SFS cyberdefense scholarship applications due April 27

The next application deadline for SFS cyberdefense scholarships to UMBC is 12noon Friday April 27, 2018, for possible scholarships beginning fall 2018. See www.cisa.umbc.edu for details and application forms.

These major scholarships include tuition, generous stipend, and more, in return for government employment. Applicants must have at least junior status in fall 2018. BS, MS, MPS, PhD in any cyber-related field may apply (CS, CE, EE, IS, Cyber). SFS applicants must be citizens or lawful permanent residents capable of obtaining a secret clearance at federal, state, local, or tribal government. The annual stipends are $22,500 undergraduate and $34,000 graduate.

These scholarships are highly competitive (e.g., the median GPA of current SFS scholars at UMBC is 3.8) and favor students who have excelled in upper-level technical courses and who have demonstrated a passion and talent for cybersecurity through relevant accomplishments. We will consider applications from rising juniors and above with GPA over 3.0. All SFS scholars at UMBC are expected to engage in cohort and research activities. For more information, see the SFS FAQ page.

Interested students should contact

Dr. Alan T. Sherman
Professor of Computer Science
Director, UMBC Center for Information Security and Assurance (CISA)

The UMBC Cyber Defense Lab presents

Experimentally Measuring the Circuit Complexity
of One-Way Boolean Functions

Brian Weber, CSEE, UMBC

12:00–1:00pm, Friday, 23 February 2018, ITE 229

I present preliminary results from an exhaustive search for one-way functions in certain classes of small Boolean functions.   One-way functions are functions that are easy to compute but hard to invert.  They are vital for cryptography, yet no one has proven their existence for arbitrary input sizes.  For any bounded circuit model of computation, it is possible to search exhaustively over all possible Boolean functions of restricted size and thereby determine for the searched class the maximum disparity between the complexity of any function and its inverse.  Throughout, we assume a circuit model in which each gate has fan-in 2 and fan-out 1.

In his 1985 dissertation at MIT, Steven Boyack carried out the first such search.  For any positive integers n and M, let F_n,M denote the set of Boolean functions with n inputs and Moutputs. Using circuit size as the complexity measure, Boyack searched the space of every combinatorial function in F_3,3 by searching each of 52 equivalency classes of functions in this space.  He found that every function class in this space has an identically sized inverse.  He was able to prove that functions do exist with more complex inverses outside the space he searched, but not by more than a constant factor.

In spring 2017, using circuit depth as the complexity measure, I searched all injective functions up to F_8,8 whose coordinate functions are in F_2,1.  A coordinate function in this context refers to the function that computes an individual output bit.  In addition, I searched up to F_4,4 allowing coordinate functions in F_3,1.  In the space I searched, the most one-way function has fixed depth of 1, and an inverse depth exactly equal to the input size of the function. That is, for each 2 < n < 9, the hardest inverse in the space I searched has a depth of n, where n is the number of input bits. In addition, a search space allowing a larger fan-in for the coordinate functions did not yield functions less invertible than were found in the original search space.

Brian Weber is a senior BS/MS computer engineering student and SFS scholar at UMBC.  He hopes to extend the work presented here into his Master’s thesis next year.  Email: 

Host: Alan T.  Sherman, Support for this research was provided in part by the National Science Foundation under SFS grant 1241576.

The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

UMBC Cyber Defense Lab

Results from the SFS Summer Research Study at UMBC

Enis Golaszewski, UMBC

12:00–1:00pm, Friday, 8 September 2017
ITE 228 (or nearby), UMBC

In summer 2017, UMBC held a cybersecurity research workshop that featured the UMBC Scholarship For Service (SFS) cohort working with the cooperation of the UMBC Department of Information Technology (DoIT) to analyze the security of NetAdmin, a software tool developed and used by DoIT. The workshop included six new SFS scholars transferring to UMBC from Montgomery College and Prince George’s Community College and provided students with experience in analyzing the security of software while uncovering serious flaws in the NetAdmin tool. NetAdmin allows authorized research faculty at UMBC to make research servers running on campus accessible to connections originating from off-campus.

Because NetAdmin directly modifies the campus firewall, possible security weaknesses in its architecture, implementation, or usage could present a significant risk to UMBC computer systems. During the four-day study, students uncovered multiple critical security flaws and developed recommendations for mitigating them. These flaws include architectural weaknesses, injection attack vulnerabilities, and susceptibility to man-in-the-middle attacks. The workshop was successful for improving the security of NetAdmin as well as integrating the incoming SFS scholars with the existing UMBC cohort.

In this talk, we will focus on the technical details of our security analysis of the NetAdmin tool.

