773 - Computer Security Division Supplemental Materials (2024)

Information Technology Laboratory

Share

Publications

Recognition

Internal
External

Patents

Federal Information Processing Standards (FIPS)

1. National Institute of Standards and Technology. Digital Signature Standard (DSS). (U.S. Department of Commerce, Washington, DC), Federal Information Processing Standards Publication (FIPS) NIST FIPS 186-5 (2023). DOI:10.6028/NIST.FIPS.186-5
2. National Institute of Standards and Technology. Advanced Encryption Standard (AES). (U.S. Department of Commerce, Washington, DC), Federal Information Processing Standards Publication (FIPS) NIST FIPS 197-upd1, updated May 9, 2023 (2023). DOI:10.6028/NIST.FIPS.197-upd1

NIST Special Publication 800 series (SP 800; Computer Security)

1. M. Souppaya and K. Scarfone. Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-40r4 (2022). DOI:10.6028/NIST.SP.800-40r4
2. K. Dempsey, V. Pillitteri, and A. Regenscheid. Managing the Security of Information Exchanges. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-47r1 (2021). DOI:10.6028/NIST.SP.800-47r1
3. Joint Task Force. Assessing Security and Privacy Controls in Information Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-53Ar5 (2022). DOI:10.6028/NIST.SP.800-53Ar5
4. K. Stouffer, M. Pease, C.Y. Tang, T. Zimmerman, V. Pillitteri, S. Lightman, A. Hahn, S. Saravia, A. Sherule, and M. Thompson. Guide to Operational Technology (OT) Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-82r3 (2023). DOI:10.6028/NIST.SP.800-82r3
5. L. Chen. Recommendation for Key Derivation Using Pseudorandom Functions. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-108r1-upd1, Includes updates as of February 2, 2024 (2024). DOI:10.6028/NIST.SP.800-108r1-upd1
6. J. Padgette, J. Bahr, M. Holtmann, M. Batra, L. Chen, R. Smithbey, and K. Scarfone. Guide to Bluetooth Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-121r2-upd1. Includes updates as of January 19, 2022 (2022). DOI:10.6028/NIST.SP.800-121r2-upd1
7. G. Howell, J. Franklin, V. Sritapan, M. Souppaya, and K. Scarfone. Guidelines for Managing the Security of Mobile Devices in the Enterprise. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-124r2 (2023). DOI:10.6028/NIST.SP.800-124r2
8. D. Hawes, A. Calis, and R. Crombie. Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-140Br1 (2023). DOI:10.6028/NIST.SP.800-140Br1
9. K. Schaffer and A. Calis. CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-140Cr1 (2022). DOI:10.6028/NIST.SP.800-140Cr1
10. A. Calis. Cryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-140Cr2 (2023). DOI:10.6028/NIST.SP.800-140Cr2
11. K. Schaffer and A. Calis. CMVP Approved Sensitive Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-140Dr1 (2022). DOI:10.6028/NIST.SP.800-140Dr1
12. A. Calis. Cryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-140Dr2 (2023). DOI: 10.6028/NIST.SP.800-140Dr2
13. R. Ross, V. Pillitteri, R. Graubart, D. Bodeau, and R. McQuaid. Developing Cyber Resilient Systems: A Systems Security Engineering Approach. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-160v2r1 (2021). DOI:10.6028/NIST.SP.800-160v2r1
14. J. Boyens, A. Smith, N. Bartol, K. Winkler, A. Holbrook, and M. Fallon. Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-161r1 (2022). DOI: 10.6028/NIST.SP.800-161r1
15. R. Ross, V. Pillitteri, and K. Dempsey. Assessing Enhanced Security Requirements for Controlled Unclassified Information. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-172A (2022). DOI:10.6028/NIST.SP.800-172A
16. L. Chen, D. Moody, A. Regenscheid, A. Robinson, and K. Randall. Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-186 (2023). DOI:10.6028/NIST.SP.800-186
17. R. Chandramouli, Z. Butcher, A. Chetal. Attribute-based Access Control for Microservices-based Applications using a Service Mesh. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-204B (2021). DOI:10.6028/NIST.SP.800-204B
18. R. Chandramouli. Implementation of DevSecOps for a Microservices-based Application with Service Mesh. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-204C (2022). DOI:10.6028/NIST.SP.800-204C
19. R. Chandramouli, F. Kautz, and S. Torres-Arias. Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-204D (2024). DOI:10.6028/NIST.SP.800-204D
20. R. Chandramouli and Z. Butcher. A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-207A (2023). DOI:10.6028/NIST.SP.800-207A
21. P. O'Reilly II, K. Rigopoulos, L. Feldman, and G. Witte (eds.). 2020 Cybersecurity and Privacy Annual Report. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-214 (2021). DOI:10.6028/NIST.SP.800-214
22. R. Chandramouli. Guide to a Secure Enterprise Network Landscape. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-215 (2022). DOI:10.6028/NIST.SP.800-215
23. K. Schaffer, P. Mell, H. Trinh, and I. Van Wyk. Recommendations for Federal Vulnerability Disclosure Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-216 (2023). DOI:10.6028/NIST.SP.800-216
24. M. Souppaya, K. Scarfone, and D. Dodson. Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-218 (2022). DOI:10.6028/NIST.SP.800-218
25. M. Trapnell, E. Trapnell, M. Souppaya, B. Gendler, and K. Scarfone. Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-219 (2022). DOI:10.6028/NIST.SP.800-219
26. M. Trapnell, E. Trapnell, M. Souppaya, B. Gendler, and K. Scarfone. Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-219r1 (2023). DOI: 10.6028/NIST.SP.800-219r1
27. P. O'Reilly II, K. Rigopoulos, L. Feldman, and G. Witte (eds.). Fiscal Year 2021 Cybersecurity and Privacy Annual Report. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-220 (2021). DOI:10.6028/NIST.SP.800-220
28. Y. Guo, R. Chandramouli, L. Wofford, R. Gregg, G. Key, A. Clark, C. Hinton, A. Prout, A. Reuther, R. Adamson, A. Warren, P. Bangalore, E. Deumens, and C. Farkas. High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-223 (2024). DOI:10.6028/NIST.SP.800-223
29. P. O'Reilly II, K. Rigopoulos, L. Feldman, and G. Witte (eds.). Fiscal Year 2022 Cybersecurity and Privacy Annual Report. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) NIST SP 800-225 (2023). DOI:10.6028/NIST.SP.800-225

