U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 101 - 125 of 183

Protecting Wireless Local Area Networks

December 3, 2012
Author(s)
Shirley M. Radack, David R. Kuhn
This article summarizes the information that was presented in the February 2012 Information Technology Laboratory (ITL) bulletin, Guidelines for Securing Wireless Local Area Networks (WLANs). The bulletin, which was noted by WERB in February 2012, was

Combinatorial Coverage Measurement

October 26, 2012
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
Combinatorial testing applies factor covering arrays to test all t-way combinations of input or configuration state space. In some testing situations, it is not practical to use covering arrays, but any set of tests covers at least some portion of t-way

Efficient Algorithms for T-way Test Sequence Generation

October 16, 2012
Author(s)
Linbin Yu, Yu Lei, Raghu N. Kacker, D. Richard Kuhn, James F. Lawrence
Combinatorial testing has been shown to be a very effective testing strategy. Most work on combinatorial testing focuses on t-way test data generation, where each test is an unordered set of parameter values. In this paper, we study the problem of t-way

Measuring Combinatorial Coverage of System State-space for IV&V

September 13, 2012
Author(s)
David R. Kuhn, Raghu N. Kacker
This report describes some measures of combinatorial coverage that can be helpful in estimating this risk that we have applied to tests for spacecraft software but have general application to any combinatorial coverage problem. This method will be

Efficient Methods for Interoperability Testing Using Event Sequences

July 31, 2012
Author(s)
David R. Kuhn, James M. Higdon, J .M. Lawrence, Raghu N. Kacker, Yu Lei
Many software testing problems involve sequences of events. The methods described in this paper were motivated by testing needs of mission critical systems that may accept multiple communication or sensor inputs and generate output to several communication

Combinatorial Testing

June 25, 2012
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
Combinatorial testing is a method that can reduce cost and improve test effectiveness significantly for many applications. The key insight underlying this form of testing is that not every parameter contributes to every failure, and empirical data suggest

Evaluation of Fault Detection Effectiveness for Combinatorial and Exhaustive Selection of Discretized Test Inputs

June 4, 2012
Author(s)
Carmelo Montanez-Rivera, David R. Kuhn, Mary C. Brady, Richard M. Rivello, Jenise Reyes Rodriguez, Michael K. Powers
Testing components of web browsers and other graphical interface software can be extremely expensive because of the need for human review of screen appearance and interactive behavior. Combinatorial testing has been advocated as a method that provides

Combinatorial Methods for Event Sequence Testing

April 21, 2012
Author(s)
D. Richard Kuhn, James M. Higdon, James F. Lawrence, Raghu N. Kacker, Yu Lei
Many software testing problems involve sequences. This paper presents an application of combinatorial methods to testing problems for which it is important to test multiple configurations, but also to test the order in which events occur. For example, the

Combinatorial Testing of ACTS: A Case Study

April 21, 2012
Author(s)
Mehra N. Borazjany, Linbin Yu, Yu Lei, Raghu N. Kacker, D. Richard Kuhn
In this paper we present a case study of applying combinatorial testing to test a combinatorial test generation tool called ACTS. The purpose of this study is two-fold. First, we want to gain experience and insights about how to apply combinatorial testing

Vulnerability Hierarchies in Access Control Configurations

December 27, 2011
Author(s)
David R. Kuhn
This paper applies methods for analyzing fault hierarchies to the analysis of relationships among vulnerabilities in misconfigured access control rule structures. Hierarchies have been discovered previously for faults in arbitrary logic formulae, such that

Role Engineering: Methods and Standards

December 8, 2011
Author(s)
Edward Coyne, Timothy Weil, D. Richard Kuhn
This article explains problems and approaches to designing permission structures for role based access control. RBAC and the RBAC standard are summarized, common approaches to role engineering described, and the current status and plans for the INCITS role

Vetting Mobile Apps

July 22, 2011
Author(s)
Stephen Quirolgico, Jeffrey M. Voas, David R. Kuhn
Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat

A Combinatorial Approach to Detecting Buffer Overflow Vulnerabilities

June 14, 2011
Author(s)
Raghu N. Kacker, Yu Lei, David R. Kuhn, Wenhua Wang
Buffer overflow vulnerabilities are program defects that can cause a buffer overflow to occur at runtime. Many security attacks exploit buffer overflow vulnerabilities to compromise critical data structures. In this paper, we present a black-box testing

A Survey of Binary Covering Arrays

April 7, 2011
Author(s)
James F. Lawrence, Raghu N. Kacker, Yu Lei, David R. Kuhn, Michael Forbes
Two-valued covering arrays of strength t are 0--1 matrices having the property that for each t columns and each of the possible 2t sequences of t 0's and 1's, there exists a row having that sequence in that set of t columns. Covering arrays are an

Model Checking for Verification of Mandatory Access Control Models and Properties

February 28, 2011
Author(s)
Chung Tong Hu, David R. Kuhn, Tao Xie, J Hwang
Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the

Managing Security: The Security Content Automation Protocol

February 4, 2011
Author(s)
Shirley M. Radack, D. Richard Kuhn
Managing information systems security is an expensive and challenging task. Many different and complex software components- including firmware, operating systems, and applications-must be configured securely, patched when needed, and continuously monitored

An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events

November 1, 2010
Author(s)
Carmelo Montanez-Rivera, D. Richard Kuhn, Mary C. Brady, Richard M. Rivello, Jenise Reyes Rodriguez, Michael K. Powers
This report describes the use of combinatorial test methods to reduce the cost of testing for the Document Object Model Events standard while maintaining an equivalent level of assurance. More than 36,000 tests - all possible combinations of equivalence

Practical Combinatorial Testing

October 7, 2010
Author(s)
David R. Kuhn, Raghu N. Kacker, Yu Lei
Combinatorial testing can help detect problems like this early in the testing life cycle. The key insight underlying t-way combinatorial testing is that not every parameter contributes to every fault and most faults are caused by interactions between a

Introduction: Cybersecurity

August 31, 2010
Author(s)
David R. Kuhn
Enterprise security, often considered a burden for system administrators and users alike, is one of the most rapidly evolving areas of IT. The articles in this issue can help IT professionals who want to be intelligent providers or consumers of secure

Vulnerability Trends: Measuring Progress

July 19, 2010
Author(s)
David R. Kuhn, Christopher S. Johnson
What is the state of security engineering today? Are we as an industry making progress? What are prospects for the future? To address these questions we analyze data from the National Vulnerability Database (NVD).

Adding Attributes to Role Based Access Control

June 1, 2010
Author(s)
David R. Kuhn, Edward Coyne, Timothy Weil
Role based access control (RBAC) is a popular model for information security. It helps reduce the complexity of security administration and supports the review of permissions assigned to users, a feature critical to organizations that must determine their

Data Loss Prevention

March 29, 2010
Author(s)
Simon Liu, D. Richard Kuhn
In today's digital economy, data enters and leaves enterprises' cyberspace at record rates. For a typical enterprise, millions of emails are sent and received and thousands of files are downloaded, saved or transferred via various channels or devices on a

Practical Interdomain Routing Security

November 20, 2009
Author(s)
David R. Kuhn, Simon Liu, Hart Rossman
This article reviews risks and vulnerabilities in interdomain routing, and best practices that can have near-term benefits for routing security. It includes examples of routing failures and common attacks on routers, and coutermeasures to reduce router