NIST logo

Publications Portal

You searched on: Author: david kuhn

Displaying records 31 to 40 of 107 records.
Resort by: Date / Title

31. Evaluation of Fault Detection Effectiveness for Combinatorial and Exhaustive Selection of Discretized Test Inputs
Published: 6/4/2012
Authors: Carmelo Montanez-Rivera, David R Kuhn, Mary C Brady, Richard M Rivello, Jenise Reyes Rodriguez, Michael K. Powers
Abstract: Testing components of web browsers and other graphical interface software can be extremely expensive because of the need for human review of screen appearance and interactive behavior. Combinatorial testing has been advocated as a method that provid ...

32. Combinatorial Methods for Event Sequence Testing
Published: 4/21/2012
Authors: David R Kuhn, James M. Higdon, James F Lawrence, Raghu N Kacker, Yu Lei
Abstract: Many software testing problems involve sequences. This paper presents an application of combinatorial methods to testing problems for which it is important to test multiple configurations, but also to test the order in which events occur. For exam ...

33. Combinatorial Testing of ACTS: A Case Study
Published: 4/21/2012
Authors: Mehra N. Borazjany, Linbin Yu, Yu Lei, Raghu N Kacker, David R Kuhn
Abstract: In this paper we present a case study of applying combinatorial testing to test a combinatorial test generation tool called ACTS. The purpose of this study is two-fold. First, we want to gain experience and insights about how to apply combinatorial t ...

34. Isolating Failure-Inducing Combinations in Combinatorial Testing using Test Augmentation and Classification
Published: 4/21/2012
Authors: Kiran Shakya, Tao Xie, Nuo Li, Yu Lei, Raghu N Kacker, David R Kuhn
Abstract: Combinatorial Testing (CT) is a systematic way of sampling input parameters of the software under test (SUT). A t-way combinatorial test set can exercise all behaviors of the SUT caused by interactions between t input parameters or less. Although com ...

35. Vulnerability Hierarchies in Access Control Configurations
Published: 12/27/2011
Author: David R Kuhn
Abstract: This paper applies methods for analyzing fault hierarchies to the analysis of relationships among vulnerabilities in misconfigured access control rule structures. Hierarchies have been discovered previously for faults in arbitrary logic formulae, s ...

36. Role Engineering: Methods and Standards
Published: 12/8/2011
Authors: Edward Coyne, Timothy Weil, David R Kuhn
Abstract: This article explains problems and approaches to designing permission structures for role based access control. RBAC and the RBAC standard are summarized, common approaches to role engineering described, and the current status and plans for the INCI ...

37. Vetting Mobile Apps
Published: 7/22/2011
Authors: Stephen Quirolgico, Jeffrey Mark Voas, David R Kuhn
Abstract: Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the ...

38. A Combinatorial Approach to Detecting Buffer Overflow Vulnerabilities
Published: 6/14/2011
Authors: Raghu N Kacker, Yu Lei, David R Kuhn, Wenhua Wang
Abstract: Buffer overflow vulnerabilities are program defects that can cause a buffer overflow to occur at runtime. Many security attacks exploit buffer overflow vulnerabilities to compromise critical data structures. In this paper, we present a black-box test ...

39. A Survey of Binary Covering Arrays
Published: 4/7/2011
Authors: James F Lawrence, Raghu N Kacker, Yu Lei, David R Kuhn, Michael Forbes
Abstract: Two-valued covering arrays of strength t are 0--1 matrices having the property that for each t columns and each of the possible 2t sequences of t 0's and 1's, there exists a row having that sequence in that set of t columns. Covering arrays are an im ...

40. Model Checking for Verification of Mandatory Access Control Models and Properties
Published: 2/28/2011
Authors: Chung Tong Hu, David R Kuhn, Tao Xie, J Hwang
Abstract: Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification o ...

Search NIST-wide:

(Search abstract and keywords)

Last Name:
First Name:

Special Publications:

Looking for a NIST Special Publication (NIST SP Series)? Place the series number and dash in the report number field (Example: 800-) and begin your search.

  • SP 250-XX: Calibration Services
  • SP 260-XX: Standard Reference Materials
  • SP 300-XX: Precision Measurement and Calibration
  • SP 400-XX: Semiconductor Measurement Technology
  • SP 480-XX: Law Enforcement Technology
  • SP 500-XX: Computer Systems Technology
  • SP 700-XX: Industrial Measurement Series
  • SP 800-XX: Computer Security Series
  • SP 823-XX: Integrated Services Digital Network Series