Paul Ammann

Associate Professor
Department of Computer Science
Software Engineering Group
MS 4A4, S&T II Room 430
George Mason University
Fairfax, VA 22030-4444
(703) 993-1660; pammann@gmu.edu;
http://cs.gmu.edu/~pammann

EDUCATION

• PhD Computer Science: University of Virginia, 1988.
• MS Computer Science: University of Virginia, 1985.
• AB Summa Cum Laude, Computer Science: Dartmouth College, 1983.

EMPLOYMENT

• Associate Professor (with tenure). Department of Information & Software Engineering, George Mason University, Fairfax, VA 22030. 1995 - present. Assistant Professor. 1989 - 1995.
• Member, Technical Staff. Software Productivity Consortium, Herndon, VA 22070. 1987 - 1989.

• Books

  1. Paul Ammann and Jeff Offutt. Introduction to Software Testing. Cambridge University Press. Cambridge, UK. ISBN 9780521880381. 2008. Author Web Site
  
  
• Refereed Journal Publications
  1. Garrett Kaminski and Paul Ammann. Reducing logic test set size while preserving fault detection. Software Testing, Verification, and Reliability. 21(3):155-193, September 2011.
  2. Garrett Kaminski, Upsorn Praphamontripong, Paul Ammann, and Jeff Offutt. A logic mutation approach to selective mutation for programs and queries. Information and Software Technology. 53(10):1137-1152, October 2011.
  3. Gordon Fraser, Paul Ammann, and Franz Wotawa. Testing with model checkers: A survey. Software Testing, Verification, and Reliability. 19(3):215-261, September 2009.
  4. Gordon Fraser, Franz Wotawa, and Paul Ammann. Issues in using model checkers for test case generation. Journal of Systems and Software. 82(9):1403-1418, September 2009.
  5. Garrett Kaminski, Gregory Williams, and Paul Ammann. Reconciling perspectives of software logic testing. Software Testing, Verification, and Reliability. 18(3):149-188, September 2008.
  6. Peng Liu, Jie Li, Sushil Jajodia, and Paul Ammann. Can-follow concurrency control. IEEE Transactions on Computers. 56(10):1425-1430, October 2007.
  7. J. Offutt, S. Liu, A. Abdurazik, and Paul Ammann. Generating test data from state-based specifications. Software Testing, Verification, and Reliability. 13(1):25-53, March 2003.
  8. Paul Ammann, Sushil Jajodia, and Peng Liu. Recovery from malicious transactions. IEEE Transactions on Knowledge and Data Engineering, 14(5):1167-1185, September/October 2002.
  9. Paul Ammann and Paul E. Black. A specification-based coverage metric to evaluate test sets. International Journal of Quality, Reliability and Safety Engineering. 8(4):1-26, December 2001.
  10. Indrakshi Ray, Paul Ammann, and Sushil Jajodia. Using semantic correctness in multidatabases to achieve local autonomy, distribute coordination, and maintain global integrity. Information Sciences. 129(1-4):155-195, November 2000.
  11. Peng Liu, Paul Ammann, and Sushil Jajodia. Rewriting histories: Recovering from malicious transactions. The International Journal of Distributed and Parallel Databases. 8(1):7-40, January 2000.
