U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 426 - 450 of 1509

Guidance for Improving LTE-based Mobile Communications Security

January 30, 2018
Author(s)
Jeffrey Cichonski, Joshua M. Franklin, Michael Bartock, Larry Feldman, Greg Witte
This bulletin summarizes the information found in NIST SP 800-187: Guide to LTE Securtiy, which serves as a guide to the fundamentals of how LTE networks operate and explores the LTE security architecture.

Security Recommendations for Hypervisor Deployment on Servers

January 23, 2018
Author(s)
Ramaswamy Chandramouli
The Hypervisor is a collection of software modules that provides virtualization of hardware resources (such as CPU/GPU, Memory, Network and Storage) and thus enables multiple computing stacks (basically made of an OS and Application programs) called

Domain Name System-Based Electronic Mail Security

January 15, 2018
Author(s)
Scott W. Rose, Karen M. Waltermire, Santos Jha, Chinedum Irrechukwu, William C. Barker
This document describes a security platform for trustworthy email exchanges across organizational boundaries. The project includes reliable authentication of mail servers, digital signature and encryption of email, and binding cryptographic key

Bad security metrics: the problem and its solution

January 4, 2018
Author(s)
David W. Flater
It is generally acknowledged that few security metrics have the level of predictive validity that their uses require, but neither the nature of the problem nor the steps needed to avoid it have been fully characterized. This article examines both questions

Internet of Things (IoT) Cybersecurity Colloquium

December 22, 2017
Author(s)
Benjamin M. Piccarreta, Katerina N. Megas, Danna G. O'Rourke
This report provides an overview of the topics discussed at the “Internet of Things (IoT) Cybersecurity Colloquium” hosted on NIST’s campus in Gaithersburg, Maryland on October 19, 2017. It summarizes key takeaways from the presentations and discussions

A Layered Graphical Model for Mission Attack Impact Analysis

December 21, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
In this paper, we describe a layered graphical model to analyze the mission impacts of attacks for forensic investigation. Our model has three layers: the upper layer models operational tasks and their dependencies; the middle layer reconstructs attack

Guide to LTE Security

December 21, 2017
Author(s)
Jeffrey A. Cichonski, Joshua M. Franklin, Michael J. Bartock
Cellular technology plays an increasingly large role in society as it has become the primary portal to the internet for a large segment of the population. One of the main drivers making this change possible is the deployment of 4th generation (4G) Long

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations [including updates as of 11-28-2017]

November 28, 2017
Author(s)
Ronald S. Ross, Patrick Viscuso, Gary Guissanie, Kelley L. Dempsey, Mark Riddle
[Superseded by SP 800-171 Rev. 1 (December 2016, updated 02/20/2018): https://doi.org/10.6028/NIST.SP.800-171r1] The protection of Controlled Unclassified Information (CUI) while residing in nonfederal information systems and organizations is of paramount

SARD: Thousands of Reference Programs for Software Assurance

October 31, 2017
Author(s)
Paul E. Black
A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of

Towards Probabilistic Identification of Zero-day Attack Paths

October 24, 2017
Author(s)
Xiaoyan Sun, Dai Jun, Peng Liu, Anoop Singhal, John Yen
Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi- step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero

2016 NIST/ITL Cybersecurity Program: Annual Report

October 23, 2017
Author(s)
Patrick D. O'Reilly, Kristina G. Rigopoulos, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NSRL Kaspersky dataset documentation

October 23, 2017
Author(s)
Alexander J. Nelson
The National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) has created curated releases of the Reference Data Set (RDS) consisting of hashes of Kaspersky products. This is in response to the DHS directive on

Cloud Security Automation Framework

October 12, 2017
Author(s)
Cihan Tunc, Salim hariri, Mheni Merzouki, Charif Mahmoudi, Frederic J. de Vaulx, Jaafar Chbili, Robert B. Bohn, Abdella Battou
Cloud services have gained tremendous attention as a utility paradigm and have been deployed extensively across a wide range of fields. However, Cloud security is not catching up to the fast adoption of its services and remains one of the biggest

Organizational Practices in Cryptographic Development and Testing

October 9, 2017
Author(s)
Julie Haney, Simson L. Garfinkel, Mary Theofanos
Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017
Author(s)
Peter M. Mell, John M. Kelsey, James Shook
Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

Towards Detecting Data Integrity Attacks in Smart Grid

October 6, 2017
Author(s)
Linqiang Ge, Wei Yu, Paul Moulema, Guobin Xu, David W. Griffith, Nada T. Golmie
An effective operation of the smart grid relies on the integration of sensing, computing, and communication. Attempting to disrupt the system, an adversary may launch cyber-attacks against the smart grid by compromising components, including meters

Alexa, Can I Trust You?

September 29, 2017
Author(s)
Judy Chung, Michaela Iorga, Jeff Voas, Sangjin Lee
Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these

Identifying Evidence for Implementing a Cloud Forensic Analysis Framework

September 28, 2017
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Cloud computing provides several benefits to organizations such as increased flexibility, scalability and reduced cost. However, it provides several challenges for digital forensics and criminal investigation. Some of these challenges are the dependence of
Was this page helpful?