Paul E. Black, Published Papers

Software Assurance Metrics And Tool Evaluation (SAMATE)

• The Software Assurance Reference Dataset (SARD), Jan 2025, DOI 10.6028/NIST.IR.8561
• Reliability in Building Blocks for Secure Software, Dec 2024, DOI 10.1109/MRL.2024.3449789
• Report on Secure Hardware Assurance Reference Dataset (SHARD) Program, Oct 2024, DOI 10.6028/NIST.IR.8540
• Vulnerability Test Suite Generator (VTSG) Version 3, Oct 2023, DOI 10.6028/NIST.IR.8493
• SATE VI Report: Bug Injection and Collection, June 2023, DOI 10.6028/NIST.SP.500-341
• Guidelines on Minimum Standards for Developer Verification of Software, Oct 2021, DOI 10.6028/NIST.IR.8397, arxiv 2107.12850
• SATE VI Ockham Sound Analysis Criteria, April 2020, DOI 10.6028/NIST.IR.8304
• Formal Methods for Statistical Software, October 2019, DOI 10.6028/NIST.IR.8274
• Classification of Smart Contract Bugs Using the NIST Bugs Framework, 2019 DOI 10.1109/SERA.2019.8886793
• SATE V Report: Ten Years of Static Analysis Tool Expositions, 2018 DOI 10.6028/NIST.SP.500-326
• Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN), 2018 DOI 10.1109/COMPSAC.2018.00110
• Juliet 1.3 Test Suite: Changes From 1.2, 2018 DOI 10.6028/NIST.TN.1995
• A Software Assurance Reference Dataset: Thousands of Programs With Known Bugs, 2018 DOI 10.6028/jres.123.005
• SARD: Thousands of Reference Programs for Software Assurance, 2017
• Defeating Buffer Overflow: A Trivial but Dangerous Bug, 2016, DOI 10.1109/MITP.2016.117
• Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV), 2016, DOI 10.6028/NIST.SP.500-320
• The Bugs Framework (BF): A Structured Approach to Express Bugs, 2016, DOI 10.1109/QRS.2016.29
• SATE V Ockham Sound Analysis Criteria, March 2016, DOI 10.6028/NIST.IR.8113
• A Fundamental CWE Effectiveness Test Suite for CWE-121: Stack-based Buffer Overflow, 2013
• Report on the Static Analysis Tool Exposition (SATE) IV, 2013, DOI 10.6028/NIST.SP.500-297
• Report on the Metrics and Standards for Software Testing (MaSST) Workshop 2012, DOI 10.6028/NIST.IR.7920
• Juliet 1.1 C/C++ and Java Test Suite, 2012, DOI 10.1109/MC.2012.345
• Static Analyzers: Seat Belts for Your Code, 2012, DOI 10.1109/MSP.2012.2
• Software Vulnerabilities Precluded by SPARK, 2011
• Report on the Third Static Analysis Tool Exposition (SATE 2010), 2011, DOI 10.6028/NIST.SP.500-283
• Counting Bugs is Harder Than You Think, 2011
• The Second Static Analysis Tool Exposition (SATE 2009), 2010, DOI 10.6028/NIST.SP.500-287
• Static Analysis Tool Exposition (SATE) 2008, 2009
• Static Analyzers in Software Engineering, 2009
• Cyber Security Metrics and Measures, 2009
• Proc. Static Analysis Workshop, 2008
• Proc. Static Analysis Summit II, 2008
• Software Assurance with SAMATE Reference Dataset, Tool Standards, and Studies, 2007
• Effect of Static Analysis Tools on Software Security: Preliminary Investigation, 2007
• SAMATE and Evaluating Static Analysis Tools, 2007
• Software Assurance During Maintenance, 2006
• SAMATE's Contribution to Information Assurance, 2006
• Proc. Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM), 2005
• Proc. Defining the State of the Art in Software Security Tools (softSecToolsSOA) Workshop, 2005
• Software Assurance Metrics And Tool Evaluation, 2005

