Search Publications

Displaying 451 - 475 of 4386

JPEG 2000 CODEC Certification Guidance for 1000 ppi Fingerprint Friction Ridge Imagery

May 5, 2021

Author(s)

Shahram Orandi, John M. Libert, John Grantham, Michael Garris, Frederick R. Byers

The document describes the procedure by which applications of JPEG 2000 CODECs will be evaluated with respect to conformance to the NIST guidance for compression of 1000 ppi friction ridge images as detailed in NIST Special Publication 500-289 [NIST3]. The

Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms

April 28, 2021

Author(s)

Murugiah Souppaya, Tim Polk, William Barker

Cryptographic technologies are used throughout government and industry to authenticate the source and protect the confidentiality and integrity of information that we communicate and store. The paper describes the impact of quantum computing technology on

Challenge Design and Lessons Learned from the 2018 Differential Privacy Challenges

April 12, 2021

Author(s)

Diane Ridgeway, Mary Theofanos, Terese Manley, Christine Task

The push for open data has made a multitude of datasets available enabling researchers to analyze publicly available information using various statistical and machine learning methods in support of policy development. An area of increasing interest that is

Combinatorial Testing Metrics for Machine Learning

April 12, 2021

Author(s)

Erin Lanus, Laura Freeman, D. Richard Kuhn, Raghu N. Kacker

This short paper defines a combinatorial coverage metric for comparing machine learning (ML) data sets and proposes the differences between data sets as a function of combinatorial coverage. The paper illustrates its utility for evaluating and predicting

Combinatorially XSSing Web Application Firewalls

April 12, 2021

Author(s)

Bernhard Garn, Daniel S. Lang, Manuel Leithner, D. Richard Kuhn, Raghu N. Kacker, Dimitris Simos

Cross-Site scripting (XSS) is a common class of vulnerabilities in the domain of web applications. As it remains prevalent despite continued efforts by practitioners and researchers, site operators often seek to protect their assets using web application

ISCMA: An Information Security Continuous Monitoring Program Assessment

March 31, 2021

Author(s)

Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban

This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be

Securing Property Management Systems

March 30, 2021

Author(s)

Bill Newhouse

Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces. This example

Encounter Metrics and Exposure Notification

March 28, 2021

Author(s)

Rene Peralta, Angela Robinson

We discuss the measurement of aggregate levels of encounters in a population, a concept we call encounter metrics. Encounter metrics are designed so that they can be deployed while preserving the privacy of individuals. To this end, encounters are labeled

Combinatorial Test Generation for Multiple Input Models with Shared Parameters

March 17, 2021

Author(s)

Chang Rao, Nan Li, Yu Lei, Jin Guo, YaDong Zhang, Raghu N. Kacker, D. Richard Kuhn

Combinatorial testing typically considers a single input model and creates a single test set that achieves t-way coverage. This paper addresses the problem of combinatorial test generation for multiple input models with shared parameters. We formally

The NIST Phish Scale: Method for rating human phishing detection difficulty

March 15, 2021

Author(s)

Shanee Dawkins, Jody Jacobs, Kristen K. Greene

Developed based on over 4 years of NIST phishing training data, the NIST Phish Scale is a DIY method for rating human phishing detection difficulty – key to understanding variability in phishing click rates.

An Evaluation Design for Comparing Netflow Based Network Anomaly Detection Systems Using Synthetic Malicious Traffic

March 2, 2021

Author(s)

Shuvo Bardhan, Mitsuhiro Hatada, James Filliben, Douglas Montgomery, Alexander Jia

In this paper, we present an evaluation procedure for comparing multiple netflow based network anomaly detection (NF-NAD) systems based on accuracy of detection and mean time of detection. Conventionally, different variations of benign or normal traffic

A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case

February 16, 2021

Author(s)

David F. Ferraiolo, Joanna DeFranco, D. Richard Kuhn, Joshua D. Roberts

Distributed systems have always presented complex challenges, and technology trends are in many ways making the software designer's job more difficult. In particular, today's systems must successfully handle.

Voices of First Responders - Applying Human Factors and Ergonomics Knowledge to Improve the Usability of Public Safety Communications Technology: Findings from User-Centered Interviews, Phase 1, Volume 5

February 11, 2021

Author(s)

Yee-Yin Choong, Gavriel Salvendy

With the newly created Nationwide Public Safety Broadband Network (NPSBN), the public safety community is in the process of supplementing the use of land mobile radios with a technology ecosystem that will include a variety of new and improved