Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Displaying 51 - 75 of 183

Attribute Based Access Control

November 30, 2017

Author(s)

Chung Tong Hu, David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn

Until now, ABAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains ABAC's history and model, related standards, verification and assurance, applications, and deployment challenges; Specialized

Combinatorial Coverage Measurement of Test Vectors used in Cryptographic Algorithm Validation (Presentation)

September 28, 2017

Author(s)

Dimitris Simos, Stavros Mekesis, D. Richard Kuhn, Raghu N. Kacker

We measured the combinatorial coverage of test vectors provided by the NIST Cryptographic Algorithm Validation Program (CAVP). Input models were defined and test vectors measured and analyzed for 2-way, 3-way, and 4-way combinatorial coverage. The results

Combinatorial and MC/DC Coverage Levels of Random Testing

August 18, 2017

Author(s)

Sergiy Vilkomir, Aparna Alluri, D. Richard Kuhn, Raghu N. Kacker

Software testing criteria differ in effectiveness, numbers of required test cases, and processes of test generation. Specific criteria are often compared with random testing as the simplest basic approach and, in some cases, random testing shows a

Combinatorial Testing of Full Text Search in Web Applications

August 18, 2017

Author(s)

M S Raunak, David R. Kuhn, Raghu N. Kacker

Database driven web applications are some of most widely developed systems today. Testing these applications effectively and discovering difficult-to-find bugs continues to be a challenge for software engineers. In this paper, we show that combinatorial

An Analysis of Vulnerability Trends, 2008 - 2016

July 29, 2017

Author(s)

David R. Kuhn, Mohammad Raunak, Raghu N. Kacker

This analysis reviews trends within the different vulnerability types and subsidiary weaknesses, with a goal of identifying practices that may have the strongest impact on reducing vulnerabilities.

Verification and Test Methods for Access Control Policies/Models

June 27, 2017

Author(s)

Chung Tong Hu, David R. Kuhn, Dylan J. Yaga

Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

What Happened to Software Metrics?

May 25, 2017

Author(s)

Jeffrey M. Voas, David R. Kuhn

In the 1980's, the software quality community was all 'a buzz' with seemingly endless 'potential' approaches for producing higher quality software. At the forefront of that was software metrics, along with the corresponding software testing techniques and

General Methods for Access Control Policy Verification

December 19, 2016

Author(s)

Chung Tong Hu, David R. Kuhn

The Relationship Between Software Bug Type and Number of Factors Involved in Failures

October 23, 2016

Author(s)

Raghu N. Kacker, David R. Kuhn, Zachary Ratliff

Previous studies have defined different types of software bugs based on their complexity and reproducibility. Simple bugs, which involve only direct factors and are often easy to reproduce, have been called Bohrbugs, while complex bugs, with at least one

Combinatorial Methods in Security Testing

October 20, 2016

Author(s)

Dimitris Simos, D. Richard Kuhn, Artemios Voyiatzis, Raghu N. Kacker

This article introduces combinatorial testing-based approaches for security testing and presents case studies and experiences. The success of the presented research program motivates further intensive research on the field of combinatorial security testing

A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications

October 3, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, Chung Tong Hu, David R. Kuhn

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control (ABAC) standards with similar goals and objectives. An objective of both is to provide a standardized way for

Estimating t-way Fault Profile Evolution During Testing

August 25, 2016

Author(s)

David R. Kuhn, Raghu N. Kacker, Lei Yu

Empirical studies have shown that most software interaction faults involve one or two variables interacting, with progressively fewer triggered by three or more, and no failure has been reported involving more than six variables interacting. This paper

Evaluating the Effectiveness of BEN in Locating Different Types of Software Fault

August 4, 2016

Author(s)

Raghu N. Kacker, David R. Kuhn, Jagan Chandrasekaran, Yu Lei

Debugging or fault localization is one of the most challenging tasks during software development. Automated fault localization tools have been developed to reduce the amount of effort and time software developers have to spend on debugging. In this paper

