CSD Rolodex
Rick Kuhn
Computer Scientist
National Institute of Standards and Technology
Computer Security Division
Phone: 301-975-3337
Fax: 301-948-0279
kuhn@nist.gov
Active Projects
Publications
Biographical
information:
Rick Kuhn is a
computer scientist in the Computer Security Division of the National Institute of
Standards and
Technology. He has authored two books and more than 100 conference or journal publications on
information security, empirical
studies of software failure, and software
assurance, and is a senior member of the Institute of Electrical and Electronics Engineers (IEEE). He
co-developed the role based access control
model (RBAC) used throughout industry and led the effort that
established
RBAC as
an ANSI standard. Previously he served as Program
Manager for the Committee on Applications and Technology of
the
President's Information Infrastructure Task Force and as manager of the Software Quality
Group
at NIST. Before joining NIST in 1984, he worked as a systems
analyst with NCR Corporation and the
Johns Hopkins University Applied Physics Laboratory.
He
received an MS in computer science from the
University of Maryland College Park, and
an MBA from William
& Mary.
Significant papers (or at least ones that seem to get a lot of attention):
- D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.
Abstract; DOI: 10.1109/TSE.2004.24 -
investigates number of interactions required to trigger failures in various types of systems; basis for our combinatorial testing project. - D.R. Kuhn, Fault Classes and Error Detection
Capability of Specification Based Testing, ACM
Transactions on Software Engineering and Methodology,Vol.
8, No. 4 (October,1999) - demonstrates existence of a hierarchy of
fault classes that may be used to generate test more efficiently.
Others have extended the hierarchy based on more types of faults.
- D. Ferraiolo and D.R. Kuhn, Role Based Access
Controls,
Proceedings, 15th Natl. Computer
Security
Conference, 1992, pp. 554–563. --- the early
paper on role based access
control; includes basic formal definition. This was unified w/ Sandhu et. al (1996) to create the standard model for RBAC.
Professional activities:
- Senior member of the
Institute of Electrical and Electronics Engineers (IEEE) and
IEEE Computer Society;
member, Association
for Computing Machinery (ACM). - Editorial board member and co-editor, Emerging Technologies
& Standards Dept, IEEE Security & Privacy
- Editorial board member, IEEE IT Professional; co-editor, IT Security column
- Excellence in
Technology Transfer Award, 2009, Federal Laboratory
Consortium Mid-Atlantic Region.
- Best Standards Contribution, NIST/ITL, 2008
- Best Journal Paper Award, NIST/ITL, 2007
- Outstanding
Authorship Award, NIST/ITL, 2003
- Gold medal
award for scientific/engineering achievement, U.S. Dept. of Commerce,
2002;
- Excellence in
Technology Transfer Award,1998,
Federal Laboratory Consortium.
- Bronze Medal, U.S. Dept. of Commerce, 1990;
- Member, Beta Gamma Sigma honorary.
- Patents: Implementation of Role Based Access Control in
Multi-level Secure
Systems. U.S. Patent #6,023,765.,
- Past member of DARPA
High Confidence Systems Working Group, IEEE Technical
Committee on Operating Systems
POSIX 1003.1, 1003.2 and 1201.2 working groups;
- Past projects:
development of software tools and conformance test suites;
methods for analyzing changes in formal specifications;
verification of cryptographic protocols; and the first formal
definition of role based access control; IEEE POSIX working groups and
developing parts of the POSIX Conformance Test Suite for IEEE 1003.1;
and definition of software assurance requirements for FIPS
140-1
(Security Requirements for Cryptographic Modules).
Combinatorial methods and software assurance
- L. S. Ghandehari, J. Czerwonka, Y. Lei, S. Shafiee,
R. Kacker and R.
Kuhn, An Empirical Comparison of Combinatorial and Random
Testing. 3rd
Intl
Workshop on Combinatorial Testing, Cleveland, OH, Mar. 2014.
- R. Kuhn, R Kacker and Y. Lei, Estimating Fault
Detection Effectiveness (abstract/poster) 3rd Intl
Workshop on Combinatorial Testing, Cleveland, OH, Mar. 2014.
- J. Hagar, R. Kuhn, R. Kacker, T. Wissink, Introducing Combinatorial Testing
in a Large Organization: Pilot Project Experience Report
(abstract/poster), 3rd
Intl
Workshop on Combinatorial Testing, Cleveland, OH, Mar. 2014.
