Publications

Copyright notice: The copyright of the papers available online had already been transferred to the corresponding organizations or presses. We make the paper available exclusively for the academic research community.

  • M. Xu and S. Xu. An Extended Stochastic Model for Quantitative Security Analysis of Networked Systems. Internet Mathematics, 8(3): 288-320 (2012).

  • Y. Dodis, W. Luo, S. Xu and M. Yung. Key-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud Software. AsiaCCS’12.

  • Q. Zheng and S. Xu. Secure and Efficient Proof of Storage with Deduplication. Proceedings of Second ACM Conference on Data and Application Security and Privacy (ACM CODASPY’12).

  • Y. Shang, W. Luo, and S. Xu. L-hop percolation on networks with arbitrary degree distributions and its applications. Physical Review E, Sept. 2011.

  • J. Morales, M. Main, W. Luo, S. Xu, and R. Sandhu. Building Malware Infection Trees. Proceedings of the 6th International Conference on Malicious and Unwanted Software (Malware 2011).

  • S. Xu, W. Lu, and Z. Zhan. A Stochastic Model of Multi-Virus Dynamics. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), Jan 2012.

  • S. Xu, W. Lu, and L. Xu. Push- and Pull-based Epidemic Spreading in Networks: Thresholds and Deeper Insights. ACM Transactions on Autonomous and Adaptive Systems (TAAS), to appear.

  • S. Xu, X. Li, P. Parker, and X. Wang. Exploiting Trust-Based Social Networks for Distributed Protection of Sensitive Data.  IEEE Transactions on Information Forensics & Security, 2011.                                                                                                                                                                                                               o Earlier version appeared in AsiaCCS’08

  • H. Qian and S. Xu. Non-Interactive Multisignatures in the Plain Public-Key Model with Efficient Verification. Information Processing Letters, accepted, 2010

  • H. Qian and S. Xu. Non-Interactive Editable Signatures for Assured Data Provenance. First ACM Conference on Data and Application Security and Privacy (ACM CODASPY’11).

  • Q. Zheng and S. Xu. Fair and Dynamic Proof of Retrievability. First ACM Conference on Data and Application Security and Privacy (ACM CODASPY’11).

  • X. Li, P. Parker, and S. Xu. A Stochastic Model for Quantitative Security Analysis of Networked Systems. IEEE Transactions on Dependable and Secure Computing (IEEE TDSC), 2011.

  • J. Morales, R. Sandhu, and S. Xu. Evaluating Detection and Treatment Effectiveness of Commercial Anti-Malware Programs. Proceedings of the 5th International Conference on Malicious and Unwanted Software (Malware 2010), pp ???.

  • J. Morales, A. Al-Bataineh, S. Xu and R. Sandhu. Analyzing and Exploiting Network Behaviors of Malware. SecureComm’10.

  • J. Morales, E. Kartaltepe, S. Xu, and R. Sandhu. Symptoms-Based Detection of Bot Processes. MMM-ACNS-2010 (5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security).

  • E. Kartaltepe, J. Morales, S. Xu, and R. Sandhu. Social Network-Based Botnet Command-and-Control: Emerging Threats and Countermeasures. ACNS’10. Springer Lecture Notes in Computer Science 6123, pp 511-528.

  • S. Xu, H. Qian, F. Wang, Z. Zhan, E. Bertino, and R. Sandhu. Trustworthy Information: Concepts and Mechanisms. WAIM’10 (11th International Conference on Web-Age Information Management). Springer Lecture Notes in Computer Science 6184, pp 398-404.

  • S. Xu. Towards a Theoretical Framework for Trustworthy Cyber Sensing. Proceedings of the 2010 SPIE Conference on SPIE Defense, Security, and Sensing (DSS’10).

  • P. Parker and S. Xu. A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks. Intrust’09.

  • S. Xu and M. Yung. SocialClouds: Concept, Security Architecture and Some Mechanisms. Intrust’09.

  • J. Morales, A. Al-Bataineh, S. Xu, and R. Sandhu. Analyzing DNS Activities of Bot Processes. Proceedings of the 4th International Conference on Malicious and Unwanted Software (Malware 2009).

  • Q. Ni, S. Xu, E. Bertino, R. Sandhu and W. Han. An Access Control Language for a General Provenance Model. Proc. 6th VLDB Workshop on Secure Data Management (SDM’09).

  • S. Xu, R. Sandhu, and E. Bertino. TIUPAM: A Framework for Trustworthiness-Centric Information Sharing. Invited paper in Proc. 3rd IFIP WG 11.11 International Conference on Trust Management, 2009.

  • S. Xu, Q. Ni, E. Bertino and R. Sandhu. A Characterization of the Problem of Secure Provenance Management. Proc. Workshop on Assured Information Sharing at the IEEE International Conference on Intelligence and Security Informatics (ISI’09).

  • S. Xu and M. Yung. Expecting the Unexpected: Towards Robust Credential Infrastructure. FC’09

  • J. Leonard, S. Xu, and R. Sandhu. A First Step Towards Characterizing Stealthy Botnets. To appear in the Proceedings of The Fourth International Conference on Availability, Reliability and Security (ARES’09), IEEE press, pp ???-???.

  • J. Leonard, S. Xu, and R. Sandhu. A Framework for Understanding Botnets. To appear in the Proceedings of the Third International Workshop on Advances in Information Security (WAIS’09), IEEE press, pp ???-???.

  • S. Xu. Collaborative Attack vs. Collaborative Defense. Invited Paper in the Proceedings of The 4th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborativeCom’08), pp ???-???, Nov. 13-16, 2008.

  • S. Xu. (How) Can We Manage the Trustworthiness of Security Infrastructures and Services. Abstract of Keynote address in the Proceedings of The 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC’08), IEEE press, pp ???-???, Oct. 14-17, 2008.

  • X. Ding, G. Tsudik, and S. Xu. Leak-free Mediated Group Signatures. Journal of Computer Security, Volume 17, Number 4, 2009, pp. 489-514                  o This is the full version of the ICDCS paper below.                        

  • A. Kiayias, S. Xu, and M. Yung. Privacy Preserving Data Mining within Anonymous Credential Systems. SCN’08.

  • S. Xu and S. Capkun. Distributed and Secure Bootstrapping of Mobile Ad Hoc Networks: Framework and Constructions. ACM Transactions on Information and Systems Security (ACM TISSEC), 12(1), 2008.

  • X. Li, P. Parker, and S. Xu. A Probabilistic Characterization of A Fault-Tolerant Gossiping Algorithm. Journal of Systems Science and Complexity, Springer, Accepted.

  • D. Walleck, Y. Li, and S. Xu. An Empirical Analysis of Certificate Revocation Lists. IFIP DBSec’08.

  • S. Xu, X. Li, and P. Parker. Exploiting Social Networks for Thresholding Signing: Attack-resilience vs. Availability. ASIACCS’08.

  • E. Kartaltepe, P. Parker, and S. Xu. How to Secure Your Email Address Book and Beyond. CANS’07.

  • X. Li, P. Parker, and S. Xu. A Stochastic Characterization of a Fault-tolerant Gossip Algorithm. HASE’07.

  • K. Harrison and S. Xu. Protecting Cryptographic Keys from Memory Disclosure Attacks. DSN-DCCS’07. (Preliminary full version with source code is here; a significantly enriched full version will become available some time soon.)

  • P. Sharkey, H. Tian, W. Zhang, and S. Xu. Privacy-Preserving Data Mining Through Knowledge Model Sharing. PinKDD’07.

  • X. Li, P. Parker, and S. Xu. Towards an Analytic Model of Epidemic Spreading in Heterogeneous Systems. Qshine’07.

  • S. Xu and K. Han. Envisioning Stealthy Botnet C&C and Graph-based Detection Metrics (Abstract). DSN’07 fast abstract track.

  • S. Xu and R. Sandhu. A Scalable and Secure Cryptographic Service. IFIP DBSec’07. Preliminary full version is here.

  • X. Li, P. Parker, and S. Xu. Towards Quantifying the (In)Security of Networked Systems. IEEE AINA’07.

  • S. Xu and Moti Yung. K-anonymous Multi-party Secret Handshakes. Financial Cryptography and Data Security 2007 (FC’07).

