The UMBC Cyber Defense Lab presents

Opal Hard Drives for Ransomware Resilience

Russ Fink, Ph.D.
Senior Staff, the Johns Hopkins University / Applied Physics Laboratory

12:00–1 pm,  Friday, 10 April 2020
via WebEx: umbc.webex.com/meet/sherman

Ransomware is crippling industry and government alike.  Paying the ransom doesn’t guarantee you’ll get your files back, but it funds the criminals who will continue on. Restoring from traditional network backups takes time, and never gets you back to the system you had before the attack.  In response, we have developed a resilient, local malware restore and recovery capability, capable of quickly restoring OS images onto “bare metal” after an attack or misconfiguration, useful for many applications.

I will discuss the technical details, including a description of the Opal hard drive specification, the Trusted Computing Group’s Trusted Platform Module (TPM), and how we secure secrets needed for WUBU – Wake-Up-Back-Up.  I’ll talk through some of the open-source technologies that we used to build our solution.  WebEx willing, I will give a live demonstration of a ShinoLocker ransomware infection, followed by an “as if nothing ever happened” recovery that takes only ten minutes.

Russ Fink is a senior staff member at the Johns Hopkins University / Applied Physics Laboratory.  His research interests include computational private information retrieval, trusted computing applications, applied cryptography, and enterprise and mission cyber resiliency techniques.  He earned a Ph.D. in computer science from UMBC in 2010 working with Dr. Alan Sherman.  email: 

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.  The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.  Upcoming CDL Meetings:

• Apr 24, Lance Hoffman (GWU), policy
• May 8, Jason Wells (UMBC SFS scholar), law enforcement
• May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

Investigating the Impact of Device Aging on the Security of Cryptographic Chips

Professor Naghmeh Karimi received a prestigious NSF CAREER award to support her research on Investigating the impact of device aging on the security of cryptographic chips.

CAREER awards are among NFS’s most prestigious awards and are intended to support early-career faculty who have the potential to serve as academic role models in research and education and to lead advances in the mission of their department or organization.

Cryptographic chips implement cryptographic functions in hardware for better performance. Despite the significant performance benefits, cryptographic chips can be compromised by the adversaries via monitoring their power-consumption, tampering their logic or placing the chips under stress to generate erroneous outputs to infer sensitive data. The current protections against such attacks do not consider the aging of the devices that can cause a parametric shift of device parameters over time which can compromise device security.

Supported by this five-year award, Professor Karimi and her students will investigate the effects of device aging on the security of cryptographic devices, particularly those with protection against physical attacks, and develop solutions to ensure security when device aging comes into account. Her work will help enable the development of long-lasting security for trusted hardware platforms, and result in aging-resistant security solutions that benefit the society via devices that remain secure over their lifetime.

UMBC Cyber Dawgs place first in
15th Mid-Atlantic Collegiate Cyber Defense Competition

Congratulations to the UMBC Cyber Dawgs for winning the 15th Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) which was held this Friday and Saturday. UMBC placed first in a field of teams from eight Universities who made the regional finals out of an initial set of 27 qualifying teams. By winning the regional competition, UMBC will represent the Mid-Atlantic states in the National Collegiate Cyber Defense Competition to be held on May 22-24, 2020.

The MACCDC has been held annually since 2006. Each year, it develops a new realistic challenge using the latest technologies currently in use. This year’s scenario involves student teams working for a fictitious Artificially Intelligent Institute (AII), a multinational corporation with offices in the Mid-Atlantic region. It was described as follows.

“As a leading provider of advanced AI surveillance tools to intelligence and law enforcement agencies, as well as private-sector organizations, the main business driver of AII is to show how new surveillance capabilities are transforming government’s and organization’s monitoring capabilities. As part of their duties, Blue Teams are expected to defend their systems against aggressors. Early intelligence reports suggest that rouge Hackistanian antagonist are interested in stealing AII’s intellectual property, source code, and customer database. Hackers contracted and working directly for the country of Hackistan are also interested in disrupting IoT devices on-premises at the various AII regional offices.”

