talk: Understanding Ambiguity in Privacy and Security Requirements, 11:15 Fri 11/4 ITE229

The UMBC Cyber Defense Lab presents

Regulatory Compliance Software Engineering:
Understanding Ambiguity in Privacy and Security Requirements

Aaron Massey

Department of Information Systems
University of Maryland, Baltimore County

11:15am-12:30pm Friday, 4 November  2016, ITE 229

Software engineers building software systems in regulated environments must ensure that software requirements accurately represent obligations described in laws and regulations. Ambiguities in legal texts can make the difference between compliance and non-compliance. Ensuring alignment and compatibility is challenging because policy analysts who write laws and regulations approach ambiguity differently than the software engineers who implement software in regulated environments. Although software regulation continues to increase in visibility, prevalence, and importance–particularly for security and privacy, few software processes address challenge of identifying, classifying, and understanding regulatory ambiguity. Herein, we develop an ambiguity taxonomy based on software engineering, legal, and linguistic approaches to ambiguity. We also present two case studies of policy analysts and technologists identifying and classifying ambiguities in a portion of the Health Insurance Portability and Accountability Act (HIPAA) using this taxonomy. Results of this work suggest that the taxonomy developed can serve as a guide for identifying and classifying ambiguity but participants were not able to consistently agree on a rationale defending their ambiguity classification. These results suggest a strategy for addressing ambiguities in regulatory text—software engineers are likely to be successful at identifying elements of a legal text that then require supplemental expertise to resolve. The contributions of this work include the ambiguity taxonomy developed as well as mechanism for reporting identified ambiguities in a legal text which we call Ambiguity Intensity Maps.

 Aaron Massey is an Assistant Professor of Software Engineering at UMBC and the Co-Director of  His research interests include computer security, privacy, software engineering, and regulatory compliance in software systems.  Aaron is a recipient of the Walter H. Wilkinson Graduate Research Ethics Fellowship and a recipient of a Google Policy Fellowship.  Before coming to UMBC, he was a Postdoctoral Fellow at Georgia Tech’s School of Interactive Computing.  Aaron earned a PhD and MS in Computer Science from North Carolina State University and a BS in Computer Engineering from Purdue University.  He is a member of the ACM, IEEE, IAPP, and the USACM Public Policy Council.

Host: Alan T. Sherman,


talk: Learning to Predict the Future from Unlabeled Data, 1pm Fri 10/28, ITE229, UMBC

The UMBC CSEE Seminar Series Presents

Learning to Predict the Future from Unlabeled Data

Hamed Pirsiavash, CSEE Department, UMBC

1-2pm Friday, 28 October 2016, ITE 229

Anticipating actions and objects before they start or appear is a difficult problem in computer vision with several real-world applications. This task is challenging partly because it requires leveraging extensive knowledge of the world that is difficult to write down. We believe that a promising resource for efficiently learning this knowledge is through readily available unlabeled video. I will talk about our framework that capitalizes on temporal structure in unlabeled video to learn to anticipate human actions and objects. The key idea behind our approach is that we can train deep networks to predict the visual representation of images in the future. I will also talk about our recent work on a Generative Adversarial learNing (GAN) architecture that generates a novel video given the first frame.

Hamed Pirsiavash is an assistant professor at the University of Maryland, Baltimore County (UMBC) since August 2015. Prior to that, he was a postdoctoral research associate at MIT working with Antonio Torralba. He earned his PhD at the University of California Irvine under the supervision of Deva Ramanan (now at CMU). He performs research in the intersection of computer vision and machine learning.

Organizers: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

Online discussion with NGC: Building the Cyber Workforce, 10am Fri Oct 28

Today’s cybersecurity industry is expected to grow by almost $100 billion dollars by 2020. That means that there will be an unprecedented number of jobs to fill to meet the demand and keep to our economic and national security intact. Job postings for cybersecurity positions have increased 74%  in the past five years, with a global projection of 1.5 million unfilled jobs over the next five years. Many are calling the increasing shortage of workers a national crisis.

Northrop Grumman will host an online event to discuss Building the Cyber Workforce from 10:00-11:00am on Friday, 28 October 2016. The discussion features UMBC president Freeman Hrabowski and two UMBC alumni: Lauren Mazzoli (’15 CS, Math) who is currently a Northrop Grumman Cyber Software Engineer and Eric Conn (’85 CS) who is the founder and CEO of Leverege and a bwtech@UMBC Cync Incubator participant.  The discussion will be moderated by Tom Temin of Federal News Radio.

You can watch the discussion live this Friday on the Web, tweet questions to @NGCNews and follow @UMBC, which will be live tweeting the #NGcyber event. If you are on campus, join us in ITE325 to watch the event and discuss it afterward.

