Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Ramaswamy Chandramouli (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 26 - 50 of 97

Trustworthy Email

September 6, 2016
Author(s)
Ramaswamy Chandramouli, Simson L. Garfinkel, J. S. Nightingale, Scott W. Rose
This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Derived PIV Application and Data Model Test Guidelines

June 6, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Steven Brady
NIST Special Publication (SP) 800-157 contains technical guidelines for the implementation of standards-based, secure, reliable, interoperable Public Key Infrastructure (PKI)-based identity credentials that are issued for mobile devices by federal

Extending Network Security into Virtualized Infrastructure

June 3, 2016
Author(s)
Ramaswamy Chandramouli, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST Special Publication (SP) 800-125B, "Secure Virtual Network Configuration for Virtual Machine (VM) Protection." That publication provides an analysis of various virtual network configuration options

Representation of PIV Chain-of-Trust for Import and Export

May 20, 2016
Author(s)
Hildegard Ferraiolo, Ramaswamy Chandramouli, Ketan L. Mehta, Jason Mohler, Stephen Skordinski, Steven Brady
This document provides a common XML-based data representation of a chain-of-trust record to facilitate the exchange of PIV Card enrollment data. The exchanged record is the basis to personalize a PIV Card for a transferred employee and also for service

PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 compliance)

April 13, 2016
Author(s)
David Cooper, Hildegard Ferraiolo, Ramaswamy Chandramouli, Jason Mohler
NIST Special Publication (SP) 800-73 contains the technical specifications to interface with the smart card to retrieve and use the Personal Identity Verification (PIV) identity credentials. This document, SP 800-85A, contains the test assertions and test

Analysis of Virtual Networking Options for Securing Virtual Machines

March 20, 2016
Author(s)
Ramaswamy Chandramouli
Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs -- Host-level and Network-level -- it is the approaches for the Network-level protection that are

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016
Author(s)
Ramaswamy Chandramouli
Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Analysis of Network Segmentation Techniques in Cloud Data Centers

July 30, 2015
Author(s)
Ramaswamy Chandramouli
Cloud Data centers are predominantly made up of Virtualized hosts. The networking infrastructure in a cloud (virtualized) data center, therefore, consists of the combination of physical IP network (data center fabric) and the virtual network residing in

Deployment-driven Security Configuration for Virtual Networks

December 28, 2014
Author(s)
Ramaswamy Chandramouli
Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs)

Cryptographic Key Management Issues & Challenges in Cloud Services

September 18, 2013
Author(s)
Ramaswamy Chandramouli, Michaela Iorga, Santosh Chokhani
To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS)

Secure Domain Name System (DNS) Deployment Guide

September 18, 2013
Author(s)
Ramaswamy Chandramouli, Scott W. Rose
The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of

Biometric Specifications for Personal Identity Verification

July 11, 2013
Author(s)
Patrick J. Grother, Wayne J. Salamon, Ramaswamy Chandramouli
Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors [HSPD-12], called for new standards to be adopted governing interoperable use of identity credentials to allow physical and

Security Assurance Requirements for Hypervisor Deployment Features

February 24, 2013
Author(s)
Ramaswamy Chandramouli
Virtualized hosts provide abstraction of the hardware resources (i.e., CPU, Memory etc) enabling multiple computing stacks to be run on a single physical machine. The Hypervisor is the core software that enables this virtualization and hence must be

Service Model Driven Variations in Security Measures for Cloud Environments

November 6, 2011
Author(s)
Ramaswamy Chandramouli
With the increasing adoption of cloud computing service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), proper implementation of adequate and appropriate security protection measures has become a

Information Leakage Through the Domain Name System

March 31, 2011
Author(s)
Scott W. Rose, Anastase Nakassis, Ramaswamy Chandramouli
The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack. An attacker can query an organization's DNS as reconnaissance before attacking hosts on a