- R.N. Kacker, D.R. Kuhn, Y. Lei, and J.F. Lawrence, Combinatorial Testing for Software: an Adaptation of Design of Experiments, Measurement, vol. 46, no. 9, November 2013, pp. 3745-3752.
DOI: 10.1016/j.measurement.2013.02.021
- C. Price, R. Kuhn, R. Forquer, A. Lagoy, R.
Kacker, Evaluating the t-way
Combinatorial Technique for Determining the
Thoroughness of a Test Suite, NASA IV&V
Workshop, 2013.
- D.R. Kuhn, I. Dominguez Mendoza, R.N. Kacker and Y. Lei. Combinatorial Coverage Measurement Concepts and Applications, 2nd International Workshop on Combinatorial Testing (IWCT 2013), in Proceedings of the Sixth IEEE International Conference on Software, Testing, Verification and Validation (ICST 2013), Luxembourg, March 18-22, 2013, pp. 352-361.
Abstract; DOI: 10.1109/ICSTW.2013.77; Preprint
- L.S.G. Ghandehari, M.N. Borazjany, Y. Lei, R.N. Kacker and D.R. Kuhn, Applying Combinatorial Testing to the Siemens Suite, 2nd International Workshop on Combinatorial Testing (IWCT 2013), in Proceedings of the Sixth IEEE International Conference on Software, Testing, Verification and Validation (ICST 2013), Luxembourg, March 18-22, 2013, pp. 362-371.
Abstract; DOI: 10.1109/ICSTW.2013.47; Preprint
- M.N. Borazjany, L.S.G. Ghandehari, Y. Lei, R.N. Kacker and D.R. Kuhn, An Input Space Modeling Methodology for Combinatorial Testing, 2nd International Workshop on Combinatorial Testing (IWCT 2013), in Proceedings of the Sixth IEEE International Conference on Software, Testing, Verification and Validation (ICST 2013), Luxembourg, March 18-22, 2013, pp. 372-381.
Abstract; DOI: 10.1109/ICSTW.2013.48; Preprint
- D.R. Kuhn, R.N. Kacker Measuring
Combinatorial Coverage of System State-space for IV&V
(extended abstract)
NASA IV&V Workshop, Sept 11-13, 2012
- D.R. Kuhn, J.M. Higdon, J.F. Lawrence, R.N. Kacker and Y. Lei, Efficient Methods for Interoperability Testing Using Event Sequences, CrossTalk (Hill AFB): the Journal of Defense Software Engineering, vol. 25, no. 4, July/August 2012, pp. 15-18.
Abstract; Article
- C. Montanez-Rivera, D.R. Kuhn, M. Brady, R.M. Rivello, J. Reyes and M.K. Powers, Evaluation of Fault Detection Effectiveness for Combinatorial and Exhaustive Selection of Discretized Test Inputs, Software Quality Professional, vol. 14, no. 3, June 2012.
Abstract; Article; Preprint
- M.N. Borazjany, L. Yu, Y. Lei, R. Kacker and R. Kuhn, Combinatorial Testing of ACTS: A Case Study, First International Workshop on Combinatorial Testing, in Proceedings of the IEEE Fifth International Conference on Software, Testing, Verification and Validation (ICST 2012), Montreal, Quebec, Canada, April 17-21, 2012, pp. 591-600.
Abstract; DOI: 10.1109/ICST.2012.146
- K. Shakya, T. Xie, N. Li, Y. Lei, R. Kacker and R. Kuhn, Isolating Failure-Inducing Combinations in Combinatorial Testing using Test Augmentation and Classification, First International Workshop on Combinatorial Testing, in Proceedings of the IEEE Fifth International Conference on Software, Testing, Verification and Validation (ICST 2012), Montreal, Quebec, Canada, April 17-21, 2012, pp. 620-623.
Abstract; DOI: 10.1109/ICST.2012.149; Preprint
- K. Shakya, T. Xie, N. Li, Y. Lei, R. Kacker and R. Kuhn, Isolating Failure-Inducing Combinations in Combinatorial Testing using Test Augmentation and Classification, First International Workshop on Combinatorial Testing, in Proceedings of the IEEE Fifth International Conference on Software, Testing, Verification and Validation (ICST 2012), Montreal, Quebec, Canada, April 17-21, 2012, pp. 620-623.
Abstract; DOI: 10.1109/ICST.2012.149; Preprint
- C. Montanez, D.R. Kuhn, M. Brady, R. Rivello, J. Reyes, M.K. Powers, An Application of Combinatorial Methods to Conformance Testing for Document Object Model Events, NIST Internal Report (NISTIR) 7773, November 2010, 9 pp.
Abstract; NISTIR 7773
- R.C. Bryce, C.J. Colbourn, D.R. Kuhn,Finding Interaction Faults Adaptively using Distance-Based Strategies, 16th IEEE International Conference on Engineering of Complex Computer Systems, 2011, to appear.
- J.R. Maximoff, M.D. Trela, D.R. Kuhn and R. Kacker, A Method for Analyzing System State-space Coverage within a t-Wise Testing Framework, 4th Annual IEEE International Systems Conference, April 5-8, 2010, San Diego, California, pp. 598-603.
DOI: 10.1109/SYSTEMS.2010.5482481
- D.R. Kuhn, R. Kacker and Y.Lei, Random vs. Combinatorial Methods for Discrete Event Simulation of a Grid Computer Network, MODSIM World 2009, Virginia Beach, Virginia, October 14-16, 2009. In Selected Papers Presented at MODSIM World 2009 Conference and Expo, edited by T.E. Pinelli, NASA/CP-2010-216205, National Aeronautics and Space Administration, pp. 83-88.
Abstract; Paper
- D.R. Kuhn,R. Kacker, Y. Lei, Combinatorial and Random Testing Effectiveness for a Grid Computer Simulator
- R. Kuhn, R. Kacker, Y. Lei and J. Hunter, Combinatorial Software Testing, IEEE Computer, vol. 42, no. 8, August 2009, pp. 94-96.
Abstract; DOI: 10.1109/MC.2009.253; Preprint
- V.C. Hu, D.R. Kuhn, T. Xie and J. Hwang, Model Checking for Verification of Mandatory Access Control Models and Properties, International Journal of Software Engineering and Knowledge Engineering, vol. 21, no. 1, February 2011, pp. 103-127.
Abstract; DOI: 10.1142/S021819401100513X; Preprint
- D.R. Kuhn, Y.Lei, R. Kacker, Practical
Combinatorial
Testing - Beyond Pairwise, IEEE IT Professional, June 2008.
An overview and introduction to combinatorial
testing.
- D.R. Kuhn, R. Kacker and Y. Lei, Automated Combinatorial Test Methods: Beyond Pairwise Testing, CrossTalk (Hill AFB): the Journal of Defense Software Engineering, vol. 21, no. 6, June 2008, pp.22-26.
Abstract; Article
Comment: A fairly comprehensive tutorial on combinatorial testing and automated test generation, with a worked example.
- M.
Forbes, J. Lawrence,
Y. Lei, R.N. Kacker, and D.R. Kuhn Refining
the In-Parameter-Order Strategy for Constructing Covering Arrays,
NIST Journal of Research, Vol. 113, No. 5 (Sept/Oct 2008), pp. 287 -
297.
- Y.Lei, R. Kacker, D.R. Kuhn,
V. Okun, J. Lawrence., IPOG - a General Strategy for t-way
Testing, IEEE Engineering of Computer Based Systems
Conference,
2007.
- Y. Lei, R.
Kacker, D. Kuhn, V. Okun, J. Lawrence, IPOG/IPOD:
Efficient Test
Generation for Multi-Way Software Testing, accepted for
publication in
Journal of Software Testing, Verification, and Reliability, vol. 18,
pp. 125-148, DOI: 10.1002/stvr.381)
- D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.
Abstract; DOI: 10.1109/TSE.2004.24
Comment: Investigates interaction level required to trigger faults in a large distributed database system.
- D. R. Kuhn, V. Okun, Pseudo-exhaustive Testing For Software, 30th NASA/IEEE
Software Engineering Workshop, April 25-27, 2006 - proof-of-concept experiment on pseudo-exhaustive testing.
- D.R. Wallace and D.R. Kuhn, Failure Modes in Medical Device Software: an Analysis of 15 Years of Recall Data, International Journal of Reliability, Quality and Safety Engineering, vol. 8, no. 4, December 2001, pp.351-371.
Abstract; DOI: 10.1142/S021853930100058X; Preprint
Comment: Categorizes failures by their symptoms and faults, including interaction level required to trigger faults in medical device software.
- D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions on Software Engineering, vol. 30, no. 6, June 2004, pp. 418-421.
Abstract; DOI: 10.1109/TSE.2004.24
Comment: Investigates interaction level required to trigger faults in a large distributed database system.
- D.R. Kuhn, D. Craigen, M. Saaltink, Practical
Application of Formal Methods in Modeling and Simulation
(invited), Summer Simulation Conference, 03, July
20 - 24, 2003.
- D.R. Kuhn and M.J. Reilly, An Investigation of the Applicability of Design of Experiments to Software Testing, 27th Annual NASA Goddard/IEEE Software Engineering Workshop (SEW ’02), Greenbelt, Maryland, December 5-6, 2002, pp. 91-95.
Abstract; DOI: 10.1109/SEW.2002.1199454
Comment: Investigates interaction level required to trigger faults in open source browser and server.
- D.R. Kuhn, R. Chandramouli, R.W. Butler, Cost
Effective Uses of Formal Methods in V&V),
(invited) Foundations '02 Workshop, US Dept of
Defense, Laurel MD, October 22-23, 2002.
- D.R. Kuhn, Fault Classes and Error Detection
Capability of Specification Based Testing, ACM
Transactions on Software Engineering and Methodology,
Vol. 8, No. 4 (October,1999) - demonstrates existence of a hierarchy of
fault classes that may be used to generate test more efficiently.
- D.R. Kuhn, Sources of Failure in the Public Switched
Telephone Network, IEEE Computer
Vol. 30, No. 4 (April, 1997). --- examines causes of failure in the US
public switched telephone network, providing quantitative measures of
the effect of each failure source on system dependability.
- D.R. Kuhn, Evolving Directions in Formal Methods, (invited) Proceedings, COMPASS '97 IEEE
Computer Society Press, 1997
- D.R. Kuhn, A
Technique for Analyzing the Effects of Changes in Formal
Specifications, British Computer
Society Computer Journal, Vol.
35, No. 6, (December, 1992). --- a mathematical technique (extends the
boolean difference method) to determine the conditions under which a
change to a variable in a predicate calculus expression will change the
value of the expression; includes theorem on relationship between
boolean difference and predicate difference.
- D.R. Kuhn, Predicate Differences and the Analysis of
Dependencies in Formal Specifications, Proceedings, 14th
Natl. Computer Security Conference, 1991.
--- describes predicate differences, an extension of boolean
differences, and shows how they can be used in determining dependencies
among parts of a specification, with application to security
- D. R. Kuhn and J.F. Dray, Formal
Specification and Verification of Control Software for Cryptographic
Equipment, Proceedings, Annual
Computer Security Applications Conference, IEEE Computer
Society Press, 1990. --- design verification of software and
cryptographic protocol in a smart-card system.
- D. R. Kuhn, On the Effective Use of Software Standards
in Systems Integration, Proceedings, First
Intl. Conference on Systems Integration, IEEE
Computer Society Press, 1990. --- explains open system standards and
how they can be effectively applied to the problem of systems
integration.
- D.R. Kuhn, Generating Extended State Transitions
from Structured Specifications for Process Control Systems, IEE/BCS
Software Engineering Journal, Vol.
4, No. 5 ( September, 1989.) --- describes a translation tool
that converts specifications written in an imperative
language to
a state machine representation for use with robotic control
system.
- D.R. Kuhn, "Static Analysis Tools for Software Security
Certification," Proceedings, 11th National Computer Security
Conference, NSA/NBS, 1988
Quantum cryptography
- D.R. Kuhn, A Quantum Cryptographic Protocol with
Detection of Compromised Server, Journal of Quantum
Information and Computing, vol. 5, no. 7, 2005.(revised and extended
quant-ph/0311085)
- D.R. Kuhn, A Quantum Cryptographic Protocol with Detection
of Compromised Server, quant-ph/0311085, Nov. 14, 2003.
- D.R. Kuhn, Vulnerabilities in Quantum Key Distribution
Protocols - cryptanalysis of some recently
proposed quantum cryptographic protocols. quant-ph/0305076, May 14, 2003.
- D.R. Kuhn, A Hybrid Authentication Protocol Using
Quantum Entanglement and Symmetric Cryptography - a hybrid cryptographic protocol, using quantum and
classical
resources, for authentication and authorization in a network. quant-ph/0301150, January 28, 2003.
- P.E. Black, D.R. Kuhn, C.J. Williams, Quantum Computing
and Communication, Advances in Computers, Vol.
56, 2002
- an introduction to applications of quantum mechanics in computing,
cryptography, and communications.
Security and role based access control
- R. Kuhn, Cybersecurity, (guest editor intro),
IEEE IT Professional, vol. 11, no. 4 (July/Aug 2010), pp. 18-19.