Prof. Anupam Joshi comments on recent DDoS attack on MPT show

CSEE Prof. Anupam Joshi was interviewed on MPT’s Direct Connection about the recent massive distributed denial of service attack that was launched from a botnet from compromised IoT devices. The attack disrupted access to many popular Internet sites, including Twitter, Netflix, Amazon and PayPal. Dr. Joshi discussed the mechanism that used and what can be done to reduce the risks of similar attacks. He also pointed out that Mirai, the name of one of the software systems used by the attackers, is a Japanese word that means “future” and that this may be a harbinger of things to come.

UMBC’s Anthony Johnson appointed to IEEE Corporate Innovation Award Committee

CSEE Professor Anthony Johnson has been appointed by the IEEE to its Corporate Innovation Award Committee. The IEEE Corporate Innovation Award was established in 1985 to recognize outstanding innovation by an organization in an IEEE field of interest. The recipient must be a corporate, governmental, or academic entity working within the fields of interest to IEEE. Recent recipients include Intel, SanDisk, DARPA, and Applied Materials, Inc.

Dr. Johnson is the director of UMBC’s Center for Advanced Studies in Photonics Research. His research is in the area of ultrafast optics and optoelectronics- the ultrafast photophysics and nonlinear optical properties of bulk, nanoclustered, and quantum well semiconductor structures, untrashort pulse propagation in fibers and high-speed lightwave systems. He is a fellow of IEEE, the Optical Society of America, the American Physical Society, AAAS and the National Society of Black Physicists.

Tim Finin in the shark tank at AFCEA DC’s Cybersecurity Summit


CSEE faculty member Tim Finin was a judge in the Shark Tank event held at the AFCEA-DC’s 7th Annual Cybersecurity Summit on 11 October 2016. The summit is held each year by the DC chapter of AFCEA, the Armed Forces Communications and Electronics Association.

In the two shark tank session, cyber entrepreneurs presented their ideas to a panel of sharks that included cybersecurity experts from government, industry, academia and the venture capital community. The contestants tried to convince the sharks to choose their cyber technology over the other presentations. Early start-ups, as well as large federal system integrators, were eligible to sign up to present their latest and greatest technologies.

Two contestants were selected as winners, one from each session: Javelin Networks and Dark Cubed.  Videos of the two shark tank panels as well as other sessions are available at Cybersecurity TV.

talk: Credibility, Privacy and Policing on Online Social Media, 1pm Fri 10/14, UMBC


Credibility, Privacy and Policing on Online Social Media

Prof. Ponnurangam Kumaraguru (“PK”)
Indraprastha Institute of Information Technology, Delhi, India

1:00-2:00pm Friday, 14 October 2016, ITE 229, UMBC

With increase in usage of the Internet, there has been an exponential increase in the use of online social media on the Internet. Websites like Facebook, Google+, YouTube, Orkut, Twitter and Flickr have changed the way the Internet is being used. There is a dire need to investigate, measure, and understand privacy and security on online social media from various perspectives (computational, cultural, psychological). Real world scalable systems need to be built to detect and defend security and privacy issues on online social media. I will describe briefly some cool projects that we work on: TweetCred, OSM & Policing, OCEAN, and Call Me MayBe. Many of our research work is made available for public use through tools or online services. Our work derives techniques from Computational Social Science, Data Science, Statistics, Network Science, and Human Computer Interaction. In particular, in this talk, I will focus on the following:

  • TweetCred, a tool to extract intelligence from Twitter which can be useful to security analysts. TweetCred is backed by award-winning research publications in international and national venues.
  • How police in India are using online social media, how we can use computer science understanding to help police engage more with citizens and increase the safety in society.
  • OCEAN: Open source Collation of eGovernment data and Networks, how publicly available information on Government services can be used to profile citizens in India. This work obtained the Best Poster Award at Security and Privacy Symposium at IIT Kanpur, 2013 and it has gained a lot of traction in Indian media.
  • Given an identity in one online social media, we are interested in finding the digital foot print of the user in other social media services, this is also called digital identity stitching problem. This work is also backed by award-winning research publication.