  12. Sushil Jajodia, Catherine D. McCollum, and Paul Ammann. Trusted recovery: An important phase of information warfare defense. Communications of the ACM. 42(7):71-75, July 1999.
  13. Sushil Jajodia, Paul Ammann, and Catherine D. McCollum. Surviving information warfare attacks. IEEE Computer, 32(4):57-63, April 1999.
  14. Indrakshi Ray, Paul Ammann, Sushil Jajodia. A semantic-based transaction processing model for multilevel transactions. The Journal of Computer Security. 6(3):181-217, December 1998.
  15. Paul Ammann, Dahlard Lukes, and John Knight. Applying data redundancy to differential equation solvers. Annals of Software Engineering, 4:65-77, October 1997.
  16. Paul Ammann, Sushil Jajodia, and Indrakshi Ray. Applying formal methods to semantics-based decomposition of transactions. ACM Transactions on Database Systems, 22(2):215-254, June 1997.
  17. Paul Ammann, Richard Lipton, and Ravi Sandhu. The expressive power of multi-parent creation in monotonic access control models. The Journal of Computer Security, 4(2&3):149-166, December 1996.
  18. Paul Ammann, Sushil Jajodia, and Phyllis Frankl. Globally consistent event ordering in one-directional distributed environments. IEEE Transactions on Parallel and Distributed Systems, 7(6):665-670, June 1996.
  19. Pierangela Samarati, Paul Ammann, and Sushil Jajodia. Propagation of authorizations in distributed database systems. Data & Knowledge Engineering, 18(1):55-84, February 1996.
  20. Paul Ammann, Frank Jaeckle, and Sushil Jajodia. Concurrency control in secure multi-level databases via a two-snapshot algorithm. The Journal of Computer Security, 3(2,3):87-113, 1995.
  21. Paul Ammann, Sushil Jajodia, and Padmaja Mavuluri. On the fly reading of entire databases. IEEE Transactions on Knowledge and Data Engineering, 7(5):797-808, October 1995.
  22. Paul Ammann, Vijaylakshmi Atluri, and Sushil Jajodia. The partitioned synchronization rule for planar extendible partial orders. IEEE Transactions on Knowledge and Data Engineering, 7(5):734-838, October 1995.
  23. Paul Ammann, Susan Brilliant, and John Knight. The effect of imperfect error detection on reliability via life testing. IEEE Transactions on Software Engineering, 20(2):142-148, February 1994.
  24. Paul Ammann and Sushil Jajodia. Distributed timestamp generation in planar lattice networks. ACM Transactions on Computer Systems, 11(3):205-225, August 1993.
  25. Paul Ammann and Ravi Sandhu. The extended schematic protection model. The Journal Of Computer Security, 1(3&4):335-383, 1992.
  26. John Knight and Paul Ammann. Design fault tolerance. Reliability Engineering and System Safety, 32(1\&2):25-49, 1991.
  27. Paul Ammann and John Knight. Data diversity: An approach to software fault tolerance. IEEE Transactions on Computers, 37(4):418-425, April 1988.

