Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Displaying 251 - 275 of 372

Data Loss Prevention

March 29, 2010

Author(s)

Simon Liu, D. Richard Kuhn

In today's digital economy, data enters and leaves enterprises' cyberspace at record rates. For a typical enterprise, millions of emails are sent and received and thousands of files are downloaded, saved or transferred via various channels or devices on a

Practical Interdomain Routing Security

November 20, 2009

Author(s)

David R. Kuhn, Simon Liu, Hart Rossman

This article reviews risks and vulnerabilities in interdomain routing, and best practices that can have near-term benefits for routing security. It includes examples of routing failures and common attacks on routers, and coutermeasures to reduce router

Random vs. Combinatorial Methods for Discrete Event Simulation of a Grid Computer Network

October 16, 2009

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

This study compared random and t-way combinatorial inputs of a network simulator, to determine if these two approaches produce significantly different deadlock detection for varying network configurations. Modeling deadlock detection is important for

A Combinatorial Approach to Building Navigation Graphs for Dynamic Web Applications

September 20, 2009

Author(s)

Raghu N. Kacker, David R. Kuhn, James F. Lawrence, Wenhua Wang, Yu Lei, Sreedevi Sampath

Modeling the navigation structure of a dynamic web application is a challenging task because of the presence of dynamic pages. In particular, there are two problems to be dealt with: (1) the page explosion problem, i.e., the number of dynamic pages may be

Combinatorial Software Testing

August 7, 2009

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei, Justin Hunter

Developers of large data-intensive software often notice an interesting - though not surprising - phenomenon: when usage of an application jumps dramatically, components that have operated for months without trouble suddenly develop previously undetected

Understanding Insecure IT: Practical Risk Assessment

May 27, 2009

Author(s)

Simon Liu, D. Richard Kuhn, Hart Rossman

IT systems have long been at risk from vulnerable software, malicious actions, or inadvertent user errors, in addition to run-of-the-mill natural and human-made disasters. As we discussed in the last issue ( Surviving Insecure IT: Effective Patch

Surviving Insecure IT: Effective Patch Management

March 21, 2009

Author(s)

Simon Liu, D. Richard Kuhn, Hart Rossman

The amount of time to protect enterprise systems against potential vulnerability continues to shrink. Enterprises need an effective patch management mechanism to survive the insecure IT environment. Effective patch management is a systematic and repeatable

Introducing "Insecure IT"

January 20, 2009

Author(s)

David R. Kuhn, Hart Rossman, Simon Liu

This article introduces a new department for IT Professional that will cover security in IT systems, ranging from desktops to global e-commerce networks. Our goal is to offer ideas to improve IT security, both by looking at ways it can go wrong as well as

Property Verification for Generic Access Control Models

December 20, 2008

Author(s)

Chung Tong Hu, David R. Kuhn, Tao Xie

To formally and precisely capture the security properties that access control should adhere to, access control models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a new general

Refining the In-Parameter-Order Strategy for Constructing Covering Arrrays

September 1, 2008

Author(s)

Michael Forbes, James F. Lawrence, Yu Lei, Raghu N. Kacker, D. Richard Kuhn

Covering arrays are structures for well-representing extremely large input spaces and are used to efficiently implement blackbox testing for software and hardware. This paper proposes refinements over the In-Parameter-Order strategy (for arbitrary $t$)

Automated Combinatorial Test Methods: Beyond Pairwise Testing

June 2, 2008

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

Pairwise testing has become a popular approach to software quality assurance because it often provides effective error detection at low cost. However, pairwise (2-way) coverage is not sufficient for assurance of mission-critical software. Combinatorial

Practical Combinatorial Testing: Beyond Pairwise

June 1, 2008

Author(s)

David R. Kuhn, Yu Lei, Raghu N. Kacker

With new algorithms and tools, developers can apply high-strength combinatorial testing to detect elusive failures that occur only when multiple components interact. In pairwise testing, all possible pairs of parameter values are covered by at least one

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control"

December 12, 2007

Author(s)

David F. Ferraiolo, David R. Kuhn, R. Sandhu

[This is a response to comments on INCITS Standard 359-2004, Role Based Access Control. For original paper see Ninghui Li et al., IEEE Security & Privacy, vol. 5, no. 6, p.41, (2007).] Some notion of roles for access control predates the research papers