Search Publications

Displaying 726 - 750 of 2294

National Voluntary Laboratory Accreditation Program (NVLAP) Common Criteria Testing

March 4, 2015

Author(s)

Dana S. Leaman

NIST Handbook 150-20 represents the technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Information Technology Security Testing: Common Criteria Testing. It is

Optimizing the Location Deployment of Dynamic Mobile Base Stations

February 19, 2015

Author(s)

Sulabh Bhattarai, Sixiao Wei, Stephen Rook, Wei Yu, David W. Griffith, Nada T. Golmie

There has been growing interest over the past few years in the US and around the world to build reliable, robust, and interoperable public safety broadband networks for emergency and disaster response. In this paper, we propose a low-cost, dynamic

IT Security

February 4, 2015

Author(s)

Morris Chang, D. Richard Kuhn, Timothy Weil

How can IT professionals adapt to ever-changing security challenges quickly and without draining their organizations' resources? Articles in this issue highlight emerging trends and suggest ways to approach and address cybersecurity challenges. [guest

Release of NIST Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations

January 29, 2015

Author(s)

Kelley L. Dempsey, Larry Feldman, Gregory A. Witte

NIST has published an updated version of Special Publication (SP) 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations. SP 800-53A provides guidelines for building effective security assessment plans and

A Logic Based Network Forensics Model for Evidence Analysis

January 28, 2015

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Many attackers tend to use sophisticated multi-stage and/or multi-host attack techniques and anti-forensic tools to cover their traces. Due to the limitations of current intrusion detection and network forensic analysis tools, reconstructing attack

Defensive code's impact on software performance

January 26, 2015

Author(s)

David W. Flater

Defensive code is instructions added to software for the purpose of hardening it against uncontrolled failures and security problems. It is often assumed that defensive code causes a significant reduction in software performance, which justifies its

Vetting the Security of Mobile Applications

January 26, 2015

Author(s)

Stephen Quirolgico, Jeffrey M. Voas, Tom T. Karygiannis, Christoph Michael, Karen Scarfone

The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of

Security and Privacy Controls for Federal Information Systems and Organizations [including updates as of 1/22/2015]

January 22, 2015

Author(s)

Ronald S. Ross

[Rev. 4 was superseded by Rev. 5 on 9/23/2020; Rev. 4 will be withdrawn one year from that date, on 9/23/2019] This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for

A Decision Guidance Framework for Sustainability Performance Analysis of Manufacturing Processes

January 10, 2015

Author(s)

Duck B. Kim, Seungjun Shin, Guodong Shao, Alexander Brodsky

Life-Cycle Assessment (LCA) methods are widely used to assess the sustainability of manufacturing processes. Although it has several advantages such as systematic estimation and efficiency, it has significant limitations due to lack of functionality to

An efficient curve evolution algorithm for multiphase image segmentation

January 7, 2015

Author(s)

Gunay Dogan

We propose a novel iterative algorithm for segmentation of multiphase images by curve evolution. Specifically, we address a multiphase version of the Chan-Vese piecewise constant segmentation energy. Our algorithm is efficient: it is based on an explicit

Background Intensity Correction for Terabyte-Sized Time-Lapse Images

December 30, 2014

Author(s)

Joe Chalfoun, Michael P. Majurski, Kiran Bhadriraju, Steven P. Lund, Peter Bajcsy, Mary C. Brady

Release of NIST Special Publication 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 30, 2014

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

NIST has recently released Special Publication (SP) 800-157, Guidelines for Derived Personal Identity Verification (PIV) Credentials. Itto provide the technical details for a system by which mobile devices such as smart phones and tables are provisioned

Deployment-driven Security Configuration for Virtual Networks

December 28, 2014

Author(s)

Ramaswamy Chandramouli

Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs)

Guidelines for Derived Personal Identity Verification (PIV) Credentials

December 19, 2014

Author(s)