NIST Interagency or Internal Report (IR)

1. K. Dempsey, V. Pillitteri, C. Baer, R. Rudman, R. Niemeyer, and S. Urban. ISCMA: An Information Security Continuous Monitoring Program Assessment. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8212 (2021). DOI:10.6028/NIST.IR.8212
2. M. Scholl and T. Suloway. Introduction to Cybersecurity for Commercial Satellite Operations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8270 (2023). DOI:10.6028/NIST.IR.8270
3. N. Keller, S. Quinn, K. Scarfone, M. Smith, and V. Johnson. National Online Informative References (OLIR) Program: Overview, Benefits, and Use. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8278r1 (2024). DOI:10.6028/NIST.IR.8278r1
4. M. Barrett, N. Keller, S. Quinn, M. Smith, K. Scarfone, V. Johnson. National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8278Ar1 (2024). DOI:10.6028/NIST.IR.8278Ar1
5. N. Mouha. Review of the Advanced Encryption Standard. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8319 (2021). DOI:10.6028/NIST.IR.8319
6. D. Cooper. NIST Test Personal Identity Verification (PIV) Cards Version 2.(National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8347 (2021). DOI:10.6028/NIST.IR.8347
7. V. Hu. Machine Learning for Access Control Policy Verification.(National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8360 (2021). DOI:10.6028/NIST.IR.8360
8. M. Sönmez Turan, K. McKay, D. Chang, Ç. Çalık, L. Bassham III, J. Kang, and J. Kelsey. Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8369 (2021). DOI: 10.6028/NIST.IR.8369
9. S. Lightman, T. Suloway, and J. Brule. Satellite Ground Segment: Applying the Cybersecurity Framework to Satellite Command and Control.(National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8401 (2022). DOI:10.6028/NIST.IR.8401
10. V. Hu. Blockchain for Access Control Systems.(National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8403 (2022). DOI:10.6028/NIST.IR.8403
11. P. Mell, D. Yaga. Understanding Stablecoin Technology and Related Security Considerations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8408 (2023). DOI:10.6028/NIST.IR.8408
12. P. Mell, J. Spring, D. Dugal, S. Ananthakrishna, F. Casotto, T. Fridley, C. Ganas, A. Kundu, P. Nordwall, V. Pushpanathan, D. Sommerfeld, M. Tesauro, and C. Turner. Measuring the Common Vulnerability Scoring System Base Score Equation. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8409 (2022). DOI:10.6028/NIST.IR.8409
13. G. Alagic, D. Apon, D. Cooper, Q. Dang, T. Dang, J. Kelsey, J. Lichtinger, Y.-K. Liu, C. Miller, D. Moody, R. Peralta, R. Perlner, A. Robinson, D. Smith-Tone. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8413-upd1, Includes updates as of September 26, 2022 (2022). DOI: 10.6028/NIST.IR.8413-upd1
14. D. Buller, A. Kaufer, A. Roginsky, M. Sönmez Turan. Discussion on the Full Entropy Assumption of the SP 800-90 Series. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8427 (2023). DOI:10.6028/NIST.IR.8427
15. V. Hu. Overview and Considerations of Access Control Based on Attribute Encryption. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8450-upd1, Includes updates as of December 20, 2023 (2023). DOI:10.6028/NIST.IR.8450-upd1
16. M. Sönmez Turan, K. McKay, D. Chang, L. Bassham III, J. Kang, N. Waller, J. Kelsey, and D. Hong. Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8454 (2023). DOI:10.6028/NIST.IR.8454
17. Y. Guo, J. Licata, V. Pillitteri, S. Rekhi, R. Beverly, X. Yuan, G. Key, R. Gregg, S. Bowman, C. Hinton, A. Reuther, R. Adamson, A. Warren, P. Bangalore, E. Deumens, and C. Farkas. 3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) NIST IR 8476 (2023). DOI:10.6028/NIST.IR.8476