Ponnurangam Kumaraguru (“PK”) is an Associate Professor, at the Indraprastha Institute of Information Technology (IIIT), Delhi, India from Aug 2009. He is currently the Hemant Bharat Ram Faculty Research Fellow, and the Founding Head of Cybersecurity Education and Research Centre. PK is an ACM Distinguished Speaker. He received his Ph.D. from the School of Computer Science at Carnegie Mellon University. He is primarily excited about and works with a bunch of smart students and collaborators around the world on the issues related to Privacy and Security in Online Social Media, Computational Social Science, and Data Science for Social Good. In the past seven years of his faculty life, he has managed projects close to a $800,000 USDs. PK has received research funds from multiple departments of the Government of India, National Science Foundation, Adobe, RSA, and International Development Research Centre. PK is part of multiple government initiatives / projects in the area of Cybersecurity in India. Technology that PK and his students have developed at IIIT Delhi is currently being used by 40+ different State and Central Government agencies in India. PK has spent his summer sabbaticals at IBM India Research Labs, Adobe Research Labs – India, and Universidade Federal de Minas Gerais. He is currently visiting Max Planck Institute for Software Systems for Summer 2016. PK regularly serves as a PC member at prestigious conferences like WWW, ICWSM, CSCW, AsiaCCS and he also serves as a reviewer for International Journal of Information Security and ACM’s Transactions on Internet Technology. PK’s Ph.D. thesis work on anti-phishing research at CMU has contributed in creating an award winning start-up Wombat Security Technologies, which recently raised Series C funding and also acquired a company. PK founded and manages the PreCog research group at IIIT-Delhi.

Host: Anupam Joshi,

π² Immersive Hybrid Reality Lab ribbon cutting, 2-4pm Fri 10/14

UMBC will hold an event to celebrate the opening of  the new  π² Immersive Hybrid Reality Laboratory from 2:00-4:00pm on Friday, 14 October 2016 in the new lab in room 229 of the Information Technology/Engineering building.

π² will be one of the most advanced visualization facilities of its kind in the mid-Atlantic region. UMBC sees it as enabling new research efforts on the visual exploration of data and knowledge discovery for biology, math, engineering, visual arts, and digital humanities as well as a tool to study and enhance the potential of the medium itself.

The instrument features a curved wall with a 50 million pixel resolution made from multi-column, thin-bezel, and stereo-capable LCD panels with a six degree-of-freedom tracking system. The system will integrate and leverage many important characteristics: immersion, hybrid reality, high resolution, large field of view, large space and size, body-centric human-computer interaction, and support for heterogeneous data fusion.

The facility was made possible by an NSF MRI award  granted to a team lead by Professor Jian Chen (CSEE) and including Craig Saper (Language, Literacy, and Culture), Karl Steiner (VP of Research), Penny Rheingans (CSEE) and Michael Summers (Biological Science).

The event is an open house with only a few formal remarks. Speakers will include Freeman Hrabowski (President of UMBC), Karl Steiner (Vice President for Research at UMBC) and Jian Chen (the UMBC professor who was awarded an NSF grant to create the system).  Get more information and register to attend here.

Live webinar on paid internships at NSA and more, 5pm Thr 10/13

nsa live student programs

What’s it really like to be an intern at the National Security Agency? Learn about the wide array of available opportunities from former NSA interns who are now NSA employees. Join them for a live webinar 5-6pm Thursday, October 13 to learn more about the benefits of our paid internships and co-op programs. NSA has more than 30 programs available in a wide variety of majors:

  • Computer Science, Computer/Electrical Engineering & Information Systems
  • Mechanical/Civil Engineering & Architecture
  • Mathematics
  • International Affairs & Foreign Language
  • Other fields like Business & Human Resources

They will also talk about the application process and what to expect. Don’t miss this final window to apply — all internship programs close later this month!  U.S. citizenship is required for NSA employment NSA is an Equal Opportunity Employer.

Register now for the Student Programs Webinar, 5-6pm Thursday, 13 Oct. 2016. Seats are limited, so don’t put it off!

Security of Software Defined Networks, 11:15 Fri 10/7, UMBC

The UMBC Cyber Defense Lab presents

An Introduction to the Security of Software Defined Networks

Enis Golaszewski
CSEE Department, UMBC

11:15am-12:30pm, Friday, 7 October, UMBC, ITE 229

We introduce the concept of Software Defined Networks (SDNs) and the security challenges facing them. SDNs are a promising new network architecture that separates the data and control planes. By providing a central point of control and visibility over the network, SDNs allows a network to handle traffic with unprecedented flexibility, while simultaneously introducing potentially vulnerable lines of communication between a centralized controller and its constituent switches. To highlight the security challenges facing SDNs, we introduce and discuss several existing attacks. Anyone interested in networks and network security will want to know about the emerging trend of SDNs.

About the Speaker. Enis Golaszewski () is a first-semester PhD student and SFS scholar at UMBC working with Dr. Sherman on the security of software defined networks.

Host: Alan T. Sherman,

The UMBC Cyber Defense Lab meets biweekly Fridays

1 2 3 4 67