The MACCDC team was chosen from members of the CyberDawgs student group, composed of students from a variety of majors who share a common interest in computer and network security. No prior experience is required to join and any UMBC students who want to learn more about cybersecurity and learn new skills in the field are encouraged to subscribe to its mailing list and attend meetings.

The CyberDawgs group is advised by CSEE faculty Charles Nicholas and Richard Forno.

Lockheed Martin Distinguished Speaker Series

Will Blockchain Change Everything?

Dr. John Mitchell
Mary and Gordon Crary Family Professor
Departments of Computer Science & Electrical Engineering
Stanford University

1:00-2:00pm EST, Friday, 27 March 2020
Webex meeting hosted by Anupam Joshi
https://umbc.webex.com/meet/joshi

Far from serving only as a foundation for cryptocurrency, blockchain technology provides a general framework for trusted distributed ledgers. Over the past few years, their popularity has grown tremendously, as shown by the number of companies and efforts associated with the Linux Foundation’s Hyperledger project, for example. From a technical standpoint, a blockchain combines a storage layer, networking protocols, a consensus layer, and a programmable transaction layer, leveraging cryptographic operations. The distributed state machine paradigm provides atomicity and transaction rollback, while consensus supports distributed availability as well as certain forms of fair access. From an applications perspective, blockchains appeal to distributed networks of independent agents, as arise in supply chain, credentialing, and decentralized financial services. The talk will look at the potential for radical change as well as specific technical challenges associated with verifiable consensus protocols and trustworthy smart contracts.

John Mitchell is the Mary and Gordon Crary Family Professor in the School of Engineering, Professor of Computer Science, co-director of the Stanford Computer Security Lab, and Professor (by courtesy) of Education. He was Vice Provost at Stanford University from 2012 to 2018. Mitchell’s research focusses on programming languages, computer, and network security, privacy, and education. He has published over 200 research papers, served as editor of eleven journals, including Editor-in-Chief of the Journal of Computer Security, and written two books. He has led research projects funded by numerous organizations and served as advisor and consultant to successful small and large companies. His first research project in online learning started in 2009 when he and six undergraduate students built Stanford CourseWare, an innovative platform that served as the foundation for initial flipped classroom experiments at Stanford and helped inspire the first massive open online courses (MOOCs) from Stanford. Professor Mitchell currently serves as Chair of the Stanford Department of Computer Science.

The UMBC Cyber Defense Lab presents

Hard-Learned Lesson in Defense of a Network

Dan Yaroslaski
Former Operations Officer at Marine Forces Cyberspace Command, Colonel, USMC

12–1:00pm, Friday, 27 March 2020
WebEx: https://umbc.webex.com/meet/sherman

Often network defenders fail to take into account organizational culture when attempting to provide a secure, reliable, and usable enterprise network. Users and process leaders often fall victim to the false allure of the value of networked systems, without asking the question, “Should this be networked?” Collectively, organizations also forget that networks are a combination of the humans who use the network, the personas we all have to form to gain access to this manmade domain, and the interplay of logical and physical network architecture manifested in geographical locations. The value of some simple military principles—including defense-in-depth, mission focus, redundancy, and resiliency versus efficiency—can help a network defender better advise everyone from the “C Suite” decision-makers to the average network user, on how to have a secure network while accepting reasonable limitations.

Colonel Dan Yaroslaski is a career Marine with over 30 years of service to the nation. He started as an enlisted anti-armor missileman, who then became an Assault Amphibian Vehicle Officer (AAV’s are 27 Ton armored amphibious descendants of the WW II vehicles used from Tarawa to Iwo Jima). He has made a career of integrating technology and human beings to form cohesive combat organizations. Dan’s diverse career placed him at the forefront of high-end, top-secret compartmentalized planning and execution, to the extremely human act of advising an Afghan National Army Kandak (Battalion). During his five-year tenure at Marine Forces Cyberspace Command, he successfully architected new techniques that took advantage of boundary defenses, to new and innovative ways to integrate traditional warfare methods with cyberspace operations, as highlighted in a recent NPR story about USCYBERCOM’s Operation GLOWING SYMPHONY. Dan also spent time creating effective policy directing network operations and defense, to include an extremely frustrating year negotiating the interplay of network operations, operations in the information environment, and Marine Corps culture. Dan and his wife are now empty nesters, so they spend an enormous amount of time nurturing two dogs to fill the void left by their children. As the Rolling Stones point out, “What a drag it is getting old.”

