General Research on Attack Graphs: Various
work by (and in cooperation with) Prof. Somesh Jha (UW-
Madison), as well as related research. Example: http://seclab.cs.ucdavis.edu/seminars/AttackGraphs.pdf Modeling attacks pathways as graphs (note that I am NOT
doing "Model Checking")
Toward an Automated Vulnerability Comparison of Open
Source IMAP Servers: Talk by Chaos Golubitsky at
LISA 05 http://www.usenix.org/events/lisa05/tech/golubitsky.html Computing metrics about attack surfaces and using them
to draw interesting security conclusions