Stephen Quirolgico
National Institute of Standards and Technology
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Stephen Quirolgico.
web information systems engineering | 2004
Stephen Quirolgico; Pedro Assis; Andrea Westerinen; Michael E. Baskey; Ellen Jean Stokes
Self-managing systems will be highly dependent upon information acquired from disparate applications, devices, components and subsystems. To be effectively managed, such information will need to conform to a common model. One standard that provides a common model for describing disparate computer and network information is the Common Information Model (CIM). Although CIM defines the models necessary for inferring properties about distributed systems, its specification as a semi-formal ontology limits its ability to support important requirements of a self-managing distributed system including knowledge interoperability and aggregation, as well as reasoning. To support these requirements, there is a need to model, represent and share CIM as a formal ontology. In this paper, we propose a framework for constructing a CIM ontology based upon previous research that identified mappings from Unified Modeling Language (UML) constructs to ontology language constructs. We extend and apply these mappings to a UML representation of the CIM Schema in order to derive a semantically valid and consistent formal CIM ontology.
workshop on software and performance | 2004
Kevin L. Mills; Scott Rose; Stephen Quirolgico; Mackenzie Britton; Ceryen Tan
Designs for distributed systems must consider the possibility that failures will arise and must adopt specific failure detection strategies. We describe and analyze a self-regulating failure-detection algorithm that bounds resource usage and failure-detection latency, while automatically reassigning resources to improve failure-detection latency as system size decreases. We apply the algorithm to (1) Jini leasing, (2) service registration in the Service Location Protocol (SLP), and (3) SLP service polling
It Professional | 2011
Stephen Quirolgico; Jeffrey M. Voas; Rick Kuhn
Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an apps low cost and high proliferation, the threat of these vulnerabilities could be far greater than that of traditional computers. Thus, purchasing organizations or third-party labs should vet the apps before selling them, and consumers need to understand the risks of apps and the prospects for ensuring their security.
Journal of Systems and Software | 2007
Christopher E. Dabrowski; Kevin L. Mills; Stephen Quirolgico
Service discovery systems enable distributed components to find each other without prior arrangement, to express capabilities and needs, to aggregate into useful compositions, and to detect and adapt to changes. First-generation discovery systems can be categorized based on one of three underlying architectures and on choice of behaviors for discovery, monitoring, and recovery. This paper reports a series of investigations into the robustness of designs that underlie selected service discovery systems. The paper presents a set of experimental methods for analysis of robustness in discovery systems under increasing failure intensity. These methods yield quantitative measures for effectiveness, responsiveness, and efficiency. Using these methods, we characterize robustness of alternate service discovery architectures and discuss benefits and costs of various system configurations. Overall, we find that first-generation service discovery systems can be robust under difficult failure environments. This work contributes to better understanding of failure behavior in existing discovery systems, allowing potential users to configure deployments to obtain the best achievable robustness at the least available cost. The work also contributes to design improvements for next-generation service discovery systems.
Special Publication (NIST SP) - 800-163 | 2015
Stephen Quirolgico; Jeffrey M. Voas; Tom Karygiannis; Cristoph Michael; Karen Scarfone
The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities, and (5) determine if an app is acceptable for deployment on the organizations mobile devices.
2014 IT Professional Conference | 2014
Stephen Quirolgico
Summary form only given. Increasingly, attention is being paid to security vulnerabilities of mobile apps, and with good reason. Such vulnerabilities, if exploited, could be used to wreak havoc on users by stealing their information or controlling their mobile device. Given the billions of mobile apps in use today, security breaches threaten to occur on a very large scale. This presentation discusses the issues and challenges surrounding app vetting systems and provides lessons learned during the development and deployment of an app vetting system for the DARPA TransApps program.
Special Publication (NIST SP) - 500-260 | 2005
Christopher E. Dabrowski; Kevin L. Mills; Stephen Quirolgico
darpa information survivability conference and exposition | 2003
Scott Rose; Kevin Bowers; Stephen Quirolgico; Kevin L. Mills
international conference on cluster computing | 2005
Kevin L. Mills; Stephen Quirolgico; Christopher E. Dabrowski
National Institute of Standards and Technology (U.S.); Information Technology Laboratory (National Institute of Standards and Technology). Computer Security Division | 2015
Tom Karygiannis; Stephen Quirolgico; Larry Feldman; Greg Witte