Search Publications

Displaying 701 - 725 of 2284

Equivalence Class Verification and Oracle-Free Testing Using Two-layer Covering Arrays

April 17, 2015

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei, Jose Torres-Jimenez

This short paper introduces a method for verifying equivalence classes for module/unit testing. This is achieved using a two-layer covering array, in which some or all values of a primary covering array represent equivalence classes. A second layer

InChI, the IUPAC International Chemical Identifier

April 15, 2015

Author(s)

Stephen R. Heller, Alan McNaught, Igor Pletnev, Stephen Stein, Dmitrii Tchekhovskoi

This paper documents the design, layout and algorithms of the IUPAC International Chemical Identifier, InChI.

Privacy Amplification in the Isolated Qubits Model

April 14, 2015

Author(s)

Yi-Kai Liu

Isolated qubits are a special class of quantum devices, which can be used to implement tamper-resistant cryptographic hardware such as one-time memories (OTM's). Unfortunately, these OTM constructions leak some information, and standard methods for privacy

Password Entry Errors: Memory or Motor?

April 9, 2015

Author(s)

Kristen Greene, Frank Tamborello

As we increasingly rely upon our computer information systems to store and operate on sensitive information, the methods we use to authenticate user identity also become more important. One of the most important such methods is the password. However

Supply Chain Risk Management Practices for Federal Information Systems and Organizations

April 8, 2015

Author(s)

Jon M. Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and

Towards a "Periodic Table" of Bugs

April 8, 2015

Author(s)

Irena Bojanova

Our vision for a "periodic table" of bugs is a "natural" organization of a catalog or dictionary or taxonomy to describe software weaknesses and vulnerabilities. Such an organization will help the community to: a) more closely explain the nature of

ACT-R Modeling of Password Entry Errors

April 2, 2015

Author(s)

Kristen Greene, Franklin Tamborello

Validated predictive models of human error for password-related tasks could better inform password requirements for both government and civilian systems. Here, we build upon prior modeling work focused on disentangling the source of password entry errors

Combinatorial Coverage as an Aspect of Test Quality

March 31, 2015

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

There are relatively few good methods for evaluating test set quality, after ensuring basic requirements traceability. Structural coverage, mutation testing, and related methods can be used if source code is available, but these approaches may entail

Assessing Effects of Asymmetries, Dynamics, and Failures on a Cloud Simulator

March 29, 2015

Author(s)

Kevin L. Mills, James J. Filliben, Christopher E. Dabrowski

We characterize the effects of asymmetries, dynamics, and failures when introduced into a cloud computing simulator, which had previously been characterized under static, homogeneous configurations with various patterns of demand and supply. We aim to

A comparison of 3D shape retrieval methods based on a large-scale benchmark supporting multimodal queries

March 27, 2015

Author(s)

Afzal A. Godil

Large-scale 3D shape retrieval has become an important research direction in content-based 3D shape retrieval. To promote this research area, two Shape Retrieval Contest (SHREC) tracks on large scale comprehensive and sketch-based 3D model retrieval have

TRECVID 2014 -- An Overview of the Goals, Tasks, Data, Evaluation Mechanisms, and Metrics

March 26, 2015

Author(s)

Paul D. Over, Jonathan G. Fiscus, Gregory A. Sanders, David M. Joy, Martial Michel, George Awad, Alan Smeaton, Wessel Kraaij, Georges Quenot

The TREC Video Retrieval Evaluation (TRECVID) 2014 was a TREC-style video analysis and retrieval evaluation, the goal of which remains to promote progress in content-based exploitation of digital video via open, metrics-based evaluation. Over the last

Guidance for Secure Authorization of Mobile Applications in the Corporate Environment

March 19, 2015

Author(s)

Athanasios T. Karygiannis, Stephen Quirolgico, Larry Feldman, Gregory A. Witte

This bulletin provides an overview of NIST Special Publication (SP) 800-163, "Vetting the Security of Mobile Applications." The NIST SP helps organizations understand the process for vetting the security of mobile applications, plan for the implementation

The Multiplicative Complexity of Boolean Functions on Four and Five Variables

March 17, 2015

Author(s)

