Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/autonomous-systems-assurance/assured-autonomy-papers
Our conference and journal papers on assured autonomy and explainable AI. We try to include links to the full papers, but for those not yet linked, please contact us for a copy: [email protected]. Papers 2023 Chandrasekaran, J., Lanus, E., Cody, T., Freeman, L.J., Kacker, R., Raunak, M., Kuhn, D.R. From Scoping to Re-engineering: Leveraging Combinatorial Coverage in ML Product Lifecycle (submitted). Olsen, M., Raunak, M. S., & Kuhn, D. R. (2023, June). Predicting ABM Results with Covering Arrays and Random Forests. In International Conference on Computational Science (pp. 237-252). Cham:...
Publications
IR 8481 (Initial Public Draft)
August 31, 2023
https://csrc.nist.gov/pubs/ir/8481/ipd
Abstract: Unmanaged cybersecurity risks can wreak havoc on a community. This is no less true for the U.S. scientific research ecosystem, particularly members of the higher education research community, which can be characterized by its fundamentally open, collaborative culture and web of highly decentralized...
Events
August 29, 2023 - August 29, 2023
https://csrc.nist.gov/events/2023/forum-meeting-august-29-2023
The Federal Cybersecurity and Privacy Professionals Forum is an informal group sponsored by the National Institute of Standards and Technology (NIST) to promote the sharing of system security and privacy information among federal, state, and local government, and higher education employees. The Forum maintains an extensive e-mail list and holds quarterly meetings to discuss current issues and items of interest to those responsible for protecting non-national security systems. For more information about the Forum and instructions on how to join, see: https://csrc.nist.gov/Projects/forum. A...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/combinatorial-coverage-measurement/coverage-measurement
Latest research: Combinatorial Frequency Differencing. NIST Cybersecurity Whitepaper.- Describes measures of the frequency of combination coverage and difference between Class and Non-class elements in machine learning classification problems. Illustrates application of these methods for identifying weaknesses in physical unclonable function implementations. Combinatorial Coverage Difference Measurement. NIST Cybersecurity Whitepaper.- Introduces a variety of measures that can be applied to understanding differences in combination coverage. Also see our User Manual for the coverage...
Publications
Conference Paper (Final)
August 6, 2023
https://csrc.nist.gov/pubs/conference/2023/08/06/cybersecurity-definitions-for-nonexperts/final
Conference: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023 Abstract: Despite the importance of cybersecurity, there is no standard definition nor common terminology for explaining cybersecurity. Existing definitions largely target academics or technical experts but not non-experts (those without cybersecurity proficiency). To gain a better understanding of which defi...
Events
July 25, 2023 - July 25, 2023
https://csrc.nist.gov/events/2023/stppa6
Event #6's theme: Community Efforts on Advanced Cryptographic Techniques Featured topics: FHE, MPC, ZKP, ABE, Threshold Crypto, PAKE. Structure: Welcome/introduction; 6 invited talks; panel conversation. Date and time: July 25th (Tuesday), 2023, 09:30–15:00 EDT. Location: Virtual event (video conference). Attendance: Open and free to the public, upon registration. Format: Webinar (presenters can share video and audio; attendees can use text for questions and comments). Tweet: https://twitter.com/NISTcyber/status/1678435569284812802 Schedule Welcome and introduction...
Publications
IR 8270 (Final)
July 25, 2023
https://csrc.nist.gov/pubs/ir/8270/final
Abstract: Space is a newly emerging commercial critical infrastructure sector that is no longer the domain of only national government authorities. Space is an inherently risky environment in which to operate, so cybersecurity risks involving commercial space – including those affecting commercial satellite v...
Publications
SP 800-219 Rev. 1 (Final)
July 21, 2023
https://csrc.nist.gov/pubs/sp/800/219/r1/final
Abstract: The macOS Security Compliance Project (mSCP) provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication in...
Project Pages
https://csrc.nist.gov/projects/automated-combinatorial-testing-for-software/acts-library/papers
Fundamental background papers: Empirical justification for combinatorial testing: D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.Abstract; DOI: 10.1109/TSE.2004.24 Preprint. Comment: Investigates interaction level required to trigger faults in a large distributed database system. IPOG algorithm used in construction of covering arrays: Y.Lei, R. Kacker, D.R. Kuhn, V. Okun and J. Lawrence, IPOG: a General Strategy for T-way Software Testing, 14th...
Project Pages
https://csrc.nist.gov/projects/measurements-for-information-security/research
These are current NIST research to identify meaningful metrics and measures in context to understand the effectiveness and resource needs of different cybersecurity technical measures. Measuring Security Risk in Enterprise Networks Methodology to measure the overall system risk by combining the attack graph structure with the Common Vulnerability Scoring System (CVSS). Cyber Risk Analytics and Measurement Research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. Develop guidelines to improve the assessment and measurement of...
Project Pages
https://csrc.nist.gov/projects/program-review-for-information-security-assistance/prisma-review-option-1
The Program Review for Information Security Assistance (PRISMA) project was last updated in 2007; NIST Interagency Report (IR) 7358 and the corresponding PRISMA tool continue to serve as useful resources for high-level guidance and as a general framework, but may not be fully consistent with changes to requirements, standards and guidelines for securing systems. The PRISMA project is being incorporated into the NIST Cybersecurity Risk Analytics and Measurement project, and research to support updates will begin in FY24. For questions or comments regarding the NIST Cybersecurity Risk Analytics...
