Search Publications

NIST Authors in Bold

Displaying 276 - 300 of 1430

RTL-PSC: Automated Power Side-Channel Leakage Assessment at Register-Transfer Level

July 11, 2019

Author(s)

Miao (Tony) He, Jungmin Park, Adib Nahiyan, Apostol Vassilev, Yier Jin, Mark Tehranipoor

Power side-channel attacks (SCAs) have become a major concern to the security community due to their non- invasive feature, low-cost, and effectiveness in extracting secret information from hardware implementation of cryto algorithms. Therefore, it is

Glossary of Key Information Security Terms

July 3, 2019

Author(s)

Celia Paulsen, Robert D. Byers

This publication describes an online glossary of terms used in National Institute of Standards and Technology (NIST) and Committee on National Security Systems (CNSS) publications. This glossary utilizes a database of terms extracted from NIST Federal

Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation

June 28, 2019

Author(s)

William A. Haag Jr., Douglas C. Montgomery, Allen Y. Tan, William C. Barker

The Border Gateway Protocol (BGP) is the default routing protocol to route traffic among internet domains. While BGP performs adequately in identifying viable paths that reflect local routing policies and preferences to destinations, the lack of built-in

It's Scary...It's Confusing...It's Dull: How Cybersecurity Advocates Overcome Negative Perceptions of Security (Presentation)

June 26, 2019

Author(s)

Julie Haney

Cyber attacks are on the rise, but individuals and organizations often fail to implement basic security practices and technologies. Cybersecurity advocates are security professionals who encourage and facilitate the adoption of these best practices. To be

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks

June 25, 2019

Author(s)

Katie Boeckl, Michael Fagan, Bill Fisher, Naomi Lefkovitz, Katerina N. Megas, Ellen M. Nadeau, Benjamin M. Piccarreta, Danna G. O'Rourke, Karen A. Scarfone

The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT

CASFinder: Detecting Common Attack Surface

June 11, 2019

Author(s)

Meng Zhang, Yue Xin, Lingyu Wang, Sushil Jajodia, Anoop Singhal

Code reusing is a common practice in software development due to its various benefits. Such a practice, however, may also cause large scale security issues since one vulnerability may appear in many different software due to cloned code fragments. The well

A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data

June 5, 2019

Author(s)

Ramaswamy Chandramouli, Anoop Singhal, Duminda Wijesekera, Changwei Liu

Hardware/Server Virtualization is a key feature of data centers used for cloud computing services and enterprise computing that enables ubiquitous access to shared system resources. Server virtualization is typically performed by a hypervisor, which

Manufacturing Profile Implementation Methodology for a Robotic Workcell

May 22, 2019

Author(s)

Timothy A. Zimmerman

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity technologies on Industrial Control Systems (ICS). The testbed was chosen to support the implementation of the Cybersecurity

Metrics and Key Performance Indicators for Robotic Cybersecurity Performance Analysis

May 22, 2019

Author(s)

Timothy A. Zimmerman

The National Institute of Standards and Technology has constructed a testbed to measure the performance impact of cybersecurity defenses on Industrial Control Systems (ICS). The testbed allows researchers to emulate real-world industrial manufacturing

Cybersecurity Framework Manufacturing Profile

May 20, 2019

Author(s)

Keith A. Stouffer, Timothy A. Zimmerman, CheeYee Tang, Joshua Lubell, Jeffrey A. Cichonski, John McCarthy

This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for

Cybersecurity Framework Online Informative References (OLIR) Submissions Specification for Completing the OLIR Template

April 26, 2019

Author(s)

Matthew P. Barrett, Nicole D. Keller, Stephen D. Quinn, Matthew C. Smith

[Superseded by NISTIR 8204 (May 2019): https://doi.org/10.6028/NIST.IR.8204] This document provides instructions and definitions for completing the Cybersecurity Framework (CSF) Online Informative References (OLIR) spreadsheet template available for

Applying Combinatorial Testing to Large-scale Data Processing at Adobe

April 22, 2019

Author(s)

Raghu N. Kacker, David R. Kuhn, Riley Smith

Adobe offers an analytics product as part of the Marketing Cloud software with which customers can track many details about users across various digital platforms. For the most part, customers define the amount and type of data to track. This high

Better Circuits for Binary Polynomial Multiplication

April 1, 2019

Author(s)

Rene C. Peralta, Magnus G. Find

We develop a new and simple way to describe Karatsuba-like algorithms for multiplication of polynomials over GF2. These techniques, along with interpolation-based recurrences, yield circuits that are better (smaller and with lower depth) than anything

Smart Contract Federated Identity Management without Third Party Authentication Services

March 28, 2019

Author(s)

Peter M. Mell, James F. Dray Jr., James Shook

Federated identity management enables users to access multiple systems using a single login credential. However, to achieve this a complex authentication has to occur between the user, relying party (RP) (e.g., a business), and a credential service

The Next Generation Risk Management Framework (RMF 2.0): A Holistic Methodology to Manage Information Security, Privacy and Supply Chain Risk

February 28, 2019

Author(s)

Victoria Y. Pillitteri

This bulletin summarizes the information found in NIST SP 800-37, Revision 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy which provides guidelines for applying the RMF to

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Trustworthy Email

February 25, 2019

Author(s)

Scott W. Rose, J. S. Nightingale, Simson Garfinkel, Ramaswamy Chandramouli

This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Mobile Device Security: Cloud and Hybrid Builds

February 21, 2019

Author(s)

Christopher J. Brown, Spike E. Dog, Sallie P. Edwards, Neil C. McNab, Matt Steele, Joshua M. Franklin

This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management

A Layered Graphical Model for Cloud Forensic and Mission Impact Analysis

February 1, 2019

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

In this paper, we describe a layered graphical model to analyze the impact of cyber attacks on business processes and services. Our model has three layers: the upper layer models the business processes and their dependencies. The middle layer constructs

A Method-Level Test Generation Framework for Debugging Big Data Applications

January 24, 2019

Author(s)

Raghu N. Kacker, David R. Kuhn, Huadong Feng, Yu J. Lei

Big data applications are now widely used to process massive amounts of data we create every day. When a failure occurs in a big data application, debugging at the system-level input can be expensive due to the large amount of data being processed. This

Network Attack Surface: Lifting the Attack Surface Concept to Network Level for Evaluating the Resilience against Zero-Day Attacks

December 21, 2018

Author(s)

Meng Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal

The concept of attack surface has seen many applications in various domains, e.g., software security, cloud security, mobile device security, Moving Target Defense (MTD), etc. However, in contrast to the original attack surface metric, which is formally

Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

December 20, 2018

Author(s)

Ronald S. Ross

This publication describes the Risk Management Framework (RMF) and provides guidelines for applying the RMF to information systems and organizations. The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk

A New SCAP Information Model and Data Model for Content Authors

December 18, 2018

Author(s)

Joshua Lubell

The Security Content Automation Protocol (SCAP) data model for source data stream collections standardizes the packaging of security content into self-contained bundles for easy deployment. But no single data model can satisfy all requirements. The source

Automation Support for Security Control Assessments: Software Asset Management

December 6, 2018

Author(s)

Kelley L. Dempsey, Nedim S. Goren, Paul Eavy, George Moore

The NISTIR 8011 volumes focus on each individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST standards-compliant automated

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive