Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

NIST Topic Areas

Report Number

Publication Date

Max Publication Date

NIST Authors in Bold

Displaying 1301 - 1325 of 1431

Securing Web Servers

September 21, 1999

Author(s)

Peter M. Mell, David F. Ferraiolo

This ITL Bulletin enumerates and describes techniques by which one can secure web servers. It categorizes the techniques into security levels to aid in their cost-effective application.

Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems

September 8, 1999

Author(s)

Peter M. Mell, Mark McLarnon

Distributed intrusion detection systems are especially vulnerable to attacks since, typically, each component resides at a static location and components are connected together into a hierarchical structure. An attacker can disable such a system by taking

Object Retrieval and Access Management in Electronic Commerce

September 1, 1999

Author(s)

S A. Wakid, John Barkley, Mark Skall

Electronic commerce over the Internet is now tens of billions of dollars per year and growing. This article describes how objects used in EC can be located and protected from unauthorized access. It discusses the three kinds of EC: customer interactions

Randomness Testing of the Advanced Encryption Standard Candidate Algorithms

September 1, 1999

Author(s)

Juan Soto

One of the criteria used to evaluate the Advanced Encryption Standard candidate algorithms was their demonstrated suitability as random number generators. That is, the evaluation of their output utilizing statistical tests should not provide any means by

The Advanced Encryption Standard: A Status Report

August 25, 1999

Author(s)

Elizabeth B. Lennon

In 1997, the National Institute of Standards and Technology (NIST) initiated a process to select a symmetric-key encryption algorithm to be used to protect sensitive (unclassified) Federal Information, in furtherance of NIST's statutory responsibilities

Enforcing Integrity While Maintaining Secrecy

July 27, 1999

Author(s)

D G. Marks

We consider the role of constraints in maintaining both secrecy and integrity in a multilevel secure database. In a multilevel database, certain integrity and classification constraints create a secrecy problem since data additions, deletions or

Computer Attacks: What They Are and How to Defend Against Them

May 26, 1999

Author(s)

Peter M. Mell

Although a host of technologies exists to detect and prevent attacks against computers, a human must coordinate responding to a successful network penetration. At the same time, the majority of systems administrators are not prepared to handle a

Critical Infrastructures Protection: Research Agendas for Information Systems Security

May 17, 1999

Author(s)

Stuart W. Katzke, A Oldehoeft, Shirley M. Radack

Several national studies have examined the vulnerabilities and threats to the critical infrastructures upon which the United States depends for its national defense and economic growth, and have addressed measures needed to protect the critical

Enhancements to Data Encryption and Digital Signature Federal Standards

March 4, 1999

Author(s)

Elizabeth B. Lennon

This ITL Bulletin, February 1999, summarizes proposed changes to two Federal Information Processing Standards (FIPS): FIPS 46-2, Data Encryption Standard, and FIPS 186, Digital Signature Standard. It outlines the proposed enhancements to the two standards

A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet

February 1, 1999

Author(s)

David F. Ferraiolo, John Barkley, David R. Kuhn

This paper describes NIST's enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992

Secure Web-Based Access to High-Performance Computing Resources

January 15, 1999

Author(s)

R P. McCormack, J E. Koontz, J E. Devaney

An authentication framework is described that provides a secure meansor clients to access remote computing resources via the Web. Clientsauthenticate themselves to a proxy Web server using a secure protocoland a digital certificate. The server constructs a

Digital Signature Standard (DSS)

December 15, 1998

Author(s)

Elaine B. Barker

[Superseded by FIPS 186-2 (January 27, 2000): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=] This standard specifies a suite of algorithms which can be used to generate a digital signature. Digital signatures are used to detect unauthorized

Guide for Developing Security Plans for Information Technology Systems

December 1, 1998

Author(s)

Marianne M. Swanson

[Superseded by SP 800-18 Revision 1 (February 2006): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150601] Today's rapidly changing technical environment requires federal agencies to adopt a minimum set of management controls to protect

Common Criteria: Launching the International Standards

November 25, 1998

Author(s)

E F. Troy

This Information Technology Laboratory (ITL) Bulletin provides an introduction and overview of the Common Criteria (CC) for Information Technology (IT) Security and describes its US and multi-national implementation. The CC is the new standard for

Understanding the Global Attack Toolkit Using a Database of Dependent Classifiers

November 5, 1998

Author(s)

