The purpose of this bulletin is twofold. First, it provides an overview of some security features that have often been neglected in mainstream operating systems. It describes the extent to which these features have been implemented and how users can take full advantage of the available capabilities. Second, it warns users that OS security along with most other mainstream security mechanisms is imperfect and can not stop all attacks. Despite this fact, using a combination of different security mechanisms can create a strong security barrier against attacks. Understanding the strengths and weaknesses of these techniques can aid one in the development of appropriate security policies, risk management plans, and in the purchasing of security technology.
Guidelines for what to test in the embedded systems world are presented with respect to the year 2000 problem.
We have simulated the fast streamer stage of liquid dielectric breakdown as stochastic growth of a branching fractal tree. Breakdown and threshold properties of the fluid are represented in the random filter procedure. A range of fractal densities, from sparse to bushy, is approximated by the choice of power law (4th power to linear). The choice of threshold (cutoff) voltage also significantly affects the growth form. These parameters combine with the shape and concentration on the electric field, to regulate the distribution and directedness of the local discharge pattern. A large grid (128 cubed) is used for the discretization. Diagonal growth paths to neighbor-vertices are included, increasing the choice of available directions for each discharge event. We use a combination of data-parallel programming and three-dimensional visualization. Complete grow histories, evolving from the voltage distribution, can be displayed in animation or in color banding against the "trials" variable, which simulates a time tick. Side vies of the structures provide comparison against sub-microsecond snapshots from experiment. Results include sparse, directed trees evolving from a 4th power-law filter; also dense trees from a linear filter, whose conical upper-envelope boundary is strongly influenced by choice of threshold (cutoff) potential.
The Message Passing Interface (MPI) is the de facto standard for writing parallel scientific applications in the message passing programming paradigm. Implementations of MPI were not designed to interoperate thus limiting the environments in which parallel jobs could be run. We briefly describe here a set of protocols, designed by a steering committee of current implementors of MPI, that enable two or more implementations of MPI to interoperate within a single application. Specifically, we introduce the set of protocols collectively called Interoperable MPI (IMPI). These protocols make use of novel techniques to handle difficult requirements such as maintaining interoperability among all IMPI implementations while also allowing for the independent evolution of the collective communication algorithms used in IMPI. Our contribution to this effort has been as a facilitator for meetings, editor of the IMPI Standard document, and as an early testbed for implementations of IMPI. This testbed is in the form of an IMPI conformance tester; a system that can verify the correct operation of an IMPI-enabled version of MPI.
In this paper we describe the application of mixtures of experts on gender and ethnic classification of human faces, and pose classification, and show their feasibility on the FERET database of facial images. The FERET database allows us to demonstrate performance on hundreds or thousands of images. The mixture of experts is implemented using the "divide and conquer" modularity principle with respect to the granularity and/or the locality of information. The mixture of experts consists of an ensembles of radial basis functions (RBF). Inductive decision trees (DT) and support vector machines (SVM) implement the "gating network" components for deciding which of the experts should be used to determine the classification output and to restrict the support of the input space. Both the Ensemble of RBFs (ERBF) and SVM use the RBF kernel ("expert") for gating the inputs. Our experimental results yield an average accuracy rate of 96% on gender classification and 92% on ethnic classification using the ERBF / DT approach from frontal face images, while the SVM yield 100% on pose classification.
Seven research groups ran a total of 14 interactive information retrieval (IR) systems on a shared problem: a question-answering task, six statements of information need, and a collection of 210,158 articles from the Financial Times of London 1991-1994.
This report summarizes the shared experimental framework, which for TREC-8 was designed to support analysis and comparison of system performance only within sites. The report refers the reader to separate discussions of the experiments performed by each participating group - their hypotheses, experimental systems, and results. The papers from each of the participating groups and the raw and evaluated results are available via the TREC home page (trec.nist.gov).
