talk: Thinking Like an Attacker: Towards a Definition and Non-Technical Assessment of Adversarial Thinking, 12-1pm ET 4/30


The UMBC Cyber Defense Lab presents


Thinking Like an Attacker:
Towards a Definition and Non-Technical Assessment of Adversarial Thinking


Prof. Peter A. H. Peterson
Department of Computer Science
University of Minnesota Duluth


12:00–1:00 pm ET,  Friday, 30 April 2021
via WebEx


“Adversarial thinking” (AT), sometimes called the “security mindset” or described as the ability to “think like an attacker,” is widely accepted in the computer security community as an essential ability for successful cybersecurity practice. Supported by intuition and anecdotes, many in the community stress the importance of AT, and multiple projects have produced interventions explicitly intended to strengthen individual AT skills to improve security in general. However, there is no agreed-upon definition of “adversarial thinking” or its components, and accordingly, no test for it. Because of this absence, it is impossible to meaningfully quantify AT in subjects, AT’s importance for cybersecurity practitioners, or the effectiveness of interventions designed to improve AT. Working towards the goal of a characterization of AT in cybersecurity and a non-technical test for AT that anyone can take, I will discuss existing conceptions of AT from the security community, as well as ideas about AT in other fields with adversarial aspects including war, politics, law, critical thinking, and games. I will also describe some of the unique difficulties of creating a non-technical test for AT, compare and contrast this effort to our work on the CATS and Security Misconceptions projects, and describe some potential solutions. I will explore potential uses for such an instrument, including measuring a student’s change in AT over time, measuring the effectiveness of interventions meant to improve AT, comparing AT in different populations (e.g., security professionals vs. software engineers), and identifying individuals from all walks of life with strong AT skills—people who might help meet our world’s pressing need for skilled and insightful security professionals and researchers. Along the way, I will give some sample non-technical adversarial thinking challenges and describe how they might be graded and validated.


 Peter A. H. Peterson is an assistant professor of computer science at the University of Minnesota Duluth, where he teaches and directs the Laboratory for Advanced Research in Systems (LARS), a group dedicated to research in operating systems and security, with a special focus on research and development to make security education more effective and accessible. He is an active member of the Cybersecurity Assessment Tools (CATS) project working to create and validate two concept inventories for cybersecurity, is working on an NSF-funded grant to identify and remediate commonsense misconceptions about cybersecurity, and is also the author of several hands-on security exercises for Deterlab that have been used at many institutions around the world. He earned his Ph.D. from the University of California, Los Angeles for work on “adaptive compression”—systems that make compression decisions dynamically to improve efficiency. He can be reached at .


Host: Alan T. Sherman,  Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings: May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

talk: MeetingMayhem: Teaching Adversarial Thinking through a Web-Based Game, 12-1 ET 4/9

The UMBC Cyber Defense Lab presents

MeetingMayhem:  Teaching Adversarial Thinking through a Web-Based Game


Akriti Anand, Richard Baldwin, Sudha, Kosuri, Julie Nau, and Ryan Wunk-Fink
UMBC Cyber Defense Lab

joint work with Alan Sherman, Marc Olano, Linda Oliva, Edward Zieglar, and Enis Golazewski

12:00 noon–1 pm ET, Friday, 9 April 2021
online via WebEx


We present our progress and plans in developing MeetingMayhem, a new web-based educational exercise that helps students learn adversarial thinking in communication networks. The goal of the exercise is to arrange a meeting time and place by sending and receiving messages through an insecure network that is under the control of a malicious adversary.  Players can assume the role of participants or an adversary.  The adversary can disrupt the efforts of the participants by intercepting, modifying, blocking, replaying, and injecting messages.  Through this engaging authentic challenge, students learn the dangers of the network, and in particular, the Dolev-Yao network intruder model. They also learn the value and subtleties of using cryptography (including encryption, digital signatures, and hashing), and protocols to mitigate these dangers.  Our team is developing the exercise in spring 2021 and will evaluate its educational effectiveness.


Akriti Anand () is an MS student in computer science working with Alan Sherman.  She is the lead software engineer and focuses on the web frontend. Richard Baldwin () is a BS student in computer science, a member of Cyberdawgs, and lab manager for the Cyber Defense Lab. Sudha Kosuri () is a MS student in computer science.  She is working on the frontend (using React and Flask) and its integration with the backend. Julie Nau () is a BS student in computer science.  She is working on the backend and on visualizations. Ryan Wunk-Fink () is a PhD student in computer science working with Alan Sherman. He is developing the backend.


