NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author
  • Published Date
Displaying 301 - 325 of 2282

A Decade of Reoccurring Software Weaknesses

June 24, 2021
Author(s)
Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to

A Pseudo Exhaustive Software Testing Framework for Embedded Digital Devices in Nuclear Power

June 14, 2021
Author(s)
Athira Jayakumar, D. Richard Kuhn, Brandon Simons, Aidan Collins, Smitha Gautham, Richard Hite, Raghu N. Kacker, Abhi Rajagopala, Carl Elks
The major challenge faced by the nuclear industry related to software testing of digital embedded devices is the identification of practical software (SW) testing solutions that provide a strong technical basis and is at the same time effective in

Securing AI Testbed (Dioptra) Documentation

June 14, 2021
Author(s)
Harold Booth, James Glasbrenner, Howard Huang, Cory Miniter, Julian Sexton
The NCCoE has built an experimentation testbed to begin to address the broader challenge of evaluation for attacks and defenses. The testbed aims to facilitate security evaluations of ML algorithms under a diverse set of conditions. To that end, it has a

Entanglement Blocking in DLCZ-based Networks

June 10, 2021
Author(s)
Abdella Battou
Resource and performance dependent blocking mechanisms for entanglement routing in quantum networks are identified and characterized in simulations of a DLCZ architecture under different loss and resource availability conditions.

Combinatorially XSSing Web Application Firewalls

May 28, 2021
Author(s)
Bernhard Garn, Daniel S. Lang, Manuel Leithner, D. Richard Kuhn, Raghu N. Kacker, Dimitris Simos
Cross-Site scripting (XSS) is a common class of vulnerabilities in the domain of web applications. As it remains prevalent despite continued efforts by practitioners and researchers, site operators often seek to protect their assets using web application

Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)

May 26, 2021
Author(s)
Murugiah Souppaya, Douglas Montgomery, Tim Polk, Mudumbai Ranganathan, Donna Dodson, William Barker, Steve Johnson, Ashwini Kadam, Craig Pratt, Darshak Thakore, Mark Walker, Eliot Lear, Brian Weis, Dean Coclin, Avesta Hojjati, Clint Wilson, Tim Jones, Adnan Baykal, Drew Cohen, Kevin Yeich, Yemi Fashima, Parisa Grayeli, Joshua Harrington, Joshua Klosterman, Blaine Mulugeta, Susan Symington, Jaideep Singh
The goal of the Internet Engineering Task Force's Manufacturer Usage Description (MUD) specification is for Internet of Things (IoT) devices to behave as intended by the manufacturers of the devices. MUD provides a standard way for manufacturers to

TREC 2020 News Track Overview

May 21, 2021
Author(s)
Ian Soboroff, Shudong Huang, Donna Harman
The News track focuses on information retrieval in the service of help- ing people read the news. In 2018, in cooperation with the Washington Post1, we released a new collection of nearly 600,000 news articles, and crafted two tasks related to how news is

JPEG 2000 CODEC Certification Guidance for 1000 ppi Fingerprint Friction Ridge Imagery

May 5, 2021
Author(s)
Shahram Orandi, John M. Libert, John Grantham, Michael Garris, Frederick R. Byers
The document describes the procedure by which applications of JPEG 2000 CODECs will be evaluated with respect to conformance to the NIST guidance for compression of 1000 ppi friction ridge images as detailed in NIST Special Publication 500-289 [NIST3]. The

Challenge Design and Lessons Learned from the 2018 Differential Privacy Challenges

April 12, 2021
Author(s)
Diane Ridgeway, Mary Theofanos, Terese Manley, Christine Task
The push for open data has made a multitude of datasets available enabling researchers to analyze publicly available information using various statistical and machine learning methods in support of policy development. An area of increasing interest that is

Combinatorial Testing Metrics for Machine Learning

April 12, 2021
Author(s)
Erin Lanus, Laura Freeman, D. Richard Kuhn, Raghu N. Kacker
This short paper defines a combinatorial coverage metric for comparing machine learning (ML) data sets and proposes the differences between data sets as a function of combinatorial coverage. The paper illustrates its utility for evaluating and predicting

ISCMA: An Information Security Continuous Monitoring Program Assessment

March 31, 2021
Author(s)
Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban
This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be

Securing Property Management Systems

March 30, 2021
Author(s)
Bill Newhouse
Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example

Encounter Metrics and Exposure Notification

March 28, 2021
Author(s)
Rene Peralta, Angela Robinson
We discuss the measurement of aggregate levels of encounters in a population, a concept we call encounter metrics. Encounter metrics are designed so that they can be deployed while preserving the privacy of individuals. To this end, encounters are labeled

Combinatorial Test Generation for Multiple Input Models with Shared Parameters

March 17, 2021
Author(s)
Chang Rao, Nan Li, Yu Lei, Jin Guo, YaDong Zhang, Raghu N. Kacker, D. Richard Kuhn
Combinatorial testing typically considers a single input model and creates a single test set that achieves t-way coverage. This paper addresses the problem of combinatorial test generation for multiple input models with shared parameters. We formally

Voices of First Responders - Applying Human Factors and Ergonomics Knowledge to Improve the Usability of Public Safety Communications Technology: Findings from User-Centered Interviews, Phase 1, Volume 5

February 11, 2021
Author(s)
Yee-Yin Choong, Gavriel Salvendy
With the newly created Nationwide Public Safety Broadband Network (NPSBN), the public safety community is in the process of supplementing the use of land mobile radios with a technology ecosystem that will include a variety of new and improved

Blockchain Networks: Token Design and Management Overview

February 9, 2021
Author(s)
Loic D. Lesavre, Priam C. Varin, Dylan J. Yaga
Blockchain technology has enabled a new software paradigm for managing digital ownership in partial- or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

February 9, 2021
Author(s)
Ronald S. Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deborah Bodeau
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential

National Institute of Standards and Technology Environmental Scan 2020

February 9, 2021
Author(s)
Heather Evans, Kristen K. Greene, William M. Healy, Elizabeth Hoffman, Kate Rimmer, Anna V. Sberegaeva, Neil M. Zimmerman
The 2020 National Institute of Standards and Technology Environmental Scan provides an analysis of key external factors that could impact NIST and the fulfillment of its mission in coming years. The analyses were conducted through four separate lenses

A system of quantities from software metrology

January 15, 2021
Author(s)
David Flater
International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 80000, the International System of Quantities, collects and organizes the most important physical quantities into a coherent system of quantities whose
Was this page helpful?