Search CSRC

Dataworks 2025 short course PPT

Machine learning (ML) systems are more and more widely deployed in multiple sectors. Autonomous driving cars are using object detection systems to process the images/videos from the cameras to understand the traffic signals and real time traffic around them. ML has been used to translate text from one language to another in several systems. At the same time, ML systems also introduce new security threats that are not seen in traditional software and network systems. For example, data poisoning and adversarial examples attacks generate incorrect output; membership and denial of service attacks...

Abstract: This work proposes a framework for analyzing threats related to the semiconductor supply chain. The framework introduces a metric that quantifies the severity of different threats subjected to a collusion of adversaries from different stages of the supply chain. Two different case studies are provid...

Abstract: Modern enterprise IT systems rely on a family of application programming interfaces (APIs) for integration to support organizational business processes. Hence, a secure deployment of APIs is critical for overall enterprise security. This, in turn, requires the identification of risk factors or vulne...

Journal: Computer (IEEE Computer) Abstract: This article reviews the current human–large language models collaboration approach to bug fixing and points out the research directions toward (the development of) autonomous program repair artificial intelligence agents.

Conference: 39th IFIP WG 11.3 Annual Conference on Data and Applications Security and Privacy, DBSec 2025 Abstract: Large language models (LLMs) have emerged as a powerful tool for retrieving knowledge through seamless, human-like interactions. Despite their advanced text generation capabilities, LLMs exhibit hallucination tendencies, where they generate factually incorrect statements and fabricate knowledge, und...

Abstract: This white paper describes the network infrastructure design principles that commercial and private 5G network operators are encouraged to use to improve cybersecurity and privacy. Such a network infrastructure isolates types of 5G network traffic from each other: data plane, signaling, and operatio...

Abstract: A zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time, from any device in support of the organizat...

Abstract:

Abstract: Although hardware is commonly believed to be security-resilient, it is often susceptible to vulnerabilities that arise from design and implementation flaws. These flaws can jeopardize the hardware’s security, its operations, and critical user information. This investigation presents a comprehensive...

Conference: 2025 ACM International Workshop on Security and Privacy Analytics Abstract: Large Language Models (LLMs) have shown promise in automating code vulnerability repair, but their effectiveness in handling real-world code remains limited. This paper investigates the capability of LLMs, in repairing vulnerabilities and proposes a systematic approach to enhance their performance t...

Abstract: The system security plan, system privacy plan, and cybersecurity supply chain risk management plan are collectively referred to as system plans. They describe the purpose of the system, the operational status of the controls selected and allocated for meeting risk management requirements, and the re...

Abstract: This document reports on the Virtual Workshop on Usable Cybersecurity and Privacy for Immersive Technologies (the Workshop) hosted by the Symposium in Usable Privacy and Security (SOUPS). The Workshop was held on August 7th, 2024 before the in-person symposium held August 11th and 12th, 2024 in Phil...

Abstract: This work presents a proposed security metric to determine the likelihood that a vulnerability has been observed to be exploited. Only a small fraction of the tens of thousands of software and hardware vulnerabilities that are published every year will be exploited. Predicting which ones is importan...

Abstract: This report summarizes discussions held at the March 5, 2025 "Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers” organized by the NIST Cybersecurity for the Internet of Things (IoT) program. This workshop follows an earlier event held in December 2024 titled “Workshop on...

Abstract: Internet of Things (IoT) products often lack product cybersecurity capabilities their customers—organizations and individuals—can use to help mitigate their cybersecurity risks. Manufacturers can help their customers by improving the securability of their IoT products by providing necess...

Abstract: This report is designed to help small firms use the NIST Cybersecurity Framework (CSF) 2.0 to begin managing their cybersecurity risks. The document is tailored to the smallest of businesses—those with no employees, or “non-employer” firms. These firms are also often colloquially referred to as “sol...

Abstract: High-performance computing (HPC) systems provide fundamental computing infrastructure for large-scale artificial intelligence (AI) and machine learning (ML) model training, big data analysis, and complex simulations at exceptional speeds. Securing HPC systems is essential for safeguarding AI models,...

Abstract: Throughout Fiscal Year 2024 (FY 2024) — from October 1, 2023, through September 30, 2024 — the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy. This Annual Report highlights the ITL...

Abstract: This report summarizes the feedback received by the NIST Cybersecurity for the Internet of Things (IoT) program at the in-person and hybrid workshop on "Updating Manufacturer Guidance for Securable Connected Product Development" held in December 2024. The purpose of this workshop was to consider how...

Conference: 2025 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW) Abstract: Artificial Intelligence (AI) models use statistical learning over data to solve complex problems for which straightforward rules or algorithms may be difficult or impossible to design; however, a side effect is that models that are complex enough to sufficiently represent the function may be uninter...

Abstract: This document provides an overview of trusted Internet of Things (IoT) device network-layer onboarding, a capability for securely providing IoT devices with their local network credentials in a manner that helps to ensure that the network is not put at risk as new IoT devices are connected to it— en...

Abstract: The NIST Privacy Framework 1.1 is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. It provides high-level privacy risk management outcomes tha...

Abstract: This report introduces the cryptographic accordion as a tweakable, variable-input-length strong pseudorandom permutation (VIL-SPRP) that is constructed from an underlying block cipher. An accordion facilitates the cryptographic processing of messages of various sizes while offering enhanced security...

Abstract: This document provides Domain Name System (DNS) deployment guidelines to secure the DNS protocol and infrastructure, mitigate misuse or misconfiguration, and provide an additional layer of network security as part of a zero trust and/or defense-in-depth security risk management approach. This introd...