Host: Alan T. Sherman,  Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

 Upcoming CDL Meetings: April 23, Peter Peterson (Univ. of Minnesota Duluth), Adversarial thinking; May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

UMBC Cyber Dawgs win 2021 Mid-Atlantic Collegiate Cyber Defense Competition

Photo by Marlayna Demond ’11 for UMBC

Congratulation to the UMBC Cyber Dawgs team, which took first place in the 2021 Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) finals. UMBC’s team was one of eight teams out of an initial 23 that qualified for the final competition. UMBC’s Cyber Dawgs will move on to compete in the National Collegiate Cyber Defense Competition (NCCDC), which will be held April 23-25, 2021.

The 2021 MACCDC regional final took place online April 1-3 and had teams fighting to protect their networks efficiently and effectively from simulated cyber threats and attacks using a scenario based on the COVID-19 global pandemic for its competition events.

The National Emergency Response Division (N.E.R.D.) is a data science-focused group within the Big Time Health Organization (BTHO), a multinational entity headquartered in Bethesda, Maryland. N.E.R.D. employees have been exceptionally busy dealing with the global health pandemic. As such, they have had to not only shift to work from home, but also expand the number of employees to support the inordinate amounts of data that is flooding each of its eight geographic locations throughout the U.S. Protecting the integrity of the data is critical, but when the data affects the delivery of health services to the public, the job of N.E.R.D. becomes even more mission critical.

The student teams will stand on the front lines of technology, alongside various healthcare providers. The main task at hand will be to ensure that pandemic-related data from state departments of health are accurate and delivered quickly. Information on outbreak locations, promising interventions, efficacy of testing, mortality rates, and other related statistics are critical so physicians, public health officials, and government entities can make informed decisions about resource allocations. Loss or inaccurate information can lead to tragic consequences. Vigilance is a must – be smart, be strong, be safe.

These regional and national competitions attract leading collegiate cybersecurity teams from across the nation. They put teams in situations that mimic scenarios they might encounter working to secure and protect online systems for government agencies and companies. Throughout each challenge, teammates work together to protect their systems from hackers and cyber attacks. At the same time, they keep their networks accessible to the users relying on them. 

The UMBC Cyber Dawgs team won the MACCDC regionals last year and were national champions in 2017. In this year’s MACCDC, George Mason placed second and Liberty University third. Good luck to the Cyber Dawgs as they compete with the winners of nine other regional competitions in the National Collegiate Cyber Defense Competition later this month.

talk: Transparent Dishonesty: Front-Running Attacks on Blockchain, 12-1 pm ET 3/26


The UMBC Cyber Defense Lab presents

Transparent Dishonesty: Front-Running Attacks on Blockchain


Professor Jeremy Clark
Concordia Institute for Information Systems Engineering
Concordia University, Montreal, Canada


12–1 pm ET Friday, March 26, 2021
online via WebEx


We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. I will discuss our “systemization of knowledge” paper which draws from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.


Jeremy Clark is an associate professor at the Concordia Institute for Information Systems Engineering. At Concordia, he holds the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies. He earned his Ph.D. from the University of Waterloo, where his gold medal dissertation was on designing and deploying secure voting systems including Scantegrity—the first cryptographically verifiable system used in a public sector election. He wrote one of the earliest academic papers on Bitcoin, completed several research projects in the area, and contributed to the first textbook. Beyond research, he has worked with several municipalities on voting technology and testified to both the Canadian Senate and House finance committees on Bitcoin. email:


Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings: April 9, (UMBC), MeetingMayhem: A network adversarial thinking game; April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking;
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer.

talk: Towards Contextual Security of AI-enabled platforms, 1-2 pm ET 3/22


Towards Contextual Security of AI-enabled platforms

Dr. Nidhi Rastogi
Rensselaer Polytechnic Institute

1-2:00pm ET, Monday, 22 March 2021

via WebEx

The explosive growth of Internet-connected and AI-enabled devices and data produced by them has introduced significant threats. For example, malware intrusions (SolarWinds) have become perilous and extremely hard to discover, while data breaches continue to compromise user privacy (Zoom credentials exposed) and endanger personally identifiable information. My research takes a holistic approach towards systems and platforms to address security-related concerns using contextual and explainable models. 