NIST Cybersecurity White Paper (CSWP)

1. D. Kuhn. A Data Structure for Integrity Protection with Erasure Capability.(National Institute of Standards and Technology, Gaithersburg, MD), NIST Cybersecurity White Paper (CSWP) NIST CSWP 25 (2022). DOI: 10.6028/NIST.CSWP.25
2. D. Kuhn, M. Raunak, and R. Kacker. Ordered t-way Combinations for Testing State-based Systems.(National Institute of Standards and Technology, Gaithersburg, MD), NIST Cybersecurity White Paper (CSWP) NIST CSWP 26 (2022). DOI: 10.6028/NIST.CSWP.26
3. E. Takamura, J. Licata, and V. Pillitteri. Automation Support for Control Assessments: Project Update and Vision. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Cybersecurity White Paper (CSWP) NIST CSWP 30 (2023). DOI:10.6028/NIST.CSWP.30

NIST Trustworthy and Responsible AI (AI)

1. A. Vassilev, A. Oprea, A. Fordyce, and H. Anderson. Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. (National Institute of Standards and Technology, Gaithersburg, MD) NIST Trustworthy and Responsible AI (AI) NIST AI 100-2e2023 (2024). DOI:10.6028/NIST.AI.100-2e2023

Other Papers

1. National Institute of Standards and Technology. Software Supply Chain Security Guidance Under Executive Order (EO) 14028 Section 4e. (2022). Available athttps://www.nist.gov/document/software-supply-chain-security-guidance-under-executive-order-eo-14028-section-4e
2. National Institute of Standards and Technology. Security Measures for “EO-Critical Software” Use Under Executive Order (EO) 14028. (2021). Available athttps://www.nist.gov/document/security-measures-eo-critical-software-use-under-executive-order-eo-14028-pdf-version
3. National Institute of Standards and Technology. Software Security in Supply Chains. May 5, 2022 (2022). Available athttps://www.nist.gov/document/guidance-supply-chain-security-under-eo-14028-section-4c4d.