- D.R. Kuhn, E.J. Coyne, T.R. Weil, Adding Attributes to Role Based Access Control, IEEE Computer, June, 2010, pp. 79-81.
- R. Kuhn, C. Johnson Vulnerability Trends: Measuring Progress,
IEEE IT Professional, vol. 11, no. 4 (July/Aug 2010), pp. 51-53.
- S. Liu, R. Kuhn, Data Loss Prevention,
IEEE IT Professional, vol. 11, no. 2 (Mar/Apr 2010), pp. 10-13.
- D.R. Kuhn, S. Liu,H. Rossman, Practical Interdomain Routing Security,
IEEE IT Professional, vol. 11, no. 6 (Nov/Dec 2009), pp. 54-56.
- S. Liu, D.R. Kuhn, H. Rossman, Understanding
Insecure IT: Practical Risk Assessment,
IEEE IT Professional, vol. 11, no. 3 (May/Jun 2009), pp.
49-51.
- S. Liu, D.R. Kuhn, H. Rossman, Surviving
Insecure IT: Effective Patch Management,
IEEE IT Professional, vol. 11, no. 2 (Mar/Apr 2009), pp.
49-51.
- D.R. Kuhn, H. Rossman, S. Liu, Introducing
Insecure IT,
IEEE IT Professional, vol. 11, no. 1 (Jan/Feb 2009), pp. 24-26. -
introductory column for the "Insecure IT" department in IT
Pro.
- V.C. Hu, D.R. Kuhn and T. Xie, Property Verification for Generic Access Control Models, 2008 IEEE/IFIP International Symposium on Trust, Security, and Privacy for Pervasive Applications (TSP-08) in Volume 2 of Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (EUC-08), Shanghai, China, December 17-20, 2008, pp. 234-250.
Abstract; DOI: 10.1109/EUC.2008.22; Preprint
- D.F. Ferraiolo, R. Kuhn, R. Sandhu, RBAC
Standard
Rationale: comments on A Critique of the ANSI
Standard on Role Based Access Control, IEEE
Security & Privacy, vol. 5, no. 6 (Nov/Dec 2007).`
- D.R. Kuhn. , Feature
Interactions and Data Privacy, Workshop on Data
Confidentiality, Sept
6-7, 2007, Arlington, VA.
- V. Hu, D.R. Kuhn, D.F. Ferraiolo, The
Computational Complexity of Enforceability Validation for Generic
Access Control Rules, IEEE International
Conference on
Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC2006)
- K. Sriram, D. Montgomery, O. Kim, O. Borchert, D. R. Kuhn, Autonomous
System Isolation under BGP Session Attacks with RFD Exploitation,
IEEE JSAC special issue on High-Speed Network Security. 2006
- D.F. Ferraiolo, S. Gavrila, V. Hu, D.R. Kuhn, Composing
and Combining Policies Under the Policy Machine, Proc.
SACMAT 2005, ACM.
- D. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn,R.
Chandramouli, A Proposed Standard for Role Based Access
Control, ACM Transactions on Information and
System Security , vol. 4, no. 3 (August, 2001) - draft of a
consensus standard for RBAC.
- D.F. Ferraiolo, J.F. Barkley, D.R. Kuhn, A Role Based Access Control Model and
Reference Implementation within a Corporate Intranet,
ACM Transactions on Information and Systems Security, Vol.2,
No. 1 (February, 1999). -- defines the NIST RBAC model, details
theoretical results, and describes implementation concerns.
- D.R. Kuhn, Mutual
Exclusion of Roles as a Means of Implementing Separation of Duty in
Role Based Access Control Systems, Second
ACM Workshop on Role Based Access Control,
1997. -- presents a number of results on separation of duty through
mutual exclusion of roles, including theorems on necessary and
sufficient conditions to ensure separation safety.
- T. Phillips, T. Karygiannis, R. Kuhn, Security
Standards for the RFID Market, IEEE Security
& Privacy, vol. 3, no. 6, Nov/Dec, 2005.
- T.J. Walsh, D.R. Kuhn, Challenges
in Securing Voice Over IP, IEEE Security & Privacy,
vol. 3, no. 3, May/June, 2005.
- R. Sandhu, D. Ferraiolo, R. Kuhn, The NIST Model
for Role Based Access Control: Towards a Unified
Standard, Proceedings, 5th ACM Workshop on Role
Based Access Control, July 26-27, 2000 - first public draft
of proposal for an RBAC standard.