This paper discusses an easy to implement procedure for approximating the long time behavior of iterates of maps. Applications include to finding the roots of a complex polynomial and approximating attractors. The method uses the theory of Markov chains.
Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile software agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This paper is an initial look at the relatively unexplored terrain of using mobile agents for intrusion detection and response. It looks not only at the benefits derived from mobility, but also those associated with software agent technology. We explore these benefits in some detail and propose a number of innovative ways to apply agent mobility to address the shortcomings of current IDS designs and implementations. We also look at new approaches for automating response to an intrusion, once detected.
Effective intrusion detection capability is an elusive goal, not solved easily or with a single mechanism. However, mobile agents go a long way toward realizing the ideal behavior desired in an Intrusion Detection System (IDS). This report is an initial foray into the relatively unexplored terrain of using Mobile Agents for Intrusion Detection Systems (MAIDS). It suggests a number of innovative ways to apply agent mobility to address shortcomings of current IDS designs and implementations, and explores several new paradigms involving mobile agents. The report looks not only at the benefits derived from mobility, but also those inherent to agent technology, such as autonomous components. We explore these benefits in some detail and propose specific research topics in both the intrusion detection and intrusion response areas. We also discuss performance advantages and disadvantages that occur when using mobile agents in intrusion detection and response. The report concludes with a rating of the proposed research topics, falling under three main areas: performance enhancements, design improvements, and response improvements.
Active content documents offer several benefits to both the users of these documents and their authors. Java applets, JavaScript, and ActiveX provide more functionality to static Web pages, plug-ins enable browsers to support new types of content, Postscript offloads the processing and interpretation of the presentation of documents to the printer, and macros automate repetitive word processing and spreadsheet tasks. The benefits of each of these active content technologies must be carefully weighed against the new risks they pose to an organization's computing environment. Security is not black or white, but shades of gray. When employing active content technology, security measures should be put in place to reduce risk to a pragmatic level and to quickly recover if an incident occurs.
The Guide to the Expression of Uncertainty in Measurement (GUM) is intended for all scientific and technological measurements in science, engineering, commerce, industry, and regulation. So the GUM must have an unambiguous interpretation. But its terminology and recommendations straddle two different ways of doing statistics: frequentist and Bayesian. Therefore as presented the GUM is somewhat ambiguous. This paper attempts to clear up the ambiguity of the GUM due to mixing up of the frequentist and the Bayesian concepts. Our hope is that the clarifications provided here will promote a more consistent use of the GUM and facilitate its application to situations not explicitly covered in the original document.
Two non-random equally trustworthy and independent chemical analysis methods are often used by measurement laboratories such as NIST to determine the certified value of the concentration of one or more analytes in a reference material. This is a widely accepted approach to assure that the certified concentration represents the true composition. This paper explains the concept of bias based on the Guide to the Expression of Uncertainty in Measurement (GUM) then provides a simple formula for the consensus value and the standard uncertainty due to method bias. The results for two methods can be extended to more than two methods.
Two non-random equally trustworthy and independent chemical analysis methods are often used by measurement laboratories such as NIST to determine the certified value of the concentration of one or more analytes in a reference material. This is a widely accepted approach to assure that the certified concentration represents the true composition. This paper explains the concept of bias based on the Guide to the Expression of Uncertainty in Measurement (GUM) then provides a simple formula for the consensus value and the standard uncertainty due to method bias. The results for two methods can be extended to more than two methods.
Libpcapv6 is a new version of the Lawrence Berkeley Laboratory libpcap packet capture library that has been extended to fully support IPv6. Libpcap has been widely used in the Unix community to develop network test tools for IPv4 such as tcpdump, sniffit, snoop, etc. A common and vital feature of these tools is a sophisticated, expression based, packet filtering capability that is provided by libpcap. With libpcapv6, these tools can be easily extended to support IPv6 and new tools and applications specifically designed for IPv6 can be developed. As examples, an IPv6 variation of tcpdump was successfully recompiled using libpcapv6 and a new tool ND was developed using libpcapv6 to gather local configuration information from the IPv6 neighbor discovery protocols.