• Refereed Conference and Workshop Publications
  1. Jeff Offutt, Nan Li, Paul Ammann, and Wuzhi Xu. Using Abstraction and Web Applications to Teach Criteria-Based Test Design. CSEE&T: 24th IEEE-CS Conference on Software Engineering Education and Training. pages 227 - 236. Honolulu, Hawaii. May, 2011.
  2. Garrett Kaminski and Paul Ammann. Applications of Optimization to Logic Test Testing. CSTVA 2010 - 2nd Workshop on Constraints in Software Testing, Verification and Analysis. (Held in conjuction with ICST 2010: Third IEEE International Conference on Software Testing, Verification, and Validation.) pages 331-336. Paris, France. April 2010.
  3. Garrett Kaminski and Paul Ammann. Using Logic Criterion Feasibility to Reduce Test Set Size While Guaranteeing Double Fault Detection. Mutation 2009 Workshop (Held in conjuction with ICST 2009: Second IEEE International Conference on Software Testing, Verification, and Validation.) pages 167-176. Denver, Colorado. April 2009.
  4. Garrett Kaminski and Paul Ammann. Using A Fault Hierarchy to Improve the Efficiency of DNF Logic Mutation Testing. ICST 2009: Second IEEE International Conference on Software Testing, Verification, and Validation. pages 386-395. Denver, Colorado. April 2009.
  5. Garrett Kaminski and Paul Ammann. Using Logic Criterion Feasibility to Reduce Test Set Size While Guaranteeing Fault Detection. ICST 2009: Second IEEE International Conference on Software Testing, Verification, and Validation. pages 356-365. Denver, Colorado. April 2009.
  6. Gordon Fraser and Paul Ammann. Reachability and Propagation for LTL Requirements Testing. QSIC 2008: Eighth International Conference on Quality Software. pages 189-198. Oxford, UK. August 2008.
  7. Duminda Wijesekera, Paul Ammann, Lingya Sun, and Gordon Fraser. Relating counterexamples to test cases in CTL model checking specifications. Proceedings of the 3rd ACM International Workshop on Advanced in Model-Based Testing. pages 75-84. London, UK. July, 2007.
  8. Jeff Offutt, Paul Ammann, Lisa Liu. Mutation testing implements grammar-based testing. The 2nd Workshop on Mutation Analysis. 12 pages. Raleigh, NC. November 2006.
  9. Joseph Pamula, Paul Ammann, Sushil Jajodia, and Ron Ritchey. Trust Management: A framework for establishing, assessing, and managing trust in inter-organizational relationships. Proceedings of the 3rd ACM Workshop on Secure Web Services. pages 23-32. Fairfax, VA. November 2006.
  10. Saket Kaushik, Duminda Wijeskera, and Paul Ammann. Security architecture: BPEL orchestration of secure webmail. Proceedings of the 3rd ACM Workshop on Secure Web Services. pages 84-95. Fairfax, VA. November 2006.
  11. Joseph Pamula, Sushil Jajodia, Paul Ammann, and Vipin Swarup. Network Security metrics: A weakest adversary security metric for network configuation security analysis. Proceedings of the 2nd ACM Workshop on Quality of Protection. pages 31-38. Alexandria, VA. October 2006.
  12. Jing Guan, Jeff Offutt, and Paul Ammann. Software Testing: An industrial case study of structural testing applied to safety-critical embedded software. Proceedings of the 2006 ACM/IEEE International Symposium on Emperical Software Engineering. pages 272-277. Rio de Janeiro, Brazil. September 2006.
  13. Saket Kaushik, William H. Winsborough, Duminda Wijesekera, and Paul Ammann. Policy Transformations for Preventing Leakage of Sensitive Information in Email Systems. 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security. pages 163-178. Sophia, Antipolis. August 2006.
  14. Paul Ammann, Joseph Pamula, Ron Ritchey, and Julie Street. A Host-Based Approach to Network Attack Chaining Analysis. In 21st Annual Computer Security Application Conference (ACSAC), Tucson, AZ. December 2005.
  15. Saket Kaushik, Duminda Wijesekera, Will Winsborough, and Paul Ammann. Policy-Based Dissemination of Partial Web-Ontologies. In 2005 ACM Workshop on Secure Web Services (SWS 2005). Alexandria, VA. November 2005.
  16. Saket Kaushik, Duminda Wijesekera, Will Winsborough, and Paul Ammann. Email Feedback: A Policy-based Approach to Overcoming False Positives. In 3rd ACM Workshop on Formal Methods in Security Engineering: From Specificatiosn to Code (FMSE 2005). Alexandria, VA. November 2005.
  17. Saket Kaushik, Duminda Wijesekera, Will Winsborough, and Paul Ammann. Distributed CLP Clusters as a Security Policy Framework for Email. In 1st International Workshop on Applications of Constraint Satisfaction and Programming to Computer Security. Spain.
