Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Displaying 126 - 150 of 185

Practical Interdomain Routing Security

November 20, 2009

Author(s)

David R. Kuhn, Simon Liu, Hart Rossman

This article reviews risks and vulnerabilities in interdomain routing, and best practices that can have near-term benefits for routing security. It includes examples of routing failures and common attacks on routers, and coutermeasures to reduce router

Random vs. Combinatorial Methods for Discrete Event Simulation of a Grid Computer Network

October 16, 2009

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

This study compared random and t-way combinatorial inputs of a network simulator, to determine if these two approaches produce significantly different deadlock detection for varying network configurations. Modeling deadlock detection is important for

A Combinatorial Approach to Building Navigation Graphs for Dynamic Web Applications

September 20, 2009

Author(s)

Raghu N. Kacker, David R. Kuhn, James F. Lawrence, Wenhua Wang, Yu Lei, Sreedevi Sampath

Modeling the navigation structure of a dynamic web application is a challenging task because of the presence of dynamic pages. In particular, there are two problems to be dealt with: (1) the page explosion problem, i.e., the number of dynamic pages may be

Combinatorial Software Testing

August 7, 2009

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei, Justin Hunter

Developers of large data-intensive software often notice an interesting - though not surprising - phenomenon: when usage of an application jumps dramatically, components that have operated for months without trouble suddenly develop previously undetected

Understanding Insecure IT: Practical Risk Assessment

May 27, 2009

Author(s)

Simon Liu, D. Richard Kuhn, Hart Rossman

IT systems have long been at risk from vulnerable software, malicious actions, or inadvertent user errors, in addition to run-of-the-mill natural and human-made disasters. As we discussed in the last issue ( Surviving Insecure IT: Effective Patch

Surviving Insecure IT: Effective Patch Management

March 21, 2009

Author(s)

Simon Liu, D. Richard Kuhn, Hart Rossman

The amount of time to protect enterprise systems against potential vulnerability continues to shrink. Enterprises need an effective patch management mechanism to survive the insecure IT environment. Effective patch management is a systematic and repeatable

Introducing "Insecure IT"

January 20, 2009

Author(s)

David R. Kuhn, Hart Rossman, Simon Liu

This article introduces a new department for IT Professional that will cover security in IT systems, ranging from desktops to global e-commerce networks. Our goal is to offer ideas to improve IT security, both by looking at ways it can go wrong as well as

Property Verification for Generic Access Control Models

December 20, 2008

Author(s)

Chung Tong Hu, David R. Kuhn, Tao Xie

To formally and precisely capture the security properties that access control should adhere to, access control models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a new general

Refining the In-Parameter-Order Strategy for Constructing Covering Arrrays

September 1, 2008

Author(s)

Michael Forbes, James F. Lawrence, Yu Lei, Raghu N. Kacker, D. Richard Kuhn

Covering arrays are structures for well-representing extremely large input spaces and are used to efficiently implement blackbox testing for software and hardware. This paper proposes refinements over the In-Parameter-Order strategy (for arbitrary $t$)

Automated Combinatorial Test Methods: Beyond Pairwise Testing

June 2, 2008

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

Pairwise testing has become a popular approach to software quality assurance because it often provides effective error detection at low cost. However, pairwise (2-way) coverage is not sufficient for assurance of mission-critical software. Combinatorial

Practical Combinatorial Testing: Beyond Pairwise

June 1, 2008

Author(s)

David R. Kuhn, Yu Lei, Raghu N. Kacker

With new algorithms and tools, developers can apply high-strength combinatorial testing to detect elusive failures that occur only when multiple components interact. In pairwise testing, all possible pairs of parameter values are covered by at least one

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control"

December 12, 2007

Author(s)

David F. Ferraiolo, David R. Kuhn, R. Sandhu

[This is a response to comments on INCITS Standard 359-2004, Role Based Access Control. For original paper see Ninghui Li et al., IEEE Security & Privacy, vol. 5, no. 6, p.41, (2007).] Some notion of roles for access control predates the research papers

IPOG/IPOG-D: Efficient Test Generation for Multi-way Combinatorial Testing

November 29, 2007

Author(s)