Host: Alan T. Sherman,

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:

• Apr 10, Russ Fink (APL), ransomware
• Apr 24, Lance Hoffman (GWU), policy
• May 8, Jason Wells (UMBC SFS scholar), law enforcement
• May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

The UMBC Cyber Defense Lab presents

Autonomous Agents, Deep Learning,
and Graphs for Cyber Defense

Dr. Hasan Cam
Army Research Laboratory

12–1 pm Friday, 13 March 2020, ITE 227, UMBC

Cyber resilience usually refers to the ability of an entity to detect, respond to, and recover from cybersecurity attacks to the extent that the entity can continuously deliver the intended outcome despite their presence. Cybersecurity tools such as intrusion detection and prevention systems usually generate far too many alerts, indicators or log data, many of which do not have obvious security implications unless their correlations and temporal causality relationships are determined. In this talk, I will present methods to first estimate the infected and exploited assets and then take recovery and preventive actions using autonomous agents, deep learning, and graphs. Autonomous adversary and defender agents are designed such that the adversary agent can infer the adversary activities and intentions, based on cybersecurity observations and measurements, while the defender agent aims at estimating the best reactive and pro-active actions to protect assets and mitigate the adversary activities. The graph thinking and causality analysis of cyber infection and exploitation helps predict the infection states of some assets. This prediction data of infections is taken as input data by deep reinforcement learning to train agents for determining effective actions. This talk will discuss some preliminary results from the development of building an automated system of autonomous agents to provide cyber resiliency over networks.

Hasan Cam is a Computer Scientist at US Army Research Laboratory. He currently works on the projects involved with autonomous agents, active malware defense, cyber resiliency, and risk assessment over wired, mobile, and tactical networks. His research interests include cybersecurity, machine learning, data analytics, networks, algorithms, and parallel processing. He served as the government lead for the Risk area in Cyber Collaborative Research Alliance. He has previously worked as a faculty member in academia and a senior research scientist in the industry. He has served as an editorial member of two journals, a guest editor of two special issues of journals, an organizer of symposiums and workshops, and a Technical Program Committee Member in numerous conferences. He received a Ph.D. degree in electrical and computer engineering from Purdue University, and an M.S. degree in computer science from Polytechnic University, New York. He is a Senior Member of IEEE.

Host: Alan T. Sherman,

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:

• Mar 27, Dan Yaroslaski, cybercommand
• Apr 10, Russ Fink (APL), ransomware
• Apr 24, Lance Hoffman (GWU), policy
• May 8, Jason Wells, law enforcement
• May 22, Spring SFS Meeting at UMBC, 9:30-2, ITE 456

The UMBC Cyber Defense Lab presents

Hardware Security Kernel for Managing Memory and Instruction Execution

 Patrick Jungwirth, PhD

Computational and Information Sciences Directorate
Army Research Lab, Aberdeen Proving Ground, USA

12–1 pm Friday, 28 February 2020, ITE 227, UMBC

The cybersecurity world faces multiple attack vectors from hardware-level exploits, including cache bank malicious operations, rowhammer, Spectre, Meltdown, and Foreshadow attacks, and software-based attacks including buffer-overflows, et al.  Hardware-level exploits bypass protections provided by software-based separation kernels.  Current microprocessor execution pipelines are not designed to understand security:  they treat malicious instructions, software bugs, and harmless code the same. This presentation explores adding a hardware-level security monitor below the execution pipeline [1,2,3].

