An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
https://www.nist.gov/people/d-richard-kuhn
D. Richard Kuhn (Fed)
Computer scientist
Biographical Information
Rick Kuhn is a computer scientist in the Computer Security Division at NIST, and is a Fellow of the Institute of Electrical and Electronics Engineers (IEEE). He co-developed the role based access control (RBAC) model that is the dominant form of access control today. His current research focuses on combinatorial methods for assured autonomy (csrc.nist.gov/acts) and hardware security/functional verification. He has authored three books and more than 200 conference or journal publications on cybersecurity, software failure, and software verification and testing. He received an MS in computer science from the University of Maryland College Park and an MBA from William & Mary. Before joining NIST, he worked as a software developer with NCR Corporation and the Johns Hopkins University Applied Physics Laboratory.
Fellow of the Institute of Electrical and Electronics Engineers (IEEE)
Fellow of the Washington Academy of Sciences
Associate editor, IEEE Computer and IEEE Transactions on Reliability
Member Association for Computing Machinery (ACM)
Past editorial board member and department editor, IEEE Security & Privacy, IEEE IT Professional
IEEE Reliability Society Lifetime Achievement award, for combinatorial test methods
IEEE Innovation in Societal Infrastructure Award, for role based access control
Most Influential Paper award for "ACTS: A Combinatorial Test Generation Tool” (with L. Yu, Y.Lei, and R. Kacker), 16th IEEE Intl Conf on Software Testing, Verification and Validation (ICST) 2023.
ACSAC 'Test of Time' paper award for 'Role Based Access Control: Features and Motivations' (with D. Ferraiolo and J. Cugini), Annual Computer Security Applications Conference, 2019
Best poster, Hot Topics in Science of Security, 2018, "What Proportion of Vulnerabilities can be Attributed to Ordinary Coding Errors?" (with M S Raunak and Raghu Kacker)
Silver medal award for scientific/engineering achievement, U.S. Dept. of Commerce, 2014, forcontributions to combinatorial test methods
Excellence in Technology Transfer Award, 2009, Federal Laboratory Consortium Mid-Atlantic Region, for methods and tools for combinatorial testing
Best Standards Contribution, NIST/ITL, 2008
Best Journal Paper Award, NIST/ITL, 2007
Outstanding Authorship Award, NIST/ITL, 2003
Gold medal award for scientific/engineering achievement, U.S. Dept. of Commerce, 2002, for co-development of role based access control (RBAC)
Excellence in Technology Transfer Award, 1998, Federal Laboratory Consortium, for co-development of role based access control (RBAC)
Bronze Medal, NIST/U.S. Dept. of Commerce, 1990, for contributions to IEEE POSIX standard andconformance test suite co-development
Member, Eta Kappa Nu engineering honor society
Member, Beta Gamma Sigma business/finance honor society
Combinatorial or t-way testing is a proven method for more effective testing at lower cost, and one of the few practical approaches for assurance in AI and machine learning, especially for autonomous systems, where many conventional methods cannot be used.
Although blockchain has found many applications outside of cryptocurrency, many of its features are not well suited to common data management applications. This project has developed an alternative approach to providing the integrity protection of blockchains, with the ability to modify or delete blocks, making it possible to meet the requirements of privacy regulations such as GDPR.
Patents
"Implementation of Role Based Access Control in Multi-level Secure Systems", U.S. Patent #6,023,765.,
"Oracle-free Match Testing of a Program Using Covering Arrays and Equivalence Classes", U.S. Patent #10,552,300.
"Data Block Matrix” (blockchain/DLT allowing block edits, to enable privacy requirements such as GDPR), U.S. Patent #11,175,826.
Past Professional Activities
Past member of DARPA High Confidence Systems Working Group, IEEE Technical Committee on Operating Systems POSIX 1003.1, 1003.2 and 1201.2 working groups;
Past projects:development of software tools and conformance test suites; methods for analyzing changes in formal specifications; verification of cryptographic protocols; and the first formal definition of role based access control; IEEE POSIX working groups and developing parts of the POSIX Conformance Test Suite for IEEE 1003.1; and definition of software assurance requirements for FIPS 140-1 (Security Requirements for Cryptographic Modules).
Significant papers (or at least ones that seem to get a lot of attention):
D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., "Software Fault Interactions and Implications for Software Testing", IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421. Abstract; DOI: 10.1109/TSE.2004.24 - investigates number of interactions required to trigger failures in various types of systems; basis for our combinatorial testing project.
D.R. Kuhn, "Fault Classes and Error Detection Capability of Specification Based Testing", ACM Transactions on Software Engineering and Methodology,Vol. 8, No. 4 (October,1999) - demonstrates existence of a hierarchy of fault classes that may be used to generate test more efficiently. Others have extended the hierarchy based on more types of faults.
D. Ferraiolo and D.R. Kuhn, "Role Based Access Controls", Proceedings, 15th Natl. Computer Security Conference, 1992, pp. 554–563. --- the early paper on role based access control; includes basic formal definition. This was unified w/ Sandhu et. al (1996) to create the standard model for RBAC (more on RBAC project site).
Phillip Laplante, Joanna DeFranco, D. Richard Kuhn, Jeff Voas
This white paper offers a suggestion that prior testing artifacts from similar AI systems can be reused for new AI software. Testing AI and Machine learning
Machine learning (ML)-based Artificial Intelligence (AI) systems rely on training data to perform optimally, but the internal workings of how ML models learn
Dimitris Simos, Bernhard Garn, Dominik-Philip Schreiber, Manuel Leithner, David Kuhn, Raghu Kacker
In this paper, we present an application of combinatorial security testing to the well-known anonymity network Tor. Rigorous testing of the Tor network is
Jaganmohan Chandrasekaran, erin lanus, tyler cody, laura freeman, Raghu N. Kacker, M S Raunak, D. Richard Kuhn
The data-intensive nature of machine learning (ML)-enabled systems introduces unique challenges in test and evaluation. We present an overview of combinatorial
Provided is a process including: initializing a data block matrix; making supra-diagonal nodes that include at most one more node than sub-diagonal nodes; making a hash nodes with a hash sequence length that is proportional to a number of nodes in the row or column of nodes in which the hash node is
Provided is a process including: initializing a data block matrix; making supra-diagonal nodes that include at most one more node than sub-diagonal nodes; making a hash nodes with a hash sequence length that is proportional to a number of nodes in the row or column of nodes in which the hash node is
A process for testing a program includes: receiving a variable comprising a plurality of input values; producing a plurality of equivalence classes for the input values; producing a representative value per equivalence class; producing, by a processor, a primary covering array comprising a plurality