Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 576 - 600 of 1430

Cryptographic Module Validation Program (CMVP)

December 1, 2014

Author(s)

Apostol T. Vassilev, Larry Feldman, Gregory A. Witte

The Cryptographic Module Validation Program (CMVP) validates cryptographic modules for compliance with Federal Information Processing Standard (FIPS) Publication 140-2, Security Requirements for Cryptographic Modules, and other cryptography based standards

Static Analysis is not enough: The Role of Architecture and Design in Software Assurance

December 1, 2014

Author(s)

Walter R. Houser

Static analysis testing of software source code is necessary but not sufficient. Over 40 percent of the Common Weakness Enumeration (CWE) are likely to be introduced in the architecture and design phase of the development life cycle. By their very nature

An Access Control Scheme for Big Data Processing

November 11, 2014

Author(s)

Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn

Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of

Release of NIST SP 800-147B, BIOS Protection Guidelines for Servers

October 29, 2014

Author(s)

Andrew R. Regenscheid, Larry Feldman, Gregory A. Witte

Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and

Avoiding Catastrophes in Cyberspace through Smarter Testing: How to prevent Heartbleed-like disasters using readily available testing technologies

October 16, 2014

Author(s)

Apostol T. Vassilev, Christopher Celi

The recently discovered Heartbleed bug in OpenSSLs implementation of Internet security protocols and the aftermath from dealing with its consequences highlights a critical problem in the software industry. Software is routinely, inadequately tested

A Cybersecurity Testbed for Industrial Control Systems

October 9, 2014

Author(s)

Richard Candell, Keith A. Stouffer, Dhananjay Anand

The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of this testbed is to measure the performance of an ICS when instrumented with cybersecurity protections in

Lightweight Packing of Log Files for Improved Compression in Mobile Tactical Networks

October 8, 2014

Author(s)

Peter M. Mell, Richard Harang

Devices in mobile tactical edge networks are often resource constrained due to their lightweight and mobile nature, and often have limited access to bandwidth. In order to maintain situational awareness in the cyber domain, security logs from these devices

An Asymptotically Optimal Structural Attack on the ABC Multivariate Encryption Scheme

October 3, 2014

Author(s)

Dustin Moody, Ray A. Perlner, Daniel C. Smith-Tone

Historically, multivariate public key cryptography has been less than successful at offering encryption schemes which are both secure and efficient. At PQCRYPTO '13 in Limoges, Tao, Diene, Tang, and Ding introduced a promising new multivariate encryption

Optimizing Information Set Decoding Algorithms to Attack Cyclosymetric MDPC Codes

October 3, 2014

Author(s)

Ray A. Perlner

The most important drawback to code-based cryptography has historically been its large key sizes. Recently, several promising approaches have been proposed to reduce keysizes. In particular, significant keysize reduction has been achieved by using

Differential Properties of the HFE Cryptosystem

October 1, 2014

Author(s)

Taylor Daniels, Daniel Smith-Tone

Multivariate Public Key Cryptography (MPKC) has been put forth as a possible post-quantum family of cryptographic schemes. These schemes lack provable security in the reduction theoretic sense, and so their security against yet undiscovered attacks remains

Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography

October 1, 2014

Author(s)

Elaine B. Barker, Lidong Chen, Dustin Moody

This Recommendation specifies key-establishment schemes using integer factorization cryptography, based on ANS X9.44, Key-establishment using Integer Factorization Cryptography [ANS X9.44], which was developed by the Accredited Standards Committee (ASC) X9

Reducing the Cognitive Load on Analysts Through Hamming Distance Based Alert Aggregation

September 30, 2014

Author(s)

Peter M. Mell, Richard Harang

Previous work introduced the idea of grouping alerts at a Hamming distance of 1 to achieve alert aggregation; such aggregated meta-alerts were shown to increase alert interpret-ability. However, a mean of 84,023 daily Snort alerts were reduced to a still

Release of NIST Interagency Report 7628 Revision 1, Guidelines for Smart Grid Cybersecurity

September 29, 2014

Author(s)

Victoria Y. Pillitteri, Tanya L. Brewer, Larry Feldman, Gregory A. Witte

The United States has embarked on a major transformation of its electric power infrastructure. This vast infrastructure upgrade--extending from homes and businesses to fossil-fuel-powered generating plants and wind farms--is central to national efforts to

Guidelines for Smart Grid Cybersecurity

September 25, 2014

Author(s)

Victoria Y. Pillitteri, Tanya L. Brewer

This three-volume report, Guidelines for Smart Grid Cybersecurity, presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of Smart Grid-related characteristics

Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks

September 11, 2014

Author(s)

Lingyu Wang, Meng Zhang, Sushil Jajodia, Anoop Singhal, M. Albanese

The interest in diversity as a security mechanism has recently been revived in various applications, such as Moving Target Defense (MTD), resisting worms in sensor networks, and improving the robustness of network routing. However, most existing efforts on

Computer Security Division 2013 Annual Report

September 4, 2014

Author(s)

Patrick D. O'Reilly, Gregory A. Witte, Chris Johnson, Doug Rike

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry

BIOS Protection Guidelines for Servers

August 28, 2014

Author(s)

Andrew R. Regenscheid

Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the hypervisor or operating system. Unauthorized modification of BIOS

Policy Machine: Towards a General Purpose Enterprise-Wide Operating Environment

August 28, 2014

Author(s)

David F. Ferraiolo, Larry Feldman, Gregory A. Witte

The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a

Single-shot security for one-time memories in the isolated qubits model

August 21, 2014

Author(s)

Yi-Kai Liu

One-time memories (OTM's) are simple, tamper-resistant cryptographic devices, which can be used to implement sophisticated functionalities such as one-time programs. OTM's cannot exist in a fully-classical world, or in a fully-quantum world, but there is

The Future of Cybersecurity Education

August 19, 2014

Author(s)

Ernest L. McDuffie, V. P. Piotrowski

By fostering public-private partnerships in cybersecurity education, the US government is motivating federal agencies, industry, and academia to work more closely together to defend cyberspace.

On the Unification of Access Control and Data Services

August 15, 2014

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file

Release of NIST Interagency Report 7946, CVSS Implementation Guidance

July 10, 2014

Author(s)

Harold Booth, Joshua M. Franklin, Larry Feldman, Greg Witte

The Common Vulnerability Scoring System (CVSS) is an open standard designed to convey severity and risk of information system vulnerabilities. CVSS was commissioned by the National Infrastructure Advisory Council (NIAC) in support of the global

Approximate Matching: Definition and Terminology

July 2, 2014

Author(s)

Frank Breitinger, Barbara Guttman, Michael McCarrin, Vassil Roussev, Douglas R. White

This document provides a definition of and terminology for approximate matching. Approximate matching is a promising technology designed to identify similarities between two digital artifacts. It is used to find objects that resemble each other or to find

Using Network Tainting to Bound the Scope of Network Ingress Attacks

July 1, 2014

Author(s)

Peter M. Mell, Richard Harang

This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is

Preserving Privacy  More Than Reading a Message

June 27, 2014

Author(s)

Susanne M. Furman, Mary F. Theofanos

Social media has become a mainstream activity where people share all kinds of personal and intimate details about their lives. These social networking sites (SNS) allow users to conveniently authenticate to the third party website by using their SNS

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive