Search CSRC

Journal: IT Professional Abstract: The US National Institute of Standards and Technology's highly visible work in four key areas--cryptographic standards, role-based access control, identification card standards, and security automation--has and continues to shape computer and information security at both national and global levels....

Conference: Third International Workshop on Combinatorial Testing (IWCT 2014) Abstract: Some conflicting results have been reported on the comparison between t-way combinatorial testing and random testing. In this paper, we report a new study that applies t-way and random testing to the Siemens suite. In particular, we investigate the stability of the two techniques. We measure both co...

Conference: Third International Workshop on Combinatorial Testing (IWCT 2014) Abstract: This poster gives an overview of the experience of eight pilot projects, over two years, applying combinatorial testing in a large aerospace organization. While results varied across the different pilot projects, overall it was estimated that CT would save roughly 20% of testing cost, with 20% - 50%...

Conference: Third International Workshop on Combinatorial Testing (IWCT 2014) Abstract: This poster gives an overview of methods for estimating fault detection effectiveness of a test set based on combinatorial coverage for a class of software.

Abstract: Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or rela...

Abstract: Smart cards (smart identity tokens) are now being extensively deployed for identity verification for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of wrong identification, different authenticati...

Abstract: This NISTIR 7628 User's Guide is intended to provide an easy-to-understand approach that you can use to navigate the NISTIR 7628. While NISTIR 7628 covers many significant cybersecurity topics, this User's Guide is focused primarily on the application of NISTIR 7628 Volume 1 in the context of an org...

Abstract: This white paper provides an overview of NIST Special Publication (SP) 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations, which was published April 30, 2013.

Abstract: Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a...

Abstract: The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats take advantage of the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security at risk. To better protect these...

Abstract: Users have developed various coping strategies for minimizing or avoiding the friction and burden associated with managing and using their portfolios of user IDs and passwords or personal identification numbers (PINs). Many try to use the same password (or different versions of the same password) ac...

Journal: Computer (IEEE Computer) Abstract: This special issue presents papers that focus on important problems within the Software Testing community.

Journal: Computer (IEEE Computer) Abstract: The strength of cryptographic keys is an active challenge in academic research and industrial practice. In this paper we discuss the entropy as fundamentally important concept for generating hard-to-guess, i.e., strong, cryptographic keys and outline the difficulties in generating and estimating the...

Journal: IT Professional Abstract: Risk management is a common phrase when managing information, from the CISO to the programmer. We acknowledge that risk management is the identification, assessment and prioritization of risks and reflects how we manage uncertainty. These are some areas of risk that we have come to accept, their mit...

Conference: 2013 International Conference on Social Computing (SocialCom) Abstract: Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the pr...

Journal: IEEE Transactions on Dependable and Secure Computing Abstract: By enabling a direct comparison of different security solutions with respect to their relative effectiveness, a network security metric may provide quantifiable evidences to assist security practitioners in securing computer networks. However, research on security metrics has been hindered by diffic...

Abstract: This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, i...

Abstract: This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizati...

Abstract: The Computer Security Division within ITL has recently provided a draft of Special Publication (SP) 800-152, A Profile for U. S. Federal Cryptographic Key Management Systems, for public comment. NIST SP 800-152 is based on NIST SP 800-130, A Framework for Designing Cryptographic Key Management Syste...

Journal: IEEE Wireless Communications Abstract: When enabling handover between different radio interfaces (e.g., handover from 3G to Wi-Fi), reducing network access authentication latency and securing handover related signaling messages are major challenging problems, amongst many others. The IEEE 802 LAN/MAN Standards committee has recently fini...

Abstract: The National Vulnerability Database (NVD), and its companion, the National Checklist Program (NCP), have provided a valuable and flexible set of services to users around the world since NVD was established in 2005. The NVD was established to provide a U.S. government repository of data about softwar...

Abstract: A password policy may seem formal in the sense that it is written in a legalistic language, giving the impression of a binding contract. However, such policies are informal in the logical sense that the policy statements are not written in a clear, unambiguous form. In password policy research at th...

Abstract: In order to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology and industrial control systems (ICS). They must be able to authenticate the individu...

Abstract: This ITL Bulletin announces the release of the Preliminary Cybersecurity Framework and gives instructions for submitting comments.

Journal: Applied Mathematics & Information Sciences Abstract: On-off scheduling of systems that have the ability to sleep can be used to extend system idle periods and enable greater opportunities for energy savings from sleeping. In this paper, we achieve a theoretical understanding of the delay behavior of on-off scheduling as it may apply to communications...