MulVAL Project at Kansas State University

MulVAL stands for "Multi-host, Multi-stage Vulnerability Analysis Language". It is a research tool for security practitioners and system administrators to better manage the configuration of an enterprise network such that the security risks are appropriately controlled. Our goal is to design technologies for building a security knowledge base which can be utilized by various automated tools to enhance the quality and reduce the costs of enterprise network security management.



Research Papers

  1. MulVAL: A logic-based network security analyzer. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. In 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., August 2005.
  2. A logic-programming approach to network security analysis. Xinming Ou. PhD dissertation, Princeton University, 2005.
  3. A scalable approach to attack graph generation. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. In 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, U.S.A., October 2006.
  4. Googling attack graphs. Reginald Sawilla and Xinming Ou. Technical report, Defence R & D Canada -- Ottawa. TM 2007-205, September 2007.
  5. From attack graphs to automated configuration management - an iterative approach. John Homer, Xinming Ou, and Miles A. McQueen. Technical report 2008-1, Kansas State University, Computing and Information Sciences Department. January 2008.
  6. Improving attack graph visualization through data reduction and attack grouping. John Homer, Ashok Varikuti, Xinming Ou, and Miles A. McQueen. In 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, U.S.A., September 2008.
  7. Identifying critical attack assets in dependency attack graphs. Reginald Sawilla and Xinming Ou. In 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 2008. The extended version.
  8. SAT-solving approaches to context-aware enterprise network security management. John Homer and Xinming Ou, In IEEE JSAC Special Issue on Network Infrastructure Configuration, Vol. 27, No. 3, April 2009. Preprint
  9. Techniques for enterprise network security metrics. Anoop Singhal and Xinming Ou. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (CSIIRW) , Extended Abstract, April, 2009.
  10. A host-based security assessment architecture for industrial control systems. Abhishek Rakshit and Xinming Ou. 2nd International Symposium on Resilient Control Systems (ISRCS), Idaho Falls, ID, USA, August 2009.
  11. A sound and practical approach to quantifying security risk in enterprise networks. John Homer, Xinming Ou, and David Schmidt. Technical report, Kansas State University, Computing and Information Sciences Department. August 2009.
  12. Uncertainty and risk management in cyber situational awareness. Jason Li, Xinming Ou, and Raj Rajagopalan. In Sushil Jajodia et al., editor, Cyber Situational Awareness: Issues and Research , chapter 4. Springer, Nov. 2009.
  13. Using Bayesian Networks for cyber security analysis. Peng Xie, Jason H Li, Xinming Ou, Peng Liu, and Renato Levy. The 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2010), Chicago, USA, June 2010. Preprint.
  14. Effective network vulnerability assessment through model abstraction. Su Zhang, Xinming Ou, and John Homer. the Eighth Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Amsterdam, The Netherlands, July 2011.
  15. An empirical study of using the National Vulnerability Database to predict software vulnerabilities. Su Zhang, Doina Caragea, and Xinming Ou. 22nd International Conference on Database and Expert Systems Applications (DEXA), Toulouse, France, August, 2011.
  16. Security risk analysis of enterprise networks using probabilistic attack graphs. Anoop Singhal and Xinming Ou. NIST Interagency Report 7788. Aug. 2011.
  17. Quantitative security risk assessment of enterprise networks. Xinming Ou and Anoop Singhal. SpringerBrief Series, Information Security, 2011.
  18. An empirical study of a vulnerability metric aggregation method. Su Zhang, Xinming Ou, Anoop Singhal and John Homer. The 2011 International Conference on Security and Management (SAM'11), special track on Mission Assurance and Critical Infrastructure Protection (STMACIP'11), Las Vegas, USA, July 2011.
  19. Distilling critical attack graph surface iteratively through minimum-cost SAT solving. Heqing Huang, Su Zhang, Xinming Ou, Atul Prakash, and Karem Sakallah. 27th Annual Computer Security Applications Conference (ACSAC), Orlando, FL, USA. Dec. 2011. (Best Student Paper Award) .
  20. Aggregating vulnerability metrics in enterprise networks using attack graphs. John Homer, Su Zhang, Xinming Ou, David Schmidt, Yanhui Du, S. Raj Rajagopalan, and Anoop Singhal. Journal of Computer Security, To appear.
The documents contained in these pages are included to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
The materials presented in this web page are based upon work partially supported by the National Science Foundation under Grant No. 0716665, 0954138, and 1018703, by AFOSR under award No. FA9550-09-1-0138, and by HP Labs Innovation Research Program. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.

Last update: Nov 20, 2013.