Research Interests:
Research Interests:
Funded by the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST) started a long-term, ambitious project to identify, enhance and develop software assurance tools. The Software Assurance... more
Funded by the Department of Homeland Security (DHS), the National Institute of Standards and Technology (NIST) started a long-term, ambitious project to identify, enhance and develop software assurance tools. The Software Assurance Metrics And Tool Evaluation (SAMATE) project is leading in (A) developing tests for software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods. See the workshop web site at http://samate.nist.gov/ SASII.
Research Interests:
Research Interests:
Research Interests: Computer Science and NIST
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests: Computer Science and NIST
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
ABSTRACT This Spotlight piece provides an overview of some of the US National Institute of Standards and Technology's contributions to the IT field over the last 70 years. This department is part of a special issue on NIST... more
ABSTRACT This Spotlight piece provides an overview of some of the US National Institute of Standards and Technology's contributions to the IT field over the last 70 years. This department is part of a special issue on NIST contributions to IT.
Research Interests:
ABSTRACT Although building quality into software is paramount, professionals find that testing is necessary to assure that the system will operate as desired. Developing tests can take significant resources. In 1998, NIST showed how tests... more
ABSTRACT Although building quality into software is paramount, professionals find that testing is necessary to assure that the system will operate as desired. Developing tests can take significant resources. In 1998, NIST showed how tests can be automatically generated from models using model checkers and specification mutation. This was an early result in what is now a broad area known as "model-based testing." NIST also modified the same technology to measure the coverage of test suites independent of implementation details. This article is part of a special issue on NIST contributions to IT.
Research Interests:
Blockchain technology has recently emerged as the primary platform for the transfer of digital currency. This technology, which has been heralded as a revolutionary tool to facilitate the transfer of funds between participating parties,... more
Blockchain technology has recently emerged as the primary platform for the transfer of digital currency. This technology, which has been heralded as a revolutionary tool to facilitate the transfer of funds between participating parties, is still in its infancy and should be subjected to thorough scrutiny. In recent years, researchers have attempted to uncover a litany of bugs embedded within these distributed systems; however, there does not yet exist a formal and standardized method for their classification. In this paper, we present the first formal classifications of known bugs in smart contract systems using NIST’s Bugs Framework and propose two new classes: Distributed System Protocol (DSP) and Distributed System Resource Management (DRM).
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests: Computer Science and NIST
Research Interests:
Research Interests:
Research Interests:
Research Interests: Computer Science and NIST
I can find out how much sodium is in a candy bar from the wrapper. New cars have an indication of their fuel efficiency, and Christmas lights have a UL tag. But how can a computer user gain insight into their software? Can the developer... more
I can find out how much sodium is in a candy bar from the wrapper. New cars have an indication of their fuel efficiency, and Christmas lights have a UL tag. But how can a computer user gain insight into their software? Can the developer access this software remotely? Does it have copyrighted software that impairs my intellectual property if it is incorporated in my system? And from the developer side, what information could be furnished to communicate the quality of their work and products to acquirers? What ...
Research Interests:
ABSTRACT The purpose of the workshop is to convene researchers, developers, and government and industrial users of software security assurance (SSA) tools to refine the taxonomy of flaws and the taxonomy of SSA tool functions, converge on... more
ABSTRACT The purpose of the workshop is to convene researchers, developers, and government and industrial users of software security assurance (SSA) tools to refine the taxonomy of flaws and the taxonomy of SSA tool functions, converge on which SSA functions should first have specifications and tests developed, gather SSA tool developers for "target practice" on the reference datasets, and identify gaps or requirements for research in SSA functions. There are contributions describing basic research, novel applications, and experience relevant to SSA tools and their evaluation. The reference datasets are code with known flaws and vulnerabilities, with corresponding correct versions, to be used as references for tool testing, to make research easier, and to be a standard of evaluation. Tools ranging from commercial products to university projects "shoot holes" in the datasets to suggest extensions, improvements, etc. This is a U.S. National Institute of Standards and Technology SAMATE (http://samate.nist.gov/) workshop.