Articles

1. Y. LiuXing, Daniel, Isaac, McDaniel, Olsan, Ozbay, Akib, Abir, Sukanya, Mumtahina Islam, Rekhi, Sanjay, and Srivastava, Ankur. Security Advantages and Challenges of 3D Heterogeneous Integration. Computer, vol. 57, no. 3, pp. 107-112. (2024) DOI:10.1109/MC.2023.3340798
2. M. S. Raunak, D. R. Kuhn, R. N. Kacker and J. Y. Lei. Combinatorial Testing for Building Reliable Systems.IEEE Reliability Magazine, vol. 1, no. 1, pp. 15-19 (2024), DOI: 10.1109/MRL.2024.3355874
3. Kelsey, J., Lucks, S., and Müller, S. XDRBG: A Proposed Deterministic Random Bit Generator Based on Any XOF.IACR Transactions on Symmetric Cryptology, 5–34. (2024) DOI:10.46586/tosc.v2024.i1.5-34
4. Guo, Yang. A review of machine learning-based zero-day attack detection: Challenges and future directions. Computer Communications. Vol. 198, pp. 175-185. (2023)https://doi.org/10.1016/j.comcom.2022.11.001
5. Shook, James, Maximally Edge-Connected Realizations and Kundu’s k- factor Theorem. Journal of Graph Theory, Vol 105, Iss. 1, pp. 83-97 (2023) https://doi.org/10.1002/jgt.23017
6. Dietrich, Dianne, Alexander Nelson. To Everything There Is a Session: A Time to Listen, a Time to Read Multi-session CDs Code4Lib. Issue 56 (2023)
7. Dai, Yuanjun, An Wang, Yang Guo, Songqing Chen. Elastically Augmenting the Control-Path Throughput in SDN to Deal with Internet DDoS Attacks. ACM Transactions on Internet Technology. Vol. 23, Iss. 1. (2023)https://doi.org/10.1145/3559759
8. Hsieh, Li-Tse, Hang Liu, Yang Guo, Robert Gazda. Deep Reinforcement Learning-based Task Assignment for Cooperative Mobile Edge Computing. IEEE Transactions on Mobile Computing. vol. 23, no. 4, pp. 3156-3171 (2023) https://doi.org/10.1109/TMC.2023.3270242
9. Zou, Qingtian, Lan Zhang, Anoop Singhal, Xiaoyan Sun, Peng Liu. (2023) Analysis of Neural Network Detectors for Network Attacks. Journal of Computer Security. Pp. 1-28. (2023)https://doi.org/10.3233/JCS-230031
10. Okutan, Ahmet, Peter Mell, Medhi Mirakhorli, Igor Khokhlov, Joanna Santos, Danielle Gonzalez, Steven Simmons. Empirical Validation of Automated Vulnerability Curation and Characterization. IEEE Transactions on Software Engineering. Vol. 49, Issue 5, pp 3241-3260. (2023).https://doi.org/10.1109/TSE.2023.3250479
11. Wei, Zihao and Sun, Siwei and Hu, Lei and Wei, Man and Peralta, Rene. Searching the space of tower field implementations of the𝔽28 inverter - with applications to AES, Camellia and SM4. International Journal of Information and Computer Security,20:1-2 (2023), 1-26. DOI:10.1504/IJICS.2023.127999
12. Zou, Qingtiana, Singhal, Anoop, and Sun, Xiaoyanc. Deep Learning for Detecting Logic-flaw-exploiting Network Attacks: AnEnd-to-end Approach. Journal of Computer Security, vol.30, no. 4, pp. 541-570, (2022) DOI:10.3233/JCS-210101
13. Chen, Lily. Paving the Runway for Standardization of Post-Quantum Cryptography. ISO/IEC JTC 1/SC 27 Journal: Cryptography and Security Mechanisms. Vol. 1, issue 3, pp. 11-19. (2022).
14. Juyal, A., Moody, D. & Roy, B. On ranks of quadratic twists of a Mordell curve.Ramanujan J59, 31–50 (2022). DOI:10.1007/s11139-022-00585-1
15. L. Freeman, F. A. Batarseh, D. R. Kuhn, M. S. Raunak and R. N. Kacker. The Path to a Consensus on Artificial Intelligence Assurance. Computer. vol. 55, no. 3, pp. 82-86. (2022) DOI: 10.1109/MC.2021.3129027
16. Kampel, L., Simos, D. E., Kuhn, D. R., & Kacker, R. N. An exploration of combinatorial testing-based approaches to fault localization for explainable AI. Annals of Mathematics and Artificial Intelligence, 1-14. (2022).
