In This Issue...
Updated NIST Software Uses Combination Testing to Catch Bugs Fast and Easy
Researchers at the National Institute of Standards and Technology (NIST) have released an updated version of a computer system testing tool that can cut costs by more efficiently finding flaws. A tutorial on using the tool accompanies the new release.
Catching software "bugs" before a program is released enhances computer security because hackers often exploit these flaws to introduce malware, including viruses, to disrupt or take control of computer systems. But it's difficult. A widely cited 2002 study prepared for NIST* reported that even though 50 percent of software development budgets go to testing, flaws in software still cost the U.S. economy $59.5 billion annually.
Exhaustive checking of all possible combinations of input actions that could cause software failure is not practical, explained NIST's Raghu Kacker, because of the huge number of possibilities, but it's also not necessary. Based on studies of software crashes in applications, including medical devices and Web browsers, NIST's Rick Kuhn and other researchers determined that between 70 and 95 percent of software failures are triggered by only two variables interacting and practically 100 percent of software failures are triggered by no more than six. "Testing every combination up to six variables can be as good as exhaustive testing," said Kacker.
Working with researcher Jeff Yu Lei and his students from the University of Texas at Arlington, NIST designed Advanced Combinatorial Testing System (ACTS), a freely distributed software tool to generate plans for efficiently testing combinations of two to six interacting variables. The method goes beyond the commonly used "pairwise" approach to software testing, which tests combinations of two variables, so it can detect more obscure flaws. (See "'Combinatorial' Approach Squashes Software Bugs Faster, Cheaper" in NIST Tech Beat, Dec. 12, 2007, at www.nist.gov/itl/math/bugs_121207.cfm.)
Kuhn describes the process "as packing as many combinations into a set of tests as efficiently as we know how." For example, testing all possible interactions for a product with 34 on and off switches would require 17 billion tests. Using ACTS, all three-way interactions can be evaluated using only 33 tests and all six-way combinations with just 522 tests, instead of 17 billion.
The first version of ACTS was released in 2008. Since then, it has been distributed at no cost to 465 organizations and individuals in industry, academia and government. "About half of our users are in IT, but other heavy users are in the financial, defense and telecommunications sectors," said Kuhn. In August, NIST and Lockheed Martin initiated a Cooperative Research and Development Agreement to study the application of ACTS in the company's large and complex software applications. The two groups will jointly publish the results.
NIST released the latest update of ACTS in October. The new version includes an improved user interface and a better method of specifying relationships between parameters for testing. This can eliminate the problem, for example, of spending time on tests for invalid combinations, such as using Internet Explorer on a Linux system. Information for requesting ACTS is available at http://csrc.nist.gov/groups/SNS/acts/index.html.
Just released is a new tutorial, Practical Combinatorial Testing, that introduces key concepts and methods along with explaining the use of software tools for generating combinatorial tests. Cost and other practical considerations are addressed. The tutorial is designed to be accessible to undergraduate students in computer science or engineering and includes extensive references. NIST Special Publication 800-142 (link to http://csrc.nist.gov/groups/SNS/acts/documents/SP800-142-101006.pdf) can be downloaded at crsc.nist.gov/acts.
* Research Triangle Institute, The Economic Impacts of Inadequate Infrastructure for Software Testing, NIST Planning Report 02-3, May 2002.
Media Contact: Evelyn Brown, email@example.com, 301-975-5661
NIST Seeks Comments on Study of Charleston Furniture Store Fire
Major factors contributing to a rapid spread of fire at the Sofa Super Store in Charleston, S.C., on June 18, 2007, included large open spaces with furniture providing high fuel loads, the inward rush of air following the breaking of windows, and a lack of sprinklers, according to a draft report released October 28, 2010, for public comment by the National Institute of Standards and Technology (NIST). The fire trapped and killed nine firefighters, the most firefighter fatalities in a single event since 9/11.
On the basis of its findings, the NIST technical study team made 11 recommendations for enhancing building, occupant and firefighter safety nationwide. The team urged states and local communities to adopt current national model building and fire safety codes. 1 If today's model codes had been in place and rigorously followed in Charleston in 2007, the study authors said, the conditions that led to the rapid fire spread in the Sofa Super Store probably would have been prevented.
"Furniture stores typically have large amounts of combustible material and represent a significant fire hazard," said NIST study leader Nelson Bryner. "Model building codes should require both new and existing furniture stores to have automatic sprinklers, especially if those stores include large, open display areas."
Specifically, the NIST report calls for national model building and fire codes to require sprinklers for all new commercial retail furniture stores regardless of size, and for existing retail furniture stores with any single display area of greater than 190 square meters (2,000 square feet). Other recommendations include adopting model codes that cover high fuel load situations (such as a furniture store), ensuring proper fire inspections and building plan examinations, and encouraging research for a better understanding of fire situations such as venting of smoke from burning buildings and the spread of fire on furniture.
