Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1051 - 1075 of 1509

Forensic Protocol Filtering of Phone Managers

July 24, 2008

Author(s)

Wayne Jansen, Aurelien M. Delaitre

Phone managers are non-forensic tools sometimes used by forensic investigators to recover data from a cell phone when no suitable forensic tool is available for the device. While precautions can be taken to preserve the integrity of data on a cell phone

Web Services Security: Techniques and Challenges (Extended Abstract)

July 21, 2008

Author(s)

Anoop Singhal

Web services-based computing is currently an important driver for the software industry. While several standards bodies (such as W3C and OASIS) are laying the foundation for Web services security, several research problems must be solved to make secure Web

An Attack Graph Based Probabilistic Security Metric

July 16, 2008

Author(s)

Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia

To protect critical resources in today's networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between

Performance Measurement Guide for Information Security

July 16, 2008

Author(s)

Elizabeth Chew, Marianne M. Swanson, Kevin M. Stine, N Bartol, Anthony Brown, W Robinson

This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security

The Keyed-Hash Message Authentication Code (HMAC)

July 16, 2008

Author(s)

National Institute of Standards and Technology (NIST), Quynh Dang

This Standard describes a keyed-hash message authentication code (HMAC), a mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative Approved cryptographic hash function, in combination with a shared

Dynamic Routing and Congestion Control Through Random Assignment of Routes

July 15, 2008

Author(s)

Fern Y. Hunt, Vladimir V. Marbukh

We introduce an algorithm for maximizing utility through congestion control and random allocation of routes to users. The allocation is defined by a probability distribution whose degree of randomness as measured by its entropy, is controlled. We seek to

Guide for Assessing the Security Controls in Federal Information Systems: Building Effective Security Assessment Plans

July 1, 2008

Author(s)

Ronald S. Ross, L A. Johnson, Stuart W. Katzke, Patricia R. Toth, G. Stoneburner, G Rogers

[Superseded by NIST SP 800-53A, Rev. 1 (June 2010): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=906065] The purpose of NIST Special Publication 800-53A is to provide guidelines for building effective security assessment plans and

A Framework for Measuring the Vulnerability of Hosts

June 30, 2008

Author(s)

Karen A. Scarfone, Timothy Grance

This paper proposes a framework for measuring the vulnerability of individual hosts based on current and historical operational data for vulnerabilities and attacks. Previous approaches have not been scalable because they relied on complex manually

Guidelines for the Accreditation of Personal Identity Verification Card Issuers

June 18, 2008

Author(s)

Ramaswamy Chandramouli, Dennis Bailey, Nabil Ghadiali, Dennis K. Branstad

[Superseded by SP 800-79-2 (July 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918845] The purpose of this publication is to provide appropriate and useful guidelines for accrediting the reliability of issuers of Personal Identity

NIST Handbook 150-17, 2008 Edition, National Voluntary Laboratory Accreditation Program, Cryptographic and Security Testing

June 5, 2008

Author(s)

Michaela Iorga, Carroll S. Brickenkamp

NIST Handbook 150-17 presents technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing (CST) Program. It is intended for information

Policy Specification and Enforcement for Smart ID Cards Deployment

June 3, 2008

Author(s)

Ramaswamy Chandramouli

Deployment of Smart Cards for Identity Verification requires collection of credentials and provisioning of credentials from and to heterogeneous and sometimes legacy systems. To facilitate this process, a centralized identity store called Identity

Can TCP Metastability Explain Cascading Failures and Justify Flow Admission Control in the Internet?