  18. Saket Kaushik, Paul Ammann, Duminda Wijesekera, Will Winsborough, and Ron Ritchey. A Policy Driven Approach to Email Services. In POLICY 2004: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks. pages 169-178, Yorktown Heights, New York, June, 2004.
  19. Jeff Offutt, Paul Ammann, and Hong Huang. Coverage Criteria for Logical Expressions. In ISSRE 2003: 14th International Symposium on Software Reliability Engineering. pages 99-107, Denver, Colorado, November, 2003.
  20. Paul Ammann, Duminda Wijesekera, and Saket Kaushik. Scalable, Graph-Based Network Vulnerability Analysis. In Proceedings CCS 2002: 9th ACM Conference on Computer and Communications Security, pages 217-224, Washington, DC, November 2002.
  21. Peng Liu, Sushil Jajodia, Paul Ammann, and Jie Li. Can-Follow Concurrency Control. In IASTED NPDPA 2002: Networks, Parallel and Distributed Processing, and Applications. Tsukuba, Japan. October 2002.
  22. Paul Ammann, Wei Ding, and Daling Xu. Using a Model Checker to Test Safety Properties. In Proceedings ICECCS 2001: Seventh IEEE International Conference on Engineering of Complex Computer Systems, pages 212-221, Skovde, Sweden, June 2001.
  23. Aynur Abdurazik, Paul Ammann, Wei Ding, and Jeff Offutt. Evaluation of three specification-based testing criteria. In Proceedings ICECCS 2000: Sixth IEEE International Conference on Engineering of Complex Computer Systems, pages 179-187. Tokyo, Japan, September 2000.
  24. Ronald W. Ritchey and Paul Ammann. Using model checking to analyze network vulnerabilities. In Proceedings 2000 IEEE Computer Society Symposium on Security and Privacy, pages 156-165, Oakland, CA, May 2000.
  25. Paul Ammann and Sushil Jajodia. The integrity challenge. Integrity and Internal Controls in Information Systems: Strategic View on the Need for the Control. Margaret E. van Biene-Hershey and Leon Strous, eds., Kluwer, Boston, 2000, pages 59-69.
  26. Paul Ammann and Paul E. Black. Abstracting formal specifications to generate software tests via model checking. In DASC '99: Proceedings of the 18th Digital Avionics Systems Conference, IEEE. St. Louis, Missouri, October 1999.
  27. Paul Ammann and Paul E. Black. A specification-based coverage metric to evaluate test sets. In HASE '99: Proceedings of the 4th IEEE International Symposium on High-Assurance Systems, pages 239-248, Washington, DC, November 1999.
  28. Peng Liu, Paul Ammann , and Sushil Jajodia. Incorporating transaction semantics to reduce reprocessing overhead in replicated mobile data applications. In ICDCS '99: Proceedings of the 19th IEEE International Conference on Distributed Computing Systems, pages 414-423, Austin, TX, June 1999.
  29. Paul Ammann , Paul E. Black, and William Majurski. Using model checking to generate tests from specifications. In ICFEM '98: Proceedings of the 2nd IEEE International Conference on Formal Engineering Methods, pages 46-54, Brisbane, Australia, December 1998.
  30. Indrakshi Ray and Paul Ammann. Using the B-toolkit to ensure safety in SCR specifications. In COMPASS 12: Proceedings of the Twelfth Annual Conference On Computer Assurance, pages 1-12, Gaithersburg, MD, June 1997.
  31. Sushil Jajodia, Paul Ammann, and Indrakshi Ray. Implementing semantic-based decomposition of transactions. In Antoni Olivé and Joan Antoni Pastor, editors, CAISE `97: The 9th Conference on Advanced Information Systems Engineering, pages 75-88, Barcelona, Catalonia, June 1997. Lecture Notes in Computer Science 1250.
  32. Paul Ammann, Sushil Jajodia, Catherine D. McCollum, and Barbara T. Blaustein. Surviving information warfare attacks on databases. In Proceedings 1997 IEEE Computer Society Symposium on Security and Privacy, pages 164-174, Oakland, CA, May 1997.
  33. Paul Ammann and Jeff Offutt. Maintaining knowledge currency in the 21st century. In CSEET '97: The Tenth Conference on Software Engineering Education and Training, pages 161-172, Virginia Beach, VA, April 1997.
  34. Paul Ammann, Sushil Jajodia, and Indrakshi Ray. Ensuring atomicity of multilevel transactions. In Proceedings 1996 IEEE Computer Society Symposium on Security and Privacy, pages 74-84, Oakland, CA, May 1996.
  35. Paul Ammann, Sushil Jajodia, and Indrakshi Ray. Using formal methods to reason about semantics-based decomposition of transactions. In VLDB '95: Proceedings of the Twenty-First International Conference on Very Large Data Bases, pages 218-227, Zurich, Switzerland, September 1995.
