Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Ramaswamy Chandramouli (Fed)

Displaying 26 - 50 of 90

Analysis of Virtual Networking Options for Securing Virtual Machines

March 20, 2016

Author(s)

Ramaswamy Chandramouli

Virtual Machines (VMs) constitute the primary category of resources to be protected in virtualized infrastructures. Out of the two types of protection for VMs -- Host-level and Network-level -- it is the approaches for the Network-level protection that are

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

March 11, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn, Chung Tong Hu

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing

Secure Virtual Network Configuration for Virtual Machine (VM) Protection

March 7, 2016

Author(s)

Ramaswamy Chandramouli

Virtual Machines (VMs) are key resources to be protected since they are the compute engines hosting mission-critical applications. Since VMs are end-nodes of a virtual network, the configuration of the virtual network forms an important element in the

Interfaces for Personal Identity Verification [including updates as of 02-08-2016]

February 12, 2016

Author(s)

David Cooper, Hildegard Ferraiolo, Ketan L. Mehta, Salvatore Francomacaro, Ramaswamy Chandramouli, Jason Mohler

FIPS 201 defines the requirements and characteristics of a government-wide interoperable identity credential. FIPS 201 also specifies that this identity credential must be stored on a smart card. This document, SP 800-73, contains the technical

Analysis of Network Segmentation Techniques in Cloud Data Centers

July 30, 2015

Author(s)

Ramaswamy Chandramouli

Cloud Data centers are predominantly made up of Virtualized hosts. The networking infrastructure in a cloud (virtualized) data center, therefore, consists of the combination of physical IP network (data center fabric) and the virtual network residing in

Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)

July 30, 2015

Author(s)

Hildegard Ferraiolo, Ramaswamy Chandramouli, Nabil Ghadiali, Jason Mohler, Scott Shorter

The purpose of this Special Publication is to provide appropriate and useful guidelines for assessing the reliability of issuers of Personal Identity Verification (PIV) Cards and Derived PIV Credentials. These issuers store personal information and issue

Interfaces for Personal Identity Verification

May 29, 2015

Author(s)

David Cooper, Hildegard Ferraiolo, Ketan L. Mehta, Salvatore Francomacaro, Ramaswamy Chandramouli, Jason Mohler

[Superseded by SP 800-73-4 (May 2015, w/updates as of 2/8/2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=920323] FIPS 201 defines the requirements and characteristics of a government-wide interoperable identity credential. FIPS 201

Deployment-driven Security Configuration for Virtual Networks

December 28, 2014

Author(s)

Ramaswamy Chandramouli

Virtualized Infrastructures are increasingly deployed in many data centers. One of the key components of this virtualized infrastructure is the virtual network - a software-defined communication fabric that links together the various Virtual Machines (VMs)

Analysis of Protection Options for Virtualized Infrastructures in Infrastructure as a Service Cloud

May 29, 2014

Author(s)

Ramaswamy Chandramouli

Infrastructure as a Service (IaaS) is one of the three main cloud service types where the cloud consumer consumes a great variety of resources such as computing (Virtual Machines or VMs), virtual network, storage and utility programs (DBMS). Any large

A Methodology for Developing Authentication Assurance Level Taxonomy for Smart Card-based Identity Verification

March 5, 2014

Author(s)

Ramaswamy Chandramouli

Smart cards (smart identity tokens) are now being extensively deployed for identity verification for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of

Cryptographic Key Management Issues & Challenges in Cloud Services

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Michaela Iorga, Santosh Chokhani

To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS)

Secure Domain Name System (DNS) Deployment Guide

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Scott W. Rose

The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of

Biometric Specifications for Personal Identity Verification

July 11, 2013

Author(s)

Patrick J. Grother, Wayne J. Salamon, Ramaswamy Chandramouli

Homeland Security Presidential Directive HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors [HSPD-12], called for new standards to be adopted governing interoperable use of identity credentials to allow physical and

Security Assurance Requirements for Hypervisor Deployment Features

February 24, 2013

Author(s)

Ramaswamy Chandramouli

Virtualized hosts provide abstraction of the hardware resources (i.e., CPU, Memory etc) enabling multiple computing stacks to be run on a single physical machine. The Hypervisor is the core software that enables this virtualization and hence must be

Security Control Variations Between In-House and Cloud-Based Virtualized Infrastructures

August 19, 2012

Author(s)

Ramaswamy Chandramouli

Virtualization-related components (such as Hypervisor, Virtual Network and Virtual Machines (VMs)) in a virtualized data center infrastructure need effective security controls. However, the differences in scope of control (among stakeholders) over this

Determining Authentication Strength for Smart Card-based Authentication Use Cases

January 30, 2012

Author(s)

Ramaswamy Chandramouli

Smart cards are now being extensively deployed for identity verification(smart identity tokens) for controlling access to Information Technology (IT) as well as physical resources. Depending upon the sensitivity of the resources and the risk of wrong

Service Model Driven Variations in Security Measures for Cloud Environments

November 6, 2011

Author(s)

Ramaswamy Chandramouli

With the increasing adoption of cloud computing service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), proper implementation of adequate and appropriate security protection measures has become a

Cloud Service Feature Driven Security Policies for Virtualized Infrastructures

July 19, 2011

Author(s)

Ramaswamy Chandramouli

With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of

Information Leakage Through the Domain Name System

March 31, 2011

Author(s)

Scott W. Rose, Anastase Nakassis, Ramaswamy Chandramouli

The Domain Name System (DNS) is the global lookup service for network resources. It is often the first step in an Internet transaction as well as a network attack. An attacker can query an organization's DNS as reconnaissance before attacking hosts on a

Framework for Emergency Response Officials (ERO): Authentication and Authorization Infrastructure

August 31, 2010

Author(s)

Ramaswamy Chandramouli, Teresa T. Schwarzhoff

This document describe a framework (with the acronym ERO-AA) for establishing an infrastructure for authentication and authorization of Emergency Response officials (ERO) who respond to various types of man-made and natural disasters. The population of

PIV Card Application and Middleware Interface Test Guidelines (SP800-73-3 compliance)

July 28, 2010

Author(s)

Ramaswamy Chandramouli, Hildegard Ferraiolo, Ketan L. Mehta

[Superseded by SP 800-85A-4 (April 2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=920340] The objective of this document is to provide test requirements and test assertions that could be used to validate the compliance/conformance of

Authentication Assurance Level Taxonomies for Smart Identity Token Deployments - A New Approach

June 21, 2010

Author(s)

Ramaswamy Chandramouli

Authentication assurance level taxonomies that have been specified in many real-world smart identity token deployments do not fully reflect all the security properties associated with their underlying authentication mechanisms. In this paper we describe

State of Security Readiness

June 10, 2010

Author(s)

Ramaswamy Chandramouli, Peter M. Mell

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. However, the

Secure Domain Name System (DNS) Deployment Guide

April 30, 2010

Author(s)

Ramaswamy Chandramouli

[Superseded by SP 800-81-2 (September 2013): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=914217] This document provides deployment guidelines for securing the Domain Name System (DNS) in any enterprise a government agency or a corporate

Interfaces for Personal Identity Verification

February 19, 2010

Author(s)

Ramaswamy Chandramouli, David A. Cooper, James F. Dray Jr., Hildegard Ferraiolo, Scott Guthery, William I. MacGregor, Ketan Mehta

[Superseded by SP 800-73-4 (May 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=918402] FIPS 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, defines procedures for the PIV lifecycle activities including