A known-item search is a particular information retrieval task in which the system is asked to find a single target document in a large document set. The TREC-5 confusion track used a set of 49 known-item tasks to study the impact of data corruption on retrieval system performance. Two corrupted versions of a 55,600 document corpus whose true content was known were created by applying OCR techniques to page images. The first version of the corpus used the page images as scanned, resulting in an estimated character error rate of approximately 5 percent. The second version used page images that had been down-sampled, resulting in an estimated character error rate of approximately 20 percent. The true text and each of the corrupted versions were then searched using the same set of 49 questions. In general, retrieval methods that attempted a probabilistic reconstruction of the original clean text fared better than methods that simply accepted corrupted versions of the query text.
In the current environment of increasingly open and interconnected systems and networks, network and data security are essential for the optimum use of information technology. Cryptography should be considered for data that is sensitive, has a high value, or represents a high value if it is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptographic methods provide important functionality to protect against intentional and accidental compromise and alteration of data. These methods support communications security by encrypting the communication prior to transmission and decrypting it at receipt. These methods also provide file/data security by encrypting the data prior to placement on a storage medium and decrypting it after retrieval from the storage medium. The purpose of this bulletin is to provide a synopsis of the Guideline for Implementing Cryptography in the Federal Government.
In the current environment of increasingly open and interconnected systems and networks, network and data security are essential for the optimum use of information technology. Cryptography should be considered for data that is sensitive, has a high value, or represents a high value if it is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptographic methods provide important functionality to protect against intentional and accidental compromise and alteration of data. These methods support communications security by encrypting the communication prior to transmission and decrypting it at receipt. These methods also provide file/data security by encrypting the data prior to placement on a storage medium and decrypting it after retrieval from the storage medium.
The purpose of this document is to provide guidance to federal agencies on how to select cryptographic controls for protecting Sensitive Unclassified information. This document focuses on federal standards documented in Federal Information Processing Standards Publications (FIPS PUBs) and the cryptographic modules and algorithms that are validated against these standards. This document was written for federal employees, who are responsible for designing systems, and procuring, installing, and operating security products to meet identified security requirements. The goal is to provide these individuals with sufficient information to allow them to make informed decisions about the cryptographic methods that will meet their specific needs to protect the confidentiality, authentication, and integrity of data that is transmitted and/or stored in a system or network. This guideline provides information on selecting cryptographic services and methods and implementing the methods in new or existing systems.
The problem of determining a consensus value and its uncertainty from the results of multiple methods or laboratories is discussed. Desirable criteria of a solution are presented. A solution based on the ISO Guide to the Expression of Uncertainty in Measurement is introduced and applied in a detailed worked example. A Bayesian hierarchical model motivated by the proposed solution is presented and compared to the solution.
This paper presents techniques developed in the Information Technology Laboratory of the U.S. National Institute of Standards and Technology (NIST/ITL) for enabling microscopic image analysis of optical data storage media such as optical discs. These non-destructive techniques allow investigators to easily locate on the disc a predetermined series of media defects. The techniques can be applied to any type of optical disks including CDs and DVDs. The paper describes the experimental setup and the techniques utilized to achieve localization and registration of media defects. These techniques include data acquisition, computer control, auto focus, image processing, and remote control and observation. An extension of this setup utilizing available graphical programming environments can allow investigators at different locations to share and discuss the information of media defects by use of the Internet.
To determine the capability of a system for Rockwell C scale hardness, one must make test measurements, which can be planned and interpreted as explained in this paper. Uncertainty, which is one part of capability, is treated specifically, and product specification limits, the other part, are covered more generally. The uncertainty involves several components, which we designate as lack of repeatability, lack of reproducibility, machine error and indenter error. Component-by-component assessment leads to understanding of mechanisms and thus to guidance on system upgrades if these are necessary. Assessment of some components calls only for good-quality test blocks, and assessment of others requires NIST SRM test blocks. The important innovation introduced is this paper is improved handling of the hardness variation across test-block surfaces.
