CIS students won Best Student Paper Award at Annual Computer Security Conference

Heqing Huang and Su Zhang, two PhD students from Department of Computing and Information Sciences (CIS), won the Best Student Paper Award at this year's Annual Computer Security Applications Conference (ACSAC). The award was announced on Friday Dec 9 in Orlando, FL, during the conference's closing ceremony.

Started in 1984, ACSAC is one of the oldest conferences in computer security. It is well-attended by security professionals from academia, government and industry who are interested in applied security. It is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. The conference has grown over the years to achieve world-wide attendance and recognition for the high quality of its presentations, discussions, and interactions.

"This is an impressive achievement for the students," said the students' advisor Xinming (Simon) Ou, assistant professor of CIS. "Heqing is the lead author of the paper who carried out the research and paper writing very independently. This is really exceptional for a first-year PhD student who entered with a bachelor's degree, and for his first research/paper writing experience."

The award-winning paper is titled "Distilling Critical Attack Graph Surface iteratively through Minimum-Cost SAT Solving". Besides the two students, the paper is also co-authored by Dr. Ou and two collaborators from University of Michigan. Unlike in the other disciplines, the predominant peer-reviewed publication venues in computer science are conferences. According to the conference program committee, ACSAC received a very high number of submissions this year and many papers of a high quality, which makes the achievement all the more impressive. From all of the accepted papers which constitute less than 20% of all submissions, the students' paper "clearly stood out from the review rounds."

Attack graph is sophisticated analysis techniques to identify all possible ways an enterprise network can be attacked by malicious users. It can be used to automate network security defense. The paper is based on the MulVAL attack-graph work carried out in the Argus cybersecurity lab at CIS department. MulVAL is an internationally recognized attack-graph technology used by a number of governmental agencies and companies. On Dec 4, the day before the conference, Argus lab officially released MulVAL as an open-source tool that can be downloaded and used freely by security practitioners around the world. Dr. Simon Ou also gave a well-attended tutorial during the conference on how to use MulVAL to conduct enterprise network security assessment.