Java™ has become an integral part of computer technology due to its multi-platform, multi-implementation capabilities. Java is being deployed in many information technology (IT) areas, far beyond the jazzy Webpage applets. An area that has received tremendous attention from industry is the application of Java to real-time environments. Environments potentially taking advantage of real-time Java include manufacturing environments, consumer devices, embedded devices, and real-time applications.
How do users with real-time requirements in both the embedded and client/server application environments use Java to meet their requirements? How can these users ensure that their requirements are being met correctly? Meeting real-time requirements in Java implementations was the topic of an ITL Workshop for Real-time Java Implementation Issues in June 1998. The workshop provided an open forum where both users and developers of real-time Java implementations explored requirements, functionality, solutions, and current offerings. Participants achieved a consensus on the need to articulate a requirements definition for real-time Java, which would lead to the development of a real-time Java specification.
Industry participants invited ITL to sponsor and coordinate the requirements effort. ITL agreed to chair the Java Real-Time Requirements Group, consisting of private sector companies who are interested in a real-time Java specification. The goal of the Requirements Group was the development of a consensus-based set of real-time functionality requirements for the Java technologies, to serve as input to the Java real-time specification process. Participants included organizations from the embedded, manufacturing, academia, development tool provider, and application developer communities. The group was open to all parties interested in developing requirements for real-time Java extensions.
In March 2000, the Requirements Group for Real-time Extensions to the Java™ Platform completed its work by publishing NIST Special Publication 500-243, Requirements for Real-time Extensions for the Java Platform: Report from the Requirement Group for Real-time Extensions for the Java Platform, Lisa J. Carnahan and Marcus Ruark, Editors. The document is available in electronic format at the Web site http://www.nist.gov/itl/div897/ctg/real-time/intro.html. For more information on real-time Java, contact Lisa Carnahan at (301) 975-3362.
In a continuing effort to develop conformance tests for XML technologies and enable interoperability, ITL developed an XML DOM test suite. The test suite complements the previously released XML Conformance Test suite, developed by ITL in partnership with the Organization for the Advancement of Structured Information Standards (OASIS). The DOM and XML test suites are available at www.nist.gov/xml/.
The DOM test suite contains just over 800 tests for both XML (Fundamental and Extended) and HTML. The testing approach focuses on defining XML and HTML conformant files and using the DOM to retrieve specific elements and/or attributes that are further evaluated in light of the DOM-defined behavior. Tests are available for the JavaScript and Java bindings. The DOM test suite was introduced and demonstrated at the XML Conference in December 1999 and received high marks from the XML community. For more information, contact Carmelo Montanez at (301) 975-2874 or Mary Brady at (301) 975-4094.
TM: Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
Secure Electronic Messaging Demonstration
ITL recently participated with other federal agencies and industry partners in a demonstration of the Federal Bridge Certificate Authority (FBCA) using secure electronic mail applications. NIST joined the Department of the Treasury, Department of Defense, General Services Administration, National Aeronautics and Space Administration, Government of Canada, and Georgia Research Technology Institute (representing the state of Georgia) in conducting the demonstration at the annual meeting of the Electronic Messaging Association (EMA) in Boston, Massachusetts. Attended by 2,500 people, the meeting focused on technologies that enable electronic commerce. The FBCA supports interoperability among federal agency Public Key Infrastructure (PKI) domains in a peer-to-peer fashion and identifies four policies that represent four different assurance levels (Rudimentary, Basic, Medium, and High) for agency-issued public key digital certificates. For this demonstration, the FBCA consisted of two Certification Authorities (CA): one provided by Entrust Technologies and one by Cybertrust. It is expected that more internal CAs provided by different vendors will be added to the FBCA in the future.
