Rick Forno speaks @ Schmoocon ’15

CSEE’s Dr. Rick Forno was a panelist for Schmoocon 2015’s closing plenary session on January 18 in Washington, DC. The session, entitled “Get Off My Lawn: Examining Change through the Eyes of The Old Guard” brought together four longtime security practitioners to discuss in a free-flowing (if not somewhat curmudgeonly) manner the state of Internet security over the years while fielding audience questions and avoiding Schmooballs tossed their way.

Joining Rick on the panel were Carole Fennelly (independent New York area security consultant), Ben Laurie (Google), and Space Rogue (L0pht). Schmoocon founder Bruce Potter moderated the session.

ShmooCon is an annual east coast hacker convention held in Washington, DC offering three days of demonstrating technology exploitation, inventive software and hardware solutions, and hosting open, unfiltered discussions of critical information security issues. Tickets to the conference routinely sell out within seconds, and the acceptance rate for proposals traditionally hovers around 20%.

talk: Measuring Visual Perceptions of Security, 10am Fri 1/16, UMBC
Top 10 highest rated passwords for most "Highly Usable" and "Highly Secure." The highest rated is in the top left, and moving left-to-right by row, the tenth, highest rated is the lower right.

Top 10 highest rated passwords for most “Highly Usable” and “Highly Secure.” The highest rated is in the top left, and moving left-to-right by row, the tenth, highest rated is the lower right.

UMBC Information Systems

Measuring Visual Perceptions of Security

Professor Adam J. Aviv
United States Naval Academy

10:00am – 11:00am Friday, 16 January 2015, ITE 459

This talk presents the results of a user study of the Android graphical password system to measure visual perceptions of security. The survey methodology asked participants to select between carefully selected pairs of patterns indicating either a security or usability preference. By selecting password pairs that isolate a visual feature, a perception of usability and security of different features can be quantified in relatively. We conducted a large IRB-approved survey using pairwise preferences which attracted 384 participants on Amazon Mechanical Turk. Analyzing the results, we find that visual features that can be attributed to complexity indicated a stronger perception of security, while spatial features, such as shifts up/down or left/right are not strong indicators for security or usability.

We extended and applied the survey data by building logistic models to predict perception preferences by training on features used in the survey and other features proposed in related work. The logistic model accurately predicted preferences above 70%, twice the rate of random guessing, and the strongest feature in classification is password distance, the total length of all lines in the pattern, a feature not used in the online survey. This result provides insight into the internal visual calculus of users when comparing choices and selecting visual passwords, and the ultimate goal of this work is to leverage the visual calculus to design systems where inherent perceptions for usability coincides with a known metric of security.

Adam J. Aviv is an Assistant Professor of Computer Science at the United States Naval Academy, receiving his Ph.D. from the University of Pennsylvania under the advisement of Jonathan Smith and Matt Blaze. He has varied research interests including in system and network security, applied cryptography, smartphone security, and more recently in the area of usable security with a focus on mobile devices.

Internship with educational nonprofit developing game


Innovate Our World, an Ellicott City, Maryland educational nonprofit, is seeking one or more avid, experienced gamers who can help us on the business side to bring our new Moon game from tech demo status to a successful launch on Steam.

The upcoming 8th Continent game will give players a number of entertaining scenarios racing, exploring, and building on the Moon that will help meet IOW’s educational mission. We envision growing the 8th Continent like Kerbal Space Program through early engagement of the user community. Starting as a single player online game (and Oculus friendly), you will have strong input into how the game evolves and grows to meet player demand.

Candidates should have strong gaming experience, comfortable with emerging technologies, demonstrated success with crowdfunding, ability to use Steam and other forums to gain support, and strong social media skills.

Opportunity starts as an volunteer/internship and could evolve into a compensated position for the right person. Can be done on a part-time/remote basis in conjunction with school or work. Contact Ron (ron AT innovateourworld.org) to discuss. The opportunity begins ASAP.

PhD defense: Varish Mulwad — Inferring the Semantics of Tables


Dissertation Defense

TABEL — A Domain Independent and Extensible
Framework for Inferring the Semantics of Tables

Varish Vyankatesh Mulwad

8:00am Thursday, 8 January 2015, ITE325b

Tables are an integral part of documents, reports and Web pages in many scientific and technical domains, compactly encoding important information that can be difficult to express in text. Table-like structures outside documents, such as spreadsheets, CSV files, log files and databases, are widely used to represent and share information. However, tables remain beyond the scope of regular text processing systems which often treat them like free text.

This dissertation presents TABEL — a domain independent and extensible framework to infer the semantics of tables and represent them as RDF Linked Data. TABEL captures the intended meaning of a table by mapping header cells to classes, data cell values to existing entities and pair of columns to relations from an given ontology and knowledge base. The core of the framework consists of a module that represents a table as a graphical model to jointly infer the semantics of headers, data cells and relation between headers. We also introduce a novel Semantic Message Passing scheme, which incorporates semantics into message passing, to perform joint inference over the probabilistic graphical model. We also develop and explore a “human-in-the-loop” paradigm, presenting plausible models of user interaction with our framework and its impact on the quality of inferred semantics.