Peter M. Mell

High profile Internet web sites publish a large collection of attack scripts that we call the Global Attack Toolkit (GAT). It is a dangerous tool available to the average web surfer and yet we known little about this set of attacks besides the fact that it

Role-Based Access Control for the Web

October 29, 1998

Author(s)

John Barkley, David R. Kuhn, Lynne S. Rosenthal, Mark Skall, Anthony V. Cincotta

Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on

Managing Role/Permission Relationships Using Object Access Types

October 23, 1998

Author(s)

John Barkley, Anthony V. Cincotta

The role metaphor in Role Based Access Control (RBAC) is particularly powerful in its ability to express access policy in terms of the way in which administrators view organizations. Much of the effort in providing administrative tools for RBAC has been

Role Based Access Control on MLS Systems Without Kernel Changes

October 23, 1998

Author(s)

David R. Kuhn

Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security

Inheritance Properties of Role Hierarchies

October 9, 1998

Author(s)

Wayne Jansen

Role Based Access Control (RBAC) refers to a class of security mechanisms that mediate access to resources through organizational identities called roles. A number of models have been published that formally describe the basic properties of RBAC. One

Role-Based Access Control Features in Commercial Database Management Systems

October 9, 1998

Author(s)

Ramaswamy Chandramouli, R. Sandhu

This paper analyzes and compares role-based access control (RBAC) features supported in the most recent versions of three popular commercial database management systems: Informix Online Dynamic Server Version 7.2, Oracle Enterprise Server Version 8.0 and

Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management

October 1, 1998

Author(s)

Serban I. Gavrila, John Barkley

Role Based Access Control (RBAC), an access control mechanism, reduces the cost of administering access control policies as well as making the process less error-prone. The Admin Tool developed for the NIST RBAC Model manages user/role and role/role

Cryptography Standards and Infrastructures for the Twenty-First Century

September 17, 1998

Author(s)

Shirley M. Radack

This bulletin reports on the progress being made by NIST and by its government and industry partners to advance the development of electronic commerce systems in which users will have confidence. There are efforts underway to update existing standards for

A Revised Model for Role-Based Access Control

July 9, 1998

Author(s)

Wayne Jansen

Training for Information Technology Security: Evaluating the Effectiveness of Results-Based Learning

June 23, 1998

Author(s)

Shirley M. Radack

This bulletin discusses the techniques that organizations should use to measure the effectiveness of their IT security training programs and the extent to which the programs are useful to the organization and are wise expenditures of training resources

A Federal Public Key Infrastructure With Multiple Digital Signature Algorithms

April 22, 1998

Author(s)

William E. Burr, William T. Polk

Several digital algorithms are coming into general use. A certificate containing a key for one algorithm can be signed with a different algorithm. This paper discusses the interoperability issues where different digital signature algorithms are used in one

