FYI -
A LETTER FROM THE COMPUTER SYSTEMS LABORATORY
August 1993
TRACKING DEVELOPMENTS IN TRUSTED SYSTEMS
The 16th National Computer Security Conference, to be held
September 20-23, 1993, at the Baltimore Convention Center, will
dedicate a full track to Information Technology (IT) Security
Criteria and Evaluation. The track will expand on the
collaborative effort between the National Institute of Standards
and Technology (NIST) and the National Security Agency (NSA) to
develop a security criteria document suitable for use by both
government and industry. The objectives are to enhance the
development and evaluation of IT products with security features
and to develop an extensible and flexible framework for defining
new requirements for IT security products that will be used by
the international IT community.
The new track will focus on IT security criteria efforts over the
last year. An introduction to the Federal Criteria will be
followed by tutorials on protection profile development and the
potential ways in which profiles may be reviewed and registered
for use by product developers, customers, and evaluators. Other
panel discussions will include a comparison of the current
evaluation processes in North America and Europe and a report on
the status and plans for a commercial security evaluation process
in the U.S.
The track will also feature a panel discussion on a new
international project to develop common IT security criteria that
will align existing national criteria. NIST and NSA officials
announced the project during the Federal Criteria Invitational
Workshop, held on June 2-3, 1993. The project is a joint
activity of the governments of the U.S., Canada, and European
nations. Six government IT security officials from these nations
have formed the Common Criteria Editorial Board (CCEB).
Presenting their perspectives, CCEB panel members will describe
their work, the starting documents, and the timetable for planned
draft criteria, review, and trial use periods.
Ellen Flahavin, coordinator for the Criteria and Evaluation
track, expects IT professionals from around the world to attend
these sessions. For specific information on the track, contact
Ellen at NIST, Computer Systems Laboratory, POLY A241,
Gaithersburg, MD 20899-0001, telephone (301) 975-3871. For
general information on the computer security conference, see the
Upcoming Technical Conferences section of the newsletter. We
welcome your participation in the 16th National Computer Security
Conference and look forward to seeing you at the Baltimore
Convention Center at the Inner Harbor in September.
FEDERAL INFORMATION PROCESSING STANDARDS (FIPS) ACTIVITIES
Secure Hash Standard Approved for Federal Agency Use
On May 11, 1993, the Secretary of Commerce approved FIPS 180,
Secure Hash Standard, for use by federal agencies in protecting
unclassified information that is not subject to section 2315 of
Title 10, United States Code, or section 3502(2) of Title 44,
United States Code. To be effective October 15, 1993, FIPS 180
specifies a Secure Hash Algorithm (SHA) which can be used to
generate a condensed representation of a message called a message
digest. The SHA is required for use with the planned Digital
Signature Algorithm (DSA) and whenever a secure hash algorithm is
required for federal applications. Private and commercial
organizations are encouraged to adopt and use the standard.
The SHA is used by both the transmitter and intended receiver of
a message in computing and verifying a digital signature.
Appropriate applications of the SHA include electronic mail,
electronic funds transfer, software distribution, data storage,
and other applications which require data integrity assurance and
data origin authentication. The SHA may be implemented in
software, firmware, hardware, or any combination. Implementations
of the SHA will be validated by NIST.
Secretary of Commerce Approves POSIX Revision
FIPS 151-1, POSIX: Portable Operating System Interface for
Computer Environments, has been revised to adopt International
Standard ISO/IEC 9945-1:1990, Information Technology--Portable
Operating System Interface (POSIX)--Part 1: System Application
Program Interface (API) [C Language] which defines a C
programming language source interface to an operating system
environment. Effective October 15, 1993, the revised standard
will be published as FIPS 151-2 and supersedes FIPS 151-1 in its
entirety. FIPS 151-2 will maximize the federal return on
investment in generating or purchasing computer programs by
enhancing operating system compatibility.
Computer Graphics Metafile (CGM) Standard Revised
The Secretary of Commerce approved a revision to FIPS 128, CGM,
which will be published as FIPS 128-1. The revised standard
adopts the redesignated version of the CGM standard known as
ANSI/ISO 8632.1-4:1992; adds a requirement for the use of
profiles which define the options, elements, and parameters of
ANSI/ISO 8632 necessary to accomplish a particular function and
to maximize the probability of interchange between systems
implementing the profile; and adopts the first such profile, the
military specification MIL-D-28003A, November 15, 1991, known as
the CALS (Computer-aided Acquisition and Logistic Support) CGM
Application Profile.