Analysis of the Query Track of the Eighth Text Retrieval Conference (TREC-8) shows how the presence or absence of a word or two in a query can make a large difference in information retrieval performance. The Query Track contains results from 8 systems each run on 21 natural-language queries that were formulated for each topic of 50. To compare the queries for a topic, we consider both discrimination against irrelevant documents and ordering of relevant documents in system outputs. Each of these aspects of performance leads to a graph. We present these graphs for 8 topics and summarize what is shown for the other 42. The 50 topics demonstrate the performance effects of word omissions, word additions, meaningful word substitutions, and word changes with only system ramifications. Regarding query formulation, the analysis in this paper shows the need to overcome mismatches between query terms and terms used in the documentation collection.
NIST (formerly, National Bureau of Standards) has started an ambitious project that aims to produce a successor to Abramowitz and Stegun's {\em Handbook of Mathematical Functions}, published by the National Bureau of Standards in 1964 and reprinted by Dover in 1965. Both editions continue to sell briskly and are widely cited in the scientific literature. However, with the many advances in the theory, computation and application of special functions that have occurred since 1960, a new standard reference is badly needed. NIST intends to satisfy this need by providing a Digital Library of Mathematical Functions (DLMF) as a free Web site together with an associated book and CD-ROM. The Web site will provide many capabilities that are impossible to provide in print media alone.
PEST is a collection of reference materials for the empirical evaluation and comparison of software testing techniques. Often the publication of a new testing technique or strategy includes a theoretical analysis and an ad hoc empirical evaluation. Because each researcher usually uses a different set of programs for an empirical evaluation, there is little basis for comparison between different techniques. The project objective is to develop and make available to software testing researchers and tool vendors a set of reference materials for the empirical evaluation and comparison of software testing techniques. This set of reference materials includes a diverse suite of program modules that can be the subject of a testing technique, testing support tools and examples of using PEST. Each module contains a program specification, a correct implementation in C that can be used as an oracle and several faulty C implementations, each seeded with a single fault from some commonly available fault taxonomy. The programs are designed such that a common test harness can be used to execute each faulty variant over test data for comparison against the oracle. This allows for the computation of metrics to compare the relative effectiveness of test data generated by different techniques.
Many Web areas are in an early technological period of rapid evolution and intense competitive selection. Nowhere is this truer than with electronic commerce. While much is being considered today for business-to-business transactions, the Web also represents a marvelous opportunity for small retail establishments. However, the needs of small establishments differ from those of larger firms. In particular, customer assurance is very important. Several assurance protocols are examined for their utility to small retail sellers on the Web. One new possibility involves using bankcard records to build assurance ratings.
This article summarizes the 1999 NIST Speaker Recognition Evaluation. It discusses the overall research objectives, the three task definitions, the development and evaluation data sets, the specified performance measures and their manner of presentation, the overall quality of the results, and the officially declared winners. More than a dozen sites from the United States, Europe, and Asia participated in this evaluation. There were three primary tasks for which automatic systems could be designed: one-speaker detection, two-speaker detection, and speaker tracking. All three tasks were performed in the context of mu-law encoded conversational telephone speech. The one-speaker detection task used single channel data, while the other two tasks used summed two-channel data. About 500 target speakers were specified, with two minutes of training speech data provided for each. Both multiple and single speaker test segments were selected from about 2000 conversations that were not used for training material. The duration of the multiple speaker test data was nominally one minute, while the duration of the single speaker test segments varied from near zero up to sixty seconds. For each task, systems had to make independent decisions for selected combinations of a test segment and a hypothesized target speaker. The data sets for each task were designed to be large enough to provide statistically meaningful results on test subsets of interest. Results were analyzed with respect to various conditions including, duration, pitch differences, and handset types.
