U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 501 - 525 of 1509

Survey and New Directions for Physics-Based Attack Detection in Control Systems

November 21, 2016
Author(s)
David Urbina, Jairo Giraldo, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Niles O. Tippenhauer, Justin Ruths, Rick Candell, Heinrik Sandberg
Monitoring the "physics" of control systems to detect attacks is a growing area of research. In its basic form a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements

Small Business Information Security: The Fundamentals

November 3, 2016
Author(s)
Patricia R. Toth, Celia Paulsen
NIST developed this NISTIR as a reference guideline for small businesses. This document is intended to present the fundamentals of a small business information security program in non-technical language.

Defeating Buffer Overflow: One of the Most Trivial and Dangerous Bugs of All!

October 31, 2016
Author(s)
Paul E. Black, Irena Bojanova
The C programming language was invented over 40 years ago. It is infamous for buffer overflows. We have learned a lot about computer science, language design, and software engineering since then. As it is unlikely that we will stop using C any time soon

Limiting The Impact of Stealthy Attacks on Industrial Control Systems

October 28, 2016
Author(s)
David Urbina, Alvaro Cardenas, Niles O. Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Rick Candell, Heinrik Sandberg
While attacks on information systems have for most practical purposes binary outcomes information was manipulated/eavesdropped, or not), attacks manipulating the sensor or control signals of Industrial Control Systems (ICS) can be tuned by the attacker to

Secure and usable enterprise authentication: Lessons from the Field

October 26, 2016
Author(s)
Mary F. Theofanos, Simson L. Garfinkel, Yee-Yin Choong
There are now more than 5.4 million Personal Identity Verification (PIV) and Common Access Card (CAC) identity cards deployed to US government employees and contractors. These cards are widely used to gain physical access to federal facilities, but their

Making Email Trustworthy

October 24, 2016
Author(s)
Scott W. Rose, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-177: Trustworthy Email. This publication gives recommendations and guidelines for enhancing trust in email. This guideline applies to federal IT systems and will also be useful for any small

The Bugs Framework (BF): A Structured Approach to Express Bugs

October 13, 2016
Author(s)
Irena Bojanova, Paul E. Black, Yaacov Yesha, Yan Wu
To achieve higher levels of assurance for digital systems, we need to answer questions such as, does this software have bugs of these critical classes? Do these two tools generally find the same set of bugs, or different, complimentary sets? Can we

Guide to Cyber Threat Information Sharing

October 4, 2016
Author(s)
Christopher S. Johnson, Mark L. Badger, David A. Waltermire, Julie Snyder, Clem Skorupka
Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors

Security Fatigue

October 1, 2016
Author(s)
Brian C. Stanton, Sandra S. Prettyman, Mary F. Theofanos, Susanne M. Furman

Mostly sunny with a chance of cyber

September 22, 2016
Author(s)
David W. Flater
Counting known vulnerabilities and correlating different factors with the vulnerability track records of software products after the fact is obviously feasible. The harder challenge is to produce “evidence to tell how vulnerable a piece of software is”

A Probabilistic Network Forensics Model for Evidence Analysis

September 20, 2016
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Entropy as a Service: Unlocking Cryptography's Full Potential

September 7, 2016
Author(s)
Apostol T. Vassilev, Robert L. Staples
Securing the Internet of Things (IoT) requires strong cryptography, which depends on the availability of good entropy for generating unpredictable keys and accurate clocks. Attacks abusing weak keys or old inputs portend challenges for IoT. EaaS is a novel

Trustworthy Email

September 6, 2016
Author(s)
Ramaswamy Chandramouli, Simson L. Garfinkel, J. S. Nightingale, Scott W. Rose
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Guest Editors Introduction: Cybersecurity or Privacy

September 1, 2016
Author(s)
Irena V. Bojanova, Jeffrey M. Voas
Cybersecurity is a major concern. Governments’, industry, and even hospitals’ IT infrastructure is being penetrated with increasing frequency and sophistication. The growth of mobile and IoT devices and amateur software only add to that. But, privacy is

Whatever Happened to Formal Methods for Security?

August 23, 2016
Author(s)
Kim B. Schaffer, Jeffrey M. Voas
We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We were curious as to whether this successful methodology in "safety-critical" has succeeded as well for
Was this page helpful?