FIPS 128-1 is a graphics data interface standard which specifies
a file format suitable for the description, storage, and
communication of graphical (pictorial) information in a device-
independent manner. The standard facilitates the transfer of
graphical information between different graphical software
systems, different graphical devices, and different computer
graphics installations.
The revised standard becomes effective October 15, 1993. The use
of the CGM Application Profile is mandatory October 15, 1994. We
encourage agencies to use the application profile in acquisitions
initiated during this period.
Revision of FIPS for Database Language SQL
On May 12, 1993, the Secretary of Commerce approved a substantial
enhancement of FIPS 127-1, SQL. Effective December 3, 1993, the
revised standard will be published as FIPS 127-2 and replaces
FIPS 127-1 in its entirety. FIPS 127-2 is mandatory for all
federal procurements of relational model database management
systems. The revised SQL standard adds significant new features
for schema definition, diagnostics management, integrity
constraints, and international character set support, as well as
new data types, new table operations, and enhanced data
manipulation expressions. A new Information Schema makes all
schema data available to applications.
FIPS 127-2 is specified in four separate conformance levels:
Entry SQL, Transitional SQL, Intermediate SQL, and Full SQL.
Although only Entry SQL is required, initially, for conformance
to FIPS 127-2, a higher conformance level may be specified as
mandatory in individual agency procurements. The NIST SQL Test
Suite, Version 4.0, provides conformance tests for the Entry SQL
level of FIPS 127-2. Future versions of the test suite will
evaluate other FIPS SQL conformance levels. We invite you to
call Joan Sullivan on (301) 975-3258 for order information on the
NIST SQL Test Suite.
Input/Output Interface Standards Withdrawn
Effective May 11, 1993, eight FIPS have been withdrawn because
the technical specifications that they adopt are obsolete and are
no longer supported by industry. The standards include:
-- FIPS 60-2, I/O Channel Interface, revised December 18, 1990.
-- FIPS 61-1, Channel Level Power Control Interface, revised
December 18, 1990.
-- FIPS 62, Operational Specifications for Magnetic Tape
Subsystems, revised December 18, 1990.
-- FIPS 63-1, Operational Specifications for Variable Block
Rotating Mass Storage Subsystems, revised December 18, 1990;
Supplement to FIPS 63-1, Additional Operational
Specifications for Variable Block Rotating Mass Storage
Subsystems, revised December 18, 1990.
-- FIPS 97, Operational Specifications for Fixed Block Rotating
Mass Storage Subsystems, revised December 18, 1990.
-- FIPS 111, Storage Module Interfaces (with extensions for
enhanced storage module interfaces), revised December 18,
1990.
-- FIPS 130, Intelligent Peripheral Interface (IPI), revised
December 18, 1990.
-- FIPS 131, Small Computer System Interface (SCSI), revised
December 18, 1990.
UPDATE ON NEW PUBLICATIONS
CSL publishes the results of studies, investigations, and
research. The reports listed below may be ordered from the
following sources as indicated for each:
*Superintendent of Documents
U.S. Government Printing Office
(GPO)
Washington, DC 20402
Telephone (202) 783-3238
*National Technical Information
Service (NTIS)
5285 Port Royal Road
Springfield, VA 22161
Telephone (703) 487-4650
The First Text REtrieval Conference (TREC-1)
D. K. Harman, Editor
NIST Spec. Pub. 500-207
March 1993
SN003-003-03207-7 $29.00
Order from GPO
This report constitutes the proceedings of the first Text
REtrieval Conference (TREC-1) held November 4-6, 1992.
Cosponsored by NIST and the Defense Advanced Research Projects
Agency (DARPA), the conference was the first in an ongoing series
of workshops to evaluate new technologies in text retrieval.
Software Error Analysis
By Wendy W. Peng and Dolores R. Wallace
NIST Spec. Pub. 500-209
March 1993
SN003-003-03212-3 $7.00
Order from GPO
This document provides the software engineering community with
current information regarding error analysis for software. It
assists users by describing how error analysis can improve the
software development process and provides guidelines for the
evaluation of high-integrity software.