Hildegard Ferraiolo, David A. Cooper, Salvatore Francomacaro, Andrew R. Regenscheid, Jason Mohler, Sarbari Gupta, William E. Burr

This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable, interoperable PKI-based identity credentials that are issued by Federal departments and agencies to individuals who possess and prove control

Metrics of Security

December 15, 2014

Author(s)

Yi Cheng, Julia Deng, Jason Li, Scott DeLoach, Anoop Singhal, Xinming Ou

Discussion of challenges and ways of improving Cyber Situational Awareness dominated our previous chapters. However, we have not yet touched on how to quantify any improvement we might achieve. Indeed, to get an accurate assessment of network security and

Natural Scene Statistics in Infrared Images

December 12, 2014

Author(s)

Nicholas G. Paulter Jr., Todd R. Goodall, Alan C. Bovik

Natural Scene Statistics (NSS) produces powerful perceptually relevant tools that have been highly successful in image quality analysis of visible light images. These NSS capture statistical regularities in the physical world and thus can be applicable to

Fog Bank: A Single Cell Segmentation across Multiple Cell Lines and Image Modalities

December 11, 2014

Author(s)

Joe Chalfoun, Michael P. Majurski, Alden A. Dima, Christina Stuelten, Adele P. Peskin, Mary C. Brady

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

December 10, 2014

Author(s)

Ronald S. Ross

[Superseded by SP 800-53A Rev. 5 (January 2022): https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933932] This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal

Formalizing Software Bugs

December 8, 2014

Author(s)

Irena Bojanova

Knowing what makes a software systems vulnerable to attacks is critical, as software vulnerabilities hurt security, reliability, and availability of the system as a whole. In addition, understanding how an adversary operates is essential to effective cyber

Effective and Scalable Uncertainty Evaluation for Large-Scale Complex System Applications

December 7, 2014

Author(s)

Kevin L. Mills, James J. Filliben, Junfei Xie, Yan Wan, Yi Zhou, Yu Lei

Effective uncertainty evaluation is a critical step toward real-time and robust decision-making for complex systems in uncertain environments. A Multivariate Probabilistic Collocation Method (M-PCM) was developed to effectively evaluate system uncertainty

Cryptographic Module Validation Program (CMVP)

December 1, 2014

Author(s)

Apostol T. Vassilev, Larry Feldman, Gregory A. Witte

The Cryptographic Module Validation Program (CMVP) validates cryptographic modules for compliance with Federal Information Processing Standard (FIPS) Publication 140-2, Security Requirements for Cryptographic Modules, and other cryptography based standards

Flat lens criterion by small-angle phase

December 1, 2014

Author(s)

Peter Ott, Mohammed H. Al Shakhs, Henri Lezec, Kenneth J. Chau

It is sometimes possible to image using a flat lens consisting of planar, uniform media. There is conceptual division between theoretical flat lens proposals, which require exotic properties such as negative index or counter-intuitive behavior such as

Static Analysis is not enough: The Role of Architecture and Design in Software Assurance

December 1, 2014

Author(s)

Walter R. Houser

Static analysis testing of software source code is necessary but not sufficient. Over 40 percent of the Common Weakness Enumeration (CWE) are likely to be introduced in the architecture and design phase of the development life cycle. By their very nature

Electrodermal Activity and Eye Movements Inform the Usability of Passwords

November 18, 2014

Author(s)

Jennifer R. Bergstrom, Kristen K. Greene, David C. Hawkins, Christian Gonzalez

While measuring physiological responses is a common practice in the field of neuroscience, it is rare in the usability arena and in password usability studies, in particular. This is unfortunate, as the use of such implicit measures could complement more

Classical simulation of Yang-Baxter gates

November 3, 2014

Author(s)

Stephen P. Jordan, Gorjan Alagic, Aniruddha Bapat

A unitary operator that satisfies the constant Yang-Baxter equation immediately yields a unitary representation of the braid group Bn for every n ≥ 2. If we view such an operator as a quantum-computational gate, then topological braiding corresponds to a