Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Cybersecurity and privacy

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 1376 - 1400 of 1509

Status of the Advanced Encryption Standard (AES) Development Effort

October 19, 1999

Author(s)

James Foti

The purpose of this presentation will be to articulate the status of NIST=s Advanced Encryption Standard (AES) development effort. This presentation will include a description of the overall AES development effort, a summary of comments and analysis from

Understanding the World of Your Enemy With I-CAT (Internet-Categorization of Attacks Toolkit)

October 19, 1999

Author(s)

Peter M. Mell

Security professionals need to understand the attacks and vulnerabilities utilized by hackers to penetrate and shut down computer systems. However, security companies that collect such knowledge share very little of it with the general security community

Applying Mobile Agents to Intrusion Detection and Response

October 1, 1999

Author(s)

Wayne Jansen, Tom T. Karygiannis, D G. Marks, Peter M. Mell

Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial

Mobile Agent Security

October 1, 1999

Author(s)

Wayne Jansen, Athanasios T. Karygiannis

Mobile agent technology offers a new computing paradigm in which a program, in the form of a software agent, can suspend its execution on a host computer, transfer itself to another agent-enabled host on the network, and resume execution on the new host

Securing Web Servers

September 21, 1999

Author(s)

Peter M. Mell, David F. Ferraiolo

This ITL Bulletin enumerates and describes techniques by which one can secure web servers. It categorizes the techniques into security levels to aid in their cost-effective application.

Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems

September 8, 1999

Author(s)

Peter M. Mell, Mark McLarnon

Distributed intrusion detection systems are especially vulnerable to attacks since, typically, each component resides at a static location and components are connected together into a hierarchical structure. An attacker can disable such a system by taking

Object Retrieval and Access Management in Electronic Commerce

September 1, 1999

Author(s)

S A. Wakid, John Barkley, Mark Skall

Electronic commerce over the Internet is now tens of billions of dollars per year and growing. This article describes how objects used in EC can be located and protected from unauthorized access. It discusses the three kinds of EC: customer interactions

Randomness Testing of the Advanced Encryption Standard Candidate Algorithms

September 1, 1999

Author(s)

Juan Soto

One of the criteria used to evaluate the Advanced Encryption Standard candidate algorithms was their demonstrated suitability as random number generators. That is, the evaluation of their output utilizing statistical tests should not provide any means by

The Advanced Encryption Standard: A Status Report

August 25, 1999

Author(s)

Elizabeth B. Lennon

In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal Information, in furtherance of NIST's statutory responsibilities

Enforcing Integrity While Maintaining Secrecy

July 27, 1999

Author(s)

D G. Marks

We consider the role of constraints in maintaining both secrecy and integrity in a multilevel secure database. In a multilevel database, certain integrity and classification constraints create a secrecy problem since data additions, deletions or

Computer Attacks: What They Are and How to Defend Against Them

May 26, 1999

Author(s)

Peter M. Mell

Although a host of technologies exists to detect and prevent attacks against computers, a human must coordinate responding to a successful network penetration. At the same time, the majority of systems administrators are not prepared to handle a

Critical Infrastructures Protection: Research Agendas for Information Systems Security

May 17, 1999

Author(s)

Stuart W. Katzke, A Oldehoeft, Shirley M. Radack

Several national studies have examined the vulnerabilities and threats to the critical infrastructures upon which the United States depends for its national defense and economic growth, and have addressed measures needed to protect the critical

Enhancements to Data Encryption and Digital Signature Federal Standards

March 4, 1999

Author(s)

Elizabeth B. Lennon

This ITL Bulletin, February 1999, summarizes proposed changes to two Federal Information Processing Standards (FIPS): FIPS 46-2, Data Encryption Standard, and FIPS 186, Digital Signature Standard. It outlines the proposed enhancements to the two standards

A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet

February 1, 1999

Author(s)

David F. Ferraiolo, John Barkley, David R. Kuhn

This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992

Secure Web-Based Access to High-Performance Computing Resources

January 15, 1999

Author(s)

R P. McCormack, J E. Koontz, J E. Devaney

An authentication framework is described that provides a secure meansor clients to access remote computing resources via the Web. Clientsauthenticate themselves to a proxy Web server using a secure protocoland a digital certificate. The server constructs a

Digital Signature Standard (DSS)

December 15, 1998

Author(s)

Elaine B. Barker

[Superseded by FIPS 186-2 (January 27, 2000): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=] This standard specifies a suite of algorithms which can be used to generate a digital signature. Digital signatures are used to detect unauthorized

Guide for Developing Security Plans for Information Technology Systems

December 1, 1998

Author(s)

Marianne M. Swanson

[Superseded by SP 800-18 Revision 1 (February 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150601] Today's rapidly changing technical environment requires federal agencies to adopt a minimum set of management controls to protect

Common Criteria: Launching the International Standards

November 25, 1998

Author(s)

E F. Troy

This Information Technology Laboratory (ITL) Bulletin provides an introduction and overview of the Common Criteria (CC) for Information Technology (IT) Security and describes its US and multi-national implementation. The CC is the new standard for

Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers

November 5, 1998

Author(s)

Peter M. Mell

High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we known little about this set of attacks besides the fact that it

Role-Based Access Control for the Web

October 29, 1998

Author(s)

John Barkley, David R. Kuhn, Lynne S. Rosenthal, Mark Skall, Anthony V. Cincotta

Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on

Managing Role/Permission Relationships Using Object Access Types

October 23, 1998

Author(s)

John Barkley, Anthony V. Cincotta

The role metaphor in Role Based Access Control (RBAC) is particularly powerful in its ability to express access policy in terms of the way in which administrators view organizations. Much of the effort in providing administrative tools for RBAC has been

Role Based Access Control on MLS Systems Without Kernel Changes

October 23, 1998

Author(s)

David R. Kuhn

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security

Inheritance Properties of Role Hierarchies

October 9, 1998

Author(s)

Wayne Jansen

Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. One

Role-Based Access Control Features in Commercial Database Management Systems

October 9, 1998

Author(s)

Ramaswamy Chandramouli, R. Sandhu

This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and

Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management

October 1, 1998

Author(s)

Serban I. Gavrila, John Barkley

Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role

Was this page helpful?