Source: Xinming "Simon" Ou, 785-532-6350, xou@k-state.edu
http://www.k-state.edu/media/mediaguide/bios/oubio.html
Pronouncer: Ou is Oh
Photo available. Contact media@k-state.edu or 785-532-2535.
News release prepared by: Greg Tammen, 785-532-2535, media@k-state.edu

Monday, July 12, 2010

HP LABS SELECTS K-STATE CYBERSECURITY RESEARCHER FOR INNOVATION RESEARCH PROGRAM

MANHATTAN -- Kansas State University's Xinming "Simon" Ou, assistant professor of computing and information sciences, is among a select group of professors chosen worldwide to participate in the Hewlett-Packard Co. Labs Innovation Research Program.

K-State is one of only 52 universities in the world to receive a 2010 Innovation Research Award. The annual program provides colleges, universities and research institutes around the world with opportunities to conduct breakthrough collaborative research with HP. More than 375 proposals from 202 universities across 36 countries were reviewed for this year's program.

"Our goal with the HP Labs Innovation Research Program is to inspire the brightest minds from around the world to conduct high-impact scientific research addressing the most important challenges and opportunities facing society in the next decade," said Prith Banerjee, senior vice president of research at HP and director of HP Labs. "Kansas State University has demonstrated outstanding achievement and we look forward to collaborating with the university in this dynamic area of research."

Ou received a $73,000 award to fund investigation on automating security. His project, "A New Approach to Rigorous Risk Analytics using Attack Graphs," will pair him with researchers at HP labs. The project involves developing quantitative security metrics for enterprise networks. It is based on Ou's well-known work on Multihost, Multistage Vulnerability Analysis Language, or MulVAL, attack graph – a methodology for automatically identifying possible cyber-intrusion paths into a computer network.

"Modern enterprise security management is the practice of finding the best economic trade-off between security risks and costs to the organization," Ou said. "A significant challenge is establishing sound quantitative risk metrics that are indispensable in economic analysis. Our research will investigate efficient and effective quantitative risk analytics methods for enterprise security, with the goal of producing a theoretically sound metric model with extensive empirical evaluation."

HP is a leader in enterprise security solutions, Ou said.

"I am very happy about the generous support provided by HP's Innovation Research Program and the opportunity to collaborate with HP labs researchers on this important problem," he said.

Ou's work also was recognized nationally this spring with a National Science Foundation CAREER Award. He will receive nearly $430,000 during five years for his project, "Reasoning under Uncertainty in Cybersecurity." CAREER Awards support the early career-development activities of junior teacher-scholars who most effectively integrate research and education within the context of the mission of their institution.

Ou joined K-State in 2006 and directs research for the cybersecurity research group Argus. His work is primarily in enterprise network security defense with a focus on attack graphs, security configuration management, intrusion detection and security metrics for enterprise networks.

Prior to K-State, Ou was a postdoctoral research associate at Purdue University's Center for Education and Research in Information Assurance and Security, and a research associate at Idaho National Laboratory. He received his doctorate in computer science from Princeton University in 2005 and earned his bachelor's and master's in computer science from Tsinghua University in Beijing, China.