17. Wang, Zheng, Yang Guo, Douglas Montgomery. Machine Learning-Based Algorithmically Generated Domain Detection. Computers & Electrical Engineering.Vol 100. (2022).https://doi.org/10.1016/j.compeleceng.2022.107841
18. Zha, Zili, An Wang, Yang Guo, Songqing Chen. Towards Software Defined Measurement with Open vSwitches: Designs, Implementation, and Evaluation. IEEE Transactions on Cloud Computing. Vol. 11, No. 2, pp. 2057-2070. (2022)https://doi.org/10.1109/TCC.2022.3181890
19. Moody, Dustin, Angela Robinson Cryptographic Standards in a Post- Quantum Era. IEEE Security & Privacy, Vol. 20, Iss. 6, pp. 66-72 (2022) https://doi.org/10.1109/MSEC.2022.3202589
20. Oprea, Alina, Anoop Singhal, Apostol Vassilev. Poisoning Attacks against Machine Learning: Can Machine Learning be Trustworthy? IEEE Computer. Vol. 55, Iss. 11, pp. 94-99 (2022)https://doi.org/10.1109/MC.2022.3190787
21. Brandao, Luis, Carlos Eduardo Cardoso Galhardo, Rene Peralta. ZKASP: ZKP-based Attestation of Software Possession for Measuring Instruments. Measurement Science and Technology. Vol. 33, Issue 6 (2022) https://doi.org/10.1088/1361-6501/ac5438
22. Juyal, Abhishek, Dustin Moody. Pairs of Heron and right triangles with a common area and a common perimeter. Publicationes Mathematicae Debrecen,Article 12, Vol. 100, pp. 449-460 (2022)
23. Miller, Carl A., (2022), The Mathematics of Quantum Coin-Flipping. Notices of the American Mathematical Society.Vol. 69, Iss. 11, pp. 1908-1917 (2022).https://doi.org/10.1090/noti2575
24. Moody, Dustin, Abhishek Juyal. ON THE FAMILY OF ELLIPTIC CURVES X + 1/X + Y + 1/Y + t = 0. INTEGERS, The electronic journal of combinatorial number theory. Article 18, Vol. 21. (2021) https://doi.org/10.5281/zenodo.10807511
25. Gueye, Assane, Carlos Galhardo, Irena Bojanova, Peter Mell. A Decade of Reoccurring Software Weaknesses. IEEE Security & Privacy. Vol. 19, Iss. 6, pp. 74-82 (2021) https://doi.org/10.1109/MSEC.2021.3082757
26. DeFranco, Joanna, David Ferraiolo, D. Richard Kuhn, Joshua Roberts. A Trusted Federated System to Share Granular Data Among Disparate Database Resources. IEEE Computer. Vol. 54, Issue 3, pp 55-62. (2021)https://doi.org/10.1109/MC.2021.3049888
27. Toohey, Jack, M S Raunak, Dave Binkley. From Neuron Coverage to Steering Angle: Testing Autonomous Vehicles Effectively. Special Issue on Safety, Security, and Reliability of Autonomous Vehicle Software. Vol. 54, Issue 8, pp 77-85. (2021)https://doi.org/10.1109/MC.2021.3079921
28. Rao, Chang, Nan Li, Yu Lei, Jin Guo, YaDong Zhang, Raghu N. Kacker, D. Richard Kuhn. Combinatorial Test Generation for Multiple Input Models with Shared Parameters. IEEE Transactions on Software Engineering. Vol. 48, Issue 7, pp 2606-2628. (2021). https://doi.org/10.1109/TSE.2021.3065950
29. Brandao, Luis, Rene Peralta.Privacy-enhancing cryptography to complement differential privacy. NIST Differential Privacy Blog Series (2021) (2021)https://www.nist.gov/blogs/cybersecurity-insights/privacy-enhancing-cryptography-complement-differential-privacy
30. Moody, Dustin, Thinh Dang, Fouazou Lontouo Perez, Emmanuel Fouotsa. Isogenies on twisted Hessian curves. Journal of Mathematical Cryptography. Vol 15, Iss. 1, pp 345-358. (2021)https://doi.org/10.1515/jmc-2020-0037
31. Wang, Zheng, Yang Guo. Neural Networks Based Domain Name Generation. Journal of Information Security and Applications. Vol 61. (2021).https://doi.org/10.1016/j.jisa.2021.102948
32. Peralta, Rene, Angela Robinson. Encounter Metrics and Exposure Notification. NISTJRES, Article 126003, Vol. 126. (2021) https://doi.org/10.6028/jres.126.003
33. Smid, Miles E. Development of the Advanced Encryption Standard. NISTJRES. Article 126024, Vol. 126. (2021).https://doi.org/10.6028/jres.126.024