NIST welcomes comments on the draft report and its recommendations. To be considered for the final report, comments must be received by noon EST on Dec. 2, 2010. Comments may be submitted via e-mail to firstname.lastname@example.org; fax to (301) 975-4052; or mail to the attention of NIST Technical Study: Sofa Super Store, NIST, 100 Bureau Dr., Stop 8660, Gaithersburg, MD 20899-8660.
Once the final report is published, NIST will work with the appropriate committees of the International Code Council (ICC) on using the study's recommendations to improve provisions in model building and fire codes. NIST also will work with the major organizations representing state and local governments—including building and fire officials—and firefighters to encourage them to consider its recommendations.
To read the full press release and to access the draft study report and supplementary materials, go to http://www.nist.gov/el/fire_research/charleston_102810.cfm
1The International Code Council (ICC) I-Codes are used as models for building and fire regulations promulgated and enforced by U.S. state and local jurisdictions. Those jurisdictions have the option of incorporating some or all of the code's provisions but generally adopt most provisions.
Media Contact: Michael E. Newman, email@example.com, 301-975-3025
New NIST Dietary Supplement Reference Materials Could Be ‘Berry’ Useful
National Institute of Standards and Technology (NIST) researchers have developed new certified reference materials for measuring amounts of organic acids in dietary supplements formulated with Vaccinium berries—cranberries, blueberries and bilberries. As described in a recent paper,* manufacturers and researchers can use this new suite of standard reference materialsTM (SRMs) as quality assurance tools.
Dietary supplement manufacturers often include health claims on products made with Vaccinium berries. Suggested benefits include prevention of urinary tract infections, reduced risk of certain cancers or Alzheimer's disease, and improved night vision. Consumers may take such claims at face value, but one common problem with dietary supplement products containing berries is the risk of economic adulteration—dilution with less expensive juices, such as apple or grape, or the use of blueberries instead of bilberries as a cost-saver for the manufacturer. One way of telling whether or not a product has been adulterated is to measure organic acid ratios, which are specific to each type of berry.
Until now, analytical approaches for measuring organic acid ratios in berries, fruit juices, and dietary supplements have relied on the use of pure organic acid reference standards, which do not take into account the complexity of the whole berry. As a result, these methods could neither be validated as accurate nor used to certify reference materials to meet the needs and accuracy requirements of the Food and Drug Administration (FDA) and dietary supplement manufacturers.
NIST's new certified reference materials are:
SRMs are among the most widely distributed and used NIST products. The agency prepares, analyzes and distributes more than 1,000 different carefully characterized materials that are used throughout the world to check the accuracy of instruments and test procedures used in manufacturing, clinical chemistry, environmental monitoring, electronics, criminal forensics and dozens of other fields. For more information, see NIST's SRM website.
* M.M. Phillips, R.J. Case, C.A. Rimmer, L.C. Sander, K.E. Sharpless, S.A. Wise, and J.H. Yen. Determination of organic acids in Vaccinium berry standard reference materials. Analytical and Bioanalytical Chemistry. 398(1), 425-434.
Media Contact: Mark Esser, firstname.lastname@example.org, 301-975-8735
NIST Pings Key Material in Sonar, Closes Gap on Structural Mystery
Using a neutron beam as a probe, researchers working at the National Institute of Standards and Technology (NIST) have begun to reveal the crystal structure of a compound essential to technologies ranging from sonar to computer memory. Their recent work* provides long-sought insight into just how a widely used material of modern technology actually works.
The compound is a "piezoelectric," a material capable of changing one kind of energy into another—mechanical to electrical, or vice versa. Long employed in sonar systems to detect sound waves, more recently piezoelectrics have been applied in devices that require minuscule changes in position, such as the head that reads data from your computer's hard drive.
For decades, the industry standard piezoelectric has been PZT, a compound that contains titanium,zirconium, lead and oxygen. Crystals of PZT change a tiny fraction of a percent in size when a sound wave strikes them, and thisshape change creates an electrical impulse. Decades ago, it was discovered that PZT performs at its best when the titanium and zirconium appear in approximately equal proportions, but no one really understood why.
"The theories frequently concern what happens at the transition line between having a surplus of zirconium and one of titanium," says Peter Gehring of the NIST Center for Neutron Research (NCNR). "Some theories suggest that right near the transition zone, the atoms take on a special configuration that allows certain atoms to move more freely than they can otherwise. But because it's been hard to grow a crystal of PZT large enough to analyze, we couldn't completely test these ideas."