- D.R. Kuhn, C. Dabrowski, T. Rhodes, Software Standards,
(invited) Encyclopedia of Electrical and
Electronics Engineering, John Wiley &
Sons, 1999. -- describes software standards and how to use them
effectively in systems development.
- S.A. Wakid, D.R. Kuhn, D.R. Wallace, Toward
Credible IT Testing and Certification, IEEE Software,
Vol. 16, No. 4 (July, 1999) -- discusses cost-effective processes for
software testing and certification by government and other
certification organizations.
- D.R. Kuhn, Role Based Access Control on MLS Systems
Without Kernel Changes, Third ACM Workshop on Role Based Access Control,
October 22-23,1998. -- a novel combinatorial algorithm mapping
hierarchical role structures to categories on MLS systems implementing
mandatory access control, making it possible to implement RBAC
structures without modifying OS kernel.
- J.F. Barkley, D.R. Kuhn, L.S. Rosenthal, M.W. Skall, A.V.
Cincotta, Role Based Access Control for the Web, (HTML)
CALS Expo International and 21st Century Commerce 1998: Global Business
Solutions for the New Millenium.
- J.F. Barkley, A. Cincotta, D.F. Ferraiolo, S. Gavrilla, and
D.R. Kuhn Role Based Access Control for the World
Wide Web, National Information
Systems Security Conference, October, 1997.
- D.F. Ferraiolo and D.R. Kuhn, Future Directions in Role
Based Access Control, (invited) Proceedings, First ACM
Workshop on Role Based Access Control, ACM, 1996. --
discusses new roles for RBAC (pun intended)
- D. Ferraiolo, J. Cugini, R. Kuhn, Role Based Access Control: Features and
Motivations, Proceedings, Annual Computer
Security Applications Conference, IEEE
Computer Society Press, 1995. -- elaborates the 1992 RBAC model to a
level of detail suitable for building directly into an application
- D.R. Wallace, D.R. Kuhn, L.M. Ippolito, and L. Beltracchi,
Standards for High Integrity Software, Nuclear Safety, Vol.
35, No. 1, (Jan - June, 1994). --- compares assurance methods required
by various standards for safety critical systems and secure systems.
- D.R.
Kuhn, P.N. Edfors, V. Howard, C. Caputo, T. Phillips, Improving
Public Switched Network Security in an Open Environment, (invited) IEEE
Computer, Vol.
26, No. 8 (August, 1993.) --- describes some government efforts to
improve the security of the US public switched telephone network.
- D. Ferraiolo and D.R. Kuhn, Role Based Access
Controls, Proceedings, 15th Natl. Computer
Security
Conference, 1992, pp. 554–563. --- the early
paper on role based access
control; includes basic formal definition.
- D.R. Kuhn, IEEE's POSIX, IEEE
Spectrum,
Vol. 28, No. 12 (December, 1991.) --- explains the IEEE POSIX open
system standards and how they can help make a component based software
industry economically feasible.
Books and book chapters
- D.R.
Kuhn, R.N. Kacker, Y. Lei, Introduction to Combinatorial Testing
(book), CRC Press, ISBN 1466552298, 2013.
- R. Bryce, Y. Lei, D.R. Kuhn, R. Kacker, Combinatorial
Testing, Chap. 14, Handbook of Research on Software Engineering and
Productivity Technologies: Implications of Globalization, Ramachandran, ed. , IGI Global, 2009.
- D.Ferraiolo, D.R. Kuhn, V. Hu, Authentication,
Authorization, Access Control, and Privilege Management, Wiley
Handbook of Science and Technology for Homeland Security, 2008.
- D.F. Ferraiolo, D.R. Kuhn, R. Chandramouli, Role
Based Access Control, 2nd edition (book), Artech House, 2007.
- D.F. Ferraiolo, D.R. Kuhn, R. Chandramouli, Role
Based Access Control (book), Artech House, 2003.
- D.R. Kuhn,W.J. Majurski, W. McCoy, F. Schulz, Open Systems Software Standards in
Concurrent Engineering, (invited) in Control
and Dynamic Systems - Concurrent Engineering Techniques and
Applications, C.T. Leondes, ed., Academic Press, 1994. ---
discusses open system standards and how they apply to concurrent
engineering.
- D.R. Kuhn, C. Dabrowski, T. Rhodes, Software Standards Encyclopedia of Electrical and
Electronics Engineering, John Wiley &
Sons, 1999. -- describes software standards and how to use them
effectively in systems development.
NIST Publications:
Various Presentations:
Education: