Search Publications

Displaying 526 - 550 of 2840

Optimizing the Network Diversity to Improve the Resilience of Networks Against Unknown Attacks

September 1, 2019

Author(s)

Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Diversity as a security mechanism is receiving renewed interest due to its potential for improving the resilience of software and networks against previously unknown attacks. Recent works show diversity can be modeled and quantified as a security metric at

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

August 29, 2019

Author(s)

Kerry A. McKay, David A. Cooper

Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use

Perceptions of Smart Home Privacy and Security Responsibility, Concerns, and Mitigations

August 10, 2019

Author(s)

Julie Haney, Susanne M. Furman, Mary Theofanos, Yasemin Acar Fahl

Smart home devices are increasingly being used by nontechnical users who have little understanding of the technology, including privacy and security implications. To better understand perceptions of smart home privacy and security, we are conducting an

SCAP Composer: A DITA Open Toolkit Plug-in for Packaging Security Content

August 9, 2019

Author(s)

Joshua Lubell

The Security Content Automation Protocol (SCAP) schema for source data stream collections standardizes the requirements for packaging Extensible Markup Language (XML) security content into bundles for easy deployment. SCAP bundles must be self-contained

Situational Awareness for Electric Utilities

August 7, 2019

Author(s)

James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani

Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high

Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives

July 29, 2019

Author(s)

Lynne Graves, Joshua Lubell, Mark Yampolskiy, Wayne King

Additive Manufacturing (AM) is expected to become an established manufacturing technology in the near future. The growing penetration of AM at manufacturers across the world and the dependence of this technology on computerization have already raised

RTL-PSC: Automated Power Side-Channel Leakage Assessment at Register-Transfer Level

July 11, 2019

Author(s)

Miao (Tony) He, Jungmin Park, Adib Nahiyan, Apostol Vassilev, Yier Jin, Mark Tehranipoor

Power side-channel attacks (SCAs) have become a major concern to the security community due to their non- invasive feature, low-cost, and effectiveness in extracting secret information from hardware implementation of cryto algorithms. Therefore, it is

Glossary of Key Information Security Terms

July 3, 2019

Author(s)

Celia Paulsen, Robert D. Byers

This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal

Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation

June 28, 2019

Author(s)

William A. Haag Jr., Douglas C. Montgomery, Allen Y. Tan, William C. Barker

The Border Gateway Protocol (BGP) is the default routing protocol to route traffic among internet domains. While BGP performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in

It's Scary...It's Confusing...It's Dull: How Cybersecurity Advocates Overcome Negative Perceptions of Security (Presentation)

June 26, 2019

Author(s)

Julie Haney

Cyber attacks are on the rise, but individuals and organizations often fail to implement basic security practices and technologies. Cybersecurity advocates are security professionals who encourage and facilitate the adoption of these best practices. To be

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

June 25, 2019

Author(s)

Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen M. Nadeau, Benjamin M. Piccarreta, Danna G. O'Rourke, Karen A. Scarfone

The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT

CASFinder: Detecting Common Attack Surface

June 11, 2019

Author(s)

Meng Zhang, Yue Xin, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well

A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data

June 5, 2019

Author(s)

Ramaswamy Chandramouli, Anoop Singhal, Duminda Wijesekera, Changwei Liu

Hardware/Server Virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which