A breakthrough came when chemists at Canada's Simon Fraser University managed to grow single crystals of a few millimeters in size and sent them to the NCNR for examination with neutron scattering—a technique for determining the positions of individual atoms in a complex crystal structure by observing the patterns made by neutrons bouncing off it. The team, which also included researchers from the University of Oxford, the University of Tokyo, and the University of Warwick, was able to definitively rule out one of the proposed structures of PZT.
Instead, they found that each PZT crystal element likely assumes one of two possible forms that coexist within the larger crystal array. These forms are dictated by chemical composition, and they may influence how well the material performs on a large scale. Their findings also suggest that the change in behavior seen at the transition happens gradually, rather than at some sharply delineated proportion of zirconium to titanium.
Gehring says the results could be a step toward bettering PZT. "Determining the structure might give us the perspective necessary to design a piezoelectric material from first principles, instead of just playing around and seeing what works," he says. "That's what you need if you're ever going to build a better mousetrap."
* D. Phelan, X. Long, Y. Xie, Z.-G. Ye, A.M. Glazer, H. Yokota, P.A. Thomas and P.M. Gehring. Single crystal study of competing rhombohedral and monoclinic order in lead zirconate titanate. Physical Review Letters, Nov. 8, 2010, DOI: 10.1103/PhysRevLett.105.207601
Media Contact: Chad Boutin, email@example.com, 301-975-4261
AFM Positioning: Shining Light on a Needle in a Haystack
The researchers characterize their new technique as a neat solution to the "needle in a haystack" problem of nanoscale microscopy, but it's more like the difference between finding the coffee table in a darkened room either by walking around until you fall over it, or using a flashlight. In a new paper,* a group from JILA—a joint venture of the National Institute of Standards and Technology (NIST) and the University of Colorado—finds tiny assemblies of biomolecules for subsequent detailed imaging by combining precision laser optics with atomic force microscopy.
The atomic force microscope (AFM) has become one of the standard tools of nanotechnology. The concept is deceptively simple. A needle—not unlike an old-fashioned phonograph stylus, but much smaller with a tip at most only a couple of atoms wide—moves across the surface of the specimen. A laser measures tiny deflections of the tip as it is pushed or pulled by atomic scale forces, such as electrostatic forces or chemical attraction. Scanning the tip back and forth across the sample yields a three-dimensional image of the surface. The resolution can be astonishing—in some cases showing individual atoms, a resolution a thousand times smaller than the best optical microscopes can achieve.
Such amazing sensitivity incurs a technical problem: if your probe can image an object of, say, 100 square nanometers, how exactly do you find that object if it could be nearly anywhere on a microscope stage a million times that size? That's not an unusual case in biological applications. The brute-force answer is, you scan the probe back and forth, probably at a higher speed, until it runs into something interesting. Like the coffee table in the dark, this has problems. The AFM tip is not only very delicate and easy to damage, but it can be degraded by picking up unwanted atoms or molecules from the surface. Also, in the biosciences, where the AFM is becoming increasingly important, research specimens usually are "soft" things like proteins or membranes that can be damaged by an uncontrolled collision with the tip. One solution has been to "label" the target molecule with a small fluorescent compound or quantum dot, so that it lights up and is easy to find, but that means chemically altering the subject, which may not be desirable.
Instead, the JILA team opted to use a flashlight. Building upon an earlier innovation for stabilizing the position of an AFM tip, the group uses a tightly focused, low-power laser beam to optically scan the area, identifying target locations by minute changes in the scattered light. This laser is scanned across the sample to form an image, analogous to forming an AFM image.
The same laser—and detection technique—is used to locate the AFM tip. Hence, the laser serves as a common frame of reference and it's relatively straightforward to align the optical and the AFM image. In experiments with patches of cell membrane from single-cell organisms,** the group has demonstrated that they can locate these protein complexes and align the AFM tip with a precision of about 40 nanometers. Relying solely on scattered light, their technique requires no prior chemical labeling or modification of the target molecules.
"You solve a couple of problems," says NIST physicist Thomas Perkins. "You solve the problem of finding the object you want to study, which is sort of a needle in a haystack problem. You solve the problem of not contaminating your tip. And, you solve the problem of not crashing your tip into what you were looking for. This prevents damaging your tip and, for soft biological targets, not damaging your sample." And, he says, it's much more efficient. "From a practical perspective, instead of my grad student starting to do real science at 4 p.m., she can start doing science at 10 a.m."
* A.B. Churnside, G.M. King and T.T. Perkins. Label-free optical imaging of membrane patches for atomic force microscopy. Optics Express. Vol. 18, No. 23. Nov. 8, 2010.