Advanced communications
-Open Radio Access Network (Open-RAN)
-Quantum communications
-Spectrum sharing
-Wireless (RF)
Bioscience
-Bioimaging
-Bioinformatics
-Biomanufacturing
-Biomaterials
-Cell biology
-Cell-free systems
-Engineering / synthetic biology
-Gene delivery systems
-Genome editing
-Genomics
-Glycomics
-Metabolomics
-Microbial measurements
-Proteomics
-Sequence screening
-Transcriptomics
Buildings and Construction
-Building codes and standards
-Building control systems
-Building damage and repair
-Building economics
-Building materials
-Energy efficiency
-Heating, ventilation and air conditioning equipment
-Indoor air quality
-Structural engineering
-Thermal comfort
Chemistry
-Analytical chemistry
-Chemical engineering and processing
-Chemical thermodynamics and chemical properties
-Molecular characterization
-Theoretical chemistry and modeling
-Thermochemical properties
Electronics
-Electromagnetics
-Flexible electronics
-Magnetoelectronics
-Optoelectronics
-Organic electronics
-Semiconductors
-Sensors
-Superconducting electronics
Energy
-Alternative energy
-Conventional energy
-Electric power / smart grid
-Fuels
Environment
-Air / water / soil quality
-Climate
-Environmental health
-Greenhouse gas measurements
-Marine science
-Sustainability
Fire
-Emergency building evacuation
-Fire detection
-Fire dynamics and science
-Fire fighting
-Fire modeling
-Fire risk reduction
-Materials flammability
-Structural fire resistance
-Wildland urban interface fire
Forensic Science
-Digital evidence
-Drugs and toxicology
-Firearms and toolmarks
-Forensic biometrics
-Forensic genetics
-Trace evidence
Health
-Biopharmaceuticals
-Cell and gene therapy
-Clinical diagnostics
-Dentistry
-Food and nutrition
-Human microbiome
-Medical imaging
-Precision medicine
-Regenerative medicine and advanced therapy
Information technology
-Artificial intelligence
--AI measurement and evaluation
--Applied AI
--Fundamental AI
--Hardware for AI
--Machine learning
--Trustworthy and responsible AI
-Biometrics
-Cloud computing and virtualization
-Complex systems
-Computational science
-Conformance testing
-Cyber-physical systems
--Smart cities
-Cybersecurity
--Cryptography
--Cybersecurity education and workforce development
--Cybersecurity measurement
--Identity and access management
--Privacy engineering
--Risk management
--Securing emerging technologies
--Trustworthy networks
--Trustworthy platforms
-Data and informatics
--Human language technology
--Information retrieval
--Natural language processing
-Federal information processing standards (FIPS)
-Health IT
-Internet of Things (IoT)
-Interoperability testing
-Location based services
-Mobile
-Networking
--Mobile and wireless networking
--Network management and monitoring
--Network modeling and analysis
--Network security and robustness
--Network test and measurement
--Next generation networks
--Protocol design and standardization
--Software defined and virtual networks
-Privacy
-Software research
--Software testing
-Usability and human factors
--Accessibility
-Video analytics
-Virtual / augmented reality
-Visualization research
-Voting systems
Infrastructure
Manufacturing
-Additive manufacturing
-Factory communications
-Factory operations planning and control
-Interoperability in manufacturing
-Machining
-Manufacturing economics
-Manufacturing quality assurance
-Manufacturing systems design and analysis
-Monitoring, diagnostics and prognostics
-Process improvement
-Process measurement and control
-Product data
-Robotics in manufacturing
--Agility and adaptability
--Collaborative robots
--Dexterous grasping
--Manipulation
--Mobility and industrial autonomous vehicles
--Navigation / actuation / control
--Sensing and perception
-Supply chain
-Sustainable manufacturing
-Systems engineering
-Systems integration
-Technology commercialization
Materials
-Ceramics
-Composites
-Concrete / cement
-Materials characterization
--Composition and structure
--Mechanical properties
--Thermal properties
-Metals
-Modeling and computational material science
-Polymers
-Superconductors
Mathematics and statistics
-Experiment design
-Image and signal processing
-Modeling and simulation research
-Numerical methods and software
-Statistical analysis
-Uncertainty quantification
Metrology
-Amount of substance
-Dimensional metrology
-Electrical / electromagnetic metrology
-Flow metrology and rheology
-Force metrology
-Humidity metrology
-Ionizing radiation metrology
-Mass metrology
-Metric
-Optical / photometry / laser metrology
-Pressure and vacuum metrology
-Thermometry metrology
-Time and frequency metrology
-Weights and measures
Nanotechnology
-Nanobiotechnology
-Nanochemistry
-Nanoelectronics
-Nanofabrication / manufacturing
--Lithography
--Self-assembly
-Nanofluidics
-Nanomagnetics
-Nanomaterials
-Nanomechanics
-Nanometrology
-Nanophotonics
-Nanophysics
-Nanoplasmonics
Neutron research
Performance excellence
-Assessment tools and services
-Baldrige award
-Baldrige examiners
-Baldrige Framework and Criteria
-Best practices
-Leadership development
Physics
-Atomic / molecular / quantum
-Biological physics
-Condensed matter
-Electron physics
-Magnetics
-Nuclear physics
-Optical physics and communications
-Quantum information science
-Radiation
-Spectroscopy
-Thermodynamics
-Time and frequency
Public safety
-Chemical / Biological / Radiological / Nuclear / Explosives (CBRNE)
-First responder preparedness
-Law enforcement
-Public safety communications research
-Response robots
Resilience
-Community resilience
-Disaster and failure studies
-Earthquake risk reduction
-Resilience economics
-Resilient materials
-Windstorm impact reduction
Standards
-Accreditation
-Calibration services
-Conformity assessment
-Documentary standards
-Frameworks
-Quality assurance
-Reference data
-Reference instruments
-Reference materials
-Standards education
Technology transfer
Transportation
-Aerospace
-Automotive