In this talk, I will present ongoing work that analyzes and improves the cybersecurity posture of Internet-connected systems and devices using automated, trustworthy, and contextual AI-models. Specifically, my research in malware threat intelligence gathers diverse information from varied datasets – system and network logs, source code, and text. In [1], an open-source ontology (MALOnt) contextualizes threat intelligence by aggregating malware-related information into classes and relations. TINKER [2, 3] – the first open-source malware knowledge graph, instantiates MALOnt classes and enables information extraction, reasoning, analysis, detection, classification, and cyber threat attribution. At present, the research is addressing the trustworthiness of information sources and extractors.

1. RastogiN., Dutta, S., Zaki, M. J., Gittens, A., & Aggarwal, C. (2020). MALOnt: An ontology for malware threat intelligence, In KDD’20 Workshop at International workshop on deployable machine learning for security defense. Springer, Cham.

2. RastogiN., Dutta, S., Christian, R., Gridley, J., Zaki, M. J., Gittens, A., and Aggarwal, C.  (2021). Knowledge graph generation and completion for contextual malware threat intelligence. In USENIX Security’21, Accepted.

3. Yee, D., Dutta, S., RastogiN., Gu, C., and Ma, Q. (2021). TINKER: Knowledge graph for threat intelligence. In ACL- IJCNLP’21, Under Review.


Dr. Nidhi Rastogi is a Research Scientist at Rensselaer Polytechnic Institute. Her research is at the intersection of cybersecurity, artificial intelligence, large-scale networks, graph analytics, and data privacy. She has papers accepted at top venues such as USENIX, TrustCom, ISWC, Wireless Telecommunication Symposium, and Journal of Information Policy. For the past two years, Dr. Rastogi has been the lead PI for three cybersecurity, privacy research projects and a contributor to one healthcare AI project. For her contributions to cybersecurity and encouraging women in STEM, Dr. Rastogi was recognized in 2020 as an International Women in Cybersecurity by the Cyber Risk Research Institute. She was a speaker at the SANS cybersecurity summit and the Grace Hopper Conference. Dr. Rastogi is the co-chair for DYNAMICS workshop (2020-) and has served as a committee member for DYNAMICS’19, IEEE S&P’16 (student PC), invited reviewer for IEEE Transactions on Information Forensics and Cybersecurity (2018,19), FADEx laureate for the 1st French-American Program on Cyber-Physical Systems’16, Board Member (N2Women 2018-20), and Feature Editor for ACM XRDS Magazine (2015-17). Before her Ph.D. from RPI, Dr. Rastogi also worked in the industry on heterogeneous wireless networks (cellular, 802.1x, 802.11) and network security through engineering and research positions at Verizon and GE Global Research Center, and GE Power. She has interned at IBM Zurich, BBN Raytheon, GE GRC, and Yahoo, which provides her a quintessential perspective in applied industrial research and engineering.

talk: EIPC: Efficient Asynchronous BFT with Adaptive Security, 12-1 Fri 3/12


The UMBC Cyber Defense Lab presents


EIPC: Efficient Asynchronous BFT with Adaptive Security


Chao Liu, CSEE, UMBC

12:00–1:00 pm ET, Friday, 12 March 2021
via WebEx


We present EPIC, a novel and efficient asynchronous Byzantine fault-tolerant (BFT) protocol with adaptive security. We characterize efficient BFT protocols using adaptive vs. static corruptions corruption models. EPIC takes a new approach to adaptively secure asynchronous BFT. It uses the adaptively secure threshold pseudorandom function (PRF) scheme for coin tossing and uses the Cobalt asynchronous binary agreement (ABA) protocol, which resolves the liveness issue of HoneyBadgerBFT and BEAT. As our new protocol modifies almost all building blocks for asynchronous BFT (including ABA, threshold PRF, and threshold encryption but not Byzantine reliable broadcast (RBC)), evaluating which component dominates the performance bottleneck is a difficult task. We mix and match different building blocks to implement four asynchronous BFT protocols and evaluate their performance. Via a five-continent deployment on Amazon EC2, we show that EPIC is slightly slower for small and medium-sized networks than the most efficient asynchronous BFT protocols with static security. We also find when the number of replicas less than 46, EPIC’s throughput is stable, achieving a peak throughput of 8,000–12,500 tx/sec using t2.medium VMs. When the network size grows larger, EPIC is not as efficient as those with static security, with a throughput of 4,000–6,300 tx/sec.