  36. Paul Ammann. A safety kernel for traffic light control. In COMPASS 10: Proceedings of the Tenth Annual Conference On Computer Assurance, pages 71-82, Gaithersburg, MD, June 1995.
  37. Paul Ammann and Sushil Jajodia. An efficient multiversion algorithm for secure servicing of transaction reads. In Proceedings of the Second ACM Conference on Computer and Communications Security, pages 118-125, Fairfax, VA, November 1994.
  38. Pierangela Samarati, Paul Ammann, and Sushil Jajodia. Propagation of authorizations in distributed database systems. In Proceedings of the Second ACM Conference on Computer and Communications Security, pages 136-147, Fairfax, VA, November 1994.
  39. Paul Ammann and Jeff Offutt. Using formal methods to derive test frames in category-partition testing. In COMPASS 9: Proceedings of the Ninth Annual Conference On Computer Assurance, pages 69-79, Gaithersburg, MD, June 1994.
  40. Paul Ammann and Ravi Sandhu. One-representative safety analysis in the non-monotonic transform model. In Proceedings of the Computer Security Foundations Workshop VII, pages 138-149, Franconia, NH, June 1994.
  41. Paul Ammann, Hassan Gomaa, Jeff Offutt, David Rine, and Bo Sanden. A five year perspective on software engineering graduate programs at George Mason University. In Jorge L. Diaz-Herrara, editor, Proceedings of the Seventh SEI Conference on Software Engineering Education, volume Lecture Notes in Computer Science 750, pages 471-488, San Antonio, TX, January 1994. Springer-Verlag.
  42. Paul Ammann and Sushil Jajodia. Planar lattice security structures for multi-level replicated databases. In Tom Keefe and Carl Landwehr, editors, Database Security VII: Status and Prospects, pages 125-134. North Holland, 1994.
  43. Paul Ammann and Ravi Sandhu. Implementing transaction control expressions by checking for absence of access rights. In Eighth Annual Computer Security Application Conference (ACSAC), pages 131-140, San Antonio, TX, December 1992.
  44. Paul Ammann, Richard Lipton, and Ravi Sandhu. The expressive power of multi-parent creation in monotonic access control models. In Proceedings of the Computer Security Foundations Workshop V, pages 148-156, Franconia, NH, June 1992.
  45. Nina Amla and Paul Ammann. Using Z specifications in category partition testing. In COMPASS 7: Proceedings of the Seventh Annual Conference On Computer Assurance, pages 3-10, Gaithersburg, MD, June 1992. Best Paper Award .
  46. Paul Ammann, Frank Jaeckle, and Sushil Jajodia. A two snapshot algorithm for concurrency control in secure multi-level databases. In Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 204-215, Oakland, CA, May 1992.
  47. Paul Ammann and Sushil Jajodia. A timestamp ordering algorithm for secure single-version, multi-level databases. In Carl Landwehr and Sushil Jajodia, editors, Database Security V: Status and Prospects, pages 191-202. North Holland, 1992.
  48. Paul Ammann, Ravi Sandhu, and Gurpreet Suri. A distributed implementation of the extended schematic protection model. In Seventh Annual Computer Security Application Conference, pages 152-164, San Antonio, TX, December 1991.
  49. Paul Ammann and Ravi Sandhu. Safety analysis for the extended schematic protection model. In Proceedings 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pages 87-97, Oakland, CA, May 1991.
  50. Paul Ammann and Ravi Sandhu. Extending the creation operation in the schematic protection model. In Sixth Annual Computer Security Application Conference, pages 340-348, Tucson, AZ, December 1990.
  51. Susan Brilliant, John Knight, and Paul Ammann. On the performance of software testing using multiple versions. In FTCS 20: Proceedings of the Twentieth International Symposium on Fault-Tolerant Computing, pages 408-415, Newcastle Upon Tyne, U.K., June 1990.
  52. John Knight and Paul Ammann. Issues influencing the use of N-version programming. In G.X. Ritter, editor, Information Processing '89, pages 217-222, San Francisco, CA, August 1989. Elsevier Science Publishers, B.V. (North Holland).
  53. Paul Ammann and John Knight. Data diversity: An approach to software fault tolerance. In FTCS 17: Proceedings of the Seventeenth International Symposium on Fault-Tolerant Computing, pages 122-126, Pittsburgh, PA, July 1987.
  54. John Knight Paul Ammann. An experimental evaluation of simple methods for seeding program errors. In ICSE 8: Proceedings of the Eighth International Conference on Software Engineering, pages 337-342, London, England, August 1985.