Yu Lei, Raghu N. Kacker, D. Richard Kuhn, Vadim Okun, James F. Lawrence

We present two strategies for multi-way testing (i.e., t-way testing with t > 2). The first strategy generalizes an existing strategy, called In-Parameter-Order, from pairwise testing to multi-way testing. This strategy requires all t-way combinations to

Border Gateway Protocol Security

July 17, 2007

Author(s)

D. Richard Kuhn, Kotikalapudi Sriram, Douglas Montgomery

This document introduces the Border Gateway Protocol (BGP), explains its importance to the internet, and provides a set of best practices that can help in protecting BGP. Best practices described here are intended to be implementable on nearly all

IPOG: A General Strategy for t-Way Software Testing

March 29, 2007

Author(s)

Yu Lei, Raghu N. Kacker, D. Richard Kuhn, Vadim Okun, James F. Lawrence

Most existing work on t-way testing has focused on 2-way (or pairwise) testing, which aims to detect faults caused by interactions between any two parameters. However, faults can also be caused by interactions involving more than two parameters. In this

Role-Based Access Control, Second Edition

December 31, 2006

Author(s)

David F. Ferraiolo, David R. Kuhn, Ramaswamy Chandramouli

[ISBN-13: 978-1-59693-113-8] This newly revised edition of "Role-Based Access Control" offers the latest details on a security model aimed at reducing the cost and complexity of security administration for large networked applications. The second edition

Study of BGP Peering Session Attacks and Their Impacts or Performance

October 28, 2006

Author(s)

Kotikalapudi Sriram, Douglas C. Montgomery, Oliver Borchert, Okhee Kim, David R. Kuhn

Study of BGP Peering Session Attacks and Their Impacts on Routing Performance

October 1, 2006

Author(s)

Kotikalapudi Sriram, Douglas C. Montgomery, Oliver Borchert, Okhee Kim, David R. Kuhn

We present a detailed study of the potential impact of BGP peering session attacks and the resulting exploitation of Route Flap Damping (RFD) that cause network-wide routing disruptions. We consider canonical grid as well as down-sampled realistic

Assessment of Access Control Systems

September 29, 2006

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn

Access control is perhaps the most basic aspect of computer security. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access control. In many systems access control takes the form of a simple password

The Computational Complexity of Enforceability Validation for Generic Access Control Rules

June 14, 2006

Author(s)

Chung Tong Hu, David R. Kuhn, David F. Ferraiolo

In computer security, many researches have tackled on the possibility of a unified model of access control, which could enforce any access control policies within a single unified system. One issue that must be considered is the efficiency of such systems

Pseudo-Exhaustive Testing for Software

April 28, 2006

Author(s)

David R. Kuhn, Vadim Okun

Pseudo-exhaustive testing uses the empirical observation that, for broad classes of software, a fault is likely triggered by only a few variables interacting. The method takes advantage of two relatively recent advances in software engineering: algorithms

An Algorithm for Generating Very Large Covering Arrays

April 19, 2006

Author(s)

David R. Kuhn

This note describes a covering array algorithm that can be parallelized, making it possible to handle a much larger number of variables than other know algorithms. The algorithm trades test case optimization for speed ? it produces roughly 3% to 15% more

Autonomous System (AS) Isolation under Randomized BGP Session Attacks with RFD Exploitation

April 1, 2006

Author(s)

Kotikalapudi Sriram, Douglas Montgomery, Oliver Borchert, Okhee Kim, D. Richard Kuhn

BGP peering session attacks are known to drive routes into route flap damping (RFD) suppression states and thus cause isolations between autonomous systems (ASes) and destinations. We present a detailed study of the impact of BGP peering session attacks

Securing Voice Over IP Networks

May 27, 2005

Author(s)

T J. Walsh, D. Richard Kuhn

Voice over IP - the transmission of voice over traditional packet-switched IP networks - is one of the hottest trends in telecommunications. As with any new technology, VOIP introduces both opportunities and problems. Lower cost and greater flexibility are

Characterizing the Risks and Costs of BGP Insecurity/Security

March 1, 2005

Author(s)

Douglas Montgomery, Kotikalapudi Sriram, Oliver Borchert, Okhee Kim, D. Richard Kuhn

We examine the performance of multimodal biometric authentication systems using state-of-the-art Commercial Off-the-Shelf (COTS) fingerprint and face biometric systems on a population approaching 1,000 individuals. Majority of prior studies of multimodal