Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Publications

Search Publications by

D. Richard Kuhn (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 26 - 50 of 175

Rethinking Distributed Ledger Technology

March 20, 2019
Author(s)
David R. Kuhn, Dylan J. Yaga, Jeffrey M. Voas
Blockchains were designed to solve the problem of double-spending in cryptocurrencies, and the success of the Bitcoin design has generated vastly more interest than previous proposals for digital currencies. Blockchains are being used in other areas as

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

A Method Level Test Generation Framework for Debugging Big Data Applications

January 24, 2019
Author(s)
Huadong Feng, Jagan Chandrasekaran, Yu Lei, Raghu N. Kacker, D. Richard Kuhn
When a failure occurs in a big data application, debugging with the original dataset can be difficult due to the large amount of data being processed. This paper introduces a framework for effectively generating method-level tests to facilitate debugging

A Method-Level Test Generation Framework for Debugging Big Data Applications

January 24, 2019
Author(s)
Raghu N. Kacker, David R. Kuhn, Huadong Feng, Yu J. Lei
Big data applications are now widely used to process massive amounts of data we create every day. When a failure occurs in a big data application, debugging at the system-level input can be expensive due to the large amount of data being processed. This

Access Control for Emerging Distributed Systems

November 1, 2018
Author(s)
Chung Tong Hu, David R. Kuhn, David F. Ferraiolo
As big data, cloud computing, grid computing, and the Internet of Things reshape current data systems and practices, IT experts are keen to harness the power of distributed systems to boost security and prevent fraud. How can these systems' capabilities be

MCDC-Star – An Open-source MC/DC Measurement Tool

September 22, 2018
Author(s)
Raghu N. Kacker, David R. Kuhn, Eric Wong
Applying MC/DC criterion to real-world projects can be expensive due to not only the cost of commercial tools, but also the difficulty of generating test cases to achieve high coverage. To lower the expense from both aspects, this paper presents an easy-to

Cybertrust in the IoT Age

July 31, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Constantinos Kolias, Angelos Stavrou, Georgios Kambourakis
The Internet of Things generates new opportunities but creates new challenges with respect to trustworthiness. Computing, architecture, and verification changes are inevitable to meet these challenges, particularly if predictions of 20 billion to 50

In IoT We Trust?

July 13, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Phillip Laplante
In this short article, we review an abbreviated list of trust challenges that we foresee as increased adoption transforms the IoT into another ubiquitous technology just as the Internet is. These challenges are in no specific order, and are by no means a

Finding Bugs in Cryptographic Hash Function Implementations

July 6, 2018
Author(s)
Nicky W. Mouha, Mohammad Raunak, David R. Kuhn, Raghu N. Kacker
Cryptographic hash function implementations can be particularly difficult to test, and bugs can remain unnoticed for a very long time. We revisit the NIST SHA-3 hash function competition, and apply a new testing strategy to all available reference

Pseudo-exhaustive Verification of Rule Based Systems

July 1, 2018
Author(s)
David R. Kuhn, Dylan J. Yaga, Raghu N. Kacker, Yu Lei, Chung Tong Hu
Rule-based systems are important in application domains such as artificial intelligence and business rule engines, as well as formal methods for software design. When translated into an implementation, simple expressions in rules may map to thousands of

Internet of Things (IoT) Metrology

June 11, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Phillip Laplante
The field of metrology has evolved into many classes and viewpoints over centuries of time. What we are suggesting is how that body of knowledge may be applicable to IoT and where the research opportunities for new measures that are IoT-centric might be in

Combinatorial Security Testing Course

April 11, 2018
Author(s)
Dimitris Simos, Yu Lei, D. Richard Kuhn, Raghu N. Kacker
Combinatorial methods have attracted attention as a means of providing strong assurance at reduced cost, but when are these methods practical and cost-effective? This tutorial comprises two parts. The first introductory part will briefly explain the back-

Testing IoT Systems

March 26, 2018
Author(s)
Jeffrey M. Voas, David R. Kuhn, Phil Laplante
The ability to test systems that are based on the underlying products and services commonly referred to as the Internet of 'things' (IoT) is discussed. The role of a static metric that can be applied to design, architectures, hardware, 'things', and

Computer Science in Education 2018

February 14, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Celia Paulsen, Kim B. Schaffer
We surveyed six of our profession's best senior computer science educators for their views on the current state and trends in computer science education.

Educating Next-Gen Computer Scientists

January 31, 2018
Author(s)
Jeff Voas, D. Richard Kuhn, Celia Paulsen, Kim B. Schaffer
Just as yeast, flour, water, and salt are to bread, algorithms, data structures, operating systems, database design, compiler design, and programming languages were computer science (CS) education's core ingredients in past years. Then, universities led

Attribute Based Access Control

November 30, 2017
Author(s)
Chung Tong Hu, David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn
Until now, ABAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains ABAC's history and model, related standards, verification and assurance, applications, and deployment challenges; Specialized

Combinatorial and MC/DC Coverage Levels of Random Testing

August 18, 2017
Author(s)
Sergiy Vilkomir, Aparna Alluri, D. Richard Kuhn, Raghu N. Kacker
Software testing criteria differ in effectiveness, numbers of required test cases, and processes of test generation. Specific criteria are often compared with random testing as the simplest basic approach and, in some cases, random testing shows a

Combinatorial Testing of Full Text Search in Web Applications

August 18, 2017
Author(s)
M S Raunak, David R. Kuhn, Raghu N. Kacker
Database driven web applications are some of most widely developed systems today. Testing these applications effectively and discovering difficult-to-find bugs continues to be a challenge for software engineers. In this paper, we show that combinatorial

An Analysis of Vulnerability Trends, 2008 - 2016

July 29, 2017
Author(s)
David R. Kuhn, Mohammad Raunak, Raghu N. Kacker
This analysis reviews trends within the different vulnerability types and subsidiary weaknesses, with a goal of identifying practices that may have the strongest impact on reducing vulnerabilities.

Verification and Test Methods for Access Control Policies/Models

June 27, 2017
Author(s)
Chung Tong Hu, David R. Kuhn, Dylan J. Yaga
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

What Happened to Software Metrics?

May 25, 2017
Author(s)
Jeffrey M. Voas, David R. Kuhn
In the 1980's, the software quality community was all 'a buzz' with seemingly endless 'potential' approaches for producing higher quality software. At the forefront of that was software metrics, along with the corresponding software testing techniques and

General Methods for Access Control Policy Verification

December 19, 2016
Author(s)
Chung Tong Hu, David R. Kuhn
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties