Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 426 - 450 of 1430

Defeating Buffer Overflow: One of the Most Trivial and Dangerous Bugs of All!

October 31, 2016

Author(s)

Paul E. Black, Irena Bojanova

The C programming language was invented over 40 years ago. It is infamous for buffer overflows. We have learned a lot about computer science, language design, and software engineering since then. As it is unlikely that we will stop using C any time soon

Limiting The Impact of Stealthy Attacks on Industrial Control Systems

October 28, 2016

Author(s)

David Urbina, Alvaro Cardenas, Niles O. Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Rick Candell, Heinrik Sandberg

While attacks on information systems have for most practical purposes binary outcomes information was manipulated/eavesdropped, or not), attacks manipulating the sensor or control signals of Industrial Control Systems (ICS) can be tuned by the attacker to

Secure and usable enterprise authentication: Lessons from the Field

October 26, 2016

Author(s)

Mary F. Theofanos, Simson L. Garfinkel, Yee-Yin Choong

There are now more than 5.4 million Personal Identity Verification (PIV) and Common Access Card (CAC) identity cards deployed to US government employees and contractors. These cards are widely used to gain physical access to federal facilities, but their

Making Email Trustworthy

October 24, 2016

Author(s)

Scott W. Rose, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-177: Trustworthy Email. This publication gives recommendations and guidelines for enhancing trust in email. This guideline applies to federal IT systems and will also be useful for any small

Implementation of the Dual Query Algorithm

October 21, 2016

Author(s)

Jason T. Suagee, Simson L. Garfinkel

The Bugs Framework (BF): A Structured Approach to Express Bugs

October 13, 2016

Author(s)

Irena Bojanova, Paul E. Black, Yaacov Yesha, Yan Wu

To achieve higher levels of assurance for digital systems, we need to answer questions such as, does this software have bugs of these critical classes? Do these two tools generally find the same set of bugs, or different, complimentary sets? Can we

Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication

October 6, 2016

Author(s)

Morris J. Dworkin

This Recommendation specifies a message authentication code (MAC) algorithm based on a symmetric key block cipher. This block cipher-based MAC algorithm, called CMAC, may be used to provide assurance of the authenticity and, hence, the integrity of binary

Guide to Cyber Threat Information Sharing

October 4, 2016

Author(s)

Christopher S. Johnson, Mark L. Badger, David A. Waltermire, Julie Snyder, Clem Skorupka

Cyber threat information is any information that can help an organization identify, assess, monitor, and respond to cyber threats. Cyber threat information includes indicators of compromise; tactics, techniques, and procedures used by threat actors

Security Fatigue

October 1, 2016

Author(s)

Brian C. Stanton, Sandra S. Prettyman, Mary F. Theofanos, Susanne M. Furman

Government Data De-Identification Stakeholders Meeting June 29, 2016 Meeting Report

September 28, 2016

Author(s)

Simson L. Garfinkel

What's a Special Character Anyway? Effects of Ambiguous Terminology in Password Rules

September 23, 2016

Author(s)

Yee-Yin Choong, Kristen Greene

Although many aspects of passwords have been studied, no research to date has systematically examined how ambiguous terminology affects the user experience during password rule comprehension, a necessary precursor to password generation. Our research

Mostly sunny with a chance of cyber

September 22, 2016

Author(s)

David W. Flater

Counting known vulnerabilities and correlating different factors with the vulnerability track records of software products after the fact is obviously feasible. The harder challenge is to produce evidence to tell how vulnerable a piece of software is

A Probabilistic Network Forensics Model for Evidence Analysis

September 20, 2016

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Modern-day attackers tend to use sophisticated multi-stage/multi-host attack techniques and anti-forensics tools to cover their attack traces. Due to the current limitations of intrusion detection and forensic analysis tools, reconstructing attack

Advanced Identity Workshop on Applying Measurement Science in the Identity Ecosystem: Summary and Next Steps

September 19, 2016

Author(s)

Michael E. Garcia, Paul A. Grassi

On January 12-13, 2016 the National Institute of Standards and Technology's (NIST) Applied Cybersecurity Division (ACD) hosted the "Applying Measurement Science in the Identity Ecosystem" workshop to discuss the application of measurement science to

Entropy as a Service: Unlocking Cryptography's Full Potential

September 7, 2016

Author(s)

Apostol T. Vassilev, Robert L. Staples

Securing the Internet of Things (IoT) requires strong cryptography, which depends on the availability of good entropy for generating unpredictable keys and accurate clocks. Attacks abusing weak keys or old inputs portend challenges for IoT. EaaS is a novel

Trustworthy Email

September 6, 2016

Author(s)

Ramaswamy Chandramouli, Simson L. Garfinkel, J. S. Nightingale, Scott W. Rose

This document gives recommendations and guidelines for enhancing trust in email. The primary audience includes enterprise email administrators, information security specialists and network managers. This guideline applies to federal IT systems and will

Guest Editors Introduction: Cybersecurity or Privacy

September 1, 2016

Author(s)

Irena V. Bojanova, Jeffrey M. Voas

Cybersecurity is a major concern. Governments, industry, and even hospitals IT infrastructure is being penetrated with increasing frequency and sophistication. The growth of mobile and IoT devices and amateur software only add to that. But, privacy is

Whatever Happened to Formal Methods for Security?

August 23, 2016

Author(s)

Kim B. Schaffer, Jeffrey M. Voas

We asked 7 experts 7 questions to find out what has occurred recently in terms of applying formal methods (FM) to security-centric, cyber problems. We were curious as to whether this successful methodology in "safety-critical" has succeeded as well for

Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

August 22, 2016

Author(s)

Elaine B. Barker

This document is intended to provide guidance to the Federal Government for using cryptography and NIST's cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage. The cryptographic

Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies

August 22, 2016

Author(s)

Elaine B. Barker, William C. Barker

This document is part of a series intended to provide guidance to the Federal Government for using cryptography and NIST's cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage

Integrating Top-down and Bottom-up Cybersecurity Guidance Using XML

August 11, 2016

Author(s)

Joshua Lubell

Key Recovery Attack on Cubic Simple Matrix Encryption

August 11, 2016

Author(s)

Ray Perlner, Dustin Moody, Daniel Smith-Tone

In the last few years multivariate public key cryptography has experienced an infusion of new ideas for encryption. Among these new strategies is the ABC Simple Matrix family of encryption schemes which utilize the structure of a large matrix algebra to

Computer Security Division 2015 Annual Report

August 10, 2016

Author(s)

Patrick D. O'Reilly, Gregory A. Witte, Larry Feldman

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

NIST Updates Personal Identity Verification (PIV) Guidelines

August 10, 2016

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

This bulletin summarized the information presented in NIST SP 800-156: Derived PIV Application and Data Model Test Guidelines and NIST SP 800-166: Representation of PIV Chain-of-Trust for Import and Export. These publications support Federal Information

Integrating Top-down and Bottom-up Cybersecurity Guidance using XML

August 1, 2016

Author(s)

Joshua Lubell

This paper describes a markup-based approach for synthesizing disparate information sources, and then discusses a software implementation of the approach. The implementation, developed using XForms and Extensible Stylesheet Language Transformations (XSLT)

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive