Book Chapters
“Cyber-Security,” M. Cukier, and
S. Panjwani, in Wiley Handbook of Science and Technology for Homeland
Security, 2009.
“Quantifying the Cost of Providing
Intrusion Tolerance in Group Communication Systems,” H. V.
Ramasamy, P. Pandey, J. Lyons, M. Cukier, and W. H. Sanders, in
Foundations of Intrusion Tolerant Systems (Jay Lala, Ed.), pp. 241-250,
IEEE Computer Society, 2003. (Re-print of a conference paper with the
same title.)
“Formal Specification and Verification of
a Group Membership Protocol for an Intrusion-Tolerant Group
Communication System,” H. V. Ramasamy, M. Cukier, and W. H.
Sanders, in Foundations of Intrusion Tolerant Systems (Jay Lala, Ed.),
pp. 251-260, IEEE Computer Society, 2003. (Re-print of a conference
paper with the same title.)
Journal Papers
Daily Trends and Origin of Computer Focused Crimes against a Large
University Computer Network: An Application of the Routine Activities
and Lifestyle Perspective
D. Maimon, A. Sariti, M. Cukier, and B. Sobesto
British Journal of Criminology
An Evaluation of Connection Characteristics
for Separating Network Attacks
R. Berthier, and M. Cukier
International Journal of Security and Networks, vol. 4, no. 1/2, 2009,
pp. 110-124.
Prioritizing Vulnerability Remediation by
Determining Attacker-Targeted Vulnerabilities
M. Cukier, and S. Panjwani
IEEE Security & Privacy, IEEE Security and Privacy, vol. 7, no. 1,
Jan./Feb. 2009, pp. 42-48.
Evaluating Attack Resiliency for Host Intrusion
Detection Systems
J. Molina, and M. Cukier
Journal of Information Assurance and Security, vol. 4, no. 1, March
2009, pp. 1-9.
Modelling the “Tragedy of the
Commons” Archetype in Enterprise Computer Security
S. N. Rosenfeld, I. Rus, and M. Cukier
Journal of Information Assurance and Security, vol. 4, no. 1, March
2009, pp. 10-20.
Password Changes: Empirical Results
M. Cukier and A. Sharma
ISAST Transactions on Computers and Software Engineering, vol.1, no.1,
2007, pp. 11-16.
Archetypal Behavior in Computer Security
S. N. Rosenfeld, I. Rus, and M. Cukier
Journal of Systems and Software, special issue on Methodology of
Security Engineering for Industrial Security Management Systems), vol.
80, no. 10, October 2007, pp. 1594-1606.
Experiences with Building an Intrusion-tolerant
Group Communication System
H. V. Ramasamy, P. Pandey, M. Cukier, and W. H. Sanders
Software: Practice and Experience, vol. 38, no.6, May 2008, pp. 639-666.
An Architecture for Adaptive Intrusion-Tolerant
Applications
P. Pal, P. Rubel, M. Atighetchi, F. Webber, W. H. Sanders, M. Seri, H.
Ramasamy, J. Lyons, T. Courtney, A. Agbaria, M. Cukier, J. Gossett, and
I. Keidar
Software: Practice and Experience, vol. 36, no. 11-12, September 2006,
pp. 1331-1354.
A Global-State-Triggered Fault Injector for
Distributed System Evaluation
R. Chandra, R. M. Lefever, K. Joshi, M. Cukier, and W. H. Sanders
IEEE Transactions on Parallel and Distributed Systems, vol. 15, no. 7,
July 2004, pp. 593-605.
Formal Verification of a Intrusion-Tolerant
Group Membership Protocol
H. V. Ramasamy, M. Cukier, and W. H. Sanders
IEICE Transactions on Information and Systems, special issue on
Dependable Computing, vol. E86-D, no. 12, December 2003, pp. 2612-2622.
An Adaptive Quality of Service Aware
Middleware for Replicated Services
S. Krishnamurthy, W. H. Sanders, and M. Cukier
IEEE Transactions on Parallel and Distributed Systems, vol. 14, no. 11,
November 2003, pp. 1112-1125.
AQuA: An Adaptive Architecture that Provides
Dependable Distributed Objects J. Ren, T. Courtney, M. Cukier, C.
Sabnis, W. H. Sanders, M. Seri, D. A. Karr, P. Rubel, and R. E. Schantz
IEEE Transactions on Computers, vol. 52, no. 1, January 2003, pp.
31-50.
An Adaptive Algorithm for Tolerating Value
Faults and Crash Failures
J. Ren, M. Cukier, and W. H. Sanders
Special Issue on Dependable Network Computing in the IEEE Transactions
on Parallel and Distributed Systems, vol. 12, no. 2, February 2001,
pp.173-191.
Coverage Estimation Methods for Stratified
Fault-Injection
M. Cukier, D. Powell, and J. Arlat
IEEE Transactions on Computers, vol. 48, no. 7, July 1999, pp.707-723.
Publications in Refereed Symposia/Conferences
Using Population Characteristics to Build Forecasting Models for Computer Security IncidentsE. Condon and M. Cukier
in Proc. 23rd IEEE International Symposium on Software Reliability Engineering (ISSRE 2012), Dallas, TX, November 27-30, 2012. 30% acceptance rate
Are Computer Focused Crimes Impacted By System Configurations?: An Empirical Study
B. Sobesto, M. Cukier, and D. Maimon
in Proc. 23rd IEEE International Symposium on Software Reliability Engineering (ISSRE 2012), Dallas, TX, November 27-30, 2012. 30% acceptance rate
A Journey Towards Rigorous Cybersecurity Experiments: On the Application of Criminological Theories
M. Cukier, D. Maimon, and R. Berthier
in Proc. LASER 2012—Learning from Authoritative Security Experiment Results, Arlington, VA, July 2012.
Diversity with AntiVirus Products: Additional Empirical Studies
I. Gashi, V. Stankovic, M. Cukier, and B. Sobesto
in Digest of FastAbstracts presented at the International Conference on Dependable Systems and Networks (DSN-2012), Boston, USA, June 2012.
How Secure are Networked Office Devices?
E. Condon, Z. Afoulki, E. Cummins and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2011), June 2011. 25% acceptance rate
Characterizing Attackers and Attacks: An Empirical Study
G. Salles-Loustau, R. Berthier, E. Collange, B. Sobesto, and M. Cukier
in Proc. 17th Pacific Rim International Symposium on Dependable Computing (PRDC), Pasadena, CA, December 2011
DarkNOC: Dashboard for Honeypot Management
B. Sobesto, M. Cukier, M. Hiltunen, D. Kormann, G. Vesonder, and R. Berthier
in Proc. 25th Usenix Large Installation System Administration Conference (LISA’11), Boston, MA, December 2011
Nfsight: NetFlow-based Network Awareness Tool
R. Berthier, M. Cukier, M. Hiltunen, D. Kormann, G. Vesonder, and D. Sheleheda
in Proc. 24th Large Installation System Administration Conference (LISA 2010), San Jose, CA, November 2010. 43% acceptance rate
Development and Validation of an Information Security Model for Decision Makers
D. Chrun, M. Cukier, A. Mosleh, and G. Sneeringer
in Proc. European Sefety Reliability Conference (ESREL), September 2010
Investigating the Impact of Humans in Information Technology Security: A Case Study at the University of Maryland
D. Chrun, M. Cukier, A. Mosleh, and G. Sneeringer
in Proc. 10th International Probabilistic Safety Assessment and Management Conference (PSAM), June 2010
A Framework for Software Reliability Management Based on Software Development Profile Model
A. Khoshkhou, M. Cukier, and A. Mosleh
in Proc. 10th International Probabilistic Safety Assessment and Management Conference (PSAM), June 2010
Analyzing the Process of Installing Rogue Software
R. Berthier, J. Arjona, and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2009), June-July 2009. 33% acceptance rate
Evaluating Files to Audit for Detecting Intrusions in FileSystem Data
J. Molina and M. Cukier
in Proc. The 8th IEEE International Symposium on Network Computing and Applications (NCA09), Cambridge, MA, July 9-11, 2009.
The Deployment of a Darknet on an Organization-Wide Network: An Empirical Analysis
R. Berthier and M. Cukier
in Proc. 11th IEEE Symposium on High Assurance Systems Engineering (HASE'08), Nanjing, China, December 3 - 5, 2008, pp. 59-68. 22% acceptance rate
On the Comparison of Network Attack Datasets: An Empirical Analysis
R. Berthier, D. Kormann, M. Cukier, M. Hiltunen, G. Vesonder, and D. Sheleheda
in Proc. 11th IEEE Symposium on High Assurance Systems Engineering (HASE'08), Nanjing, China, December 3 - 5, 2008, pp. 39-48. 22% acceptance rate
On the Use of Security Metrics based on Intrusion Prevention System Event Data: An Empirical Analysis
D. Chrun, M. Cukier, and G. Sneeringer
in Proc. 11th IEEE Symposium on High Assurance Systems Engineering (HASE'08), Nanjing, China, December 3 - 5, 2008, pp. 49-58. 22% acceptance rate
Analysis of Computer Security Incident Data Using Time Series Models
E. Condon, Angela He, and M. Cukier
in Proc. 19th IEEE International Symposium on Software Reliability Engineering (ISSRE 2008), Seattle/Redmond, WA, November 11-14, 2008, pp. 77-86. 25% acceptance rate
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
D. Chrun, M. Cukier, and G. Sneeringer
in Proc. 27th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2008), Newcastle upon Tyne, UK, September 22-25, 2008, pp. 221-234.
38% acceptance rate
Filesystem Activity Following a SSH Compromise: An Empirical Study of File Sequences
J. Molina, X. Chorin, and M. Cukier
in Proc. 10th International Conference on Information Security and Cryptology (ICISC 2007), Seoul, Korea, November 29-30, 2007, pp. 144-155. 23% acceptance rate
Applying Software Reliability Models on Security Incidents
E. Condon, M. Cukier, and T. He
in Proc. 18th IEEE International Symposium on Software Reliability Engineering (ISSRE 2007), Trollhättan, Sweden, November 5-9, 2007, pp. 159-168. 33% acceptance rate
A Comparison between Internal and External Malicious Traffic
M. Cukier and S. Panjwani
in Proc. 18th IEEE International Symposium on Software Reliability Engineering (ISSRE 2007), Trollhättan, Sweden, November 5-9, 2007, pp. 109 - 114. 33% acceptance rate
Profiling Attacker Behavior Following SSH Compromises
D. Ramsbrock, R. Berthier, and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2007), June-July 2007, pp. 119-124. 25% acceptance rate
An Empirical Study of Filesystem Activity Following a SSH Compromise
J. Molina, J. Gordon, X. Chorin, and M. Cukier
in Proc. Sixth International Conference on Information, Communications and Signal Processing (ICICS 2007), Singapore, December 10-13, 2007. 42% acceptance rate
Modeling the “Symptomatic Fixes” Archetype in Enterprise Computer Security
S. N. Rosenfeld, I. Rus, and M. Cukier
in Proc. 30th Annual International Computer Software and Applications Conference (COMPSAC 2006), Chicago, IL, September 18-21, 2006, pp. 178-188. 31% acceptance rate
Assessing the Attack Threat due to IRC Channels
R. Meyer, and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2006), Philadelphia, PA, June 25-28, 2006, pp. 467-472. 24% acceptance rate
A Statistical Analysis of Attack Data to Separate Attacks
M. Cukier, R. Berthier, S. Panjwani and S. Tan
in Proc. International Conference on Dependable Systems and Networks (DSN-2006), Philadelphia, PA, June 25-28, 2006, pp. 383-392. 24% acceptance rate
Modeling and Simulation of the Escalation Archetype in Computer Security
S. N. Rosenfeld, I. Rus, and M. Cukier
in Proc. 2006 Symposium on Simulation Software Security (SSSS06), Huntsville, AL, April 2-6, 2006. 50% acceptance rate
Automated Checking for Windows Host Vulnerabilities
M. Tamizi, M. Weinstein, and M. Cukier
in Proc. 16th IEEE International Symposium on Software Reliability Engineering (ISSRE 2005), Chicago, IL, November 8-11, 2005, pp. 139-148. 32% acceptance rate
An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack
S. Panjwani, S. Tan, K. Jarrin, and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2005), Yokohama, Japan, June 28-July 1, 2005, pp. 602-611. 29% acceptance rate
Ferret: A Host Vulnerability Checking Tool
A. Sharma, J. R. Martin, N. Anand, M. Cukier, and W. H. Sanders
in Proc. IEEE Pacific Rim International Symposium on Dependable Computing (PRDC-10), Papeete, Tahiti, French Polynesia, March 3-5, 2004, pp. 389-394. 40% acceptance rate
An Experimental Evaluation of Correlated Network Partitions in the Coda Distributed File System
R. M. Lefever, M. Cukier, and W. H. Sanders
in Proc. 22nd Symposium on Reliable Distributed Systems (SRDS 2003), Florence, Italy, October 6-8, 2003, pp. 273-282. 29% acceptance rate
Probabilistic Validation of an Intrusion-Tolerant Replication System
S. Singh, M. Cukier, and W. H. Sanders
in Proc. International Conference on Dependable Systems and Networks (DSN-2003), San Francisco, CA, June 22-25, 2003, pp. 615-624. 35% acceptance rate
Experimental Evaluation of the Unavailability Induced by a Group Membership Protocol
K. R. Joshi, M. Cukier, and W. H. Sanders
in 4th European Dependable Computing Conference, (A. D. Gvishiani and F. Grandoni, Eds.), LNCS 2485, pp. 140-158, Springer Verlag, 2002.
An Adaptive Framework for Tunable Consistency and Timeliness Using Replication
S. Krishnamurthy, W. H. Sanders, and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. 17-26. 31% acceptance rate
Quantifying the Cost of Providing Intrusion Tolerance in Group Communication Systems
H. V. Ramasamy, P. Pandey, J. Lyons, M. Cukier, and W. H. Sanders
in Proc. International Conference on Dependable Systems and Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. 229-238. 31% acceptance rate
Passive Replication Schemes in AQuA
Y. Ren, P. Rubel, M. Seri, M. Cukier, W. H. Sanders, and T. Courtney
in Proc. 2002 Pacific Rim International Symposium on Dependable Computing (PRDC2002), Tsukuba, Japan, December 16-18, 2002, pp. 125-130. 65% acceptance rate
Formal Specification and Verification of a Group Membership Protocol for an Intrusion-Tolerant Group Communication System
H. V. Ramasamy, M. Cukier, and W. H. Sanders
in Proc. 2002 Pacific Rim International Symposium on Dependable Computing (PRDC2002), Tsukuba, Japan, December 16-18, 2002, pp. 9-18. 65% acceptance rate
Probabilistic Validation of Intrusion Tolerance
W. H. Sanders, M. Cukier, F. Webber, P. Pal, and R. Watro
Fast Abstract in the Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. B-78 to B-79.
Providing Intrusion Tolerance with ITUA
T. Courtney, J. Lyons, H. V. Ramasamy, W. H. Sanders, M. Seri, M. Atighetchi, P. Rubel, C. Jones, F. Webber, P. Pal. R. Watro, M. Cukier, and J. Gossett
in the Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. C-5-1 to C-5-3.
A Configurable CORBA Gateway for Providing Adaptable System Properties
M. Seri, T. Courtney, M. Cukier, V. Gupta, S. Krishnamurthy, J. Lyons, H. Ramasamy, J. Ren, and W. H. Sanders
in Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. G-26 to G-30.
Performance Evaluation of a QoS-Aware Framework for Providing Tunable Consistency and Timeliness
S. Krishnamurthy, W. H. Sanders, and M. Cukier
in Proc. Tenth International Workshop on Quality of Service (IWQoS 2002), Miami Beach, FL, May 15-17, 2002, pp. 214-223.
Using Bayesian Theory for Estimating Dependability Benchmark Measures
M. Cukier, and C. S. Smidts
in Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002.
An Experimental Evaluation of the Responsiveness of Replica Selection Algorithms
S. Krishnamurthy, W. H. Sanders, and M. Cukier
in Proc. of the Seventh IEEE International Workshop on Object-oriented Real-time Dependable Systems (WORDS 2002), San Diego, CA, January 7-9, 2002, pp. 119-127.
A Dynamic Replica Selection Algorithm for Tolerating Time Faults in a Replicated Service
S. Krishnamurthy, W. H. Sanders, and M. Cukier
in Proc. International Conference on Dependable Systems and Networks (DSN-2001), Göteborg, Sweden, pp. 107-116, July 2001. 35% acceptance rate
An Overview of the AQuA Gateway
M. Seri, T. Courtney, M. Cukier, and W. H. Sanders
in Proc. of the 1st Workshop on The ACE ORB (TAO), St. Louis, MO, August 5-6, 2001.
Survival by Defense-Enabling,
P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, W. Sanders, M. Cukier, and J. Gossett
in Proc. of the New Security Paradigms Workshop 2001, Cloudcroft, New Mexico, September 11-13, 2001, pp. 71-78.
Intrusion Tolerance in ITUA
M. Cukier, J. Lyons, P. Pandey, H. V. Ramasamy, W. H. Sanders, P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, M. Atighetchi, and J. Gossett
in Digest of FastAbstracts presented at the International Conference on Dependable Systems and Networks (DSN-2001), Göteborg, Sweden, pp. B-64 to B-65, July 2001.
Dynamic Node Management and Measure Estimation in a State-Driven Fault Injector
R. Chandra, M. Cukier, R. M. Lefever, and W. H. Sanders
in Proc. 19th IEEE Symposium on Reliable Distributed Systems (SRDS-2000), Nürnberg, Germany, pp. 248-257, October 2000. 26% acceptance rate
Loki: A State-Driven Fault Injector for Distributed Systems
R. Chandra, R. M. Lefever, M. Cukier, and W. H. Sanders
in Proc. International Conference on Dependable Systems and Networks (FTCS-30 and DCCA-8), New York, New York, pp. 237-242, June 2000. 43% acceptance rate
Proteus: A Flexible Infrastructure to Implement Adaptive Fault Tolerance in AQuA
C. Sabnis, M. Cukier, J. Ren, P. Rubel, W. H. Sanders, D. E. Bakken, and D. A. Karr
in Dependable Computing for Critical Applications 7, vol. 12 of Dependable Computing and Fault-Tolerant Systems (C. B. Weinstock and J. Rushby, Eds.), pp. 149-168, IEEE Computer Society Press, 1999. 32% acceptance rate
Building Dependable Distributed Applications Using AQuA
J. Ren, M. Cukier, P. Rubel, W. H. Sanders, D. E. Bakken, and D. A. Karr
in Proc. 4th IEEE Symposium on High Assurance Systems Engineering (HASE'99), Washington, DC, pp. 189-196, November 1999. 61% acceptance rate
Fault Injection Based on the Partial Global State of a Distributed System
M. Cukier, R. Chandra, D. Henke, J. Pistole, and W. H. Sanders
in Proc. 18th IEEE Symposium on Reliable Distributed Systems (SRDS-99), Lausanne, Switzerland, IEEE Computer Society Press, pp. 168-177, October 1999. 43% acceptance rate
Building Dependable Distributed Objects with the AQuA Architecture
M. Cukier, J. Ren, P. Rubel, D. E. Bakken, and D. A. Karr
in Digest of Fast Abstracts presented at the 29th Annual International Symposium on Fault-Tolerant Computing (FTCS-29), Madison, WI, pp. 17-18, June 1999.
AQuA: An Adaptive Architecture That Provides Dependable Distributed Objects
M. Cukier, J. Ren, C. Sabnis, D. Henke, J. Pistole, W. H. Sanders, D. E. Bakken, M. E. Berman, D. A. Karr, and R. E. Schantz
in Proc. 17th IEEE Symposium on Reliable Distributed Systems (SRDS-98), West Lafayette, IN, pp. 245-253, IEEE Computer Society Press, October 1998. 34% acceptance rate
Frequentist and Bayesian Coverage Estimations for Stratified Fault-Injection
M. Cukier, J. Arlat, and D. Powell
in Dependable Computing for Critical Applications 6, vol. 11 of Dependable Computing and Fault-Tolerant Systems (M. Dal Cin, C. Meadows and W. H. Sanders, Eds.), pp.43-61, IEEE Computer Society Press, 1998. 35% acceptance rate
Probabilistic Verification of a Synchronous Round-Based Consensus Protocol
H. S. Duggal, M. Cukier, and W. H. Sanders
in Proc. 16th IEEE Symposium on Reliable Distributed Systems (SRDS-97), Durham, NC, pp.165-174, IEEE Computer Society Press, October 1997.
Estimation of Time-Dependent Coverage
D. Powell, M. Cukier, J. Arlat, and Y. Crouzet
in Proc. 8th European Workshop on Dependable Computing (EWDC-8), Goteborg, Sweden, April 1997, (20 pages).
On Stratified Sampling for High Coverage Estimations
D. Powell, M. Cukier, and J. Arlat
in 2nd European Dependable Computing Conference, (A. Hlawiczka, J. G. Silva and L. Simoncini, Eds.), LNCS 1150, pp.37-54, Springer Verlag, 1996. 39% acceptance rate
Software Reliability Analysis of Three Successive Generations of a Switching System
M. Kaâniche, K. Kanoun, M. Cukier, and M. Bastos Martini
in European Dependable Computing Conference 1, (K. Echtle, D. K. Hammer and D. Powell, Eds.), LNCS 852, pp.473-490, Springer Verlag, 1994. 32% acceptance rate