[1] P. Jungwirth, et al.:  “Hardware security kernel for cyber-defense,” Proc. SPIE 11013, Disruptive Technologies in Information Sciences II, 110130J, Baltimore 10 May 2019); https://doi.org/10.1117/12.2513224
[2] P. Jungwirth, and J. Ross:  “Security Tag Fields and Control Flow Management,” IEEE SouthEastCon 2019, Huntsville, AL, April 2019.
[3] P. Jungwirth and D. Hahs:  “Transfer Entropy Quantifies Information Leakage,” IEEE SouthEastCon 2019, Huntsville, AL, April 2019.

About the Speaker. Dr. Jungwirth is a computer architecture researcher at the Army Research Lab.  Previously he worked for the Aviation and Missile, RDEC in Huntsville, AL.  Currently, he is researching hardware state machines to provide simple operating system support (monitor) and control flow integrity in hardware.  Dr. Jungwirth is co-inventor of the OS Friendly Microprocessor Architecture, US Patent 9122610.  The OS Friendly Microprocessor Architecture includes hardware security features for an operating system and supports near single-cycle context switches in hardware. Email: 

Host: Alan T. Sherman, 

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

Upcoming CDL Meetings:

Mar 13, Hasan Cam, autonomous agents
Mar 27, Dan Yaroslaski, cybercommand
Apr 10, Russ Fink (APL), ransomware
Apr 24, TBA
May 8, Jason Wells, law enforcement
May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

Lockheed Martin Distinguished Speaker Series

Designing Secure Hardware Systems

Shawn Blanton

Trustee Professor, Electrical and Computer Engineering
Carnegie Mellon University

1:00-2:00pm Friday 7 Feb. 2020

Commons 329, UMBC
University Center Ballroom

On October 29, 2018, DARPA issued an RFI that stated: “This Request for Information (RFI) from the Defense Advanced Research Projects Agency’s (DARPA) Microsystems Technology Office (MTO) seeks information on technology, concepts, and approaches to support the integration of security capabilities directly into System on Chip (SoC) system design and to enable the autonomous integration and assembly of SoCs.

This RFI and the tens of millions of dollars that the US government has already invested in hardware security research and development is based on the fact that the fabrication of state-of-the-art electronics is now mostly overseas. With the recent announcement that GLOBALFOUNDRIES is going to stop all 7nm development, there is now only one company in the US that continues to pursue advanced semiconductors (Intel). Unfortunately, Intel does not have the same experience of making chips for third parties as does Samsung and (most importantly) TSMC (Taiwan Semiconductor Manufacturing Corporation). As a result, the US government believes it will be forced to fabricate advanced, sensitive electronics overseas in untrusted fabrication facilities. As a result, there is keen interest in design methodologies that mitigate reverse engineering, tampering, counterfeiting, etc.

In this talk, an overview of hardware security will be presented followed by a discussion on a concept called logic locking. This approach will be described and the “back and forth” that is now occurring in the research community involving: (i) vulnerability discovery and (ii) logic locking improvement.

Shawn Blanton is a professor in the Electrical and Computer Engineering Department at Carnegie Mellon University and Associate Director of the SYSU-CMU Joint Institute of Engineering (JIE). In 1995 he received his Ph.D. in Electrical Engineering and Computer Science from the University of Michigan, Ann Arbor. His research interests include various aspects of integrated system tests, testable design, and test methodology development. He has consulted for various companies and is the founder of TestWorks, a Carnegie Mellon University spinout focused on information extraction from IC test data. He is a Fellow of the IEEE and Senior Member of the ACM and served as the program chair for the 2011 International Test Conference.

JHU/APL CIRCUIT internship program information session

3:00-4:00 pm Friday, 31 January 2020

ITE 459, UMBC

There will be a special information session on the JHU/APL CIRCUIT internship program from 3:00 pm to 4:30 pm on Friday, 31 January 2020 in room ITE 459.

This session is for undergraduates who want to spend their summer (June through August) getting paid to do mentored research at the Johns Hopkins University Applied Physics Lab. The research areas include AI, data science, cybersecurity, precision medicine, and planetary exploration.

Interns selected for the program will do mission-oriented research on-site at JHU/APL in Laurel MD mentored by STEM professionals. There will also be year-round opportunities for engagement and enrichment. The selection for an internship will be based on a combination of potential, need and commitment.

Email or with questions.