Meltem Sonmez Turan, Rene C. Peralta

A generic way to design lightweight cryptographic primitives is to construct simple rounds using small nonlinear components such as 4x4 S-boxes and use these iteratively (e.g., PRESENT and SPONGENT). In order to efficiently implement the primitive, optimal

Measuring the Resiliency of Cellular Base Station Deployments

March 11, 2015

Author(s)

David W. Griffith, Richard A. Rouil, Antonio Izquierdo Manzanares, Nada T. Golmie

The National Public Safety Telecommunications Council (NPSTC) has defined Resiliency as the ability of a network to withstand the loss of assets and to recover quickly from such losses. How to measure the resiliency of a base station deployment is an

Implementation of an Opportunistic Spectrum Access System with Disruption QoS Provisioning and PU Traffic Parameter Estimation

March 9, 2015

Author(s)

Anirudha Sahoo, Michael R. Souryal

Opportunistic Spectrum Access (OSA) is one of the models proposed in the literature for Dynamic Spectrum Access (DSA). Providing disruption QoS in terms of interference caused to the Primary Users (PUs) is crucial in such systems. In this paper, we use a

National Voluntary Laboratory Accreditation Program (NVLAP) Common Criteria Testing

March 4, 2015

Author(s)

Dana S. Leaman

NIST Handbook 150-20 represents the technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Information Technology Security Testing: Common Criteria Testing. It is

Optimizing the Location Deployment of Dynamic Mobile Base Stations

February 19, 2015

Author(s)

Sulabh Bhattarai, Sixiao Wei, Stephen Rook, Wei Yu, David W. Griffith, Nada T. Golmie

There has been growing interest over the past few years in the US and around the world to build reliable, robust, and interoperable public safety broadband networks for emergency and disaster response. In this paper, we propose a low-cost, dynamic

IT Security

February 4, 2015

Author(s)

Morris Chang, D. Richard Kuhn, Timothy Weil

How can IT professionals adapt to ever-changing security challenges quickly and without draining their organizations' resources? Articles in this issue highlight emerging trends and suggest ways to approach and address cybersecurity challenges. [guest

Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

January 29, 2015

Author(s)

Kelley L. Dempsey, Larry Feldman, Gregory A. Witte

NIST has published an updated version of Special Publication (SP) 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations. SP 800-53A provides guidelines for building effective security assessment plans and

A Logic Based Network Forensics Model for Evidence Analysis

January 28, 2015

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Many attackers tend to use sophisticated multi-stage and/or multi-host attack techniques and anti-forensic tools to cover their traces. Due to the limitations of current intrusion detection and network forensic analysis tools, reconstructing attack

Defensive code's impact on software performance

January 26, 2015

Author(s)

David W. Flater

Defensive code is instructions added to software for the purpose of hardening it against uncontrolled failures and security problems. It is often assumed that defensive code causes a significant reduction in software performance, which justifies its

Vetting the Security of Mobile Applications

January 26, 2015

Author(s)

Stephen Quirolgico, Jeffrey M. Voas, Tom T. Karygiannis, Christoph Michael, Karen Scarfone

The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/22/2015]

January 22, 2015

Author(s)

Ronald S. Ross

[Rev. 4 was superseded by Rev. 5 on 9/23/2020; Rev. 4 will be withdrawn one year from that date, on 9/23/2019] This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for

A Decision Guidance Framework for Sustainability Performance Analysis of Manufacturing Processes

January 10, 2015

Author(s)

Duck B. Kim, Seungjun Shin, Guodong Shao, Alexander Brodsky

Life-Cycle Assessment (LCA) methods are widely used to assess the sustainability of manufacturing processes. Although it has several advantages such as systematic estimation and efficiency, it has significant limitations due to lack of functionality to

An efficient curve evolution algorithm for multiphase image segmentation

January 7, 2015

Author(s)

Gunay Dogan

We propose a novel iterative algorithm for segmentation of multiphase images by curve evolution. Specifically, we address a multiphase version of the Chan-Vese piecewise constant segmentation energy. Our algorithm is efficient: it is based on an explicit