The internal CA nodes of the FBCA were cross-certified with each other. This resulted in certificate or certificate status information issued by either CA to be accepted by the other CA. Mitretek, which houses the FBCA, assisted each of the participating organizations in cross-certifying one of their PKI's CAs to the FBCA. In addition, each organization chained an X.500 directory to the X.500 directory system provided by the FBCA. Each organization's Eudora e-mail client used a CyganCom Solutions-developed plugin that implemented S/MIME version 3 for encryption and decryption of messages and application and verification of message digital signatures. During the demonstration, digital signatures on the e-mail messages sent between different domains were successfully validated through the PKI. These signature validations demonstrated the most complex multi-vendor PKI built to date anywhere in the world.
The success of the FBCA demonstration illustrates how electronic commerce can be securely enabled across different governmental domains by providing the security services of authentication and technical non-repudiation by leveraging cryptographic digital signatures. The basic FBCA concept is not limited to electronic commerce between government domains but will enable electronic commerce between government and the industrial and business domains.
ITL's Bill Burr, one of the inventors of the Bridge CA concept, helped to initiate the demonstration effort, while Nelson Hastings, Tim Polk, and David Cooper provided technical support to enable the FBCA and to provide the EMA's technology demonstration. More information on NIST's PKI effort can be found at http://csrc.nist.gov/pki or contact Kathy Lyons-Burke at (301) 975-4611.
ITL publishes the results of studies, investigations, and research. The reports listed below may be ordered from the following sources as indicated for each:
This report provides an overview of mobile agent security issues. Four threat categories are identified: threats stemming from an agent attacking an agent platform, an agent platform attacking an agent, an agent attacking another agent on the agent platform, and other entities attacking the agent system. The report outlines the threats associated with each of the four categories and presents an overview of corresponding countermeasures and current research in the development of new security mechanisms.
Modes of Operation Validation System for the Triple Data Encryption Algorithm (TMOVS): Requirements and Procedures
By Sharon S. Keller
NIST Special Publication 800-20
November 1999
Available at http://csrc.nist.gov/nistpubs/
This publication provides a brief overview of the Triple DES algorithm and introduces the basic design and configuration of the TMOVS. It presents the requirements and administrative procedures to be followed by those seeking formal NIST validation of an implementation of the Triple DES algorithm.
Guideline for Implementing Cryptography in the Federal GovernmentThis document provides guidance to federal agencies on how to select cryptographic controls for protecting sensitive unclassified information. It focuses on federal standards documented in Federal Information Processing Standards (FIPS) and the cryptographic modules and algorithms that are validated against these standards.
This paper describes a technique of using a contour-fitted mesh to generate an appropriately clipped surface plot of functions. This technique will be useful in the online NIST Digital Library of Mathematical Functions being developed to replace the widely used NBS Handbook of Mathematical Functions published in 1964.
CSPP provides the guidance necessary to develop “compliant,” Common Criteria protection profiles for near-term achievable, security baselines using commercial off-the-shelf (COTS) information technology. CSPP provides the requirements necessary to specify needs for both stand-alone and distributed, multi-user information systems. This covers general-purpose operating systems, database management systems, and other applications.
This technical seminar for system and network administrators who are responsible for U.S. Government systems will teach participants how to effectively audit important security hot spots within systems and across the TCP/IP networks. Topics include the basics of TCP/IP, important TCP/IP applications, guidelines for selecting tools and securing TCP/IP networks, and testing networks.
2000 NIST Speaker Recognition Evaluation Workshop
The purpose of this workshop is to review performance of systems in the evaluation, to discuss trends in text-independent speaker recognition, and to plan the next evaluation. Topics include one-speaker detection, two-speaker detection, speaker tracking, and speaker segmentation. The audience will be evaluation participants and interested government agencies.
As a leading global forum on computer and information systems security, this annual conference brings together information security and technology professionals from industry, academia, and government. The goals of the conference are to provoke debate, dialogue, and action on major information security issues for today and tomorrow; educate the IT community on major information security issues and solutions; promote demand and investment in information security products, solutions, and research; and challenge the IT community to provide solutions, research, and applied technology that are usable, interoperable, scalable, and affordable.
Dates: October 16-19, 2000