Enis Golaszewski is a PhD student and SFS scholar in computer science working with Dr. Sherman on protocol analysis and the security of software-defined networks. Email:

Host: Alan T. Sherman,

CyberCorps SFS Spring Meeting at UMBC

9am-1pm, Friday, 26 May 26 2017, ITE 456, UMBC
open to the public

Six CyberCorps Scholarship for Service (SFS) students from Montgomery College and Prince George’s Community College will present their results solving IT security problems for their county governments. In spring 2017, these students worked collaboratively in a special applied research course at their school to help their county government. In fall 2017, these students will transfer to UMBC to complete their four-year degrees. This activity is part of a pioneering program centered at UMBC to extend SFS scholarships to community college students.

This summer, these students will join forces with SFS scholars at UMBC to work collaboratively on an applied research problem involving analysis of a policy and set of scripts that enable machine owners at UMBC to lower the UMBC firewall on their machines.

09:00  light refreshments
09:30  Introduction, Alan T. Sherman, UMBC
09:35  Report from Montgomery College, Joe Roundy and students
10:40  Report from Prince George’s Community College, Casey W. O’Brien and students
11:45  Introducing the summer research study problem, Jack Suess and Damian Doyle, UMBC Division of Information Technology
12:00  lunch and informal discussions
13:00  adjourn

CyberCorps: Scholarship For Service (SFS) is a unique program designed to increase and strengthen the cadre of federal information assurance professionals that protect the government’s critical information infrastructure. This program provides scholarships that may fully fund the typical costs incurred by full-time students while attending a participating institution, including tuition and education and related fees. Additionally, participants receive stipends of $22,500 for undergraduate students and $34,000 for graduate students. The scholarships are funded through grants awarded by the National Science Foundation.

Host: Alan T. Sherman () is a professor of computer science and Director of the UMBC Center for Information Security and Assurance (CISA), which center is responsible for UMBC’s designation as a National Center of Academic Excellence in Cyber Defense Education and Cyber Defense Research.

Joe Roundy is the Cybersecurity Program Manager at Montgomery College, Germantown.

Casey W. O’Brien is Executive Director and Principal Investigator of the National CyberWatch Center, Prince George’s Community College.

Support for this event is provided in part by the National Science Foundation under SFS Grant 1241576.

The third Innovations in Cybersecurity Education Workshop (ICEW) will be held from 9:00am to 5:00pm on Friday, June 3, 2016 on the UMBC campus.

ICEW is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game.

Sessions will include:

• Secure coding through hands-on exercise: Blair Taylor and Siddharth Kaza (Towson University) will show how to carry out self-contained, lab-based modules designed to be injected into CS0-CS2 introductory computer science courses.
• Using a message board as a hands­-on learning tool for Cyber Security II: LCDR Chris W. Hoffmeister (US Naval Academy) will discuss how to solve security challenges involving a simple, configurable HTML message board.
• Hands-on vulnerability testing: Marcelle Lee (Anne Arundel Community College) and Steve Morrill (Loyola Blakefield) will demonstrate how to engage in a hands-on challenge and learning experience to help highlight the vulnerabilities in systems, with you in the driver’s seat. Participants of any skill level will learn strategies and techniques for determining if a system is vulnerable.
• Hands-on group threat brainstorming with Security Cards: Tamara Denning (University of Utah) will demonstrate teaching students how to think broadly and creatively about computer security threats using 42 Security Cards along four dimensions (suits): human impact, adversary’s motivation, adversary’s resources, and adversary’s methods.

ICEW is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided. There is ample parking.

For more information and to register, see the 2016 ICEW Web site.

The third Innovations in Cybersecurity Education Workshop (ICEW) will be held from 9:00am to 5:00pm on Friday, June 3, 2016 on the UMBC campus.

ICEW is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game.

Sessions will include:

• Secure coding through hands-on exercise: Blair Taylor and Siddharth Kaza (Towson University) will show how to carry out self-contained, lab-based modules designed to be injected into CS0-CS2 introductory computer science courses.
• Using a message board as a hands­-on learning tool for Cyber Security II: LCDR Chris W. Hoffmeister (US Naval Academy) will discuss how to solve security challenges involving a simple, configurable HTML message board.
• Hands-on vulnerability testing: Marcelle Lee (Anne Arundel Community College) and Steve Morrill (Loyola Blakefield) will demonstrate how to engage in a hands-on challenge and learning experience to help highlight the vulnerabilities in systems, with you in the driver’s seat. Participants of any skill level will learn strategies and techniques for determining if a system is vulnerable.
• Hands-on group threat brainstorming with Security Cards: Tamara Denning (University of Utah) will demonstrate teaching students how to think broadly and creatively about computer security threats using 42 Security Cards along four dimensions (suits): human impact, adversary’s motivation, adversary’s resources, and adversary’s methods.

ICEW is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided. There is ample parking.

For more information and to register, see the 2016 ICEW Web site.

