Xinming (Simon) Ou

I do research in computer security, especially the application of formal logical techniques in security analysis of complex systems. My current research focuses on enterprise network security defense, including automated security management, intrusion detection/response, and security metrics. I am the designer of MulVAL, a logic-based network security analyzer. If you are interested in MulVAL, you can take a look at my Ph.D. dissertation, and the MulVAL project at K-State.

I direct research for Argus, the cybersecurity research group at Kansas State University. I am always looking for dedicated students who are interested in solving real-world security problems. The best way to join my research group is through taking the security course CIS751 offered in the fall.

Recent and upcoming professional activity

• Poster and demo chair. 16th ACM Conference on Computer and Communications Security (CCS 2009)
• TPC member. Workshop on Assurable & Usable Security Configuration (SafeConfig 2009)
• Tutorial speaker. Security risk analysis of enterprise networks: techniques and challenges, ACM CCS 2009.

Teaching

• Fall 2009: CIS751/590: Computer and Information Security
• Spring 2009: CIS798/CIS590: Applied Cryptography
  CIS890: Research Topics in Security
• Fall 2008: CIS751/590: Computer and Information Security
• Spring 2008: CIS798/CIS590: Applied Cryptography
  CIS890: Research Topics in Security
• Fall 2007: CIS751: Computer and Information Security
• Spring 2007: CIS890: Research Topics in Security
• Fall 2006: CIS798: Computer and Information Security

Students

• Su Zhang (PhD)
• Loai Zomlot (PhD)
• Sakthiyuvaraja Sakthivelmurugan (MS)
• Nataraj Sundar (MS)
• Tsung-Hsi Wu (MSE)
• Dustin Seabourn (Undergraduate student)
• Cory Hardman (undergraduate student)

• Bart Carroll (Bachelor, Fall 2007)
• Hussain Almohri (MS, 2008)
• Abhishek Rakshit (MS, 2008)
• John Homer (PhD, 2009. Faculty at Abilene Christian University)
• Ashok Varikuti (MS, 2009)
• Robert Christie (Bachelor, Spring 2009)

Publications

1. An empirical approach to modeling uncertainty in intrusion analysis. Xinming Ou, S. Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. 25th Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, USA, Dec 2009, to appear. Preprint.
2. Uncertainty and risk management in cyber situational awareness. Jason Li, Xinming Ou, and Raj Rajagopalan. In Sushil Jajodia, editor, Cyber Situational Awareness , chapter 3. Springer, to appear.
3. A sound and practical approach to quantifying security risk in enterprise networks. John Homer, Xinming Ou, and David Schmidt. Technical report, Kansas State University, Computing and Information Sciences Department. August 2009.
4. A host-based security assessment architecture for industrial control systems. Abhishek Rakshit and Xinming Ou. 2nd International Symposium on Resilient Control Systems (ISRCS), Idaho Falls, ID, USA, August 2009.
5. Techniques for enterprise network security metrics. Anoop Singhal and Xinming Ou. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (CSIIRW) , Extended Abstract, April, 2009.
6. SAT-solving approaches to context-aware enterprise network security management. John Homer and Xinming Ou, In IEEE JSAC Special Issue on Network Infrastructure Configuration, Vol. 27, No. 3, April 2009. Preprint
7. A practical approach to modeling uncertainty in intrusion analysis. Xinming Ou, Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan. Technical report, Kansas State University, Computing and Information Sciences Department. November 2008.
8. Identifying critical attack assets in dependency attack graphs. Reginald Sawilla and Xinming Ou. In 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 2008. The extended version.
9. Improving attack graph visualization through data reduction and attack grouping. John Homer, Ashok Varikuti, Xinming Ou, and Miles A. McQueen. In 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, U.S.A., September 2008.
10. From attack graphs to automated configuration management - an iterative approach. John Homer, Xinming Ou, and Miles A. McQueen. Technical report, Kansas State University, Computing and Information Sciences Department. January 2008.
11. Googling attack graphs. Reginald Sawilla and Xinming Ou. Technical report, Defence R & D Canada -- Ottawa TM 2007-205, September 2007.
12. A scalable approach to attack graph generation. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. In 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, U.S.A., October 2006.
13. Authorization strategies for virtualized environments in grid computing systems. Xinming Ou, Anna Squicciarini, Sebastien Goasguen, and Elisa Bertino. In IEEE Workshop on Web Services Security (WSSS), Berkeley, CA, U.S.A., May, 2006.
14. A logic-programming approach to network security analysis. Xinming Ou. PhD dissertation, Princeton University, 2005.
15. MulVAL: A logic-based network security analyzer. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. In 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., August 2005.
16. A two-tier technique for supporting quantifiers in a lazily proof-explicating theorem prover. K. Rustan M. Leino, Madan Musuvathi, and Xinming Ou. In 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 05), Edinburgh, U.K., April 2005.
17. Dynamic typing with dependent types. Xinming Ou, Gang Tan, Yitzhak Mandelbaum, and David Walker. In 3rd IFIP International Conference on Theoretical Computer Science (TCS 04) , Toulouse, France, August 2004.
18. Theorem proving using lazy proof explication. Cormac Flanagan, Rajeev Joshi, Xinming Ou, and James B. Saxe. In 15th Computer-Aided Verification conference (CAV 2003), Boulder, CO, U.S.A., July 2003.
19. Enforcing resource usage protocols via scoped methods. Gang Tan, Xinming Ou, and David Walker. In 10th International Workshop on Foundations of Object-Oriented Languages (FOOL 10), New Orleans, LA, U.S.A., January 2003.

The documents contained in these pages are included to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.