Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Displaying 276 - 300 of 372

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role Based Access Control"

December 12, 2007

Author(s)

David F. Ferraiolo, David R. Kuhn, R. Sandhu

[This is a response to comments on INCITS Standard 359-2004, Role Based Access Control. For original paper see Ninghui Li et al., IEEE Security & Privacy, vol. 5, no. 6, p.41, (2007).] Some notion of roles for access control predates the research papers

IPOG/IPOG-D: Efficient Test Generation for Multi-way Combinatorial Testing

November 29, 2007

Author(s)

Yu Lei, Raghu N. Kacker, D. Richard Kuhn, Vadim Okun, James F. Lawrence

We present two strategies for multi-way testing (i.e., t-way testing with t > 2). The first strategy generalizes an existing strategy, called In-Parameter-Order, from pairwise testing to multi-way testing. This strategy requires all t-way combinations to

Border Gateway Protocol Security

July 17, 2007

Author(s)

D. Richard Kuhn, Kotikalapudi Sriram, Douglas Montgomery

This document introduces the Border Gateway Protocol (BGP), explains its importance to the internet, and provides a set of best practices that can help in protecting BGP. Best practices described here are intended to be implementable on nearly all

IPOG: A General Strategy for t-Way Software Testing

March 29, 2007

Author(s)

Yu Lei, Raghu N. Kacker, D. Richard Kuhn, Vadim Okun, James F. Lawrence

Most existing work on t-way testing has focused on 2-way (or pairwise) testing, which aims to detect faults caused by interactions between any two parameters. However, faults can also be caused by interactions involving more than two parameters. In this

Role-Based Access Control, Second Edition

December 31, 2006

Author(s)

David F. Ferraiolo, David R. Kuhn, Ramaswamy Chandramouli

[ISBN-13: 978-1-59693-113-8] This newly revised edition of "Role-Based Access Control" offers the latest details on a security model aimed at reducing the cost and complexity of security administration for large networked applications. The second edition

Study of BGP Peering Session Attacks and Their Impacts or Performance

October 28, 2006

Author(s)

Kotikalapudi Sriram, Douglas C. Montgomery, Oliver Borchert, Okhee Kim, David R. Kuhn

Study of BGP Peering Session Attacks and Their Impacts on Routing Performance

October 1, 2006

Author(s)

Kotikalapudi Sriram, Douglas C. Montgomery, Oliver Borchert, Okhee Kim, David R. Kuhn

We present a detailed study of the potential impact of BGP peering session attacks and the resulting exploitation of Route Flap Damping (RFD) that cause network-wide routing disruptions. We consider canonical grid as well as down-sampled realistic

Assessment of Access Control Systems

September 29, 2006

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn

Access control is perhaps the most basic aspect of computer security. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access control. In many systems access control takes the form of a simple password

The Computational Complexity of Enforceability Validation for Generic Access Control Rules

June 14, 2006

Author(s)

Chung Tong Hu, David R. Kuhn, David F. Ferraiolo

In computer security, many researches have tackled on the possibility of a unified model of access control, which could enforce any access control policies within a single unified system. One issue that must be considered is the efficiency of such systems

Pseudo-Exhaustive Testing for Software

April 28, 2006

Author(s)

David R. Kuhn, Vadim Okun

Pseudo-exhaustive testing uses the empirical observation that, for broad classes of software, a fault is likely triggered by only a few variables interacting. The method takes advantage of two relatively recent advances in software engineering: algorithms

An Algorithm for Generating Very Large Covering Arrays

April 19, 2006

Author(s)

David R. Kuhn

This note describes a covering array algorithm that can be parallelized, making it possible to handle a much larger number of variables than other know algorithms. The algorithm trades test case optimization for speed ? it produces roughly 3% to 15% more

Autonomous System (AS) Isolation under Randomized BGP Session Attacks with RFD Exploitation

April 1, 2006

Author(s)

Kotikalapudi Sriram, Douglas Montgomery, Oliver Borchert, Okhee Kim, D. Richard Kuhn

BGP peering session attacks are known to drive routes into route flap damping (RFD) suppression states and thus cause isolations between autonomous systems (ASes) and destinations. We present a detailed study of the impact of BGP peering session attacks

Securing Voice Over IP Networks

May 27, 2005

Author(s)

T J. Walsh, D. Richard Kuhn

Voice over IP - the transmission of voice over traditional packet-switched IP networks - is one of the hottest trends in telecommunications. As with any new technology, VOIP introduces both opportunities and problems. Lower cost and greater flexibility are