Search CSRC

Conference: 2021 IEEE/ACM 6th International Workshop on Metamorphic Testing (MET) Abstract: Metamorphic testing has been shown to be useful in testing "non-testable" programs in many domains. Modeling & simulation is one such domain, where both verification and validation can be difficult due to lack of oracles. Although the definition of verification and validation vary slightly in mo...

Journal: Online Journal of Nursing Informatics Abstract: The Internet of Things (IoT) promises to create many opportunities for enhancing human lives, particularly, in healthcare. In this paper we illustrate how an IoT enabled tracking system can help in a special kind of healthcare setting, that is, in the case of a disaster. We briefly describe the disa...

Conference: 2017 Resilience Week (RWS) Abstract: Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber-security is important for ensuring the system funct...

Conference: MODSIM World 2009 Abstract: This study compared random and t-way combinatorial inputs of a network simulator, to determine if these two approaches produce significantly different deadlock detection for varying network configurations. Modeling deadlock detection is important for analyzing configuration changes that could inadve...

The Access Control Rule Logic Circuit Simulation (ACRLCS) has been updated and is now available from the CSRC project webpage.

A new draft NISTIR 8310, "Cybersecurity Framework Election Infrastructure Profile," is available for public comment through May 14, 2021.

Abstract: This document is a Cybersecurity Framework (CSF) Profile developed for voting equipment and information systems supporting elections. This Election Infrastructure Profile can be utilized by election administrators and IT professionals managing election infrastructure to reduce the risks associated w...

Conference: National Symposium on Moving Target Research Abstract: Moving-target defense has been hypothesized as a potential game changer in cyber defense, including that for computer networks. However there has been little work to study how much proactively changing a network’s configuration can increase the difficulty for attackers and thus improve the resilienc...

Conference: 2010 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections (EVT/WOTE '10) Abstract: The term "end-to-end verifiability" has been used over the past several years to describe multiple voting system proposals. The term has, however, never been formally defined. As a result, its meaning tends to change from voting system to voting system. We propose a definition for end-to-end verifia...

Type: Presentation

Type: Presentation

Type: Presentation

Type: Presentation

Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. Most research on AC model or policy...

D.R. Kuhn, R. Kacker and Y.Lei, Random vs. Combinatorial Methods for Discrete Event Simulation of a Grid Computer Network, MODSIM World 2009, Virginia Beach, Virginia, October 14-16, 2009. In Selected Papers Presented at MODSIM World 2009 Conference and Expo, edited by T.E. Pinelli, NASA/CP-2010-216205, National Aeronautics and Space Administration, pp. 83-88. R. Kessel and R. Kacker, A Test of Linearity Using Covering Arrays for Evaluating Uncertainty in Measurement, Advanced Mathematical and Computational Tools in Metrology and Testing (AMCTM VIII), Paris, France, June 23-25, 2008, Series...

Abstract: This document outlines the basic process for the distribution of election material including registration material and blank ballots to UOCAVA voters. It describes the technologies that can be used to support the electronic dissemination of election material along with security techniques ‹ both tec...

Access control systems are among the most critical security components. Faulty policies, misconfigurations, or flaws in software implementation can result in serious vulnerabilities. The specification of access control policies is often a challenging problem. Often a system’s privacy and security are compromised due to the misconfiguration of access control policies instead of the failure of cryptographic primitives or protocols. This problem becomes increasingly severe as software systems become more complex, and are deployed to manage a large amount of sensitive information and resources...

Executive Order 13702 established the National Strategic Computing Initiative (NSCI) to maximize the benefits of high-performance computing (HPC) for economic competitiveness and scientific discovery. The ability to process large volumes of data, perform complex simulations at high speeds, and conduct large-scale AI/ML model training is vital to the nation's vision for maintaining its global competitive edge. Security for HPC systems is an essential component that provides the anticipated benefits. We aim to help the HPC community create an HPC Risk Management Framework (RMF) that shall...

The Help America Vote Act (HAVA) of 2002 was passed by Congress to encourage the upgrade of voting equipment across the United States. HAVA established the Election Assistance Commission (EAC) and the Technical Guidelines Development Committee (TGDC), chaired by the Director of NIST, was well as a Board of Advisors and Standard Board. HAVA calls on NIST to provide technical support to the EAC and TGDC in efforts related to human factors, security, and laboratory accreditation. The Information Technology Laboratory supports the activities of the EAC and TGDC related to voting equipment...

Abstract: Digital twin technology enables the creation of electronic representations of real-world entities and the viewing of the state of those entities. Its full vision will require standards that have not yet been developed. It is relatively new although it uses many existing foundational technologies and...

Abstract: Recommendations are provided to promote accuracy, integrity, and security in computerized vote-tallying, and to improve confidence in the results produced. The recommendations respond to identified problems, and concern software, hardware, operational procedures, and institutional changes. It is pro...

Full Workshop Details The Election Assistance Commission (EAC), Federal Voting Assistance Program (FVAP) of the Department of Defense, and NIST sponsored a workshop to explore the technical issues associated with remote electronic absentee voting systems for military and overseas voters. UOCAVA is the Uniformed and Overseas Citizens Absentee Voting Act. The sponsoring organizations seek to understand: Desired/required functional properties of UOCAVA remote voting systems Advantages and disadvantages of different UOCAVA remote voting system architectures Ways to express and compare...

Full Workshop Details The Election Assistance Commission (EAC) and NIST sponsored a two-and-a-half day symposium to explore emerging trends in voting system technology with the diverse election community at large. The sponsoring organizations seek to have lively discussion on the following topics: Why some jurisdictions are exploring building their own voting systems Trends in voting system technology acquisition and deployment plans How election officials, manufactures and academics view the future of voting system technologies Alternative standard development processes for voting...