  • S. Xu. On the security of group communication schemes. Journal of Computer Security, Volume 15, Number 1, 2007, pp. 129 – 169.                                               o This is the full version of the SASN’05 paper below.

  • S. Zhu, S. Setia, S. Xu, and S. Jajodia. GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks. Journal of Computer Security, Volume 14, Number 4, 2006, pp. 301 – 325.                                                                                                                                                                                              o This is the full version of the Mobiquitous’04 paper below.

  • S. Zhu, S. Xu, S. Setia, and S. Jajodia. LHAP: A Lightweight Network Access Control Protocol for Ad-Hoc Networks. Elsevier Ad Hoc Networks Journal, Volume 4, Issue 5, Sept. 2006, pp 567-585.                                                                                                                                                                                              o This is the full version of the MWN’03 paper below.

  • P. Parker and S. Xu. Towards Understanding the (In)security of Networked Systems under Topology-directed Stealthy Attacks. Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC’06), pp ???-???.

  • G. Tsudik and S. Xu. A Flexible Framework for Secret Handshakes. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (PET’06).                                                                                                                                                                                                                                                                              o This is an extended version of the PODC’05 brief announcement.

  • J. Dowd, S. Xu, and W. Zhang. Privacy-Preserving Decision Tree Mining Based on Random Substitutions. In the Proceedings of the 2006 International Conference on Emerging Trends in Information and Communication Security (ETRICS’06), LNCS 3995, pp 145-159.

  • E. Kartaltepe and S. Xu. Towards Blocking Outgoing Malicious Impostor Emails. In the Proceedings of the 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing. IEEE Press, pp 657-661.

  • S. Xu. On the Security of Group Communication Schemes based on Symmetric Key Cryptosystems. In the Proceedings of ACM Workshop on Security of Ad hoc and Sensor Network 2005 (ACM SASN’05), ACM press, pp 22-31.                                                                                                                                      o The full version is invited to submit to a special issue of Journal of Computer Security.

  • E. Kartaltepe and S. Xu. On Automatically Detecting Malicious Imposter Emails. In Proceedings of International Workshop on Applied PKI 2005 (IWAP’05), IOS Press, pp ??-??.

  • G. Tsudik and S. Xu. Brief Announcement: A Flexible Framework for Secret Handshakes. In Proceedings of ACM Symposium on Princples of Distributed Computing 2005 (ACM PODC’05), ACM Press, pp 39.

  • S. Xu and W. Zhang. Knowledge as a Service and Knowledge Breaching. In the Proceedings of IEEE International Conference on Service Computing (IEEE SCC’05), IEEE Press, pp 87-94.

  • S. Xu and M. Yung. K-Anonymous Secret Handshakes with Reusable Credentials. ACM CCS’04. (full version not available yet)

  • S. Xu and W. Zhang. PBKM: A Secure Knowledge Management Framework. NSF/NSA/AFRL Workshop on Secure Knowledge Management’04.

  • S. Xu and M. Yung. Accountable Ring Signatures: A Smart Card Approach. IFIP CARDIS’04.

  • S. Zhu, S. Setia, S. Xu, and S. Jajodia. GKMPAN: An Efficient Group Rekeying Scheme for Secure Multicast in Ad-Hoc Networks. Mobiquitous’04.

  • S. Xu, W. Nelson Jr. and R. Sandhu. Enhancing Anonymity via Market Competition. Information Assurance and Security — IEEE ITCC’04.

  • S. Xu and R. Sandhu. Applying OM-AM to Analyze Digital Rights Management. 7th International Conference on E-Commerce Research, 2004.

  • X. Ding, G. Tsudik, and S. Xu. Leak-free Group Signatures with Immediate Revocation. ICDCS’04.

  • G. Tsudik and S. Xu. Accumulating Composites and Improved Group Signing. Asiacrypt’03; an extended preliminary version is here.

  • S. Zhu, S. Xu, S. Setia, and S. Jajodia. Establishing Pair-Wise Keys for Secure Communication in Ad Hoc Networks: A Probabilistic Approach. ICNP’03.

