Primer on cybersecurity and public policy for nonspecialists

The Computer Science and Telecommunications Board (CSTB) of the National Academies has released of a report entitled At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues in prepublication form. The final book version of the report will be available around end of May, and a PDF of that final version will also be available for free at this web site.

According to the study director and CSTB chief scientist Dr. Herb Lin, “This report is a first for CSTB in that it seeks to distill the cybersecurity wisdom and insight of this entire body of Academy work in a form that is easily accessible to nonspecialists. It provides the essential technical background for understanding cyber threats and the basic principles of cybersecurity, and is pretty much self-contained in this regard. At the same time, it underscores the point that improvements in cybersecurity depend at least as much on non-technical factors, based in fields such as economics and psychology, as on secure code or tamper-resistant hardware.”


National Research Council. At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues. Washington, DC: The National Academies Press, 2014.   ( Download )

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together – the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities?

At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.

Mobile computing & smart home automation demos, 12:30-2:00 Mon 5/12, ITE


Demos: Introduction to mobile computing and
systems for smart home automation

12:30-2:00 Monday, 12 May 2014, 3rd floor corridor, ITE Building

The students in Professor Banerjee’s Introduction to Mobile Computing and Systems for Smart Home Automation classes will showcase their cutting edge projects and application that use mobile phones, tablets, cloud services, and smarthome sensors.

Come and enjoy the demonstrations that range from cool smartphone games to smartphone-based educational tools to smartphone-controlled robots to location-based mobile phone services to voice and mind controlled home appliances.

The demonstrations will take place from 12:30 to 2:00pm on Monday, May 12 in the central corridor of the third floor of the ITE building at UMBC.

For more information, contact Dr. Nilanjan Banerjee ()

MS defense: Bansal on Recoloring Web Pages for CVD

MS Thesis Defense

Recoloring Web Pages For Color Vision Deficiency Users

Vikas Bansal

11:00am Thursday, May 8, 2014, ITE346, UMBC

Color vision begins with the activation cone cells. When one of the cone cells dysfunction, color vision deficiency (CVD) ensues. Due to CVD, users become unable to differentiate as many colors a normal person can. Lack of this ability results in less rich web experience, incomprehension of basic information and thus frustration. Solutions such as carefully choosing colors while designing or recolor web pages for CVD users exist. We first present the improvement in the time complexity of an existing tool SPRWeb to recolor web pages. After that we present our tool which explores the foreground-background relationship between colors in a web page. Using this relationship we propose an algorithm which preserves naturalness, pair-differentiability and subjectivity. In the last part, we add an additional step in to algorithm to ensure that the contrast in the parsed color pairs meets the required W3C guidelines. In evaluation, we found that our algorithm does significantly better in preserving pair-differentiability and produces lower total cost solutions than SPRWeb. Quantitative experimentation of modified algorithm shows that contrast ratio in each replacement pair is more than 4.5 as required for readability.

Committee: Drs. Lina Zhou (co-chair), Tim Finin (ch-chair), Yelena Yesha, Dongsong Zhang

talk: Ron Ross (NIST) on Cybersecurity, 6pm Wed 4/30


UMBC Information Systems Security Association Seminar

Framework for Improving Critical
Infrastructure in Cybersecurity

Dr. Ron Ross, NIST

6:00-8:00pm Wednesday, 30 April 20014
Meyerhoff 030 Building Lecture Hall 2

6:00-6:30pm Introductions to UMBC ISSA, Networking & Pizza
6:30-7:30pm Cyber Security Lecture From Dr. Ron Ross
7:30-8:00pm Networking

Host: Monique Jeffrey, UMBC ISSA President,

Ron Ross is a Fellow at the National Institute of Standards and Technology (NIST). His current areas of specialization include information security and risk management. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure.

A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his over twenty-year career in the United States Army. While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a three-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Department of Commerce Gold and Silver Medal Awards.

Dr. Ross has been inducted into the Information Systems Security Association (ISSA) Hall of Fame and given its highest honor of ISSA Distinguished Fellow. Dr. Ross has also received several private sector cyber security awards and recognition including the Vanguard ChairmanÕs Award, the Symantec Cyber 7 Award, InformationWeek’s Government CIO 50 Award, Best of GTRA Award, and the ISACA National Capital Area Conyers Award. During his military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.

Graduate Cybersecurity Internships at NCCoE

The NIST National Cybersecurity Center for Excellence (NCCoE) is seeking full- and part-time paid interns from UMBC graduate students studying cybersecurity at the Universities at Shady Grove (USG). The program is part of NCCoE’s ongoing efforts to build and sustain academic partnerships in the Montgomery County region.

The NCCoE internship will identify and immerse students in practical cybersecurity experiences at the NCCoE in Rockville, MD. NCCoE’s Cybersecurity Graduate Researchers will work in a state-of-the-art facility with expert cybersecurity practitioners from government and academia, along with engineers from some of the largest and most influential IT and cybersecurity companies in the world, including Intel, Microsoft, Symantec, HP, Cisco, Splunk, Palo Alto Networks, and Hytrust.

