U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Vadim Okun (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 26 - 50 of 53

Static Analysis Tool Exposition (SATE) 2008

June 22, 2009
Author(s)
Vadim Okun, Romain Gaucher, Paul E. Black
The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test

Building a Test Suite for Web Application Scanners

January 7, 2008
Author(s)
Elizabeth N. Fong, Romain Gaucher, Vadim Okun, Paul E. Black, Eric Dalci
This paper describes the design of a test suite for thorough evaluation of web application scanners. Web application scanners are automated, black-box testing tools that examine web applications for security vulnerabilities. For several common

IPOG/IPOG-D: Efficient Test Generation for Multi-way Combinatorial Testing

November 29, 2007
Author(s)
Yu Lei, Raghu N. Kacker, D. Richard Kuhn, Vadim Okun, James F. Lawrence
We present two strategies for multi-way testing (i.e., t-way testing with t > 2). The first strategy generalizes an existing strategy, called In-Parameter-Order, from pairwise testing to multi-way testing. This strategy requires all t-way combinations to

Effect of Static Analysis Tools on Software Security: Preliminary Investigation

October 29, 2007
Author(s)
Vadim Okun, William F. Guthrie, Romain Gaucher, Paul E. Black
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by

Web Application Scanners: Definitions and Functions

August 1, 2007
Author(s)
Elizabeth N. Fong, Vadim Okun
There are many commercial software security assurance tools that claim to detect and prevent vulnerabilities in application software. However, a closer look at the tools often leaves one wondering which tools find what flaws? This paper identifies a

IPOG: A General Strategy for t-Way Software Testing

March 29, 2007
Author(s)
Yu Lei, Raghu N. Kacker, D. Richard Kuhn, Vadim Okun, James F. Lawrence
Most existing work on t-way testing has focused on 2-way (or pairwise) testing, which aims to detect faults caused by interactions between any two parameters. However, faults can also be caused by interactions involving more than two parameters. In this

Web Application Scanners: Definitions and Functions

January 3, 2007
Author(s)
Elizabeth N. Fong, Vadim Okun
There are many commercial software security assurance tools that claim to detect and prevent vulnerabilities in application software. However, a closer look at the tools often leaves one wondering which tools find what flaws? This paper identifies a

Pseudo-Exhaustive Testing for Software

April 28, 2006
Author(s)
David R. Kuhn, Vadim Okun
Pseudo-exhaustive testing uses the empirical observation that, for broad classes of software, a fault is likely triggered by only a few variables interacting. The method takes advantage of two relatively recent advances in software engineering: algorithms

Comparison of Fault Classes in Specification-Based Testing

June 1, 2004
Author(s)
Vadim Okun, Paul E. Black, Y Yesha
Our results extending Kuhn's fault class hierarchy provide a justification for the focus of fault-based testing strategies on detecting particular faults and ignoring others. We develop a novel analytical technique that allows us to elegantly prove that

Fault Classes and Fault Coupling in Boolean Specifications

June 1, 2004
Author(s)
Vadim Okun, Paul E. Black, Y Yesha
ult-based testing strategies generate tests to detect faults belonging to a preselected set of simple fault classes. A hierarchy of fault classes and the infrequency of fault coupling let us rely on these strategies to detect many other faults, too.For

Testing with Model Checker: Insuring Fault Visibility

January 5, 2003
Author(s)
Vadim Okun, Paul E. Black, Yelena Yesha
To detect a fault in software, a test case execution must be chosen so intermediate errors propagate to the output. We describe two modeling methods for specification-based mutation testing using model checkers that guarantee this propagation. We evaluate

Testing with Model Checkers: Insuring Fault Visibility

October 23, 2002
Author(s)
Vadim Okun, Paul E. Black, Y Yesha
To detect a fault in software, a test case execution must be chosen so intermediate errors propagate to the output. We describe two modeling methods for specification-based mutation testing using model checkers that guarantee this propagation. We evaluate