Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: D. Richard Kuhn (Fed)

Displaying 226 - 250 of 372

Isolating Failure-Inducing Combinations in Combinatorial Testing using Test Augmentation and Classification

April 21, 2012

Author(s)

Kiran Shakya, Tao Xie, Nuo Li, Yu Lei, Raghu N. Kacker, D. Richard Kuhn

Combinatorial Testing (CT) is a systematic way of sampling input parameters of the software under test (SUT). A t-way combinatorial test set can exercise all behaviors of the SUT caused by interactions between t input parameters or less. Although

Vulnerability Hierarchies in Access Control Configurations

December 27, 2011

Author(s)

David R. Kuhn

This paper applies methods for analyzing fault hierarchies to the analysis of relationships among vulnerabilities in misconfigured access control rule structures. Hierarchies have been discovered previously for faults in arbitrary logic formulae, such that

Role Engineering: Methods and Standards

December 8, 2011

Author(s)

Edward Coyne, Timothy Weil, D. Richard Kuhn

This article explains problems and approaches to designing permission structures for role based access control. RBAC and the RBAC standard are summarized, common approaches to role engineering described, and the current status and plans for the INCITS role

Vetting Mobile Apps

July 22, 2011

Author(s)

Stephen Quirolgico, Jeffrey M. Voas, David R. Kuhn

Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat

A Combinatorial Approach to Detecting Buffer Overflow Vulnerabilities

June 14, 2011

Author(s)

Raghu N. Kacker, Yu Lei, David R. Kuhn, Wenhua Wang

Buffer overflow vulnerabilities are program defects that can cause a buffer overflow to occur at runtime. Many security attacks exploit buffer overflow vulnerabilities to compromise critical data structures. In this paper, we present a black-box testing

A Survey of Binary Covering Arrays

April 7, 2011

Author(s)

James F. Lawrence, Raghu N. Kacker, Yu Lei, David R. Kuhn, Michael Forbes

Two-valued covering arrays of strength t are 0--1 matrices having the property that for each t columns and each of the possible 2t sequences of t 0's and 1's, there exists a row having that sequence in that set of t columns. Covering arrays are an

Model Checking for Verification of Mandatory Access Control Models and Properties

February 28, 2011

Author(s)

Chung Tong Hu, David R. Kuhn, Tao Xie, J Hwang

Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the

Managing Security: The Security Content Automation Protocol

February 4, 2011

Author(s)

Shirley M. Radack, D. Richard Kuhn

Managing information systems security is an expensive and challenging task. Many different and complex software components- including firmware, operating systems, and applications-must be configured securely, patched when needed, and continuously monitored

An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events

November 1, 2010

Author(s)

Carmelo Montanez-Rivera, D. Richard Kuhn, Mary C. Brady, Richard M. Rivello, Jenise Reyes Rodriguez, Michael K. Powers

This report describes the use of combinatorial test methods to reduce the cost of testing for the Document Object Model Events standard while maintaining an equivalent level of assurance. More than 36,000 tests - all possible combinations of equivalence

Practical Combinatorial Testing

October 7, 2010

Author(s)

David R. Kuhn, Raghu N. Kacker, Yu Lei

Combinatorial testing can help detect problems like this early in the testing life cycle. The key insight underlying t-way combinatorial testing is that not every parameter contributes to every fault and most faults are caused by interactions between a

Introduction: Cybersecurity

August 31, 2010

Author(s)

David R. Kuhn

Enterprise security, often considered a burden for system administrators and users alike, is one of the most rapidly evolving areas of IT. The articles in this issue can help IT professionals who want to be intelligent providers or consumers of secure

Vulnerability Trends: Measuring Progress

July 19, 2010

Author(s)

David R. Kuhn, Christopher S. Johnson

What is the state of security engineering today? Are we as an industry making progress? What are prospects for the future? To address these questions we analyze data from the National Vulnerability Database (NVD).

Adding Attributes to Role Based Access Control

June 1, 2010

Author(s)

David R. Kuhn, Edward Coyne, Timothy Weil

Role based access control (RBAC) is a popular model for information security. It helps reduce the complexity of security administration and supports the review of permissions assigned to users, a feature critical to organizations that must determine their