| * |
|
Systems & Emerging Technologies Security Research Group
|
Welcome
Our security research focus is to identify emerging technologies and conceive of new security solutions that will have a high impact on the critical information infrastructure. We perform research and development on behalf of government and industry from the earliest stages of technology development through proof-of-concept, reference and prototype implementations, and demonstrations. We work to transfer new technologies to industry, to produce new standards, and to develop tests, test methodologies, and assurance methods. To keep pace with the rate of change in emerging technologies, we conduct a large amount of research in existing and emerging technology areas. Some of the many topics we research include smart card infrastructure and security, wireless and mobile device security, voice over Internet Protocol (IP) security issues, digital forensics tools and methods, access control and authorization management, Internet Protocol security, intrusion detection systems, quantum information system security and quantum cryptography, and vulnerability analysis. Our research helps to fulfill specific needs by the Federal government that would not be easily or reliably filled otherwise. We collaborate extensively with government, academia and private sector entities. In the past year this included the National Security Agency, the Department of Defense, the Defense Advanced Research Projects Agency, the Department of Justice, the University of Maryland, George Mason University, Rutgers University, Purdue University, George Washington University, the University of Maryland-Baltimore County, Columbia University, Microsoft Corporation, Sun Microsystems, the Boeing Company, Intel Corporation, Lucent Technologies, Oracle Corporation, and MITRE. Programs/Projects
Personal Identity Verification (PIV) of Federal Employees and Contractors—On August 27, 2004, the President signed Homeland Security Presidential Directive 12 (HSPD-12), entitled "Policy for a Common Identification Standard for Federal Employees and … National Vulnerability Database (NVD)—For more information regarding the National Vulnerability Database (NVD), please visit the Computer Security Division's NVD website. The National Vulnerability Database (NVD) is the U.S. … Biometric Standards Program and Resource Center—Supporting the national strategy on biometrics and the development of required biometric standards is the cornerstone of our program. We seek to help the U.S. government and private sector meet … Cloud Computing—NIST is promoting the effective and secure use of cloud computing technology within government and industry by providing technical guidance and promoting standards. National Checklist Program—The National Checklist Program (NCP) is the U.S. government repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security … Federal Desktop Core Configuration (FDCC)—The Federal Desktop Core Configuration (FDCC) is an OMB-mandated security configuration. The FDCC currently exists for Microsoft Windows Vista and XP operating system software. While not addressed … Techniques for Security Risk Analysis of Enterprise Networks—Today's information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot … Mobile Security and Forensics—The goal of the project is to improve the security of mobile devices and software. To that end, we devise and implement, as proof-of-concept prototypes, various types of security mechanisms and … Model Driven Security Functional Testing—Model-Driven Engineering (MDE) is emerging as a promising approach that uses models to support various phases of system development lifecycle such as Code Generation and Verification/Validation (V … IT System and Network Administration—The Information Technology (IT) System and Network Administration site represents NIST resources for managing, maintaining, and securing IT products that are widely deployed across the organization … Automated Combinatorial Testing for Software (ACTS)—Empirical evidence suggests that nearly all software errors are triggered by the interaction of one to six parameters. These results have important implications for testing. If all faults in a … Access Control Policy Tool (ACPT)—Access control (AC) systems are among the most critical of information security components. Faulty policies, misconfigurations, or flaws in software implementation can result in serious … Security Configuration Checklists for Commercial IT Products—The solutions to IT security are complex, one basic but effective tool is a security configuration checklist. A security checklist is a document that contains instructions for securely configuring … |
Contact
General Information: 100 Bureau Drive, M/S 8930 |