  • A. Bagchi, A. Chaudhary, M. Goodrich, and S. Xu. Constructing Dijoint Paths for Secure Communication. DISC’03.

  • S. Zhu, S. Xu, S. Setia, and S. Jajodia. LHAP: A Light-weight Hop-by-hop Authentication Protocol For Ad-Hoc Networks. Workshop on Mobile and Wireless Networks (MWN’03, affiliated with ICDCS’03)

  • S. Xu and M. Yung. Retrofitting Fairness on the Original RSA-Based E-Cash. Financial Cryptography’03.

  • S. Xu and R. Sandhu. Two Efficient and Provably Secure Schemes for Server-Assisted Threshold Signatures. RSA-CT’03.

  • Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC’03.

  • Y. Dodis, J. Katz, S. Xu, and M. Yung. Key-Insulated Public Key Cryptosystems. Eurocrypt’02.

  • S. Xu and M. Yung. The Dark Side of Threshold Cryptography. Financial Cryptography’02.

  • S. Xu and R. Sandhu. Authenticated Multicast Immune to Denial-of-Service Attacks. ACM SAC’02.

  • S. Xu, M. Yung, and G. Zhang. Friendly Observers Ease Off-Line E-Cash. CARDIS’00.

  • S. Xu, M. Yung, and G. Zhang. Scalable, Tax-Evasion Free, Anonymous Investing. IFIP SEC’00.

  • S. Xu, M. Yung, G. Zhang, and H. Zhu. Money Conservation via Atomicity in Fair Off-Line E-Cash. ISW’99, LNCS 1729.

  • S. Xu, G. Zhang, and H. Zhu. Securing Systems Using E-Cash. InfoSecu’99.

  • S. Xu, G. Zhang, and H. Zhu. Two Digital Signature Schemes Based on Graph 3-Colorability Problem. ICYCS’99.

  • S. Xu, H. Zhu, and G. Zhang. Digital Signature Schemes Based on Graph Isomorphism and Graph 3-Colorability Problems. CrypTEC’99.

  • S. Xu, G. Zhang, and H. Zhu. On the Security of Three-Party Cryptogrpahic Protocols. ACM Operating Systems Review, Vol. 32, No. 3, July 1998, pp 7-20.

  • S. Xu, G. Zhang, and H. Zhu. On the Security of Cryptogrpahic Protocols (Extended Abstract). ChinaCrypt’98.

  • S. Xu, G. Zhang, and H. Zhu. On the Properties of Cryptogrpahic Protocols and the Weaknesses of BAN-Like Logics. ACM Operating Systems Review, Vol. 31, No. 4, October 1997, pp 12-23.

  • S. Xu, G. Zhang, H. Zhu et al. A General Solution to the Security Problems on the Internet/Intranet Platform. Proceedings of the Sixth Chinese Symposium on Security and Privacy, 1997

Other Publications (in Chinese):

  • S. Xu. A Study in Digital Currency. PhD Dissertation, Dec. 1999, Department of Computer Science, Fudan University, Shanghai, China.

  • S. Xu, G. Zhang, and H. Zhu. A Self-Delegation System and the Knowledge Complexity of Problems. Journal of Software, Vol. 10, No. 2, February 1999, pp 170-174.

  • S. Xu and G. Zhang. Encryption Mechanism for Routing Information Based on the Internet Protocol. Computer Research and Development, Vol. 35, No. 8, August 1998, 753-759

  • S. Xu, G. Zhang, and H. Zhu. Recent Advances in Modern Cryptography. NCYCS’98.

  • S. Xu and M. Hu. Security Strategy for Oracle-Based Application Systems. Computer Engineering and Design, Vol. 18, No. 4, April 1997, pp 43-38.

  • S. Xu and M. Hu. Prospects on Database Security. Computer Engineering, Vol. 23, No. 3, March 1997, pp 50-53.

  • S. Xu and M. Hu. The Storage and Retrieve Techniques for Object-Oriented Multimedia DataBase Systems. Computer Engineering, Vol. 22, No. 5, May 1996, pp 14-17.

  • S. Xu and M. Hu. Database Based on Spatial Algebra. Software, Vol. 4, No. 3, March 1996, pp 20-23.