Visible to the public Biblio

Filters: Author is Xu, Shouhuai  [Clear All Filters]
2019-05-01
Chen, Huashan, Cho, Jin-Hee, Xu, Shouhuai.  2018.  Quantifying the Security Effectiveness of Firewalls and DMZs. Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security. :9:1–9:11.
Firewalls and Demilitarized Zones (DMZs) are two mechanisms that have been widely employed to secure enterprise networks. Despite this, their security effectiveness has not been systematically quantified. In this paper, we make a first step towards filling this void by presenting a representational framework for investigating their security effectiveness in protecting enterprise networks. Through simulation experiments, we draw useful insights into the security effectiveness of firewalls and DMZs. To the best of our knowledge, these insights were not reported in the literature until now.
2014-09-17
Xu, Shouhuai.  2014.  Cybersecurity Dynamics. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :14:1–14:2.

We explore the emerging field of Cybersecurity Dynamics, a candidate foundation for the Science of Cybersecurity.

Xu, Shouhuai.  2014.  Emergent Behavior in Cybersecurity. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :13:1–13:2.

We argue that emergent behavior is inherent to cybersecurity.

Han, Yujuan, Lu, Wenlian, Xu, Shouhuai.  2014.  Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :10:1–10:12.

Moving Target Defense (MTD) can enhance the resilience of cyber systems against attacks. Although there have been many MTD techniques, there is no systematic understanding and quantitative characterization of the power of MTD. In this paper, we propose to use a cyber epidemic dynamics approach to characterize the power of MTD. We define and investigate two complementary measures that are applicable when the defender aims to deploy MTD to achieve a certain security goal. One measure emphasizes the maximum portion of time during which the system can afford to stay in an undesired configuration (or posture), without considering the cost of deploying MTD. The other measure emphasizes the minimum cost of deploying MTD, while accommodating that the system has to stay in an undesired configuration (or posture) for a given portion of time. Our analytic studies lead to algorithms for optimally deploying MTD.

Da, Gaofeng, Xu, Maochao, Xu, Shouhuai.  2014.  A New Approach to Modeling and Analyzing Security of Networked Systems. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :6:1–6:12.

Modeling and analyzing security of networked systems is an important problem in the emerging Science of Security and has been under active investigation. In this paper, we propose a new approach towards tackling the problem. Our approach is inspired by the shock model and random environment techniques in the Theory of Reliability, while accommodating security ingredients. To the best of our knowledge, our model is the first that can accommodate a certain degree of adaptiveness of attacks, which substantially weakens the often-made independence and exponential attack inter-arrival time assumptions. The approach leads to a stochastic process model with two security metrics, and we attain some analytic results in terms of the security metrics.