Steven Cheung

Computer Science Laboratory
SRI International
333 Ravenswood Avenue
Menlo Park, California 94025, USA

steven.cheung "at" sri.com

• Network security
• Sensor networks
• Intrusion detection and response
• Parallel computing
  

• Cyber-Threat Analytics (Cyber-TA)

A research initiative that focuses on defending against large-scale network threats. A goal is to develop technologies that enable a large number of organizations to collaboratively detect and mitigate attacks in a privacy-preserving manner.


• Detection and Analysis of Threats to the Energy Sector (DATES)
  

• Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD)
• Intrusion Tolerance for NEST
• Correlated Attack Modeling
  
• Dependable Intrusion Tolerance
• Process Control Systems Security
• Sensor Coordination using Active Dataspaces

• A. Valdes and S. Cheung, "Communication Pattern Anomaly Detection in Process Control Systems", 2009 IEEE International Conference on Technologies for Homeland Security, Waltham, MA, May 2009.
• S. Cheung and A. Valdes, "Malware Characterization through Alert Pattern Discovery", Proceedings of the 2nd USENIX Workshop on Large-scale Exploits and Emergent Threats, Boston, MA, April 2009.
• A. Valdes and S. Cheung, "Intrusion Monitoring in Process Control Systems", Proceedings of the 42nd Hawaii International Conference on System Sciences, Big Island, Hawaii, January 2009.
• T.E. Uribe and S. Cheung, "Automatic Analysis of Firewall and Network Intrusion Detection System Configurations". Journal of Computer Security, Vol.15, No.6,  2007. (An earlier version appears in the Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, Washington, D.C., October 2004.)
• R. Cunningham, S. Cheung, M. Fong, U. Lindqvist, D. Nichol, R. Pawlowski, E. Robinson, W. Sanders, S. Singh, A. Valdes, B. Woodworth and M. Zhivich, "Securing Current and Future Process Control Systems", Chapter 8 in IFIP International Federation for Information Processing, Volume 253, Critical Infrastructure Protection, eds. E. Goetz and S. Shenoi, Springer, pp. 99-115, 2007. (This paper was presented in the First Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, March 2007.)
  
• S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner, and A. Valdes, "Using Model-based Intrusion Detection for SCADA Networks", Proceedings of the SCADA Security Scientific Symposium, Miami Beach, Florida, January 2007.
  
• M. Abdelhafez and S. Cheung, "Sensor Coordination Using Active Dataspaces", Technical Report, SRI-CSL-07-01, Computer Science Laboratory, SRI International, January 2007.
• S. Cheung, B. Dutertre, U. Lindqvist, "Detecting Disruptive Routers in Wireless Sensor Networks", Proceedings of the 5th International Conference on Ad-hoc, Mobile, and Wireless Networks, Ottawa, Canada, August 2006.
• S. Cheung, "Denial of Service against the Domain Name System", IEEE Security and Privacy, Vol.4, No.1, pp.40-45, January/February, 2006.
• M. Bishop, S. Cheung, J. Frank, J. Hoagland, S. Samorodin, and C. Wee, "Internet Security". Chapter 6 of Statistical Methods in Computer Security, W. Chen (ed.), Marcel Dekker, New York, NY, 2005.
• B. Dutertre, S. Cheung, and J. Levy, "Lightweight Key Management in Wireless Sensor Networks by Leveraging Initial Trust", Technical Report SRI-SDL-04-02, System Design Laboratory, SRI International, April 2004.
• T.E. Uribe, S. Cheung, J. Levy, and A. Valdes, "Intrusion Tolerance and Worm Spread". Fast abstract. International Conference on Dependable Systems and Networks (DSN-2003), San Francisco, CA, June 2003.
  
• S. Cheung, U. Lindqvist, and M.W. Fong, "Modeling Multistep Cyber Attacks for Scenario Recognition", Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, Washington, D.C., April 2003.
• A. Valdes, M. Almgren, S. Cheung, Y. Deswarte, B. Dutertre, J. Levy, H. Saidi, V. Stavridou, and T.E. Uribe, "Dependable Intrusion Tolerance: Technology Demo", Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX III), Washington, D.C., April 2003.
• P.A. Porras, S. Cheung, and M. Almgren, "Malicious Code Outbreak Discovery: Issues and Approaches", Position Paper, DARPA Malicious Code Defense Workshop, Denver, Colorado, August 2002.
  
• A. Valdes, M. Almgren, S. Cheung, Y. Deswarte, B. Dutertre, J. Levy, H. Saidi, V. Stavridou, and T.E. Uribe, "An Architecture for an Adaptive Intrusion Tolerant Server", Proceedings of the Security Protocols Workshop, Cambridge, UK, April 2002.
  
• S. Cheung, and K.N. Levitt, "A Formal-Specification Based Approach for Protecting the Domain Name System", Proceedings of the International Conference on Dependable Systems and Networks (Workshop on Dependability Despite Malicious Faults), New York City, New York, June 25-28, 2000.
• K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R.A. Olsson, "Detecting Disruptive Routers: A Distributed Network Monitoring Approach", IEEE Network, September/October 1998. An earlier version appears in the Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, California, May 3-6, 1998.
• S. Cheung, "An Efficient Message Authentication Scheme for Link State Routing", Proceedings of the 13th Annual Computer Security Applications Conference, San Diego, California, December 8-12, 1997.
• S. Cheung, and K.N. Levitt, "Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection", Proceedings of the New Security Paradigms Workshop, Cumbria, UK, September 23-26, 1997.
• M. Bishop, S. Cheung, J. Frank, J. Hoagland, S. Samorodin, and C. Wee, "The Threat from the Net", IEEE Spectrum, August 1997.
• C.K. Au-Yeung, F.C.M. Lau, and S. Cheung, "Efficient Computations on Cube-Mesh: A Mesh with Express Links", Computer Architecture '97: Selected Papers of the 2nd Australasian Conference, R. Pose (ed.), Springer, 1997.
  
• S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, "GrIDS: A Graph-Based Intrusion Detection System for Large Networks", Proceedings of the 19th National Information Systems Security Conference, Baltimore, Maryland, October 21-25, 1996.
• S. Cheung and F.C.M. Lau, "Routing with Locality on Meshes with Buses", Journal of Parallel and Distributed Computing, February 1996.
• S. Cheung and F.C.M. Lau, "Efficient Computations on Meshes with Express Links", Technical Report TR-95-01, Department of Computer Science, The University of Hong Kong, May 1995.
  
• K.N. Levitt and S. Cheung, "Common Techniques in Fault-Tolerance and Security", Proceedings of the 4th Conference on Dependable Computing for Critical Applications, San Diego, California, January 1994.
  
• S. Cheung and F.C.M. Lau, "Time Lower Bounds for Permutation Routing on Multi-Dimensional Bused Meshes", Parallel Processing Letters, June 1993.
• S. Cheung and F.C.M. Lau, "A Lower Bound for Permutation Routing on Two-Dimensional Bused Meshes", Information Processing Letters, April 1993.
• S. Cheung and F.C.M. Lau, "Mesh Permutation Routing with Locality", Information Processing Letters, August 1992.