The DARPA TIMIT Acoustic Phonetic Continuous Speech Corpus CD-ROM
[TIMIT]
By John S. Garofolo, Lori F. Lamel, William M. Fisher, Jonathan
G. Fiscus, David S. Pallett, and Nancy L. Dahlgren
NISTIR 4930
February 1993
PB93-173938 $19.50 paper
Order from NTIS $ 9.00 microfiche
This document presents the documentation supporting the DARPA
TIMIT (Texas Instruments/Massachusetts Institute of Technology)
Acoustic-Phonetic Continuous Speech Corpus released on CD-ROM in
October 1990 (NIST Speech Disc 1-1.1).
An International Survey of Industrial Applications of Formal
Methods Volume 1: Purpose, Approach, Analysis, and Conclusions;
Volume 2: Case Studies
By Dan Craigen, Susan Gerhart, and Ted Ralston
NIST GCR 93/626
March 1993
PB93-178556(vol.1) $27.00 paper
PB93-178564(vol.2) $17.50 microfiche
Order from NTIS
This two-volume study evaluates international industrial
experience in using formal methods and presents cases
representative of industrial-grade projects which span a variety
of application domains.
Building Hadamard Matrices in Steps of 4 to Order 200
By Nathalie Drouin
NISTIR 5121
April 1993
PB93-189835 $17.50 paper
Order from NTIS $ 9.00 microfiche
This report describes the construction of Hadamard matrices for
use in generating statistical plans of analysis for the synthetic
perturbation tuning technique of program sensitivity analysis.
Computer Systems Laboratory Annual Report--1992
By Elizabeth B. Lennon, Shirley Radack, and Ramona Roach
NISTIR 5127
December 1992
PB93-181873 $19.50 paper
Order from NTIS $12.50 microfiche
This report describes the 1992 computer and related
telecommunications activities of NIST's Computer Systems
Laboratory.
Using Synthetic-Perturbation Techniques for Tuning Shared Memory
Programs
By Robert Snelick, Joseph Ja'Ja', Raghu Kacker, and Gordon Lyon
NISTIR 5139
March 1993
PB93-178572 $17.50 paper
Order from NTIS $ 9.00 microfiche
This paper explains the synthetic-perturbation tuning (SPT)
methodology which is based on an empirical approach that
introduces artificial delays into the multiple-instruction,
multiple-data (MIMD) program. It also addresses specific
features that are the main source of poor performance on the
shared memory programming model.
Detailed Design Specification for Conformance Testing of Computer
Graphics Metafile (CGM) Interpreter Products
Daniel R. Benigni, Editor
NISTIR 5146
March 1993
PB93-178580 $19.50 paper
Order from NTIS $ 9.00 microfiche
This report presents a detailed design specification for
determining conformance of CGM Interpreter Products to the
requirements of Federal Information Processing Standard (FIPS)
128, CGM, and the Military Specification MIL-D-28003A. The work
supports the Computer-aided Acquisition and Logistic Support
(CALS) initiative of the Department of Defense.
Statistical Analysis of Information Content for Training Pattern
Recognition Networks
By C.L. Wilson
NISTIR 5149
March 1993
PB93-178861 $17.50 paper
Order from NTIS $ 9.00 microfiche
This report provides an analysis, based upon statistical models
of neural networks, of the data content for training pattern
recognition systems.
Minimum Security Requirements for Multi-User Operating Systems
By David Ferraiolo, Nickilyn Lynch, Patricia Toth, David
Chizmadia, Michael Ressler, Roberta Medlock, and Sarah Weinberg
NISTIR 5153
March 1993
PB93-185999 $17.50 paper
Order from NTIS $ 9.00 microfiche
This document provides basic commercial computer system security
requirements applicable to both government and commercial
organizations. These requirements form the basis for the
commercially oriented protection profiles in Volume II of the
draft Federal Criteria for Information Technology Security
document (known as the Federal Criteria).
Comparative Performance of Classification Methods for
Fingerprints
By G.T. Candela and R. Chellappa
NISTIR 5163
April 1993
PB93-184273 $17.50 paper
Order from NTIS $ 9.00 microfiche
This study compares the results of several pattern classifiers as
tested on NIST Special Database 4, which consists of fingerprint
images produced from two rollings of each of 2000 different
fingers. The classifiers tested are drawn from traditional
pattern recognition literature as well as neural network
literature.