BFT state machine replication is the only known software solution for masking arbitrary failures and malicious attacks. BFT has been regarded as the model for building permissioned blockchains, where the distributed ledgers (i.e., replicas) know each other’s identities but may not trust each other.

Asynchronous protocols are inherently more robust against timing and denial-of-service (DoS) attacks. Two recent asynchronous BFT systems—HoneyBadgerBFT proposed by Miller et al. in CCS’16 and BEAT by Duan et al. in CCS’18—have comparable performance as partially synchronous BFT protocols and can scale to 100 replicas. The protocols, however, achieve static security, where the adversary needs to choose the set of corrupted replicas before protocol execution. This security property is weaker than that for many existing BFT protocols (e.g., PBFT), which achieve adaptive security, where the adversary can choose to corrupt replicas at any moment during the execution of the protocol.

Chao Liu is a Ph.D. candidate in computer science at UMBC, working with Alan Sherman. His research interests focus on cryptography, cybersecurity, and distributed systems.


Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings include Mar 26, Jeremy Clark (Concordia); April 9, (UMBC), MeetingMayhem: A network adversarial thinking game; April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking; and May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

talk: Moving Target Mobile IPv6 Defense, 12-1 Fri 2/26


The UMBC Cyber Defense Lab presents

Moving Target Mobile IPv6 Defense

Prof. Vahid Heydari
Computer Science, Rowan University

12:00–1 pm ET, Friday, 26 February 26, 2021

remotely via WebEx  


Remote cyberattacks can be started from an unlimited distance through the Internet. These attacks include particular actions that allow attackers to compromise systems remotely. Address-based Distributed Denial-of-Service (DDoS) attacks and remote exploits are two main categories of these attacks. A remote exploit takes advantage of a bug or vulnerability to view or steal data or gain unauthorized access to a vulnerable system. Current security solutions in IPv6 such as IPsec, firewall, and Intrusion Detection and Prevention System (IDPS) can prevent remote attacks against known vulnerability exploits. However, zero-day exploits can defeat the best firewalls and IDPSs due to using undisclosed and uncorrected computer application vulnerability. Therefore, a new solution is needed to prevent these attacks. This talk discusses a Moving Target Mobile IPv6 Defense (MTM6D) that randomly and dynamically changes the IP addresses to prevent remote attacks in the reconnaissance step. The talk briefly covers the wide range of applications of MTM6D including critical infrastructure networks, virtual private networks, web servers, Internet-controlled robots, and anti-censorship.

 Vahid Heydari received the M.S. degree in Cybersecurity and the Ph.D. degree in Electrical and Computer Engineering from the University of Alabama in Huntsville. He is currently an Associate Professor of Computer Science and the Director of the Center for Cybersecurity Education and Research at Rowan University, Glassboro, NJ. He is also a co-founder of a cybersecurity startup ObtegoCyber. His research interests include moving target defenses, mobile ad-hoc, sensor, and vehicular network security. He is a member of ACM, IEEE Computer Society and Communications Society. 

Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings:

Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
Mar 26, Jeremy Clark (Concordia)
April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

Six UMBC faculty, incuding three in CSEE, receive MIPS research awards

Anupam Joshi (left, photo by Marlayna Demond’ 11) and Tina Williams-Koroma, ’02 computer science (right, photo courtesy of Williams-Koroma)

Three CSEE faculty receive MIPS research awards


This post is adapted from a UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations written by Adriana Fraser.

Six UMBC faculty members have just received grants from the Maryland Industrial Partnerships (MIPS) program to develop new technologies with potential to grow the state’s economy. This is UMBC’s largest number of winning proposals within a single proposal round since MIPS began in 1987. The program connects University System of Maryland (USM) faculty and students with Maryland businesses. UMBC’s latest MIPS grantees include computer science and electrical engineering faculty Tim OatesChein-I Chang, and Anupam Joshi; Soobum Lee, mechanical engineering; Dipanjan Pan, chemical, biochemical, and environmental engineering; and Vikram Vakharia, marine biotechnology. Among their industry partners are UMBC alumni entrepreneurs who are building businesses in Maryland.