Pseudo-exhaustive Testing of Attribute Based Access Control Rules

August 4, 2016

Author(s)

David R. Kuhn, Chung Tong Hu, David F. Ferraiolo, Raghu N. Kacker, Yu Lei

Access control typically requires translating policies or rules given in natural language into a form such as a programming language or decision table, which can be processed by an access control system. Once rules have been described in machine

Estimating t-way Fault Profile Evolution During Testing

June 10, 2016

Author(s)

Raghu N. Kacker, David R. Kuhn

Combinatorial Testing for Cybersecurity and Reliability

May 12, 2016

Author(s)

David R. Kuhn, Raghu N. Kacker, Larry Feldman, Gregory A. Witte

This bulletin focuses on NIST's combinatorial testing work. Combinatorial testing is a proven method for more effective software testing at lower cost. The key insight underlying combinatorial testing's effectiveness resulted from a series of studies by

Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry

May 11, 2016

Author(s)

Dimitris Simos, Kristoffer Kleine, D. Richard Kuhn, Raghu N. Kacker

We present a combinatorial coverage measurement for (subsets) of the TLS cipher suite registries by analyzing the specified ciphers of IANA, ENISA, BSI, Mozilla and NSA Suite B. Our findings contribute towards the design of quality measures of recommended

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

March 11, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn, Chung Tong Hu

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing

Learning Internet of Things Security "Hands-on"

February 3, 2016

Author(s)

Constantinos Kolias, Angelos Stavrou, Jeff Voas, Irena Bojanova, D. Richard Kuhn

Our research began from asking whether there is a science behind the Internet of Things (IoT). We started from zero knowledge and no bias. The results of that work determined that indeed there is a science, but it is a science of numerous actors, that when

Using Combinatorial Testing to Build Navigation Graphs for Dynamic Web Applications

February 2, 2016

Author(s)

Wenhua Wang, Sreedevi Sampath, Yu Lei, Raghu N. Kacker, D. Richard Kuhn, James F. Lawrence

Modelling a software system is often a challenging prerequisite to automatic test case generation. Modelling the navigation structure of a dynamic web application is particularly challenging because of the presence of a large number of pages that are

A Rational Foundation for Software Metrology

January 20, 2016

Author(s)

David W. Flater, Paul E. Black, Elizabeth N. Fong, Raghu N. Kacker, Vadim Okun, Stephen S. Wood, David R. Kuhn

Much software research and practice involves ostensible measurements of software, yet little progress has been made on an SI-like metrological foundation for those measurements since the work of Gray, Hogan, et al. in 1996-2001. Given a physical object

Measuring and Specifying Combinatorial Coverage of Test Input Configurations

November 14, 2015

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

A key issue in testing is how many tests are needed for a required level of coverage or fault detection. Estimates are often based on error rates in initial testing, or on code coverage. For example, tests may be run until a desired level of statement or

Combinatorial Testing: Theory and Practice

August 18, 2015

Author(s)

David R. Kuhn, Renee Bryce, Feng Duan, Laleh Ghandehari, Yu Lei, Raghu N. Kacker

Combinatorial testing has rapidly gained favor among software testers in the past decade as improved algorithms have become available, and practical success has been demonstrated. This article reviews the theory and application of this method, focusing

Combinatorial Testing: Theory and Practice, Section 8.

August 18, 2015

Author(s)

David R. Kuhn, Renee Bryce, Feng Duan, Laleh Ghandehari, Yu Lei, Raghu N. Kacker

Additional Section to PUB ID 918448. Combinatorial testing has rapidly gained favor among software testers in the past decade as improved algorithms have become available, and practical success has been demonstrated. This article reviews the theory and

Implementing and Managing Policy Rules in Attribute Based Access Control

August 13, 2015

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Raghu N. Kacker, Yu Lei

Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today's dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of