NIST Scoring Package Certification Procedures in Conjunction with
NIST Special Databases 2 and 6
By Michael D. Garris
NISTIR 5173
April 1993
PB93-188126 $17.50 paper
Order from NTIS $ 9.00 microfiche
This document presents procedures developed by CSL to promote
compliance with existing Scoring Package file formats. CSL
strongly encourages Scoring Package certification to maximize the
successful scoring of recognition system data.
Optimization of Adaptive Resonance Theory Network With Boltzmann
Machine
By Omid M. Omidvar and Charles L. Wilson
NISTIR 5176
April 1993
PB93-188134 $17.50 paper
Order from NTIS $ 9.00 microfiche
This report presents optical character recognition research which
combines Boltzmann methods and the Adaptive Resonance Theory
(ART) to generate small testing networks which achieve reduced
training error and improved network speed applicable to the
optimization of large neural networks.
Computer Graphics Metafile (CGM) Test Requirements Document
(Update)
By Lynne S. Rosenthal
NISTIR 5191
April 1993
PB93-198273 $19.50 paper
Order from NTIS $ 9.00 microfiche
This document updates and supplements the Computer Graphics
Metafile (CGM) Test Requirements Document published in 1989 as
NISTIR 4329. Revisions in FIPS 128, CGM, and MIL-D-28003A add
new functionality and additional requirements, necessitating the
update of the conformance test suite and tools.
UPCOMING TECHNICAL CONFERENCES
Digital Systems Reliability and Nuclear Safety Workshop
This workshop will provide state-of-the-art information to the
U.S. Nuclear Regulatory Commission (NRC) staff and to the nuclear
industry from outside experts regarding potential safety issues,
proposed regulatory positions, and research associated with the
application of digital systems in nuclear power plants.
Sponsor: Nuclear Regulatory Commission, in cooperation with NIST
Dates: September 13-14, 1993
Place: Rockville Crowne Plaza Hotel, Rockville, MD
Contact: Dolores Wallace
(301) 975-3340
Open System Environment (OSE) Implementors Workshop (OIW)
This workshop is part of a continuing series to develop
implementation specifications from international standard design
specifications for computer network protocols.
Sponsors: NIST and the IEEE Computer Society
Dates: September 13-17, 1993
December 6-10, 1993
Place: NIST, Gaithersburg, MD
Contact: Brenda Gray
(301) 975-3664
16th National Computer Security Conference
The theme of this year's conference is "Information Systems
Security: User Choices." The major emphasis will be on meeting
the special needs of users and creating better security for user
information technology resources.
Sponsors: NIST and NSA's National Computer Security Center
Date: September 20-23, 1993
Place: Baltimore Convention Center, Inner Harbor, Baltimore, MD
Contacts: Irene Gilbert Perry (301) 975-3360
Dennis Gilbert (301) 975-3872
Federal Wireless Users Forum (FWUF)
This new users group was established to address wireless digital
interface issues in the federal government. Although focusing on
the requirements of federal wireless telecommunication users, the
forum encourages the participation of state and local government,
other interested users, product providers, and service providers.
Sponsors: NIST and the National Communications System (NCS)
Date: September 27-29, 1993 at Marriott Washingtonian Center,
Gaithersburg, MD
Date: January 18-20, 1994, at NIST
Contact: Mary Ruhl
(301) 975-2983
North American ISDN Users' Forum (NIUF)
The NIUF addresses many concerns over a broad range of Integrated
Services Digital Network (ISDN) issues and seeks to reach
consensus on ISDN Implementation Agreements. Participants
include ISDN users, implementors, and service providers.
Dates: October 18-22, 1993
Place: NIST, Gaithersburg, MD
Contact: Dawn Hoffman
(301) 975-2937
Applications Portability Profile (APP)/Open Systems Environment
(OSE) Workshop
This workshop is designed as a user's forum to discuss the latest
developments in the APP/OSE.
Dates: November 16-17, 1993
Place: NIST, Gaithersburg, MD
Contact: Joe Hungate
(301) 975-3368
Paul Ferguson | "Government, even in its best state,
Network Integrator | is but a necessary evil; in its worst
Centreville, Virginia USA | state, an intolerable one."
fergp(a)sytex.com | - Thomas Paine, Common Sense
I love my country, but I fear its government.