Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Paul E. Black (Fed)

Displaying 76 - 90 of 90

Model Checkers in Software Testing

February 1, 2002

Author(s)

Paul E. Black, P E. Ammann, W Ding

The primary focus of formal methods is static analysis of specifications and code, but there is also a long tradition of exploiting formal methods for testing. This paper continues this model by exploring the role of model checkers in software testing

A Specification-Based Coverage Metric to Evaluate Test Sets

December 1, 2000

Author(s)

P E. Ammann, Paul E. Black

Software developers use a variety of methods, including both formal methods and testing, to argue that their systems are suitable components for high assurance applications. In this paper, we develop another connection between formal methods and testing by

Mutation Operators for Specifications

September 15, 2000

Author(s)

Paul E. Black, Vadim Okun, Yaacov Yesha

Testing has a vital support role in the software engineering process, but developing tests often takes significant resources. A formal specification is a repository of knowledge about a system, and a recent method uses such specifications to automatically

Is 'Implementation Implies Specification' Enough?

June 1, 2000

Author(s)

Paul E. Black

An implementation is typically checked against a specification by proving that the implementation implies the specification. This ensures that the implementation only has behaviors allowed by the specification. However, this does not require the

Abstracting Formal Specifications to Generate Software Tests via Model Checking

October 1, 1999

Author(s)

P E. Ammann, Paul E. Black

A recent method combines model checkers with specification-based mutation analysis to generate test cases from formal software specifications. However high-level software specifications usually must be reduced to make analysis with a model checker feasible

Using Model Checking to Generate Tests From Specifications

November 1, 1998

Author(s)

P E. Ammann, Paul E. Black, William J. Majurski

We apply a model checker to the problem of test generation using a new application of mutation analysis. We define syntactic operators, each of which produces a slight variation on a given model. The operators define a form of mutation analysis at the

Using Model Checking to Generate Tests from Specifications

November 1, 1998

Author(s)

P E. Ammann, Paul E. Black, William J. Majurski

Dictionary of Algorithms and Data Structures

October 1, 1998

Author(s)

Paul E. Black

This web site is hosted by the Software and Systems Division, Information Technology Laboratory, NIST. Development of this dictionary started in 1998 under the editorship of Paul E. Black. This is a dictionary of algorithms, algorithmic techniques, data

Reliability of Conformance Tests

August 21, 1998

Author(s)

Robert C. Hagwood, Raghu N. Kacker, James H. Yen, D L. Banks, Lynne S. Rosenthal, Leonard J. Gallagher, Paul E. Black

A conformance test is a software assurance test that is applied in order to determine if specification requirements of the software are being met. It is a time-dependent model, where the software object is subjected to an a priori known test suite. The

Software Testing: Protocol Comparison

May 29, 1998

Author(s)

James H. Yen, D L. Banks, Leonard J. Gallagher, Paul E. Black, Robert C. Hagwood, Raghu N. Kacker, Lynne S. Rosenthal

Software testing is hard, expensive, and uncertain. Many protocols have been suggested, especially in the area of conformance verification. In order to compare the efficacy of these protocols, we have implemented a designed simulation experiment that

Formal Verification of Secure Programs in the Presence of Side Effects

January 1, 1998

Author(s)

Paul E. Black, P J. Windley

Much software is written in industry standard programming languages, but these these languages often have complex semantics making them hard to formalize. For example, the use of expressions with side effects is common in C programs. We present new

An Analysis Framework and Additive Software Analysis

Author(s)

Paul E. Black

We present a framework for software assurance, in addition to an additive software analysis approach. Both have the potential to dramatically reduce software vulnerabilities within the next seven years. The framework (1) aggregates tool outputs, (2) allows

Goals of and Charge to the NIST Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)

Author(s)

Paul E. Black

The Federal Cybersecurity Research and Development Strategic Plan seeks to fundamentally alter the dynamics of security, reversing adversaries' asymmetrical advantages. Achieving this reversal is the mid-term goal of the plan, which calls for "sustainably

Report of workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)

Author(s)

Paul E. Black

The workshop occurred on 12 July 2016 at National Institute of Standards and Technology (NIST). The workshop's object was software as a product. 20 position statements were submitted; 10 were accepted. Over 90 people attended, primarily dealing with the

SARD: A Software Assurance Reference Dataset

Author(s)

Paul E. Black

Software assurance tools examine code for problems. To test such tools, we need programs with known bugs as ground truth. The Software Assurance Reference Dataset (SARD) is a publicly accessible collection of over 100,000 test cases in different