- IEEE Fellow, for contributions to access control and combinatorial test methods
- IEEE Reliability Society lifetime achievement award 'for contributions to the theory and empirical foundations of combinatorial testing', 2019
- ACSAC 'Test of Time' paper award for 'Role Based Access Control: Features and Motivations' (with D. Ferraiolo and J. Cugini), Annual Computer Security Applications Conference, 2019.
- IEEE Innovation in Societal Infrastructure Award, Institute of Electrical and Electronics Engineers, 2018, for role based access control
- Best poster, Hot Topics in Science of Security, 2018, "What Proportion of Vulnerabilities can be Attributed to Ordinary Coding Errors?" (with Mohammad Raunak and Raghu Kacker)
- Silver medal award for scientific/engineering achievement, U.S. Dept. of Commerce, 2014
- Excellence in Technology Transfer Award, Federal Laboratory Consortium Mid-Atlantic, 2009
- Best Standards Contribution, NIST/ITL, 2008
- Best Journal Paper Award, NIST/ITL, 2007
- Outstanding Authorship Award, NIST/ITL, 2003
- Gold medal award for scientific/engineering achievement, U.S. Dept. of Commerce, 2002;
- Excellence in Technology Transfer Award, 1998, Federal Laboratory Consortium.
- Bronze Medal, U.S. Dept. of Commerce, 1990;
- Member, Beta Gamma Sigma honorary.
Combinatorial methods can reduce costs for software testing significantly. They may also be one of the few practical approaches for assurance in AI and machine learning, especially for autonomous systems, where many conventional methods cannot be used. Combinatorial methods have significant applications in software engineering: Combinatorial or t-way testing is a proven method for more effective testing at lower cost.
The blockchain data structure and proof-of-work protocol were designed to solve the problem of double spending in cryptocurrencies. But conventional blockchains are hard to use in many distributed system applications. Although blockchain has found many applications outside of cryptocurrency, many of its features are not well suited to common data management applications. This project is developing an alternative approach to providing the integrity protection of blockchains, with the ability to modify or delete blocks, making it possible to meet the requirements of privacy regulations such as GDPR.
- Assoc editor, IEEE Computer
- Assoc editor, IEEE Transactions on Reliability
- Member, Association for Computing Machinery (ACM)
- Patents: "Implementation of Role Based Access Control in Multi-level Secure Systems", U.S. Patent #6,023,765.,
"Oracle-free Match Testing of a Program Using Covering Arrays and Equivalence Classes", U.S. Patent #10,552,300.
U.S. Provisional Patent Application #62/842,616 “Data Block Matrix” (blockchain/DLT allowing block edits, to enable privacy requirements such as GDPR)
- Past member of DARPA High Confidence Systems Working Group, IEEE Technical Committee on Operating Systems POSIX 1003.1, 1003.2 and 1201.2 working groups;
- Past projects: development of software tools and conformance test suites; methods for analyzing changes in formal specifications; verification of cryptographic protocols; and the first formal definition of role based access control; IEEE POSIX working groups and developing parts of the POSIX Conformance Test Suite for IEEE 1003.1; and definition of software assurance requirements for FIPS 140-1 (Security Requirements for Cryptographic Modules).
Significant papers (or at least ones that seem to get a lot of attention):
- D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., "Software Fault Interactions and Implications for Software Testing", IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.
Abstract; DOI: 10.1109/TSE.2004.24 - investigates number of interactions required to trigger failures in various types of systems; basis for our combinatorial testing project.
- D.R. Kuhn, "Fault Classes and Error Detection Capability of Specification Based Testing", ACM Transactions on Software Engineering and Methodology,Vol. 8, No. 4 (October,1999) - demonstrates existence of a hierarchy of fault classes that may be used to generate test more efficiently. Others have extended the hierarchy based on more types of faults.
- D. Ferraiolo and D.R. Kuhn, "Role Based Access Controls", Proceedings, 15th Natl. Computer Security Conference, 1992, pp. 554–563. --- the early paper on role based access control; includes basic formal definition. This was unified w/ Sandhu et. al (1996) to create the standard model for RBAC (more on RBAC project site).