During their internships, NCCoE’s Graduate Cybersecurity Researchers may assist NCCoE staff and contractors in areas such as:

the design and building of cybersecurity reference designs to demonstrate platform capabilities that address one or more challenges identified by industry.

mentoring undergraduate cybersecurity researchers and helping build teams to work on research projects.

working with NCCoE industry partners and collaborators to identify relevant commercially available technologies that can serve as a component of these reference designs.

supporting the NCCoE lab infrastructure, including the provisioning of hardware, creation and management of both virtual and physical equipment, and the installation and configuration of cybersecurity tools and components.

These NCCoE internships are open to UMBC cybersecurity students enrolled at the USG campus who are US citizens. The deadline for Summer 2014 consideration is Monday, May 5, however internships are available during the 2014-15 academic year as well.

For more information and/or to apply, please contact the USG Career & Internship Services Center at 301-738-6338 or

Defense: Feature Extraction and Fusion for Supervised and Semi-supervised Classification: Application to fMRI and LTM Data


Dissertation Defense

Feature Extraction and Fusion for Supervised and Semi-supervised
Classification: Application to fMRI and LTM Data

Wei Du

2:00pm Thursday, 24 April 2014, ITE 325B

Extracting powerful features from high dimensional noisy data promises to significantly improve the effectiveness of further analysis, especially of classification. Since there is no single feature selection and extraction method or classifier that works best on all given problems, developing effective and efficient feature selection and extraction methods and classifiers for specific applications has became one of the most active areas in the machine learning field. The aim of this dissertation is to develop novel data-driven methods for extracting and selecting the most distinguishing features for performing classification using functional magnetic resonance imaging (fMRI) and laser tread mapping (LTM) tire data.

FMRI data have the potential to characterize and classify various brain disorders including schizophrenia. However, the high dimensionality and unknown nature of fMRI data present numerous challenges to accurate analysis and interpretation. Independent component analysis (ICA), as a data-driven method, has proven very useful for fMRI analysis in extracting spatial components as multivariate features used in classification, and more recently, for the analysis of fMRI data in its native complex-valued form. In this dissertation, we first present a novel framework to extract powerful features from components estimated by ICA, allowing us to remove the redundancy and retain the most discriminative activation patterns from multivariate ICA features. We apply the proposed three-phase feature extraction framework to two real-valued fMRI data sets, and achieve high classification rates in discriminating healthy controls from patients with schizophrenia. Second, due to the iterative nature of ICA algorithms, typically independent components (ICs) are not estimated consistently during different ICA runs, and hence it is not clear which result to use further. We present a statistical framework that utilizes an objective criterion to select the best of multiple ICA runs such that the multivariate ICA features from the best run can be used for further analysis and inference. Using the proposed framework, we study the performance of a novel complex ICA algorithm for fMRI analysis, entropy rate bound minimization, which takes all three types of diversity into account, including non-Gaussianity, sample dependence and noncircularity that are present in the complex-valued fMRI data. We show that CERBM leads to significant improvement in ICs that provide higher classification accuracy, and thus is a promising ICA algorithm for the analysis of complex-valued fMRI data.

Classification using LTM data is another problem we address where we first study the use of highly multivariate solutions such as ICA and then note the advantages using lower-level features for classification. In this case, an important problem is the selection of best set of features for the best classification performance. Additionally, there are a large amount of unlabeled tire data that are easy to collect but only a few of them can be easily labeled by expert. In this dissertation, we propose a novel mutual information (MI) based approach to achieve feature splits for co-training, a practical and powerful data-driven method in semi-supervised learning. Inspired by the idea of dependent component analysis, the proposed MI-based approach presents feature splits that are maximally independent between- or within- subsets, and thus selects and fuses features more effectively than other feature split methods. Experimental results on both simulated study and LTM tire data indicate that co-training with MI-based feature splits yields significantly higher accuracy than supervised classification.

Committee: Profs. Tulay Adali (Chair), Joel Morris, Janet Rutledge, Charles E. Laberge, Vince D. Calhoun (University of New Mexico and the Mind Research Network), and Dr. Matthew Anderson (Northrop Grumman Corp.)

UMBC Cybersecurity MPS Alumna Nidhi Mittal


Nidhi Mittal, a 2013 graduate of UMBC’s Cybersecurity Master’s in Professional Studies program talks about her experience. In this video Ms. Mital talks about the value of the cybersecurity program’s instructors, who bring with them a wealth of experience in the public and private sector. 

UMBC offers a variety of master’s degree and certificate options. Our cybersecurity graduate programs leverage a student’s experience toward a range of opportunities within the cybersecurity profession. UMBC’s in-person cybersecurity programs are designed to prepare computer science, information systems, and other experienced professionals to fill management and leadership roles in cybersecurity and cyber operations.

Jane Gethmann receives outstanding non-exempt staff award

CSEE’s Jane Gethmann, Assistant to the Chair, received UMBC’s inaugural Karen L. Wensch Endowment Award for Outstanding Non-Exempt Staff earlier this month. She has played a leadership role in our Department since she joined it in 1997 and has been a key staff member for the thousands of faculty, staff and students who have been part of our department in the past 17 years.