We present techniques that are both extensible and domain agnostic. Our framework supports the addition of preprocessing modules without affecting existing ones, making TABEL extensible. It also allows background knowledge bases to be adapted and changed based on the domains of the tables, thus making it domain independent. We demonstrate the extensibility and domain independence of our techniques by developing an application of TABEL in the healthcare domain. We develop a proof of concept for an application to generate meta-analysis reports automatically, which is built on top of the semantics inferred from tables found in medical literature.

A thorough evaluation with experiments over dataset of tables from the Web and medical research reports presents promising results.

Committee: Drs. Tim Finin (chair), Tim Oates, Anupam Joshi, Yun Peng, Indrajit Bhattacharya (IBM Research) and L. V. Subramaniam (IBM Research)

MS defense: Impaired Driving Detection Using Multiple Textile & Inertial Sensors

MS Thesis Defense

distratto: Real-time Impaired Driving Detection Using Multiple Textile and Inertial Sensors

Tsu An Chen

1:00-3:00pm Tuesday, 23 December 2014, ITE 341

Statistical data shows that driving-related accidents and human casualties caused by vehicles are on the rise in the US and globally. Most of these accidents are cause by impaired or distracted driving. Existing systems that detect impaired driving use cameras that perform eye and head tracking and do not capture full-body movements that are indicative of dangerous driving. To address this problem, in this thesis we present a system, distratto, that uses capacitive textile sensors embedded into car seats, headrests, and arm rests to capture whole body motion, and inertial and GPS sensors for determining vehicle speed and turns. Using a combination of these sensors and a tiered signal processing algorithm, we infer attributes that are indicative of impaired driving. We have developed a fully functional prototype of distratto that we evaluate in a real vehicle setting. We show that our system can detect impaired driving instances and driver movements with high accuracy.

Committee: Drs. Nilanjan Banerjee (chair), Ryan Robucci, Chintan Patel


Cybersecurity Enhancement Act of 2014

The Cybersecurity Enhancement Act of 2014 bill was passed by Congress this month and signed by the President at the end of last week. The bill provides for “an ongoing, voluntary public-private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness, and for other purposes.”

The bill formalizes the role of the National Institute for Standards and Technology in continuing to develop the voluntary Cybersecurity Framework. It includes provisions to promote cybersecurity research, private/public sector collaboration on cybersecurity, education and awareness and technical standards, which includes a federal cloud computing strategy. It also directs NSF to continue the Federal Cyber Scholarship-for-Service program under which recipients agree to work in the cybersecurity mission of a federal, state, local, or tribal agency for a period equal to the length of their scholarship.

New computing faculty positions at UMBC


UMBC has a total of nine open full-time positions for computing faculty including five tenure track professors, a professor of the practice and three lecturers.

UMBC’s Computer Science and Electrical Engineering department is seeking to fill five positions for the coming year. They include two tenure track positions in Computer Science, up to three full-time lecturers. See the CSEE jobs page for more information.

The College of Engineering and Information Technology has a position for a full-time lecturer or Professor of Practice to focus on the needs of incoming computing majors through teaching, advising, and helping develop programs in computing. This person will work closely with faculty in the Computer Science and Electrical Engineering Department and Information Systems Department.

UMBC’s Information Systems department is accepting applications for three tenure track faculty positions in data science, software engineering and human-centered computing.

CSEE Faculty Involved With NSF’s CS10K Teacher Training Project


CSEE’s Marie desJardins is currently collaborating with Maryland educators and researchers for the NSF-funded CS10K Teacher Training Project. The project seeks to change how computer science is taught by high school teachers. Researchers work together with high school teachers to craft new curricula for high school computer science programs. This project is unique in that actual high school teachers are creating the new curricula, rather than professional curriculum writers. The CS10K Maryland Project team includes faculty from UMCP, as well as high school teachers from Charles County and Baltimore County.

The CS10K team has facilitated the creation of “a complete curriculum package for a new College Board Advanced Placement (AP) course called CS Principles.” Originally, the goal of the CS10K team was to train 10,000 teachers to teach computer science in 10,000 schools nationwide. The project has been revised to reflect its new goal of training teachers in all U.S. schools.

In academia there is a growing concern that females–as well as minorities and those with disabilities–are being repeatedly discouraged from pursuing programming in high school. Professor desJardins is trying to change this by directing the CS Matters in MD Project. (CS Matters in MD is part of the larger, NSF-supported initiative known as CS 10K.)

“I believe that CS should be included throughout the K-12 curriculum as a set of basic skills and knowledge for today’s world,” desJardins said. “All citizens of the 21st century, especially the next generation of knowledge workers, will benefit greatly from learning about computational thinking and the problem-solving skills that are a core part of computer science.”

In addition, desJardins explains that, “We need to expand the pool of available workers to fill the many computing-related jobs that our economy demands, and in order to be sure that the technology we develop is robust and useful, we need to increase the diversity of the computer scientists who take those jobs.  To meet these goals, we must broaden our notion of what it means to teach computer science (beyond just teaching coding skills), and we must reach a broader audience at an earlier age.  Our ‘CS Matters in Maryland’ project is particularly focused on creating appealing and engaging curriculum materials for the newly announced AP CS Principles course, and on training teachers to deliver this material effectively to a diverse population of learners.”

