NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Paul E. Black (Assoc)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 51 - 75 of 92

Building a Test Suite for Web Application Scanners

January 7, 2008
Author(s)
Elizabeth N. Fong, Romain Gaucher, Vadim Okun, Paul E. Black, Eric Dalci
This paper describes the design of a test suite for thorough evaluation of web application scanners. Web application scanners are automated, black-box testing tools that examine web applications for security vulnerabilities. For several common

Effect of Static Analysis Tools on Software Security: Preliminary Investigation

October 29, 2007
Author(s)
Vadim Okun, William F. Guthrie, Romain Gaucher, Paul E. Black
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by

SAMATE and Evaluating Static Analysis Tools

September 1, 2007
Author(s)
Paul E. Black
We give some background on the Software Assurance Metrics And Tool Evaluation (SAMATE) project and our decision to work on static source code security analyzers. We give our experience bringing government, vendors, and users together to develop a

Source Code Security Analysis Tool Functional Specification Version 1.0

May 1, 2007
Author(s)
Paul E. Black, Michael J. Kass, Hsiao-Ming M. Koo
Software assurance tools are a fundamental resource for providing an assurance argument for today?s software applications throughout the software development lifecycle. Some tools analyze software requirements, design models, source code, or executable

SAMATE's Contribution to Information Assurance

September 1, 2006
Author(s)
Paul E. Black
The amount of software in today's information world is far too large to check manually. Automated tools are a must. These tools can help design and build the right software in the first place, but they can also help if the system being designed includes

Software Assurance During Maintenance

September 1, 2006
Author(s)
Paul E. Black
Software testing and maintenance tools must yield widely accepted assurance information in a standardized form. We can then use this information as evidence to make a case assuring us that the software is adequate for its use and secure enough for the risk

Proceedings of the Static Analysis Summit

July 1, 2006
Author(s)
Paul E. Black, Helen Gill, W. E. Martin, Elizabeth N. Fong
This is the proceeding of a summit held in June 2006 at the National Institute of Standards and Technology (NIST). This Static Analysis Summit is one of a series of meetings in the NIST Software Assurance Measurement and Tool Evaluation (SAMATE) project

Software Assurances Metrics and Tool Evaluation

October 1, 2005
Author(s)
Paul E. Black
The National Software Reference Library (NSRL) of the U.S. National Institute of Standards and Technology (NIST) collects software from various sources and publishes file profiles computed from this software (such as MD5 and SHA-1 hashes) as a Reference

Software Assurances Metrics and Tool Evaluation

June 1, 2005
Author(s)
Paul E. Black
NIST is starting two ambitious projects to (1) develop a taxonomy of software security flaws and vulnerabilities, (2) develop a taxonomy of software assurance (SA) functions and techniques which detect those flaws, (3) perform and maintain a survey of SA

Testing BIOS Interrupt 0x13 Based Software Write Blockers

March 1, 2005
Author(s)
James R. Lyle, Paul E. Black
We report observations and experience in the Computer Forensics Tool Testing (CFTT) project while developing methodologies to test interrupt 0x13 based software write block (SWB) tools. A write blocker allows access to all data on a storage device while

Modeling Quantum Information Systems

December 1, 2004
Author(s)
Paul E. Black, Andrew W. Lane
A simulator for quantum information systems cannot be both general, that is, easily used for every possible system, and efficient. Therefore, some systems will have aspects which can only be simulated by cunning modeling. On the other hand, a simulation

Modeling Quantum Information Systems

August 24, 2004
Author(s)
Paul E. Black, Andrew W. Lane
A simulator for quantum information systems cannot be both general, that is, easily used for every possible system, and efficient. Therefore, some systems will have aspects which can only be simulated by cunning modeling. On the other hand, a simulation

Comparison of Fault Classes in Specification-Based Testing

June 1, 2004
Author(s)
Vadim Okun, Paul E. Black, Y Yesha
Our results extending Kuhn's fault class hierarchy provide a justification for the focus of fault-based testing strategies on detecting particular faults and ignoring others. We develop a novel analytical technique that allows us to elegantly prove that

Fault Classes and Fault Coupling in Boolean Specifications

June 1, 2004
Author(s)
Vadim Okun, Paul E. Black, Y Yesha
ult-based testing strategies generate tests to detect faults belonging to a preselected set of simple fault classes. A hierarchy of fault classes and the infrequency of fault coupling let us rely on these strategies to detect many other faults, too.For

QCSim, Quantum Computation Simulator

December 1, 2003
Author(s)
Paul E. Black
The goal of this document is to help W3C editors write better specifications, by making a specification easier to interpret without ambiguity and clearer as to what is required in order to conform. It focuses on how to define and specify conformance. It
Was this page helpful?