U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 676 - 700 of 1509

On the Unification of Access Control and Data Services

August 15, 2014
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen
A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file

Release of NIST Interagency Report 7946, CVSS Implementation Guidance

July 10, 2014
Author(s)
Harold Booth, Joshua M. Franklin, Larry Feldman, Greg Witte
The Common Vulnerability Scoring System (CVSS) is an open standard designed to convey severity and risk of information system vulnerabilities. CVSS was commissioned by the National Infrastructure Advisory Council (NIAC) in support of the global

Approximate Matching: Definition and Terminology

July 2, 2014
Author(s)
Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White
This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find

Using Network Tainting to Bound the Scope of Network Ingress Attacks

July 1, 2014
Author(s)
Peter M. Mell, Richard Harang
This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is

Preserving Privacy More Than Reading a Message

June 27, 2014
Author(s)
Susanne M. Furman, Mary F. Theofanos
Social media has become a mainstream activity where people share all kinds of personal and intimate details about their lives. These social networking sites (SNS) allow users to conveniently authenticate to the third party website by using their SNS

A Cognitive-Behavioral Framework of User Password Management Lifecycle

June 22, 2014
Author(s)
Yee-Yin Choong
Passwords are the most commonly used mechanism in controlling users’ access to information systems. Little research has been established on the entire user password management lifecycle from the start of generating a password, maintaining the password

Character Strings, Memory and Passwords: What a Recall Study Can Tell Us.

June 22, 2014
Author(s)
Brian C. Stanton, Kristen Greene
Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords

June 22, 2014
Author(s)
Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen K. Greene, Mary Theofanos, Brian Griepentrog
Increasingly, institutions are requiring or recommending that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords

I Can't Type That! P@$$w0rd Entry on Mobile Devices

June 22, 2014
Author(s)
Kristen Greene, Melissa A. Gallagher, Brian C. Stanton, Paul Y. Lee
Given the numerous constraints of onscreen keyboards, such as smaller keys and lack of tactile feedback, remembering and typing long, complex passwords — an already burdensome task on desktop computing systems —becomes nearly unbearable on small mobile

NIST Cybersecurity Framework Addresses Risks to Critical Infrastructure

June 2, 2014
Author(s)
Victoria Y. Pillitteri
On February 12, 2014 President Obama issued a statement that, "[c]yber threats pose one the gravest national security dangers that the United States faces. To better defend our nation against this systemic challenge, one year ago I signed an Executive

Small and Medium-size Business Information Security Outreach Program

May 13, 2014
Author(s)
Richard L. Kissel, Kim Quill, Chris Johnson
Small and medium-sized businesses (SMBs) represent 99.7 percent of all U.S. employers and are an important segment of the U.S. economy. These organizations, totaling more than 28.2 million, create over 60 percent of all new U.S. private-sector jobs and

CVSS Implementation Guidance

April 28, 2014
Author(s)
Joshua M. Franklin, Charles W. Wergin, Harold Booth
This Interagency Report provides guidance to individuals scoring vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 2.0 scoring metrics. CVSS defines a vulnerability as a bug, flaw, weakness, or exposure of an application, system

A Model Towards Using Evidence from Security Events for Network Attack Analysis

April 27, 2014
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Constructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use evidence obtained from security events to construct an attack scenario and

NIST and Computer Security

April 4, 2014
Author(s)
William E. Burr, Hildegard Ferraiolo, David A. Waltermire
The US National Institute of Standards and Technology's highly visible work in four key areas--cryptographic standards, role-based access control, identification card standards, and security automation--has and continues to shape computer and information
Was this page helpful?