Search CSRC

Conference: 15th National Computer Security Conference Abstract: The Proceedings of the 15th National Computer Security Conference, "Information Systems Security: Building Blocks to the Future," held October 13-16, 1992 in Baltimore, Maryland. It includes refereed papers and panel summaries from the conference (listed on pp. iv-x of Vol. 1). Pages xi-xii of...

Conference: 15th National Computer Security Conference (NCSC) Abstract: While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of a...

Conference: Seventh Annual Conference on Computer Assurance Abstract: This study examines standards, draft standards, and guidelines that provide requirements for the assurance of high-integrity software. It focuses on identifying the attributes necessary in such documents for providing reasonable assurance for high-integrity software, and on identifying the relative...

Conference: Ninth Annual Pacific Northwest Software Quality Conference Abstract: This paper provides information about the National Institute of Standards and Technology (NIST) effort to produce a comprehensive set of standards and guidelines for the assurance of high integrity software. In particular, the paper presents the results of a Workshop on the Assurance of High Integri...

Conference: 14th National Computer Security Conference Abstract: The Proceedings of the 14th National Computer Security Conference, "Information Systems Security: Requirements & Practices," held October 1-4, 1991 in Washington, D.C. It includes refereed papers and panel summaries from the conference (listed on pp. iv-ix of Vol. 1).

In: The Analysis, Communication, and Perception of Risk Abstract: For the past few years, the National Institute of Standards and Technology (NIST; formerly the National Bureau of Standards) and the National Security Agency (NSA) have been jointly developing a framework for computer security risk management. The need for this framework became increasingly apparent...

Conference: 13th National Computer Security Conference Abstract: The Proceedings of the 13th National Computer Security Conference, "Information Systems Security: Standards--the Key to the Future," held October 1-4, 1990 in Washington, D.C. It includes refereed papers and panel summaries from the conference (listed on pp. iv-xi of Vol. 1).

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: The National Computer Systems Laboratory (NCSL) of the National Institute of Standards and Technology (NIST) and the National Computer Security Center (NCSC) of the Department of Defense (DoD) co-sponsored the Twelfth National Computer Security Conference held in Baltimore, Maryland on October 10-13...

Conference: 12th National Computer Security Conference Abstract: The Proceedings of the 12th National Computer Security Conference, "Information Systems Security: Solutions for Today--Concepts for Tomorrow," held October 10-13, 1989 in Baltimore, Maryland. It includes refereed papers and panel summaries from the conference (listed on pp. ii-ix).

Conference: 12th National Computer Security Conference (NCSC) Abstract: This paper describes a Token Based Access Control System (TBACS) developed by the Security Technology Group of the National Institute of Standards and Technology (NIST). TBACS replaces traditional password based access control systems which have often failed to prevent logins by unauthorized parties...

Journal: Software Engineering Journal Abstract: The paper describes a method for providing improved prototyping capabilities in a process control system emulation tool. The tool, the NIST Hierarchical Control System Emulator, allows concurrent execution of modules emulating both physical processes and decision processes. The concurrent modules ar...

Journal: Journal of Research of the National Institute of Standards and Technology Abstract: The National Computer Systems Laboratory (NCSL) and the National Computer Security Center (NCSC) of the Department of Defense co-sponsored the Eleventh National Computer Security Conference held in Baltimore, Maryland on October 17-20, 1988. More than 1600 attendees from government, industry, and ac...

Conference: 11th National Computer Security Conference Abstract: The Proceedings of the 11th National Computer Security Conference, "Computer Security...Into the Future," held October 10-17, 1988, in Baltimore, Maryland. It includes refereed papers and panel summaries from the conference (listed on pp. ii-vii of Vol. 1).

Conference: 11th National Computer Security Conference Abstract: This paper describes a suite of tools used in evaluating software for security certification. The tools are currently being used on software for secure Electronic Funds Transfer, but could be applied to other applications as well.

Journal: Communications of the ACM Abstract: The following excerpts have been gleaned from a 130-page report of potential inaccuracies and fraud in computerized voting systems. Recent difficulties in automated vote-tallying, including specific legal cases, are detailed along with a summary of conclusions and recommendations.

Abstract: Passwords are often used to authenticate a system user's identity and to grant or deny access to data. The National Bureau of Standards' recently published Password Usage Standard outlines effective password implementation and control rules. Using this standard as a guide, the EDP auditor can assess...

Journal: Proceedings of the IEEE Abstract: The authors examine the past and future of the Data Encryption Standard (DES), which is the first, and to the present date, only, publicly available cryptographic algorithm that has been endorsed by the US government of the standard during the early 1970s, the controversy regarding the proposed stan...

Conference: 10th National Computer Security Conference Abstract: The Proceedings of the 10th National Computer Security Conference, "Computer Security...from principles to practices.," held September 21-24, 1987, in Baltimore, Maryland. It includes refereed papers and panel summaries from the conference (listed on pp. ii-vii).

Conference: 9th National Computer Security Conference Abstract: The Proceedings of the 9th National Computer Security Conference, "Computer Security--for today...and for tomorrow," held September 15-18, 1986, in Baltimore, Maryland. It includes refereed papers and panel summaries from the conference (listed on pp. ii-iv of Vol. 1).

Abstract: The Rainbow Series of Department of Defense standards is outdated, out of print, and provided here for historical purposes ONLY. The following is only a partial list--a more complete collection is available from the Federation of American Scientists: DoD 5200.28-STD "Orange Book", ...

Conference: 8th National Computer Security Conference Abstract: The Proceedings of the 8th National Computer Security Conference, held September 30-October 3, 1985, in Gaithersburg, Maryland.

Conference: 7th DoD/NBS Computer Security Conference Abstract: The Proceedings of the 7th DoD/NBS Computer Security Conference, held September 24-26, 1984, in Gaithersburg, Maryland. [The following year, this was renamed the "National Computer Security Conference."]

Conference: 6th Seminar on the DoD Computer Security Initiative Abstract: The Proceedings of the 6th Seminar of the DoD Computer Security Initiative, held November 15-17, 1983, in Gaithersburg, Maryland.

Journal: Computers & Security Abstract: The progress in computer security in the last ten years is reviewed by the authors of the “Executive Guide for Computer Security.” This Guide was based on the results of a Workshop on Controlled Accessibility held ten years ago in December 1972.

Conference: 5th Seminar on the DoD Computer Security Initiative Abstract: The Proceedings of the Fifth Seminar of the DoD Computer Security Initiative, held Mary 24-26, 1982, in Gaithersburg, Maryland. [This seminar later became the National Computer Security Conference, in 1985.]