NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Assoc)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 176 - 196 of 196

Introduction to Public Key Technology and the Federal PKI Infrastructure

February 26, 2001
Author(s)
D. Richard Kuhn, Vincent C. Hu, William Polk, Shu-jen H. Chang
This publication was developed to assist agency decision-makers in determining if a PKI is appropriate for their agency, and how PKI services can be deployed most effectively within a Federal agency. It is intended to provide an overview of PKI functions

Security for Private Branch Exchange Systems

August 1, 2000
Author(s)
David R. Kuhn
This document provides an introduction to security for private branch exchange systems (PBXs). The primary audience is agency system administrators and others responsible for the installation and operation of PBX systems. Major threat classes are explained

The NIST Model for Role-Based Access Control: Towards a Unified Standard

July 26, 2000
Author(s)
R. Sandhu, David F. Ferraiolo, D. Richard Kuhn
This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks

Converting System Failure Histories Into Future Win Situations

January 7, 2000
Author(s)
D Wallace, David R. Kuhn
Most complex systems today contain software, and systems failures activated by software faults can provide lessons for software development practices and software quality assurance. This paper presents an analysis of software-related failures of medical

Lessons from 342 Medical Device Failures

November 17, 1999
Author(s)
D Wallace, David R. Kuhn
Today's highly complex systems often contain software. Lessons can be learned about softwaredevelopment and assurance concerning quality practices, from system failures activated bysoftware faults. This paper presents an analysis of failures of medical

Software Quality Lessons From Medical Device Failure Data

November 1, 1999
Author(s)
D Wallace, David R. Kuhn
Most complex systems today contain software, and systems failures activated by software faults can provide lessons for software development practices and software quality assurance. This report presents an analysis of 342 software-related failures of

Software Certification: Testing and Measurement

July 30, 1999
Author(s)
S A. Wakid, D. Richard Kuhn, D Wallace
The focus of this article is on cost effective processes for measuring conformance, dependability, and performance of software as three key attributes of its quality. This article discusses the application of principles of measurement science to software

Role-Based Access Control for the Web

October 29, 1998
Author(s)
John Barkley, David R. Kuhn, Lynne S. Rosenthal, Mark Skall, Anthony V. Cincotta
Establishing and maintaining a presence on the World Wide Web (Web), once a sideline for U.S. industry, has become a key strategic aspect of marketing and sales. Many companies have demonstrated that a well designed Web site can have a positive effect on

Role Based Access Control on MLS Systems Without Kernel Changes

October 23, 1998
Author(s)
David R. Kuhn
Role based access control (RBAC) is attracting increasing attention as a security mechanism for both commercial and many military systems. This paper shows how RBAC can be implemented using the mechanisms available on traditional multi-level security

Software Standards

October 22, 1998
Author(s)
D. Richard Kuhn, Thomas R. Rhodes, Christopher E. Dabrowski
This article describes software standards and their characteristics. Development considerations for programmers using standards are explained as well.

Fault Classes and Error Detection in Specification Based Testing

February 1, 1998
Author(s)
David R. Kuhn
Specification based testing relies upon methods for generating test cases from predicates in a software specification. These methods derive various test conditions from logic expressions, with the aim of detecting different types of faults. Some authors

Role Based Access Control for the World Wide Web

October 10, 1997
Author(s)
John Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban I. Gavrila, David R. Kuhn
One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that AWeb (WWW) servers. Today, security administration is costly and prone to error because

Role-Based Access Control (RBAC): Features and Motivations

December 15, 1995
Author(s)
David F. Ferraiolo, Janet A. Cugini, David R. Kuhn
The central notion of Role-Based Access Control (RBAC) is that users do not have discretionary access to enterprise objects. Instead, access permissions are administratively associated with roles, and users are administratively made members of appropriate

Security in Open Systems

July 1, 1994
Author(s)
Robert H. Bagwill, John Barkley, Lisa J. Carnahan, Shu-jen H. Chang, David R. Kuhn, Paul Markovitz, Anastase Nakassis, Karen J. Olsen, Michael L. Ransom, John P. Wack
The Public Switched Network (PSN) provides National Security and Emergency Preparedness (NS/EP) telecommunications. Service vendors, equipment manufacturers, and the federal government are concerned that vulnerabilities in the PSN could be exploited and

Role-Based Access Controls

October 13, 1992
Author(s)
David F. Ferraiolo, David R. Kuhn
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that
Was this page helpful?