Defines the content, format, and units of measurement for the exchange of fingerprint, palmprint, facial/mugshot, and scar, mark, and tattoo (SMT) image information that may be used in the identification process of a subject. The information consists of a variety of mandatory and optional items, including scanning parameters, related descriptive and record data, digitized fingerprint information and compressed or uncompressed images. This information is intended for interchange among criminal justice administrations or organizations that rely on automated fingerprint (AFIS) and palmprint identification systems or use facial or SMT data for identification purposes.
Weekly-analytic convex, faithfully convex, and self-concordant functions are considered, and their relationships described.
This paper describes the general accreditation requirements of the NIST National Voluntary Laboratory Accreditation Program (NVLAP) and the specific accreditation requirements for the Cryptographic Module Testing (CMT) and Common Criteria Testing (CCT) programs, which are part of the NVLAP newly established Information Technology Security Testing Program. The paper discusses the similarities and Maturity Model (SSE-CMM) Model and Appraisal Method. For an organization that has been SSE-CMM appraised, it identifies areas that would be almost the same, areas that could be tailored to meet the NVLAP requirements, and areas that would be new if the organization intended to meet the NVLAP requirements.
This ITL Bulletin provides basic information about intrusion detection systems (IDSs) to help organizations avoid common pitfalls in acquiring, deploying, and maintaining IDSs.
As the capabilities of intrusion detection systems (IDS) advance, attackers may attempt to disable an organization's IDS before attempting to penetrate more valuable targets. As IDSs evolve into distributed systems with interdependent components, they are becoming more vulnerable to such attacks. To counter this threat, we present an intrusion detection architecture which is resistant to denial-of-service attacks. The architecture frustrates attackers by making IDS components invisible to an attacker's normal means of "seeing" in a network. In the event of a successful attack, the architecture allows IDS components to relocate from attacked hosts to operational hosts thereby mitigating the effects of that attack. These capabilities are obtained by using mobile agent technology, utilizing network topology features, and by restricting the communication allowed between different types of IDS components.
We present a generalized algorithm for implementing a communications library for dynamic data structures created with heterogeneous composed data types such as multiple C structs, and where the data-types may be nested and may contain pointers. This algorithm is divided into an absolute part that is the same for all instantiations, and a relative part that is specific to the communications mechanism used, such as PVM or MPI. We describe the algorithm in terms of our AutoMap/AutoLink implementation in C/MPI. First, we will talk of the MPI case and of the AutoMap and AutoLink solutions (with ideas from version 3.0). Then we discuss what is to be followed in order to generalize the data-types transfer concepts presented in this article. With this addition to AutoMap/AutoLink we can extend the functions provided from the current send and receive functions (blocking and non blocking) available for any data-types, to any kind of transfer function; from broadcast to reduce (as long as the reduce called process is `message aware'). This will also simplify the extension of this work to data-types load balancing.
Principal component analysis (PCA) based algorithms form the basis of numerous algorithms and studies in the psychological and algorithmic face recognition literature. PCA is a statistical technique and its incorporation into a face recognition algorithm requires numerous design decisions. We explicitly state the design decisions by introducing a generic modular PCA-algorithm. This allows us to investigate these decisions including those not documented in the literature. We experiment with different implementations of each module, and evaluate the different implementations using the September 1996 FERET evaluation protocol (the de facto standard method for evaluating face recognition algorithms). We experiment with (1) changing the illumination normalization procedure; (2) studying effects on algorithm performance of compressing images using JPEG and wavelet compression algorithms; (3) varying the number of eigenvectors in the representation; and (4) changing the similarity measure in classification process. We perform two experiments. In the first experiment, we report performance results on the standard September 1996 FERET large gallery image sets. In the second experiment, we examine the variability in algorithm performance on different sets of facial images. The basis of the study is 100 randomly generated image sets (galleries) of the same size.