U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 876 - 900 of 1521

An IEEE 1588 Performance Testing Dashboard for Power Industry Requirements

September 12, 2011
Author(s)
Julien M. Amelot, Ya-Shian Li-Baboud, Clement Vasseur, Jeffrey Fletcher, Dhananjay Anand, James Moyne
The numerous time synchronization performance requirements in the Smart Grid entails the need for a set of common metrics and test methods to verify the ability of the network system and its components to meet the power industry's accuracy, reliability and

A Field Study of User Behavior and Perception in Smartcard Authentication

September 9, 2011
Author(s)
Emile L. Morse, Celeste L. Paul, Aiping L. Zhang, Yee-Yin Choong, Mary F. Theofanos
A field study of 24 participants over 10 weeks explored user behavior and perception in a smartcard authentication system. Ethnographic methods used to collect data included diaries, surveys, interviews, and field observations. We observed a number of

Common Platform Enumeration: Applicability Language Specification Version 2.3

August 19, 2011
Author(s)
David A. Waltermire, Paul R. Cichonski, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Applicability Language version 2.3 specification. The CPE Applicability Language specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product

Common Platform Enumeration: Dictionary Specification Version 2.3

August 19, 2011
Author(s)
Paul R. Cichonski, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Dictionary version 2.3 specification. The CPE Dictionary Specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming

Common Platform Enumeration: Name Matching Specification Version 2.3

August 19, 2011
Author(s)
Mary Parmelee, Harold Booth, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Name Matching version 2.3 specification. The CPE Name Matching specification is part of a stack of CPE specifications that support a variety of use cases relating to IT product description and

Common Platform Enumeration: Naming Specification Version 2.3

August 19, 2011
Author(s)
Brant Cheikes, David A. Waltermire, Karen Scarfone
This report defines the Common Platform Enumeration (CPE) Naming version 2.3 specification. The CPE Naming specification is a part of a stack of CPE specifications that support a variety of use cases relating to IT product description and naming. The CPE

An Empirical Study of a Vulnerability Metric Aggregation Method

August 18, 2011
Author(s)
Su Zhang, Xinming Ou, Anoop Singhal, John Homer
Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating

Guide for Security-Focused Configuration Management of Information Systems

August 12, 2011
Author(s)
L A. Johnson, Kelley L. Dempsey, Ronald S. Ross, Sarbari Gupta, Dennis Bailey
The purpose of Special Publication 800-128, Guide for Security-Focused Configuration Management of Information Systems, is to provide guidelines for organizations responsible for managing and administering the security of federal information systems and

Vetting Mobile Apps

July 22, 2011
Author(s)
Stephen Quirolgico, Jeffrey M. Voas, David R. Kuhn
Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat

On the Security of Hash Functions Employing Blockcipher Postprocessing

July 14, 2011
Author(s)
Dong H. Chang, Mridul Nandi, Moti Yung
Analyzing desired generic properties of hash functions is an important current area in cryptography. For example, in Eurocrypt 2009, Dodis, Ristenpart and Shrimpton introduced the elegant notion of "Preimage Awareness" (PrA) of a hash function H^P , and

Access Control for SAR Systems

July 1, 2011
Author(s)
Stephen Quirolgico, Chung Tong Hu, Tom T. Karygiannis
The Access Control for SAR Systems (ACSS) project focused on developing a prototype privilege management system used to express and enforce policies for controlling access to Suspicious Activity Report (SAR) data within the law enforcement domain. This

Guidelines for Protecting Basic Input/Output System (BIOS) Firmware

June 28, 2011
Author(s)
Shirley M. Radack
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-147, BIOS Protection Guidelines: Recommendations of the National Institute of Standards and Technology. The publication was written by David Cooper, William Polk

Conformance Test Architecture and Test Suite for ANSI/NIST-ITL 1-2007

June 22, 2011
Author(s)
Fernando L. Podio, Dylan J. Yaga, Christofer J. McGinnis
The Computer Security Division of NIST/ITL supports the development of biometric conformance testing methodology standards and other conformity assessment efforts through active technical participation in the development of these standards and the

Specification for the Asset Reporting Format 1.1

June 21, 2011
Author(s)
David A. Waltermire, Adam Halbardier, Mark Johnson
This specification describes the Asset Reporting Format (ARF), a data model for expressing the transport format of information about assets and the relationships between assets and reports. The standardized data model facilitates the reporting, correlating

A depth-16 circuit for the AES S-box

June 17, 2011
Author(s)
Joan Boyar, Rene Peralta
New techniques for reducing the depth of circuits for cryptographic applications are described and applied to the AES S-box. These techniques also keep the number of gates quite small. The result, when applied to the AES S-box, is a circuit with depth 16

Specification for Asset Identification 1.1

June 17, 2011
Author(s)
David A. Waltermire, John Wunder, Adam Halbardier
Asset identification plays an important role in an organization‟s ability to quickly correlate different sets of information about assets. This specification provides the necessary constructs to uniquely identify assets based on known identifiers and/or

PDH-locked, frequency-stabilized cavity ring-down spectrometer

June 16, 2011
Author(s)
Joseph T. Hodges, A. Cygan, Piotr Maslowski, Katarzyna E. Bielska, S. Wojtewicz, J. Domyslawska, Hisashi Abe, R.S. Trawinski, R. Ciurylo
We describe a high sensitivity and high spectral resolution laser absorption spectrometer based upon the frequency-stabilized cavity ring-down spectroscopy (FS-CRDS) technique. We used the Pound-Drever-Hall (PDH) method to lock the probe laser to the high

A Combinatorial Approach to Detecting Buffer Overflow Vulnerabilities

June 14, 2011
Author(s)
Raghu N. Kacker, Yu Lei, David R. Kuhn, Wenhua Wang
Buffer overflow vulnerabilities are program defects that can cause a buffer overflow to occur at runtime. Many security attacks exploit buffer overflow vulnerabilities to compromise critical data structures. In this paper, we present a black-box testing

Cybersecurity, Innovation and the Internet Economy

June 8, 2011
Author(s)
Ari M. Schwartz
The Department of Commerce's Internet Policy Task Force Green Paper on Cybersecurity, Innovation and the Internet Economy recommends consideration of a new framework for addressing internet security issues for companies outside the orbit of critical

Guide to Industrial Control Systems (ICS) Security - Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC)

June 7, 2011
Author(s)
Keith A. Stouffer, Joseph A. Falco, Karen A. Scarfone
NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems (ICS) Security, provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems

Identity Management and Privacy: A Rare Opportunity To Get It Right

June 1, 2011
Author(s)
Ari M. Schwartz
Since 1976, when Whitfield Diffie and Martin Helleman, first surmised the possibilities for the potential uses for digital signatures in an IEEE publication, there has been ongoing discussion of building an online identity management structure. As use of
Was this page helpful?