Books

1. C. Kaufman, R. Perlman, M. Speciner, and R. Perlner. Network Security: Private Communication in a Public World (Addison-Wesley Professional; Boston, MA), 3rd Ed. (2022). Available athttps://www.informit.com/store/network-security-private-communication-in-a-public-9780136643609

Book Sections

1. Sonmez Turan, Meltem. Design Trends in Lightweight Ciphers. Symmetric Cryptography (2024) (ISTE Science Publishing Ltd,, Tuition House, 27-37 St George’s Road, London, SW19 4EU, GB) (2024)

Conference Papers

1. Akbar, Ashrafi, Fariha Rahman, Anoop Singhal, Latifur Khan, Bhavani Thuriasingham. The Design and Application of a Unified Ontology for Cyber Security. ICISS 2023: Information Systems Security.Vol 14424, pp. 23-41. (2023).(Raipur, IN, 16-DEC-23 to 20-DEC-23),https://doi.org/10.1007/978-3-031-49099-6_2
2. Shashwat, Kumar, Francis Hahn, Xinming Ou, Anoop Singhal.Security Analysis of Trust on the Controller in the Matter Protocol. 2023 IEEE Conference on Communications and Network Security (CNS). Pp. 1-6. (2023) (Orlando, FL, US, 05-OCT-23 to 05-OCT-23),https://doi.org/10.1109/CNS59707.2023.10288747
3. Wang, Yigong, Ayoade, Gbadebo Ayoade, Gao, Yang, and Singhal, Anoop , Khan, Latifur, Thuraisingham, Bhavani, Jee, Kangkook. Advanced Persistent Threat Detection Using Data Provenance and Metric Learning, inIEEE Transactions on Dependable and Secure Computing, vol. 20, no. 5, pp. 3957-3969, 1 Sept.-Oct. 2023, DOI:10.1109/TDSC.2022.3221789
4. Sonmez Turan, Meltem. Optimizing Implementations of Boolean Functions. The 8th International Workshop on Boolean Functions and their Applications (BFA). Pp. 45-51 (2023) (Voss, Norway 3-SEP-23 to 8-SEP-23).
5. Basel, Abdeen, Ehab Al-Sheer, Anoop Singhal, Latifur Khan, Kevin Hamlen. SMET: Semantic Mapping of CVE to ATT&CK and its Application to Cyber Security. DBSec 2023: Data and Applications Security and Privacy XXXVII. Vol 13942, pp. 243-260. (2023). (Sophia Antopolis, FR, 19-JUL-23 to 21-JUL-23),https://doi.org/10.1007/978-3-031-37586-6_15
6. Piez, Wendell. A Generic STS Viewer on the Web. Journal Article Tag Suite Conference (JATS-Con) Proceedings (JATS-Con, Bethesda, MD, US, 13- JUN-23 to 14-JUN-23) (2023) https://www.ncbi.nlm.nih.gov/books/NBK592511/
7. Olsen, M., Raunak, M.S., Kuhn, D.R. Predicting ABM Results with Covering Arrays and Random Forests. Computational Science – ICCS 2023. ICCS 2023. Lecture Notes in Computer Science, vol 14073 237-252 (2023) Jul 3-5, 2023. DOI:10.1007/978-3-031-35995-8_17
8. Mouha, Nicky, Christopher Celi. A Vulnerability in Implementations of SHA-3, SHAKE, EdDSA, and Other NIST-Approved Algorithms. CT-RSA 2023: Cryptographers' Track at the RSA Conference. Vol 13871, pp. 3-28 (2023) (San Francisco, CA, US, 24-APR-23 to 27-APR-23),https://doi.org/10.1007/978-3-031-30872-7_1
9. Zou, Qingtian, Lan Zhang, Anoop Singhal, Xiaoyan Sun, Peng Liu.Attacks on ML Systems: From Security Risk Analysis to Attack Mitigation. Proceedings of 18th International Conference on Information and Systems Security (Tirupati, IN, 16-DEC-22 to 20-DEC-22), Vol. 13674, pp. 119-138. (2022) https://doi.org/10.1007/978-3-031-23690-7_7
10. Fahr Jr., Michael, Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel Apon. When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer. CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Pp. 979-993. (2022) (Los Angeles, CA, US, 07-NOV-22 to 11-NOV-22),https://doi.org/10.1145/3548606.3560673
11. Laplante, Phillip, D. Richard Kuhn. AI Assurance for the Public -- Trust but Verify, Continuously. 2022 IEEE 29th Annual Software Technology Conference (STC). Pp. 174-180. (2022) (Gaithersburg, MD, US, 03-OCT-22 to 06-OCT-22),https://doi.org/10.1109/STC55697.2022.00032
12. Mell, Peter. The Generation of Software Security Scoring Systems Leveraging Human Expert Opinion. 2022 IEEE 29th Annual Software Technology Conference (STC) (Virtual, MD, US, 03-OCT-22 to 06-OCT-22). Pp 116-124. (2022). https://doi.org/10.1109/STC55697.2022.00023
13. Olsen, Megan, M S Raunak. Efficient Parameter Exploration of Simulation Studies. The proceedings of the IEEE Computer Technology Conference (STC) 2022. Pp. 190-191. (2022).(Gaithersburg, MD. US, 03-OCT-22 to 06-OCT-22.)https://doi.org/10.1109/STC55697.2022.00034
14. Cartor, Ryann, Max Cartor, Mark Lewis, Daniel Smith-Tone. "IPRainbow. Proceedings of PQCrypto 2022: The Thirteenth International Conference on Post-Quantum Cryptography.Vol 13512, pp. 170-184. (2022). (Virtual, DC, US, 28-SEP-22 to 30- SEP-22).https://doi.org/10.1007/978-3-031-17234-2_9
15. Smith-Tone, Daniel.2F - A New Method for Constructing Efficient Multivariate Encryption Schemes. Proceedings of PQCrypto 2022: The Thirteenth International Conference on Post-Quantum Cryptography. Vol 13512, pp. 185-201. (2022) (PQCrypto 2022, virtual, DC, US, 28-SEP-22 to 30-SEP-22),https://doi.org/10.1007/978-3-031-17234-2_10
16. Perlner, Ray, David Cooper, John M. Kelsey. Breaking Category Five SPHINCS+ with SHA-256. Proceedings of PQCrypto 2022: The Thirteenth International Conference on Post-Quantum Cryptography. Vol 13512, pp. 501-522. (2022) (CA, US, 28-SEP-22 to 30-SEP-22),https://doi.org/10.1007/978-3-031-17234-2_23
17. Sonmez Turan, Meltem. New Bounds on the Multiplicative Complexity of Boolean Functions. Special issue on Boolean Functions and their Applications in the Journal Cryptography and Communications. Pp. 1-6. (2022) (The 7th International Workshop on Boolean Functions and their Applications (BFA), Balestrand, NO, 11-SEP-22 to 16- SEP-22)