** The team used "purple membrane," which is cell membrane from certain single-cell organisms and contains bacteriorhodopsin, a protein that captures light energy. Bacteriorhodopsin is embedded in purple membrane and is a common protein for research in the biosciences.
Media Contact: Michael Baum, firstname.lastname@example.org, 301-975-2763
TIP Seeks Comments on Potential Funding Areas and Solicits Suggestions for Future Competitions
In two Federal Register notices, the Technology Innovation Program (TIP) of the National Institute of Standards and Technology (NIST) asks for public comments on six NIST-prepared white papers outlining potential areas for research grants and, separately, requests detailed suggestions of critical national needs and associated technical needs for future TIP funding competitions.
TIP assists U.S. businesses, universities and other institutions in furthering and accelerating innovation through shared support of high-risk, high-reward research addressing needs and challenges meriting national attention. The call for white papers and public reviews of TIP-developed white papers are part of the process that TIP employs to select appropriate areas for funding. (See "NIST Issues New Call for White Papers on Critical National Needs," NIST Tech Beat, Sept. 8, 2009.)
The six draft white papers that are the subject of the current call for public comments distill topics in five areas of critical national need—water, manufacturing, energy, civil infrastructure, and healthcare—that are under consideration for the upcoming funding competitions. The draft white papers are:
In the second notice, TIP is seeking white papers to help shape the program's collaborative outreach and future competitions. Suggestions in all areas of critical national need are encouraged. For detailed instructions on how to prepare and submit white papers please refer to A Guide for Preparing and Submitting White Papers to the Technology Innovation Program, available at http://www.nist.gov/tip/wp/upload/guide_for_white_papers.pdf
Along with other inputs, including Administration priorities and suggestions from stakeholder communities, white papers help TIP shape the scope of future competitions.
Submissions will be reviewed in four batches. Due dates are Nov. 29, 2010; Feb. 15, 2011; May 10, 2011; and July 12, 2011. Send white papers to email@example.com or to NIST, Technology Innovation Program, 100 Bureau Dr., Stop 4750, Gaithersburg, MD 20899-4750.
The TIP call for white papers is available at: http://www.nist.gov/tip/frn/upload/tip_frn_notice_seeks_white_papers_10_29_10.pdf
Media Contact: Michael Baum, firstname.lastname@example.org, 301-975-2763
New NIST Publication Provides Security Guidance for WiMAX Technologies
A new publication from the National Institute of Standards and Technology (NIST) provides technical guidance to government agencies and other organizations interested in mitigating risks with WiMAX (Worldwide Interoperability for Microwave Access) networks.
WiMAX is a wireless network protocol that can cover an area of a few square kilometers, such as a college campus or a small town. Its reach is greater than the more familiar “WiFi” networks employed in offices, homes or coffee shops—with typical ranges in the tens of meters—but smaller than wireless areas covered by cell phones. The technology, guided by standards issued by IEEE, originally was designed to provide last-mile broadband wireless access as an alternative to cable, digital subscriber line (DSL) or T1 service. In recent years, its focus has shifted to provide a more cellular-like, mobile architecture to serve a broader audience.
Emergency WiMAX nets have been used in disaster zones where the communication infrastructure was destroyed, such as along the coast of the Gulf of Mexico after Hurricane Katrina.
Special Publication 800-127 “Guide to Security for WiMAX Technologies” discusses WiMAX technology’s topologies, components, certifications, security features and related security concerns. It covers the IEEE 802.16 standard for WiMAX and its evolution up to the 2009 version.
The main threats to all wireless networks are denial of service attacks, eavesdropping, message modification and resource misappropriation.
SP 800-127 recommends taking advantage of built-in security features to protect data confidentiality on the network. It also suggests that organizations using WiMAX technology should:
Media Contact: Evelyn Brown, email@example.com, 301-975-5661
NIST Patent Roundup
NIST researchers and their collaborators were awarded seven patents in the past year for a wide variety of technologies. Since Oct. 1, 2009, NIST has made a total of 30 invention disclosures and filed 15 patent applications. Currently, 36 technologies invented or co-invented by NIST scientists and engineers are under license to private companies, with four licenses granted in fiscal year 2010. In all, NIST was party to 128 active patents.
NIST encourages its researchers to seek patent protection when it provides an incentive for commercialization or use of the technology in the United States or if the innovation helps to advance a new field of science or technology that falls within NIST’s mission.
NIST also encourages its researchers to seek patent protection when necessary to maintain productive collaborative relationships with government, academic or commercial partners; to ensure the availability of background technology; to address the requirements of funding sources; and/or to adhere to the obligations or further the goals of a Cooperative Research and Development Agreement (CRADA) or other collaborative agreement.
Patents granted this fiscal year include:
Media Contact: Mark Esser, firstname.lastname@example.org, 301-975-8735