June 2, 2008

Author(s)

Vladimir V. Marbukh

This paper discusses implications of possible metastability of TCP-type fair bandwidth sharing under random flow arrivals/departures for understanding and defending the Internet against cascading failures. Cascading failures can be viewed as a process of

Practical Combinatorial Testing: Beyond Pairwise

June 1, 2008

Author(s)

David R. Kuhn, Yu Lei, Raghu N. Kacker

With new algorithms and tools, developers can apply high-strength combinatorial testing to detect elusive failures that occur only when multiple components interact. In pairwise testing, all possible pairs of parameter values are covered by at least one

New Cryptographic Hash Algorithm Family: NIST Holds a Public Competition to Find New Algorithms

May 28, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes the information that was disseminated by the National Institute of Standards and Technology (NIST) in a November 2007 Federal Register Notice. NIST is soliciting candidates for a new and robust cryptographic hash algorithm for use

The NIST Hash Competition

May 20, 2008

Author(s)

William E. Burr

Since the discovery of collision attacks against several well known cryptographic hash functions in 2004 there has been a rush of new cryptanalytic results that cast doubt on our current hash function standards. The relatively new NIST SHA-2 standards are

Tight Bounds for the Multiplicative Complexity of Symmetric Functions

April 28, 2008

Author(s)

Joan Boyar, Rene Peralta

The multiplicative complexity of a Boolean function f is defined as the minimum number of binary conjunction (AND) gates required to construct a circuit representing f , when only exclusive-or, conjunction and negation gates may be used. This article

Codes for the Identification of Federal and Federally-Assisted Organization

April 25, 2008

Author(s)

William C. Barker, Hildegard Ferraiolo

The Homeland Security Presidential Directive HSPD-12 called for new standards to be adopted governing the interoperable use of identity credentials to allow physical and logical access to Federal government locations and systems. The Personal Identity

Using Active Content and Mobile Code and Safeguarding the Security of Information Technology (IT) Systems

April 24, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in revised NIST Special Publication (SP) 800-28-2, Guidelines on Active Content and Mobile Code: Recommendations of the National Institute of Standards and Technology. Written by Wayne A. Jansen and Karen

Second Preimage Attacks on Dithered Hash Functions

April 17, 2008

Author(s)

Elena Andreeva, Charles Bouillaguet, Pierre-Alain Fouque, Jonathan J. Hoch, John M. Kelsey, Adi Shamir, Sebastien Zimmer

We develop a new generic long-message second preimage attack, based on combining the techniques in the second preimage attacks of Dean Dean99} and Kelsey and Schneier KS05} with the herding attack of Kelsey and Kohno KK06}. We show that these generic

Managing Risk from Information Systems - Second Public Draft

April 9, 2008

Author(s)

Ronald S. Ross, Stuart W. Katzke, Marianne M. Swanson, L A. Johnson, G Stoneburner

Computer Security Division 2007 Annual Report

April 1, 2008

Author(s)

Kevin M. Stine, Mark Wilson

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

A Two-Tier Bloom Filter to Achieve Faster Membership Testing

March 27, 2008

Author(s)

Miguel Jimeno, K Christensen, Allen L. Roginsky

Testing for element membership in a Bloom Filter requires hashing of a test element (e.g., a string) and multiple look-ups in memory. A design of a new two-tier Bloom filter with on-chip hash functions and cache is described. For elements with a heavy

Handling Computer Security Incidents: NIST Issues Updated Guidelines

March 27, 2008

Author(s)

Shirley M. Radack

This bulletin summarizes information disseminated in revised NIST Special Publication (SP) 800-61-1, Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. Written by Karen Scarfone and Tim Grance

Computer Security Incident Handling Guide

March 7, 2008

Author(s)

Karen A. Scarfone, Timothy Grance, Kelly Masone

[Superseded by SP 800-61 Rev. 2 (August 2012): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911736] Computer security incident response has become an important component of information technology (IT) programs. Security-related threats have

Guidelines on Active Content and Mobile Code

March 7, 2008

Author(s)

Wayne Jansen, Theodore Winograd, Karen A. Scarfone

Active content technologies allow code, in the form of a script, macro, or other kind of portable instruction representation, to execute when the document is rendered. Like any technology, active content can be used to deliver essential services, but it

Was this page helpful?