Joshi, professor and chair of computer science and electrical engineering, received a MIPS grant for a cybersecurity collaboration with the startup CyDeploy. They are developing a platform that automates the quality assurance process for cybersecurity updates made to IT and “internet of things” (IoT) devices like Amazon Alexa, Google Home, and health and medical devices. CyDeploy CEO Tina Williams-Koroma ’02, computer science, presented Joshi with the idea to develop a “cybersecurity-driven change management system.” The technology is based on and leverages the use of artificial intelligence and machine learning to create a cloud-based replica of a company’s systems. 

Williams-Koroma and Joshi’s group at UMBC developed a conceptual prototype. It shows the infrastructure and technology that would make the system feasible, combining off-the-shelf tools with novel research. “Increasingly, the government is now beginning to mandate security requirements around IoT devices. The longer-term vision that CyDeploy has is capturing the state of these systems, virtually recreating them and then running the security changes against virtual versions to see how the changes would affect those systems,” Joshi adds. 

Williams-Koroma, who is also an adjunct instructor at UMBC, projects that the initial development of the platform will be complete in late spring 2021. They anticipate launching a free pilot version for businesses to test their IT systems. IoT pilots will come in a later phase.


Read more about these awards in the UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations.

talk: Dr. Richard Carback on Startup Lessons Learned, 12-1 Fri 2/12


The UMBC Cyber Defense Lab presents

Startup Lessons Learned

Richard Carback (Ph.D. UMBC CS 2010)
xx network

12:00–1:00pm ET, Friday,12 February 12 2021
WebEx: https://umbc.webex.com/meet/sherman


This talk will explore the technology and lessons learned by UMBC alumnus Richard Carback from his experience co-founding and closing the security startup Lexumo, which provided the only automated service that continuously monitors IoT software platforms for the latest public vulnerabilities. In addition to covering some of the hard problems and Lexumo’s technical approach for monitoring all the world’s open-source software to assist companies in managing their vulnerabilities, Dr. Carback will discuss the mistakes and complexities of getting funded, delivering a product, and finding customers.

Dr. Richard Carback is a UMBC Alumnus (CS Ph.D., 2010) who is an entrepreneur who currently runs a private consultancy for computer security, computer forensics, cryptography, and smart contracts. He is a privacy-preserving systems expert with a background in elections and anonymity networks. While the group leader for the embedded systems security group at Charles Stark Draper Laboratories, he spun out an IoT vulnerability startup called Lexumo that provided the only automated service that continuously monitored IoT software platforms for the latest public vulnerabilities. At UMBC, he worked with Alan Sherman on secure elections and was the primary researcher behind Takoma Park’s deployment of the Scantegrity voting system, the first usage of voter-verifiable end-to-end election technology in a municipal election. email:

Host: Alan T. Sherman, . Support for this event was provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings:

  • Feb 26, Vahid Heydari (Rowan University)
  • Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
  • Mar 26, Jeremy Clark (Concordia)
  • April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
  • April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
  • May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

Two UMBC alumnae featured in Cybersecurity podcast


Two UMBC alumnae featured in The CyberWire podcast


The CyberWire produced a special podcast, In the clear: what it’s like working as a woman in the cleared community, that features three women working on cybersecurity at Northrop Grumman. Two are UMBC alumnae, software engineering manager Lauren and cyber software engineer Priyanka.

Lauren received a BS in Computer Science in 2015 and an M.S. in Computer Science in 2017. As an undergraduate student, she worked part-time as an IT Security Analyst tracking, locating, and performing forensics on infected computers located on campus. She joined Northrop Grumman in 2015 and continued her studies as a part-time graduate student, doing research on investigating different ways of characterizing cybersecurity exploit kits and the malware they produce.

Priyanka received a BS in Computer Science in 2018 and an MS in Computer Science in 2019. Her MS research was on multilingual text alignment for cybersecurity. She has been a lecture in the UMBC Computer Science program and the UMD Advanced Cybersecurity Experience for Students (ACES) program. She is currently working on a Computer Science Ph.D. at UMBC focused on how AI can help protect cybersecurity systems from data poisoning attacks.


Listen to the 47 minute podcast here.

1 2 3 41