The following is the citation for her well deserved award.

Jane Gethmann first came to UMBC in 1971, and over the years has worked in Financial Aid, the Department of Biological Sciences, and the Graduate School. She joined the Department of Computer Science and Electrical Engineering in 1997, and is known as the glue that holds the department together, going above and beyond her responsibilities.

In addition to assisting the chair and handling administrative and financial duties, Gethmann also takes the lead when additional resources are needed or when she sees a way to increase efficiency in the department. She has served as facilities manager and scheduling coordinator, managed the Computer Science Help Center, coordinated part-time faculty hiring, and created a graduate admissions database. She also managed the installation of a new teaching laboratory, working with faculty and Facilities Management in order to get it up and running by the start of the semester.

A leader and trusted advisor, Gethmann’s vast knowledge of UMBC and departmental procedures as well as her excellent judgment make her invaluable to those she serves. She is a dedicated people person with a helpful and positive attitude. Whether working with faculty, staff, students, or visitors, her goal is to help people solve whatever problem they are facing, and ensure that they have what they need.

Jane plans to retire at the end of this academic year. We will miss her and all that that she has done for UMBC and our department.

ACM uses online end-to-end verifiable voting system in 2014 elections

We were happy to see that ACM is using the Helios online voting system for a number its elections this year, including the 2014 ACM Council election. ACM members, all 100,000 of them, have the option of voting online via the Web or requesting a paper ballot in the election of ACM’s top officers. This demonstrates the confidence that the “world’s largest educational and scientific computing society” has in the technology of online verifiable voting systems.

Helios is an example of an end-to-end verifiable voting system that uses cryptographic techniques that can provide ballot privacy as well as high confidence that errors and fraud will be detected and that the election outcome is correct.  Such systems let voters verify that their votes were not modified and were counted without revealing which candidates were voted for. In some cases, they allow anyone to determine that all of an election’s ballots have been correctly counted and also help prevent coercion and vote selling by making it impossible for a voter to prove how she voted to a third party.

Among the things we like about Helios is that it provides a free service that anyone can use to hold end-to-end verifiable votes on the Web and that its code is open sourced, allowing one to study the (mostly Python)  code and install and run it on their own computers.

Developing verifiable voting systems has been one of the research activities of UMBC’s Center for Information Security and Assurance for more than six years. Professor Alan Sherman and his students contributed to Scantegrity, the first end-to-end verifiable voting system used in a binding municipal election.  The UMBC team oversaw that first use in the Takoma Park, Maryland municipal election in November, 2009.   A subsequent system, Remotegrity, was used to allow Takoma Park residents to submit absentee ballots over the Internet in the November 2011 Takoma Park election.  A current secure voting project in Professor Sherman’s lab is led by Ph.D. student Christopher Nguyen, who is developing techniques to support random-sample elections.

defense: Rosebrock on Image Classification, 9am 4/18


Computer Science and Electrical Engineering
University of Maryland, Baltimore County
Ph.D. Dissertation Defense

A Rapidly Deployable Image Classification System Using Feature Views

Adrian Rosebrock

9:00am Friday, 18 April 2014, ITE 346, UMBC

Constructing an image classification system using strong, local invariant descriptors is both time consuming and tedious, requiring much experimentation and parameter tunings to obtain an adequate performing model. Furthermore, training a system in a given domain and then migrating the model to a separate domain will likely yield poor performance. As the recent Boston Marathon attacks demonstrated, large, unstructured image databases from traffic cameras, security systems, law enforcement officials, and citizens can be quickly amassed for authorities to review; however, reviewing each and every image is an expensive undertaking, in terms of both time and human effort. Inherently, reviewing crime scene images is a classification task. For example, authorities may want to know if a given image contains a suspect, a suspicious package, or if there are injured people in the photo. Given an emergency situation, these classifications will be needed as quickly and accurately as possible. In this work we present a rapidly deployable image classification system using “feature views”, where each view consists of a set of weak, global features. These weak global descriptors are computationally simple to extract, intuitive to understand, and require substantially less parameter tuning than their local invariant counterparts. We demonstrate that by combining weak features with ensemble methods we are able to outperform current state-of-the-art methods or achieve comparable accuracy with much less effort and domain knowledge. We then provide both theoretical and empirical justifications for our ensemble framework that can be used to construct rapidly deployable image classification systems called “Ecosembles”.

Finally, we recognize the fact that image datasets give us the relatively unique opportunity to extract multiple feature representations through the use of various descriptors. In situations where the original dataset is not available for further feature extraction or in cases where multiple feature views are ambiguous (such as predicting income based on geographical location and census data) the Ecosemble method cannot be applied. In order to extend Ecosembles to arbitrary datasets of diverse modalities, we introduce artificial feature views using kernel approximations. These artificial feature views are constructed from a single representation of the data, alleviating the need to explicitly extract multiple feature views. We then apply artificial feature views to a diverse range of non-image classification datasets to demonstrate our method is applicable to multiple modalities, while still outperforming current state-of-the-art methods.

Committee: Drs. Tim Oates (chair), Jesus Caban, Tim Finin, Charles Nicholas, Jian Chen