18. Baena, J., Briaud, P., Cabarcas, D., Perlner, R., Smith-Tone, D., and Verbel, J. (2022). Improving Support-Minors Rank Attacks: Applications toGeMSS andRainbow. Advances in Cryptology – CRYPTO 2022. CRYPTO 2022. Lecture Notes in Computer Science, vol 13509. Springer, Cham. (2022). Aug. 13-18, 2022. DOI:https://doi.org/10.1007/978-3-031-15982-4_13
19. Akbar, Khandakar Ashrafi, Sadaf MD Halim, Yibo Hu, Anoop Singhal, Latifur Khan, Bhavani Thuraisingham. Knowledge Mining in Cybersecurity: From Attack to Defense. Data and Applications Security and Privacy XXXVI (International Conference on Data and Application Security and Privacy 2022 (DBSec 2022) Vol 13383, pp. 110-122. (2022). (Newark, NJ, US, 18-JUL-22 to 20-JUL-22).https://doi.org/10.1007/978-3-031-10684-2_7
20. Zha, Zili, An Wang, Yang Guo, Songqing Chen. EZPath: Expediting Container Network Traffic via Programmable Switches in Data Centers. IFIP Networking Conference 2022 (2022) (Catania, IT, 13-JUN-22 to 16- JUN-22)
21. Chang, Donghoon, Jinkeon Kang, Meltem Sonmez Turan. A New Conditional Cube Attack on Reduced-Round Ascon-128a in a Nonce-misuse Setting. NIST Lightweight Cryptography Workshop (virtual). May 9-11, 2022 (Gaithersburg, MD, US) (2022).https://csrc.nist.gov/Events/2022/lightweight-cryptography-workshop-2022
22. Jablonwski, Matthew, Duminda Wijesekera, Anoop Singhal. Generating Cyber-Physical System Risk Overlays for Attack and Fault Trees using Systems Theory. Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems.Pp. 13-20. (2022) (Baltimore, MD, US, 26-APR-22 to 26-APR-22),https://doi.org/10.1145/3510547.3517922
23. Prado, Charles, Vinay Patil, Raghu N. Kacker, D. Richard Kuhn, M S Raunak. Combination Frequency Differencing for Identifying Design Weaknesses in Physical Unclonable Functions. IEEE International Workshop on Combinatorial TestingPp. 110-117. (2022). (Valencia, ES, 04- APR-22 to 13-APR-22).https://doi.org/10.1109/ICSTW55395.2022.00032
24. Akbar, Khandakar Ashrafi, Yigong Wang, Md Islam, Anoop Singhal, Latifur Khan, Bhavani Thuraisingham. Identifying Tactics of Advanced Persistent Threats with Limited Attack Traces. International Conference on Information System Security ICISS 2021. Vol. 13146, pp. 3-25. (2021). (Patna, MD, US, 16-DEC-21 to 20-DEC-21).https://doi.org/10.1007/978-3-030-92571-0_1
25. Piez, Wendell. Client-side XSLT, Validation and Data Security." Balisage Series on Markup Technologies (Balisage: The Markup Conference 2021, Washington, DC, US, 02-AUG-21 to 06-AUG-21). (2021)https://doi.org/10.4242/BalisageVol26.Piez01
26. Zou, Qingtian, Anoop Singhal, Xiaoyan Sun, Peng Liu. Deep Learning for Detecting Network Attacks: An End to End approach. DBSec 2021: Data and Applications Security and Privacy XXXV. Vol 12840, pp. 221-234. (2021) (Virtual, US, 19-JUL-21 to 20-JUL-21), https://doi.org/10.1007/978-3-030-81242-3_13
27. Farhan, Mohammed, Caroline Krejci, Megan Olsen, M S Raunak. Metamorphic Testing for Hybrid Simulation Validation. Proceedings of the 2021 Annual Modeling and Simulation Conference (ANNSIM '21). Pp. 1-13 (2021) (Fairfax, VA, US, 19-JUL-21 to 22-JUL-21), https://doi.org/10.23919/ANNSIM52504.2021.9552058
28. Jayakumar, Athira, D. Richard Kuhn, Brandon Simons, Aidan Collins, Smitha Gautham, Richard Hite, Raghu N. Kacker, Abhi Rajagopala, Carl Elks. A Pseudo Exhaustive Software Testing Framework for Embedded Digital Devices in Nuclear Power. 2021 American Nuclear Society Virtual Annual Meeting. (Virtual, TN, US, 14-JUN-21 to 17- JUN-21) (2021) https://www.ans.org/meetings/am2021/search/?q=kuhn
29. Raunak, M S, Megan Olsen. Metamorphic Testing on the Continuum of Verification and Validation of Simulation Models. IEEE/ACM 6th International Workshop on Metamorphic Testing (MET)pp 47-52. (2021) (Madrid, ES, 01-JUN-21 to 02-JUN-21).https://doi.org/10.1109/MET52542.2021.00015
30. Howe, James, Thomas Prest, Daniel Apon. SoK: How (not) to Design and Implement Post-Quantum Cryptography. The Cryptographer's Track at the RSA Conference.Article 19, Vol. 12704, pp. 444-477. (2021). (San Francisco, CA, US, 17-MAY-21 to 21-MAY-21). https://doi.org/10.1007/978-3-030-75539-3_19
31. Gueye, Assane, Peter Mell. A Historical and Statistical Study of the Software Vulnerability Landscape. The Seventh International Conference on Advances and Trends in Software Engineering (SOFTENG 2021) Pp 1-7. (2021). (Porto, PT, 18-APR-21 to 22-APR-21).
32. Lanus, Erin, Laura Freeman, D. Richard Kuhn, Raghu N. Kacker. Combinatorial Testing Metrics for Machine Learning. IEEE International Conference on Software Testing, Verification and Validation Workshop (ICSTW). Pp 81-84. (2021) (Porto, PT, 12-APR-21 to 16-APR-21.)https://doi.org/10.1109/ICSTW52544.2021.00025
33. Garn, Bernhard, Daniel Lang, Manuel Leithner, D. Richard Kuhn, Raghu N. Kacker, Dimitris Simos. Combinatorially XSSing Web Application Firewalls. 2021 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). Pp. 85-94 (2021) (Porto de Galinhas, BR, 12-APR-21 to 16- APR-21). https://doi.org/10.1109/ICSTW52544.2021.00026
34. Mazumdar, Suryadipta, Daniel Bostos, Anoop Singhal. Security Auditing of Internet of Things Devices in a Smart Home. Advances in Digital Forensics XVII. Chapter 14, Vol. 612, pp. 213-234. (2021) (Arlington, VA, US, 01-FEB-21 to 02-FEB-21),https://doi.org/10.1007/978-3-030-88381-2_11

