services over network communications as a main function. The document discusses the need to secure servers and provid...

Conference: 2008 International Conference on Security and Management (SAM 2008) Abstract: Phone managers are non-forensic tools sometimes used by forensic investigators to recover data from a cell phone when no suitable forensic tool is available for the device. While precautions can be taken to preserve the integrity of data on a cell phone, inherent risks exist. Applying a forensic fil...

Abstract: Secure Sockets Layer (SSL) Virtual Private Networks (VPNs) provide users with secure remote access to an organization's resources. An SSL VPN consists of one or more VPN devices to which users connect using their Web browsers. The traffic between the Web browser and SSL VPN device is encrypted with...

Conference: 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security Abstract: Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web services a reality. This talk will present...

Abstract: This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate...