Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Publications

Search Publications by

Peter Mell (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 59

Measuring the Common Vulnerability Scoring System Base Score Equation

November 15, 2022
Author(s)
Peter Mell, Jonathan Spring, Dave Dugal, Srividya Ananthakrishna, Francesco Casotto, Troy Fridley, Christopher Ganas, Arkadeep Kundu, Phillip Nordwall, Vijayamurugan Pushpanathan, Daniel Sommerfeld, Matt Tesauro, Christopher Turner
This work evaluates the validity of the Common Vulnerability Scoring System (CVSS) Version 3 ''base score'' equation in capturing the expert opinion of its maintainers. CVSS is a widely used industry standard for rating the severity of information

A Decade of Reoccurring Software Weaknesses

June 24, 2021
Author(s)
Assane Gueye, Carlos Galhardo, Irena Bojanova, Peter Mell
The Common Weakness Enumeration (CWE) community publishes an aggregate metric to calculate the 'Most Dangerous Software Errors.' However, the used equation highly biases frequency and almost ignores exploitability and impact. We provide a metric to

A Historical and Statistical Study of the Software Vulnerability Landscape

April 18, 2021
Author(s)
Assane Gueye, Peter Mell
Understanding the landscape of software vulnerabilities is key for developing effective security solutions. Fortunately, the evaluation of vulnerability databases that use a framework for communicating vulnerability attributes and their severity scores

Measurements of the Most Significant Software Security Weaknesses

December 6, 2020
Author(s)
Carlos E. Cardoso Galhardo, Peter Mell, Irena Bojanova, Assane Gueye
In this work, we provide a metric to calculate the most significant software security weaknesses as defined by an aggregate metric of the frequency, exploitability, and impact of related vulnerabilities. The Common Weakness Enumeration (CWE) is a well

A Taxonomic Approach to Understanding Emerging Blockchain Identity Management Systems

January 14, 2020
Author(s)
Loic D. Lesavre, Priam C. Varin, Peter M. Mell, Michael S. Davidson, James Shook
Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure

Augmenting Fiat Currency with an Integrated Managed Cryptocurrency

November 24, 2019
Author(s)
Peter M. Mell
In this work, we investigate how the governance features of a managed currency (e.g., a fiat currency) can be built into a cryptocurrency in order to leverage potential benefits found in the use of blockchain technology and smart contracts. The resulting

Implementing a Protocol Native Managed Cryptocurrency

November 24, 2019
Author(s)
Peter M. Mell, Aurelien M. Delaitre, Frederic J. de Vaulx, Philippe J. Dessauw
Previous work presented a theoretical model based on the implicit Bitcoin specification for how an entity might issue a cryptocurrency that mimics features of fiat currencies. Novel to this work were mechanisms by which the issuing entity could manage the

Blockchain Technology Overview

October 3, 2018
Author(s)
Dylan J. Yaga, Peter M. Mell, Nik Roby, Karen Scarfone
Blockchains are tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable

Quantifying Information Exposure in Internet Routing

September 6, 2018
Author(s)
Peter M. Mell, Assane Gueye, Christopher A. Schanzle
Data sent over the Internet can be monitored and manipulated by intermediate entities in the data path from the source to the destination. For unencrypted communications (and some encrypted communications with known weaknesses), eavesdropping and man-in

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017
Author(s)
Peter M. Mell, John M. Kelsey, James Shook
Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

Measuring and Improving the Effectiveness of Defense-in-Depth Postures

January 26, 2017
Author(s)
Peter M. Mell, James Shook, Richard Harang
Defense-in-depth is an important security architecture principle that has significant application to industrial control systems (ICS), cloud services, storehouses of sensitive data, and many other areas. We claim that an ideal defense-in-depth posture is

Linear Time Vertex Partitioning on Massive Graphs

March 7, 2016
Author(s)
Peter M. Mell, Richard Harang, Assane Gueye
The problem of optimally removing a set of vertices from a graph to minimize the size of the largest resultant component is known to be NP-complete. Prior work has provided near optimal heuristics with a high time complexity that function on up to hundreds

On the Internet Connectivity in Africa

November 18, 2015
Author(s)
Assane Gueye, Peter Mell, Desire Banse, Faical Y. Congo
This study measures and documents growth of Internet connectivity in Africa from 2010 to 2014 with a focus on inter-country relationships. We evaluate both intra-continent connectivity as well as connectivity to other continents. An initial analysis

Minimizing Attack Graph Data Structures

November 14, 2015
Author(s)
Peter Mell, Richard Harang
An attack graph is a data structure representing how an attacker can chain together multiple attacks to expand their influence within a network (often in an attempt to reach some set of goal states). Restricting attack graph size is vital for the execution

Defensive Resource Allocations with Security Chokepoints in IPv6 Networks

July 15, 2015
Author(s)
Assane Gueye, Peter M. Mell, Richard Harang, Richard J. La
Securely configured Internet Protocol version 6 networks can be made resistant to network scanning, forcing attackers to propagate following existing benign communication paths. We exploit this attacker limitation in a defensive approach in which

Measuring Limits on the Ability of Colluding Countries to Partition the Internet

June 30, 2015
Author(s)
Peter M. Mell, Richard Harang, Assane Gueye
We show that the strength of Internet-based network interconnectivity of countries is increasing over time. We then evaluate bounds on the extent to which a group of colluding countries can disrupt this connectivity. We evaluate the degree to which a group

Evasion-Resistant Network Scan Detection

May 9, 2015
Author(s)
Richard Harang, Peter Mell
Popular network scan detection algorithms operate through evaluating external sources for unusual connection patterns and traffic rates. Research has revealed evasive tactics that enable full circumvention of existing approaches (specifically the widely