• Publications
  • Influence
A scalable approach to attack graph generation
Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. Previous work on attack graphs has not provided an account of the scalability of the graph generatingExpand
  • 529
  • 40
Time-to-Compromise Model for Cyber Risk Reduction Estimation
We propose a new model for estimating the time to compromise a system component that is visible to an attacker. The model provides an estimate of the expected value of the time-to-compromise as aExpand
  • 133
  • 19
Ideal Based Cyber Security Technical Metrics for Control Systems
Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis forExpand
  • 58
  • 8
Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System
We propose a new methodology for obtaining a quantitative measurement of the risk reduction achieved when a control system is modified with the intent to improve cyber security defense againstExpand
  • 103
  • 6
Non-evolutionary algorithm for scheduling dependent tasks in distributed heterogeneous computing environments
The Problem of obtaining an optimal matching and scheduling of interdependent tasks in distributed heterogeneous computing (DHC) environments is well known to be an NP-hard problem. In a DHC system,Expand
  • 55
  • 6
Empirical Estimates and Observations of 0Day Vulnerabilities
We define a 0Day vulnerability to be any vulnerability, in deployed software, that has been discovered by at least one person but has not yet been publicly announced or patched. These 0DayExpand
  • 60
  • 4
Measurable Control System Security through Ideal Driven Technical Metrics
The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based onExpand
  • 7
  • 2
Deception used for cyber defense of control systems
Control system cyber security defense mechanisms may employ deception in human system interactions to make it more difficult for attackers to plan and execute successful attacks. These deceptiveExpand
  • 33
  • 1
Primer Control System Cyber Security Framework and Technical Metrics
The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators inExpand
  • 3
  • 1
Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues
This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of anyExpand
  • 79