Eprint Articles

1. Smith-Tone, Daniel. A Total Break of the 3WISE Digital Signature Scheme. Cryptology Eprint Archive. Article 1535, Vol. 2023. (2023)https://ia.cr/2023/1535
2. Smith-Tone, Daniel. A Total Break of the Scrap Digital Signature Scheme. Cryptology Eprint Archive. Article 1481, Vol. 2023. (2023)https://ia.cr/2023/1481
3. Smith-Tone, Daniel. The Generating Series of Support Minors MinRank Ideals. Cryptology Eprint Archive. Article 1456, Vol. 2023. (2023)https://ia.cr/2023/1456
4. Vassilev, Apostol, Honglan Jin, Munawar Hasan, (2023), "Meta Learning with Language Models: Challenges and Opportunities in the Classification of Imbalanced Text. arXiv.org. Vol 2310, Issue 15019. (2023) https://doi.org/10.48550/arXiv.2310.15019
5. Jackson, Kelsey A., Miller, Carl A., and Wang, Daochen. Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model. (2023) arXiv.org. https://arxiv.org/abs/2312.16619
6. Alnawakhtha, Yusuf, Atul Mantri, Carl A. Miller, Daochen Wang. Lattice- Based Quantum Advantage from Rotated Measurements. arXiv.org. Article 10143, Vol. 2210, pp. 1-39. (2022) https://doi.org/10.48550/arXiv.2210.10143
7. Shook, James, Bing Wei. A characterization of the Centers of Chordal Graphs. arXiv.org.Article 00039, Vol. 2210 (2022).https://doi.org/10.48550/arXiv.2210.00039
8. Chang, Donghoon, Deukjo Hong, Jinkeon Kang, Meltem Sonmez Turan. Resistance of Ascon Family against Conditional Cube Attacks in Nonce-Misuse Setting. Cryptology ePrint Archive. Article 1456, Vo. 2022. (2022) https://ia.cr/2022/1456
9. Kelsey, John M., Stefan Lucks. Coalition and Threshold Hash-Based Signatures. Cryptology ePrint Archive. Article 241, Vol. 2022. (2022)https://eprint.iacr.org/2022/241
10. Arpin, Sarah, Tyler Billingsley, Daniel Hast, Jun Bo Lao, Ray Perlner, Angela Robinson. A Study of Error Floor Behavior in QC-MDPC Codes. Cryptology ePprint Archive. Article 1043, Vol. 2022. (2022).https://eprint.iacr.org/2022/1043
11. Smith-Tone, Daniel. New Practical Multivariate Signatures from a Nonlinear Modifier. Cryptology ePrint Archive. Article 429, Vol. 2021 (2021) https://eprint.iacr.org/2021/429
12. Oygarden, Morten, Daniel Smith-Tone, Javier Verbel. On the Effect of Projection on Rank Attacks in Multivariate Cryptography. Cryptology ePrint Archive. Article 655, Vol. 2021, pp. 1-16. (2021).https://eprint.iacr.org/2021/655
13. Chang, Donghoon, Meltem Sonmez Turan. "Recovering the Key from the Internal State of Grain-128AEAD. Cryptology ePrint Archive. Article 439, Vol. 2021. (2021) https://eprint.iacr.org/2021/439
14. Vassilev, Apostol, Munawar Hasan, Honglan Jin. Can you tell? SSNet - a Biologically-inspired Neural Network Framework for Sentiment Classifiers. arXiv.org Article 12958v3, Vol 2006. (2021)https://arxiv.org/abs/2006.12958v3
15. Sonmez Turan, Meltem, Rene Peralta. On the Multiplicative Complexity of Cubic Boolean Functions. Cryptology ePrint Archive. Article 1041, Vol 2021. (2021)https://eprint.iacr.org/2021/1041

Recognition

Internal

External

Patents