Formal Test Generation

• Comparison of Fault Classes in Specification-Based Testing, 2004
• Issues in Software Testing with Model Checkers, 2003
• Testing with Model Checker: Insuring Fault Visibility, 2003
• Model Checkers in Software Testing, 2002
• Winnowing Tests: Getting Quality Coverage from a Model Checker without Quantity, 2001
• Translating HOL to Specifications for the Model Checker SMV, 2001
• Formal Specification of Operating System Operations, 2001
• A Specification-Based Coverage Metric to Evaluate Test Sets, 2001
• Automated Testing Requirements-Automotive Perspective, 2001
• Modeling and Marshaling: Making Tests from Model Checker Counterexamples, 2000
• Mutation of Model Checker Specifications for Test Generation and Evaluation, 2000
• Mutation Operators for Specifications, 2000
• Test Generation and Recognition with Formal Methods, 2000
• Abstracting Formal Specifications to Generate Software Tests via Model Checking 1999
• Using Model Checking to Generate Tests from Specifications, 1998
  20 Year ICFEM Most Influential Paper

Program Verification

• Formal Methods for Statistical Software, 2019, DOI 10.6028/NIST.IR.8274
  Sect. 3.5.1 is A Model of Automated Testing.
• Is "Implementation Implies Specification" Enough?, 1999
• Some Theorem Proving Aids, 1998
• Formal Verification of a Merge-Sort Program with Static Semantics, 1998
• Axiomatic Semantics Verification of a Secure Web Server, 1998
• Formal Verification of Secure Programs in the Presence of Side Effects, 1998
• Verifying Resilient Software, 1997
• Inference Rules for Programming Languages with Side Effects in Expressions, 1996
• A Brief Introduction to Formal Methods, 1996
• Automatically Synthesized Term Denotation Predicates: A Proof Aid, 1995

Other

• A Historical Note on Shell Sort, Bresenham’s Algorithm, and the Chinese Postman Problem, May 2022, DOI 10.6028/NIST.SP.1280
• Algorithms and Data Structures for New Models of Computation, Jan/Feb 2021, DOI 10.1109/MITP.2020.3042858
• DADS: The On-Line Dictionary of Algorithms and Data Structures, 2020, DOI 10.6028/NIST.IR.8318
• Opaque Wrappers and Patching: Negative Results, 2019, DOI 10.1109/MC.2019.2936071. PMCID PMC7066996.
• Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy, Nov 2016, DOI 10.6028/NIST.IR.8151
• Insights on Formal Methods in Cybersecurity, 2016, DOI 10.1109/MC.2016.131
  What Happened to Formal Methods for Security? 2016, DOI 10.1109/MC.2016.228
• Test Generation Using Model Checking and Specification Mutation, 2014, DOI 10.1109/MITP.2013.104
  includes other history, such as the Standards Eastern Automatic Calculator (SEAC), magnetic tape standards, Fortran test programs, DES, FIPS, Compass conferences, and combinatorial testing.
• NIST Contributions to IT, 2014, DOI 10.1109/MITP.2014.20
• Does Security Trump Reliability? 2013, DOI 10.1109/MC.2013.383
• FS-TST 2.0: Forensic Software Testing Support Tools - Parts A, B, and C, 2006
• Testing BIOS Interrupt 0x13 Based Software Write Blockers, 2005
• Software Write Block - Testing Support Tools Validation, 2005
• Modeling Quantum Information Systems, 2004
• Quantum Computing and Communications, 2002
• Software Testing: Protocol Comparison, 1998
• Proc. LAL SuperScalar Waffle Feed, 1998
• Hypothetical Intelligent Plants, or, What Kind of Terminal Could a Tulip Use?, 1997
• Queuing Analysis of Oblivious Packet-Routing Networks, 1994
• Gdist: A Distributed Configuration Control System, 1988
• A Two-Level Interactive Approach to Silicon Compilation, 1986

Updated Fri Jan 31 16:39:49 2025

This page's URL is https://hissa.nist.gov/~black/Papers/