Xinming (Simon) Ou

I do research in computer security, especially the application of formal logical techniques in security analysis of complex systems. My current research focuses on enterprise network security defense, including automated security management and intrusion detection/response. I am the designer of MulVAL, a logic-based network security analyzer. If you are interested in MulVAL, you can take a look at my Ph.D. dissertation, and the MulVAL project at K-State.

I direct research for Argus, the cybersecurity research group at Kansas State University. I am always looking for dedicated students who are interested in computer security. The best way to join my research group is through taking the security course CIS751 offered in the fall.

Teaching

• Fall 2008: CIS751/590: Computer and Information Security
• Spring 2008: CIS798/CIS590: Applied Cryptography, CIS890: Research Topics in Security
• Fall 2007: CIS751: Computer and Information Security
• Spring 2007: CIS890: Research Topics in Security
• Fall 2006: CIS798: Computer and Information Security

Students

• John Homer (PhD)
• Su Zhang (PhD)
• Abhishek Rakshit (MS)
• Hussain Almohri (MS)
• Sakthiyuvaraja Sakthivelmurugan (MS)
• Ashok Varikuti (MS)
• Nataraj Agaram Sundar (MS)
• Robert Christie (Undergraduate student)

• Bart Carroll (undergraduate student, graduated fall 2007)
• Cory Hardman (undergraduate student)

Publications

1. SAT-Solving Approaches to Context-Aware Enterprise Network Security Management. John Homer and Xinming Ou, In IEEE JSAC Special Issue on Network Infrastructure Configuration, To appear. Preprint
2. A Practical Approach to Modeling Uncertainty in Intrusion Analysis Xinming Ou, Raj Rajagopalan, and Sakthiyuvaraja Sakthivelmurugan Technical report, Kansas State University, Computing and Information Sciences Department. November 2008.
3. Identifying Critical Attack Assets in Dependency Attack Graphs. Reginald Sawilla and Xinming Ou. In 13th European Symposium on Research in Computer Security (ESORICS 2008), Malaga, Spain, October 2008. The extended version.
4. Improving Attack Graph Visualization through Data Reduction and Attack Grouping. John Homer, Ashok Varikuti, Xinming Ou, and Miles A. McQueen. In 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, U.S.A., September 2008.
5. From Attack Graphs to Automated Configuration Management - An Iterative Approach. John Homer, Xinming Ou, and Miles A. McQueen. Technical report, Kansas State University, Computing and Information Sciences Department. January 2008.
6. Googling attack graphs. Reginald Sawilla and Xinming Ou. Technical report, Defence R & D Canada -- Ottawa TM 2007-205, September 2007.
7. A scalable approach to attack graph generation. Xinming Ou, Wayne F. Boyer, and Miles A. McQueen. In 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, U.S.A., October 2006.
8. Authorization Strategies for Virtualized Environments in Grid Computing Systems. Xinming Ou, Anna Squicciarini, Sebastien Goasguen, and Elisa Bertino. In IEEE Workshop on Web Services Security (WSSS), Berkeley, CA, U.S.A., May, 2006.
9. A logic-programming approach to network security analysis. Xinming Ou. PhD dissertation, Princeton University, 2005.
10. MulVAL: A logic-based network security analyzer. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. In 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., August 2005.
11. A two-tier technique for supporting quantifiers in a lazily proof-explicating theorem prover. K. Rustan M. Leino, Madan Musuvathi, and Xinming Ou. In 11th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 05), Edinburgh, U.K., April 2005.
12. Dynamic typing with dependent types. Xinming Ou, Gang Tan, Yitzhak Mandelbaum, and David Walker. In 3rd IFIP International Conference on Theoretical Computer Science (TCS 04) , Toulouse, France, August 2004.
13. Theorem proving using lazy proof explication. Cormac Flanagan, Rajeev Joshi, Xinming Ou, and James B. Saxe. In 15th Computer-Aided Verification conference (CAV 2003), Boulder, CO, U.S.A., July 2003.
14. Enforcing resource usage protocols via scoped methods. Gang Tan, Xinming Ou, and David Walker. In 10th International Workshop on Foundations of Object-Oriented Languages (FOOL 10), New Orleans, LA, U.S.A., January 2003.

The documents contained in these pages are included to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.