Publications

Displaying 1 - 19 of 19

NIST Cloud Computing Forensic Science Challenges

August 25, 2020

Author(s)

Martin Herman, Michaela Iorga, Ahsen Michael Salim, Robert H. Jackson, Mark R. Hurst, Ross Leo, Richard Lee, Nancy Landreville, Anand K. Mishra, Yien Wang, Rodrigo Sardinas

This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a

General Access Control Guidance for Cloud Systems

July 31, 2020

Author(s)

Chung Tong Hu, Michaela Iorga, Wei Bao, Ang Li, Qinghua Li, Antonios Gouglidis

This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service

Fog Computing Conceptual Model

March 14, 2018

Author(s)

Michaela Iorga, Larry Feldman, Robert Barton, Michael J. Martin, Nedim S. Goren, Charif Mahmoudi

Managing the data generated by Internet of Things (IoT) sensors and actuators is one of the biggest challenges faced when deploying an IoT system. Traditional cloud-based IoT systems are challenged by the large scale, heterogeneity, and high latency

Alexa, Can I Trust You?

September 29, 2017

Author(s)

Judy Chung, Michaela Iorga, Jeff Voas, Sangjin Lee

Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these

Cloud Computing Security: Foundations and Challenges - Chapter 14: Cloud Computing Security Essentials and Architecture

September 8, 2016

Author(s)

Michaela Iorga, Anil Karmel

The document, a chapter of the "Cloud Computing Security: Foundations and Challenges" (CRC Press) discusses the essential security challenges and requirements for cloud consumers that intend to adopt cloud-based solutions for their information systems.

Cloud Computing Security: Foundations and Challenges - Chapter 7: Managing Risk in the Cloud

September 8, 2016

Author(s)

Michaela Iorga, Anil Karmel

The document, a chapter of the "Cloud Computing Security: Foundations and Challenges" (CRC Press) discusses the risk management for a cloud-based information system viewed from the cloud consumer perspective.

Using a Capability Oriented Methodology to Build Your Cloud Ecosystem

March 31, 2016

Author(s)

Michaela Iorga, Karen Scarfone

Organizations often struggle to capture the necessary functional capabilities for each cloud-based solution adopted for their information systems. Identifying, defining, selecting, and prioritizing these functional capabilities and the security components

Managing Risk in a Cloud Ecosystem

December 18, 2015

Author(s)

Michaela Iorga, Anil Karmel

The article focuses on the tier 3 security risks related to the operation and use of cloud-based information systems. To prevent and mitigate any threats, adverse actions, service disruptions, attacks, or compromises, organizations need to quantify their

Leveraging the Potential of Cloud Security Service-Level Agreements through Standards

July 15, 2015

Author(s)

Jesus Luna, Neeraj Suri, Michaela Iorga, Anil Karmel

This article takes a fresh view on cloud security by analyzing, from the risk management perspective, the specification of security in Cloud Service Level Agreements (secSLA), which forms a promising approach to empower customers in assessing and

Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework

March 2, 2015

Author(s)

Michaela Iorga, Scott Shorter

As electric utilities turn to Advanced Metering Infrastructures (AMIs) to promote the development and deployment of the Smart Grid, one aspect that can benefit from standardization is the upgradeability of Smart Meters. The National Electrical

ITL Forensic Science Program

June 5, 2014

Author(s)

Barbara Guttman, Martin Herman, Michaela Iorga, Larry Feldman, Kim Quill

Forensic science provides the methodologies for understanding crime scenes. It is used for analyzing evidence, identifying suspects, and prosecuting and convicting criminals while exonerating innocent people. To maintain the integrity of the U.S. criminal

Cryptographic Key Management Issues & Challenges in Cloud Services

September 18, 2013

Author(s)

Ramaswamy Chandramouli, Michaela Iorga, Santosh Chokhani

To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS)

Challenging Security Requirements for US Government Cloud Computing Adoption

November 19, 2012

Author(s)

Michaela Iorga

The Federal Cloud Strategy, February 8, 2010, outlines a federal cloud computing program that identifies program objectives aimed at accelerating the adoption of cloud computing across the federal government. NIST, along with other agencies, was tasked

A public randomness service

July 21, 2011

Author(s)

Michael J. Fischer, Michaela Iorga, Rene Peralta

We argue for the deployment of sources of randomness on the Internet for promoting and enhancing electronic commerce. We describe, in rough detail, our planned implementation of such a source.

NIST HANDBOOK 150-25 2009 Edition National Voluntary Laboratory Accreditation Program BIOMETRICS TESTING

July 23, 2009

Author(s)

Bradley W. Moore, Michaela Iorga

NIST Handbook 150-25 presents technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Biometrics program. It is intended for information and use by accredited

NIST Handbook 150-17, 2008 Edition, National Voluntary Laboratory Accreditation Program, Cryptographic and Security Testing

June 5, 2008

Author(s)

Michaela Iorga, Carroll S. Brickenkamp

NIST Handbook 150-17 presents technical requirements and guidance for the accreditation of laboratories under the National Voluntary Laboratory Accreditation Program (NVLAP) Cryptographic and Security Testing (CST) Program. It is intended for information

NIST HANDBOOK 150-17 2008 Edition National Voluntary Laboratory Accreditation Program CRYPTOGRAPHIC AND SECURITY TESTING

May 21, 2008

Author(s)

Michaela Iorga, Carroll S. Brickenkamp

The 2008 edition of NIST Handbook 150-17 incorporates changes resulting from the release of the newest editions of ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories, ISO/IEC 17011, Conformity assessment General

Government Smart Card Interoperability Specification, Version 2.1

July 16, 2003

Author(s)

Teresa T. Schwarzhoff, James F. Dray Jr., John P. Wack, Eric Dalci, Alan H. Goldfine, Michaela Iorga

This Government Smart Card Interoperability Specification (GSC-IS) provides solutions to a number of the interoperability challenges associated with smart card technology. The original version of the GSC-IS (version 1.0, August 2000) was developed by the

Policy Expression and Enforcement for Handheld Devices

April 1, 2003

Author(s)

Wayne Jansen, Tom T. Karygiannis, Vladimir Korolev, Serban I. Gavrila, Michaela Iorga

The use of mobile handheld devices, such as Personal Digital Assistants (PDAs) and tablet computers, within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but instead have become

Search Publications by: Dr. Michaela Iorga (Fed)