UMBC undergraduate and graduate students interested in cybersecurity can apply for an Federal CyberCorps: Scholarship For Service scholarship by 15 May 2016. This application deadline will be the last one under the current NSF grant, which ends August 2017.

The Federal CyberCorps: Scholarship For Service program is designed to increase and strengthen the cadre of federal information assurance professionals that protect the government’s critical information infrastructure. This program provides scholarships that may fully fund the typical costs incurred by full-time students while attending a participating institution, including tuition and education and related fees. Participants also receive stipends of $22,500 for undergraduate students and $34,000 for graduate students.

Applicants must be be full-time UMBC students within two years of graduation with a BS or MS degree; a student within three years of graduation with both the BS/MS degree; a student participating in a combined BS/MS degree program; or a research-based doctoral student within three years of graduation in an academic program focused on cybersecurity or information assurance. Recipients must also be US citizens or permanent residents; meet criteria for Federal employment; and be able to obtain a security clearance, if required.

For more information and instructions on how to apply see the UMBC CISA site (use old application form, and be sure to include the cover sheet).

ICEW 2016 will be held in UMBC’s University Center on the 3rd floor on June 3rd, 2016.  Please register at the link below.

<Registration Link>

Main – About the Presenters – Agenda – Conference Information

Session I. Secure Coding taught through hands on exercises.
Computer and Information Sciences Department, Towson University

Dr. Blair Taylor is a Clinical Associate Professor in the Computer and Information Sciences Department at Towson University with over 20 years of teaching experience. She developed and assessed many of the security injection modules. She has published and presented widely on introducing secure coding in introductory courses and was recently awarded the University System of Maryland Regents Teaching Award. Dr. Taylor’s work has been funded by the National Science Foundation, Intel, and the Department of Defense.

Dr. Siddharth Kaza is an Associate Professor in the Computer and Information Sciences Department at Towson University. He received his Ph.D. degree in Management Information Systems from the University of Arizona. His interests lie in cybersecurity education, data mining, and application development. Dr. Kaza’s work has been published in top-tier journals and conferences including Decision Support Systems, IEEE Transactions, ACM Transactions, Journal of the American Society for Information Science and Technology and various international conferences and has been funded by the National Science Foundation, Department of Defense, and the Maryland Higher Education Commission.

Session II. Using a mesage board as an interactive Cyber Security learning tool.
Department of Cyber Science, United States Naval Academy.

LCDR Chris W. Hoffmeister, is the Associate Chair and a permanent faculty member in the Department of Cyber Science at the United States Naval Academy. He leads the curriculum improvements for SI110 – Introduction to Cyber Security – Technical Foundations, an introductory cyber security course taught to 1200 first year undergraduate students annually. He also teaches courses in the Cyber Operations major, an interdisciplinary major that incorporates the STEM and Social Science aspects of the cyber domain. His research interests include digital forensics and network security.

Session III. Hands-on vulnerability testing.
Anne Arundel Community College
Loyola Blakefield

Marcelle Lee is an analyst with the federal government, an adjunct professor at Anne Arundel Community College, and co-founder of Fractal Security Group, LLC. She is involved with several industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu and the ISSA Women in Security Special Interest Group.
Marcelle has earned the CSX-P, GCFA, GCIA, GCIH, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications. She holds several degrees and is currently pursuing a Master’s degree in cybersecurity at UMBC. She is a cybersecurity competition enthusiast and an active volunteer in outreach to students and the community.

Steve Morrill is currently the Director of Technology at Loyola Blakefield in Towson, Maryland. Prior to joining Loyola Blakefield he spent 13 years managing and teaching technology in the higher education space.
Steve is also the founder of the Loyola Cyber Science Initiative. The team has had great success over the past few years in different cyber challenges including the Maryland Cyber Challenge and Air Force Association Cyber Patriot.
Over the past few years Steve and his students have also been invited to speak at schools helping to raise awareness, but not paranoia, in the use of social media. His presentations are tailored for the specific audience to help each group understand both the benefits and dangers of our modern on line world. ,

Session IV. Group threat brainstorming with Security Cards.
School of Computing, University of Utah

Tamara Denning’s interests are in the human aspects of computer security and privacy, ranging from understanding how people use and reason about current technologies to designing security and privacy that better matches the human and logistical needs of people around the technology—user and non-user alike. Past areas of work include security for implantable medical devices, privacy issues surrounding augmented reality glasses, and security awareness and education. She is an Assistant Professor in the School of Computing at the University of Utah. She completed her PhD at the University of Washington in 2014 working with Tadayoshi Kohno in the Security and Privacy Research Lab. She received her BS in Computer Science in 2007 from the University of California, San Diego and her MS from the University of Washington in 2009. Her work is published in both HCI and computer security venues and has been covered by news outlets including CNN, MSNBC, NY Times, and Wired.

Main – About the Presenters – Agenda – Conference Information