• Miscellaneous Publications
  • Paul Ammann Jeff Offutt, and Wuzhi Xu. Coverage criteria for state based specifications. In Formal Methods and Testing. Springer LNCS 4949. pages 118-156. Berlin, Germany.
  • Paul Ammann and Paul E. Black. Test Generation and Recognition with Formal Methods. In First International Workshop on Automated Program Analysis, Testing, and Verification, pages 156-165, Limerick, Ireland, June 2000.
  • Sushil Jajodia, Peng Liu, and Paul Ammann. A Fault Tolerance Approach to Survivability. In Proceedings of the Information Systems Technology Symposium: Protecting NATO Information Systems in the 21st Century, RTO/NATO, Hull, Canada (limited release), pages 20-1 to 20-7, October, 1999.
  • Paul Ammann, Sushil Jajodia, and Peng Liu. A Fault Tolerance Approach to Survivability. In Proceedings of CSDA 98: Computer Security, Dependability, and Assurance: From Needs to Solutions, IEEE Press, Los Alamitos, CA, pages 204-212, 1999. ISBN 0-7695-0337-3.
  • Paul Ammann and Sushil Jajodia. Computer Security, Fault Tolerance, and Software Assurance. IEEE Concurrency, 7(1):4-6, January-March 1999.
  • Paul Ammann and Sushil Jajodia. Rethinking Integrity. IEEE Concurrency, 5(4):5-6, October-December 1997.
  • Paul Ammann and Sushil Jajodia. Semantics-based transaction processing: Satisfying conflicting objectives. IEEE Concurrency, 5(2):8-10, April-June 1997.
  • Paul Ammann, Sushil Jajodia, and Indrakshi Ray. Semantic-based decomposition of transactions. In Sushil Jajodia and Larry Kerschberg, editors, Advanced Transaction Models and Architectures, pages 153-180. Kluwer Academic Publishers, 1997.
  • Paul Ammann. A safety kernel for traffic light control. IEEE Aerospace and Electronics Systems Magazine, 11(2):13-19, February 1996.
  • Hassan Gomaa, Bo Sanden, Paul Ammann, Al Davis, and Dick Fairley. Graduate programs in software engineering at George Mason University. In Proceedings 1991 ICSE Software Engineering Education Workshop, Austin, TX, May 1991.
  • Paul Ammann. Data redundancy for software testing and fault tolerance. In Connie Page and Rauol LePage, editors, Computing Science and Statistics: Proceedings of the 22nd Symposium on the Interface, pages 43-52, East Lansing, MI, May 1990. Springer-Verlag.
  • Paul Ammann, Susan Brilliant, and John Knight. Using multiple versions for verification. In NSIA Annual National Joint Conference on Software Quality and Reliability, pages 220-223, Arlington, VA, March 1988.
  • John Knight and Paul Ammann. Data diversity: An approach to fault-tolerant software. In Eleventh Annual Software Engineering Workshop, Greenbelt, MD, December 1986. Goddard Space Flight Center. SEL-86-006.
  • John Knight and Paul Ammann. An experimental evaluation error seeding as a program validation technique. In Tenth Annual Software Engineering Workshop, Greenbelt, MD, December 1985. Goddard Space Flight Center. SEL-85-006.
  
  
• Miscellaneous Presentations
  • ICST 2010 Industry Tutorial: An Newcomer's Guide to Software Testing

PhD Students

• Mark Blackburn (1998)
• Indrakshi Ray (1999) Co-advised with Sushil Jajodia.
• Peng Liu (2000) Co-advised with Sushil Jajodia.
• Dan Ellis (2007) Co-advised with Sushil Jajodia.
• Joseph Pamula (2007) Co-advised with Sushil Jajodia.
• Ron Ritchey (2007)
• Gordon Fraser (2007) Technical University Graz, Austria. Co-advised with Franz Wotawa.
• Saket Kaushik (2007) Co-advised with Duminda Wijesekera.
• Gary Kaminski (current).
• Gordon Shao (current).