Use this form to search content on CSRC pages.
Type: Presentation
Type: Presentation
Type: Presentation
Journal: Computer Abstract: Combination coverage based testing supplements basic structural coverage based test selection. This provides a sound test engineering method with defensible, quantitative measures of test completeness.
Journal: Computer Abstract: Testing is the most commonly used approach for software assurance, yet it remains as much judgment and art as science. We suggest that structural coverage measures must be supplemented with measures of input space coverage, providing a means of verifying that an adequate input model has been defined...
Abstract: We introduce SPHINCS-Simpira, which is a variant of the SPHINCS signature scheme with Simpira as a building block. SPHINCS was proposed by Bernstein et al. at EUROCRYPT 2015 as a hash-based signature scheme with post-quantum security. At ASIACRYPT 2016, Gueron and Mouha introduced the Simpira family...
Journal: Innovations in Systems and Software Engineering Abstract: A key issue in testing is how many tests are needed for a required level of coverage or fault detection. Estimates are often based on error rates in initial testing, or on code coverage. For example, tests may be run until a desired level of statement or branch coverage is achieved. Combinatorial me...
Conference: 2016 Human Factors and Ergonomics Society Annual Meeting Abstract: Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research begins to address this gap by focusing on users’...
Journal: Journal of Cryptology Abstract: We introduce a new cryptographic primitive called a blind coupon mechanism (BCM). In effect, a BCM is an authenticated bit commitment scheme, which is AND-homomorphic. We show that a BCM has natural and important applications. In particular, we use it to construct a mechanism for transmitting alerts...
Conference: 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2013) Abstract: This poster presents some measures of combinatorial coverage that can be helpful in estimating residual risk related to insufficient testing of rare interactions, and a tool for computing these measures.
Conference: Second International Workshop on Combinatorial Testing 2013 (IWCT 2013) Abstract: The input space of a system must be modeled before combinatorial testing can be applied to this system. The effectiveness of combinatorial testing to a large extent depends on the quality of the input space model. In this paper we introduce an input space modeling methodology for combinatorial testi...
Journal: IT Professional Abstract: Although cloud security concerns have consistently ranked as one of the top challenges to cloud adoption, it's not clear what security issues are particular to cloud computing. To approach this question, the author attempts to derive cloud security issues from various cloud definitions and a referen...
Conference: The Third SHA-3 Candidate Conference Abstract: The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent. The designers give a keyed sponge construction by prepending the message with key and prove a bound on its pseudorandomness in the ideal permu...
Conference: Second ACM Workshop on Role-Based Access Control (RBAC '97) Abstract: In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and practices that face businesses today. The purpose o...
NIST announces the publication of SP 800-204A, "Building Secure Microservices-based Applications Using Service-Mesh Architecture."
NIST has updated Special Publication (SP) 800-128, "Guide for Security-Focused Configuration Management of Information Systems"
SP 1800-5 provides an example IT asset management solution for financial services institutions, so they can securely track, manage, and report on information assets throughout their entire life cycle.
The initial public draft of SP 800-37 Revision 2, Risk Management Framework for Information Systems and Organizations, is available for public comment until June 22, 2018.
NIST announces the release of Special Publication 800-193, Platform Firmware Resiliency Guidelines, a document that provides technical guidelines and recommendations supporting resiliency of the collection of hardware and firmware components of a computer system, also called the platform.
NIST announces the release of the second errata update for SP 800-171 Revision 1.....
NIST announces the public comment release of Draft Special Publication 800-52 Revision 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Transport Layer Security (TLS) provides.....
NIST Releases the Draft Special Publication 800-177 Revision 1, Trustworthy Email for public comment. This updated Special Publication has a new....
NIST Releases the Initial Public Draft of Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.
NIST announces the public comment release of Draft Special Publication 800-193, Platform Firmware Resiliency Guidelines. The platform is a collection of fundamental hardware and firmware components needed to boot and operate a computer system.
NIST announces the release of the final draft of Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems.