Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Displaying 76 - 100 of 246

Combinatorial Methods in Security Testing

October 20, 2016

Author(s)

Dimitris Simos, D. Richard Kuhn, Artemios Voyiatzis, Raghu N. Kacker

This article introduces combinatorial testing-based approaches for security testing and presents case studies and experiences. The success of the presented research program motivates further intensive research on the field of combinatorial security testing

A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications

October 3, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, Chung Tong Hu, David R. Kuhn

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control (ABAC) standards with similar goals and objectives. An objective of both is to provide a standardized way for

Estimating t-way Fault Profile Evolution During Testing

August 25, 2016

Author(s)

David R. Kuhn, Raghu N. Kacker, Lei Yu

Empirical studies have shown that most software interaction faults involve one or two variables interacting, with progressively fewer triggered by three or more, and no failure has been reported involving more than six variables interacting. This paper

Evaluating the Effectiveness of BEN in Locating Different Types of Software Fault

August 4, 2016

Author(s)

Raghu N. Kacker, David R. Kuhn, Jagan Chandrasekaran, Yu Lei

Debugging or fault localization is one of the most challenging tasks during software development. Automated fault localization tools have been developed to reduce the amount of effort and time software developers have to spend on debugging. In this paper

Pseudo-exhaustive Testing of Attribute Based Access Control Rules

August 4, 2016

Author(s)

David R. Kuhn, Chung Tong Hu, David F. Ferraiolo, Raghu N. Kacker, Yu Lei

Access control typically requires translating policies or rules given in natural language into a form such as a programming language or decision table, which can be processed by an access control system. Once rules have been described in machine

Estimating t-way Fault Profile Evolution During Testing

June 10, 2016

Author(s)

Raghu N. Kacker, David R. Kuhn

Combinatorial Testing for Cybersecurity and Reliability

May 12, 2016

Author(s)

David R. Kuhn, Raghu N. Kacker, Larry Feldman, Gregory A. Witte

This bulletin focuses on NIST's combinatorial testing work. Combinatorial testing is a proven method for more effective software testing at lower cost. The key insight underlying combinatorial testing's effectiveness resulted from a series of studies by

Combinatorial Coverage Analysis of Subsets of the TLS Cipher Suite Registry

May 11, 2016

Author(s)

Dimitris Simos, Kristoffer Kleine, D. Richard Kuhn, Raghu N. Kacker

We present a combinatorial coverage measurement for (subsets) of the TLS cipher suite registries by analyzing the specified ciphers of IANA, ENISA, BSI, Mozilla and NSA Suite B. Our findings contribute towards the design of quality measures of recommended

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

March 11, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn, Chung Tong Hu

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing

Learning Internet of Things Security "Hands-on"

February 3, 2016

Author(s)

Constantinos Kolias, Angelos Stavrou, Jeff Voas, Irena Bojanova, D. Richard Kuhn

Our research began from asking whether there is a science behind the Internet of Things (IoT). We started from zero knowledge and no bias. The results of that work determined that indeed there is a science, but it is a science of numerous actors, that when

Using Combinatorial Testing to Build Navigation Graphs for Dynamic Web Applications

February 2, 2016

Author(s)

Wenhua Wang, Sreedevi Sampath, Yu Lei, Raghu N. Kacker, D. Richard Kuhn, James F. Lawrence

Modelling a software system is often a challenging prerequisite to automatic test case generation. Modelling the navigation structure of a dynamic web application is particularly challenging because of the presence of a large number of pages that are

A Rational Foundation for Software Metrology

January 20, 2016

Author(s)

David W. Flater, Paul E. Black, Elizabeth N. Fong, Raghu N. Kacker, Vadim Okun, Stephen S. Wood, David R. Kuhn

Much software research and practice involves ostensible measurements of software, yet little progress has been made on an SI-like metrological foundation for those measurements since the work of Gray, Hogan, et al. in 1996-2001. Given a physical object

Measuring and Specifying Combinatorial Coverage of Test Input Configurations

November 14, 2015

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

A key issue in testing is how many tests are needed for a required level of coverage or fault detection. Estimates are often based on error rates in initial testing, or on code coverage. For example, tests may be run until a desired level of statement or

Combinatorial Testing: Theory and Practice

August 18, 2015

Author(s)

David R. Kuhn, Renee Bryce, Feng Duan, Laleh Ghandehari, Yu Lei, Raghu N. Kacker

Combinatorial testing has rapidly gained favor among software testers in the past decade as improved algorithms have become available, and practical success has been demonstrated. This article reviews the theory and application of this method, focusing

Combinatorial Testing: Theory and Practice, Section 8.

August 18, 2015

Author(s)

David R. Kuhn, Renee Bryce, Feng Duan, Laleh Ghandehari, Yu Lei, Raghu N. Kacker

Additional Section to PUB ID 918448. Combinatorial testing has rapidly gained favor among software testers in the past decade as improved algorithms have become available, and practical success has been demonstrated. This article reviews the theory and

Implementing and Managing Policy Rules in Attribute Based Access Control

August 13, 2015

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Raghu N. Kacker, Yu Lei

Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today's dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of

Introducing Combinatorial Testing in a Large Organization

April 23, 2015

Author(s)

Jon Hagar, Thomas Wissink, D. Richard Kuhn, Raghu N. Kacker

A two-year study of eight pilot projects to introduce combinatorial testing in a large aerospace corporation found that the new methods were practical, significantly lowered development costs, and improved test coverage by 20 to 50 percent.

Equivalence Class Verification and Oracle-Free Testing Using Two-layer Covering Arrays

April 17, 2015

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei, Jose Torres-Jimenez

This short paper introduces a method for verifying equivalence classes for module/unit testing. This is achieved using a two-layer covering array, in which some or all values of a primary covering array represent equivalence classes. A second layer