More information about CS Matters in Maryland and the CS10K Project can be found here.

Marie desJardins Collaborates with Howard County Parents and Teachers for HowGirlsCode


CSEE’s Marie desJardins recently collaborated with a group of Howard County parents and teachers to create HowGirlsCode, an educational program that “educates and inspires young girls to pursue computer related activities, courses, and careers.”

The program–originally called Computer Mania Club–is based out of Fulton Elementary School. Over the course of ten weeks, students meet for weekly two-hour sessions, working on projects such as Lego Mindstorm robots and 3D printing. Students also work with programming tools such as MIT’s Scratch program. The curriculum for the program is largely based off of materials from the Code.org website.

UMBC alumna Katie Egan and her husband Kent Malwitz have been instrumental in getting the club off the ground. Malwitz, who is the President and Chief Learning Officer for UMBC Training Centers, originally recruited Marie desJardins to participate in a brainstorming session for the club back in 2013. Professor desJardins now serves as a member of the Advisory Board for HowGirlsCode.

Bethany Meyer, Senior Web Developer at MGH, Inc., was a recent guest speaker for HowGirlsCode. During her presentation, Meyer explained how she got into coding, citing as an example a website that she created when she was 13 years old. Meyer went on to present more recent projects, such as OldBay75.com and OCOcean.com. “I think a lot of people have negative stereotypes in mind when they think of programmers,” Meyer says. “My goal was to break down some of those stereotypes by showing…[students] that the work can be really exciting and that it involves creativity and interacting with others. I hope that I inspired some of them to teach themselves to make websites. ”

A recent Baltimore Sun article notes that there has been a marked increase in student signups for HowGirlsCode since last year. More courses will be offered in the spring, due to increasing demand. At some point, the coding club could possibly expand to other schools. Currently, Egan is trying to turn HowGirlsCode into a 501(c)(3) tax-exempt, charitable organization. This would allow the club to have better access to resources such as facilities, grants and funding. Ideally, she hopes to turn the club into a nonprofit by September 2015.

The Johns Hopkins University’s Applied Physics Lab has a similar program, called Girls Who Code. The Hopkins APL program, which is intended for middle and high school students, is based on a national nonprofit of the same name.

Anupam Joshi named an IEEE Fellow

CSEE Professor Anupam Joshi has been named an IEEE Fellow, recognized for his for contributions to security, privacy and data management in mobile and pervasive systems. This designation is conferred by the IEEE Board of Directors on individuals with an outstanding record of accomplishments in any of the IEEE fields of interest and is recognized by the technical community as a prestigious honor and an important career achievement. No more than 0.1% of the total IEEE voting membership can be selected in a year.


Dr. Joshi joined UMBC’s faculty in 1998 and currently is the Oros Family Professor of Technology and Director of the UMBC Center for Cybersecurity. He previously held faculty appointments at the University of Missouri, Columbia and Purdue University. He received a Ph.D. in Computer Science from Purdue University and a B. Tech in Electrical Engineering from the Indian Institute of Technology, Delhi. While at UMBC he has taught both undergraduate and graduate courses in operating systems, mobile computing and security. He developed and teaches an Honors College seminar on “Privacy and Security in a Mobile Social World”. He has mentored nine Ph.D. graduates and a large number of M.S. students.

Joshi has made many contributions to the design, analysis and development of intelligent systems for mobile, social and secure computing. Twenty years ago he was one of a handful of researchers who recognized that mobility introduced new challenges for data management, security and privacy over and above those brought about by wireless connectivity. His key insight was to model mobile and pervasive systems as distributed systems that are both open, in that they do not pre-identify a set of known participants, and dynamic, in that the participants change regularly.

He observe that applications on mobile devices require greater degrees of decision making and autonomy as they become increasingly sophisticated and intelligent and can’t always assume connectivity to central servers. Entities in these pervasive computing systems must exchange information about the data and services offered and sought and their associated security and privacy policies, negotiate for information and resource sharing, be aware of their context, and monitor for and report on suspicious or anomalous behavior. Dr. Joshi has addressed these challenges across the stack, from network protocols to data management to policy controlled interactions between autonomous entities.

Much of his research has been done in collaboration with colleagues in industry such as IBM, Microsoft, Northrop Grumman and Qualcomm. It has been funded by not just them, but also NSF, DARPA, AFOSR, ARL, NIST and other federal agencies. Joshi has published prolifically with more than 200 publications in refereed journals and conferences, many of which are highly cited. He has served as the General or Program Chair of many key conferences including the IEEE International Conference on Intelligence and Security Informatics which will be held in Baltimore in May 2015.

The IEEE is the world’s leading professional association for advancing technology for humanity. Through its 400,000 members in 160 countries, it is a leading authority on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Dedicated to the advancement of technology, the IEEE publishes 30 percent of the world’s literature in the electrical and electronics engineering and computer science fields, and has developed more than 900 active industry standards.