Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Paul E. Black (Fed)

Displaying 51 - 75 of 90

SAMATE and Evaluating Static Analysis Tools

September 1, 2007

Author(s)

Paul E. Black

We give some background on the Software Assurance Metrics And Tool Evaluation (SAMATE) project and our decision to work on static source code security analyzers. We give our experience bringing government, vendors, and users together to develop a

Source Code Security Analysis Tool Functional Specification Version 1.0

May 1, 2007

Author(s)

Paul E. Black, Michael J. Kass, Hsiao-Ming M. Koo

Software assurance tools are a fundamental resource for providing an assurance argument for today?s software applications throughout the software development lifecycle. Some tools analyze software requirements, design models, source code, or executable

SAMATE's Contribution to Information Assurance

September 1, 2006

Author(s)

Paul E. Black

The amount of software in today's information world is far too large to check manually. Automated tools are a must. These tools can help design and build the right software in the first place, but they can also help if the system being designed includes

Software Assurance During Maintenance

September 1, 2006

Author(s)

Paul E. Black

Software testing and maintenance tools must yield widely accepted assurance information in a standardized form. We can then use this information as evidence to make a case assuring us that the software is adequate for its use and secure enough for the risk

Proceedings of the Static Analysis Summit

July 1, 2006

Author(s)

Paul E. Black, Helen Gill, W. E. Martin, Elizabeth N. Fong

This is the proceeding of a summit held in June 2006 at the National Institute of Standards and Technology (NIST). This Static Analysis Summit is one of a series of meetings in the NIST Software Assurance Measurement and Tool Evaluation (SAMATE) project

Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics

February 1, 2006

Author(s)

Paul E. Black, Michael J. Kass, Elizabeth N. Fong

This is the proceedings of a workshop held on November 7 and 8, 2005 in Long Beach, California, USA, hosted by the Software Diagnostics and Conformance Testing Division, Information Technology Laboratory, of the National Institute of Standards and

FS-TST 2.0: Forensic Software Testing Support Tools Part C Code Review Report

January 31, 2006

Author(s)

Paul E. Black

This NIST Internal Report deals with Release 2.0 of a software package, Forensic Software Testing Support Tools (FS-TST 2.0), developed to aid the testing of disk imaging tools typically used in forensic investigations. The package includes programs that

FS-TST 2.0: Forensic Software Testing Support Tools ? Part C ? Code Review Report

January 1, 2006

Author(s)

Paul E. Black

Software Assurances Metrics and Tool Evaluation

October 1, 2005

Author(s)

Paul E. Black

The National Software Reference Library (NSRL) of the U.S. National Institute of Standards and Technology (NIST) collects software from various sources and publishes file profiles computed from this software (such as MD5 and SHA-1 hashes) as a Reference

Proceedings of Defining the State of the Art in Software Security Tools Workshop

August 1, 2005

Author(s)

Paul E. Black, Elizabeth N. Fong

This proceeding is the result of a workshop held on August 10 and 11, 2005 hosted by the Software Diagnostics and Conformance Testing Division, Information Technology Laboratory, at the National Institute of Standards and Technology. The workshop, Defining

Software Assurances Metrics and Tool Evaluation

June 1, 2005

Author(s)

Paul E. Black

NIST is starting two ambitious projects to (1) develop a taxonomy of software security flaws and vulnerabilities, (2) develop a taxonomy of software assurance (SA) functions and techniques which detect those flaws, (3) perform and maintain a survey of SA

FS-TST 2.0: Forensic Software Testing Support Tools ? Part A ? Test Plan, Test Design Specifications, and Test Case Specifications

April 25, 2005

Author(s)

Paul E. Black

FS-TST 2.0: Forensic Software Testing Support Tools ? Part B? Test Summary Report

April 25, 2005

Author(s)

Paul E. Black

FS-TST 2.0: Forensic Software Testing Support Tools Part A Test Plan, Test Design Specifications, and Test Case Specifications

April 25, 2005

Author(s)

Paul E. Black

FS-TST 2.0: Forensic Software Testing Support Tools Part B Test Summary Report

April 25, 2005

Author(s)

Paul E. Black

Software Write Block, Testing Support Tools Validation Part B Test and Code Review Report

March 1, 2005

Author(s)

Paul E. Black

This NIST Internal Report consists of two parts. Part A covers the planning, design, and specification of testing and reviewing the Software write block (SWB) support tools. Part B, which is a companion document, covers the test and code review support

Testing BIOS Interrupt 0x13 Based Software Write Blockers

March 1, 2005

Author(s)

James R. Lyle, Paul E. Black

We report observations and experience in the Computer Forensics Tool Testing (CFTT) project while developing methodologies to test interrupt 0x13 based software write block (SWB) tools. A write blocker allows access to all data on a storage device while

Modeling Quantum Information Systems

December 1, 2004

Author(s)

Paul E. Black, Andrew W. Lane

A simulator for quantum information systems cannot be both general, that is, easily used for every possible system, and efficient. Therefore, some systems will have aspects which can only be simulated by cunning modeling. On the other hand, a simulation

Modeling Quantum Information Systems

August 24, 2004

Author(s)

Paul E. Black, Andrew W. Lane

Comparison of Fault Classes in Specification-Based Testing

June 1, 2004

Author(s)

Vadim Okun, Paul E. Black, Y Yesha

Our results extending Kuhn's fault class hierarchy provide a justification for the focus of fault-based testing strategies on detecting particular faults and ignoring others. We develop a novel analytical technique that allows us to elegantly prove that

Fault Classes and Fault Coupling in Boolean Specifications

June 1, 2004

Author(s)

Vadim Okun, Paul E. Black, Y Yesha

ult-based testing strategies generate tests to detect faults belonging to a preselected set of simple fault classes. A hierarchy of fault classes and the infrequency of fault coupling let us rely on these strategies to detect many other faults, too.For

QCSim, Quantum Computation Simulator

December 1, 2003

Author(s)

Paul E. Black

The goal of this document is to help W3C editors write better specifications, by making a specification easier to interpret without ambiguity and clearer as to what is required in order to conform. It focuses on how to define and specify conformance. It

Testing with Model Checker: Insuring Fault Visibility

January 5, 2003

Author(s)

Vadim Okun, Paul E. Black, Yelena Yesha

To detect a fault in software, a test case execution must be chosen so intermediate errors propagate to the output. We describe two modeling methods for specification-based mutation testing using model checkers that guarantee this propagation. We evaluate

Testing with Model Checkers: Insuring Fault Visibility

October 23, 2002

Author(s)

Vadim Okun, Paul E. Black, Y Yesha

Quantum Computing and Communication

June 28, 2002

Author(s)

Paul E. Black, David R. Kuhn, Carl J. Williams

A quantum computer, if built, will be to an ordinary computer as a hydrogen bomb is to gunpowder, at least for some types of computations. Today no quantum computer exists, beyond laboratory prototypes capable of solving only tiny problems, and many