Department of Computer Science and Electrical Engineering

Tim Finin and Anupam Joshi have received a $400,000 research award from the NSF Secure and Trustworthy Cyberspace (SaTC) program for a three year project to investigate how to better manage security and privacy constraints while querying semantically annotated linked data sources. The project, Policy Compliant Integration of Linked Data, is a collaboration with researchers at M.I.T. and the University of Texas at Dallas.

The ubiquity of computing technology and the Internet have created an age of big data that has the potential to greatly enhance the efficiency of our societies and the well-being of all people. The trend comes with problems that threaten to prevent or undermine the benefits. An immediate concern is how to fuse, integrate and analyze data while respecting privacy, security and usage concerns. A second issue is allowing data to remain distributed, enabling its owners to maintain and control quality as well as to enforce security and privacy policies. A final underlying challenge is helping to produce sound and useful results by assuring that systems understand the meaning of the data being integrated and analyzing access and usage policies. For some domains, like health informatics and clinical research, solving these problems will have a significant impact on society.

This project explores an approach to solving these problems by developing a policy-compliant integration system for linked healthcare data. The system models data, schemas and policies using open Web standards such as Semantic Web languages, federates queries to independent Linked Data stores based on content, provides policy enforcement by modifying incompliant queries, and uses formal methods to guarantee correctness of key components.

This project provides new approaches to solving one of the most significant problems our society faces in the 21st century: benefiting from the integration of distributed linked data while respecting security, privacy, and usage requirements. The prototype tools and systems are incorporated into our educational activities and made available to others via appropriate open source licenses.

From 6:00pm to 7:30pm on Wednesday, October 3, come explore UMBC's Cybersecurity Graduate Program options, and learn how a master’s degree or graduate certificate can help you advance in this exciting and critically important industry. Dr. Rick Forno, the graduate program director, will be available to answer questions and provide insight into courses, credit requirements, and prerequisites and admissions processes.

You can RSVP for the information session here.

Meet UMBC’s inaugural batch of NSF Scholarship for Service (SFS) CyberCorps program scholars. These four B.S., M.P.S. and Ph.D. students  will be able to hone their interests in Information Assurance and Cybersecurity through generous full-ride scholarships and opportunities to intern at government organizations. 

Oliver Kubik

Major: B.S. Computer Science '14
Hometown: New Windsor, MD

Oliver Kubik knew that Computer Science was for him starting in the 7^th grade when he played with madlib style programs on his basement computer. Now a Junior working toward his B.S. in Computer Science at UMBC, Oliver has plans to one day pursue a Ph.D.

What Oliver likes about Information Assurance and Cybersecurity  is the problem solving and detective work. “Everything must be analyzed much more in depth than conventional software applications whose bugs typically have minor consequences,” he says. “I think that securing mobile devices will be very important in the future.”

A Meyerhoff Scholar, Oliver is part of UMBC’s Cyber Defense Team and Ultimate Frisbee team. In Summer 2012, he pursued undergraduate research at the University of Connecticut, comparing the strengths of Amazon’s EC2 and Windows’ Azure cloud computing systems. “My results didn’t show a clear superiority of one system over another, but I did learn a lot about academic research, especially in the importance of organizing the data that is collected.”

His Freshman year, Oliver interned at System’s Alliance in Hunt Valley, creating an automated testing framework for their web portal to speed up the logging of bugs. Here he learned about the complexities of web pages and the Selenium web automation tool. That summer he did similar work as an intern at Booz Allen Hamilton.

As part of the SFS program, Oliver hops to intern at the National Security Agency. His plans after graduating in May 2014 are to explore work in the governmental sphere before pursuing a Ph.D. in Cybersecurity.

Brandyn Schult

Major: B.A. Human Ecology, M.P.S. Cybersecurity ‘14

Lured by UMBC’s distinction as a CAE school and its prime location in the “Silicon Valley of Cyber”, Brandyn Schult joined UMBC’s Cybersecurity M.P.S. program in Fall 2012 to broaden his understanding of Cybersecurity. He is now part of UMBC’s Cyber Defense Lab (CDL).

“What I like about Information Assurance and Cybersecurity is that they are not bound by many technical limitations and new practices are constantly being developed,” explains Brandyn, who graduated from the College of the Atlantic, Maine with a B.A. in Human Ecology. “What we have as students is a chance to help shape a new discipline and that is exciting.”

Brandyn speculates that the biggest cyber threat we face today isn’t from outside sources, like viruses or hackers, but from “the legacy infrastructure that the cyber domain is built on and the users’ interaction with it.” He cites IPv4 and SCADA systems at a fundamental problem. “It’s 2012, yet we are still using technology from the 70’s and 80’s as the foundation for the technology today and tomorrow.”

Brendan Masiar

Major: B.A. Philosophy '11, M.P.S. Cybersecurity '13
Hometown: East Islip, NY

After graduating from UMBC a year ago with a Bachelor’s in Philosophy, Brendan Masiar came right back to pursue his passion for Computer Science. He chose UMBC’s graduate program in Cybersecurity because he saw it as “a perfect blend of [his] humanities and technical background.”

“I love that the field is constantly developing and evolving,” says Brendan of Cybersecurity. “There is no definitive end point to cybersecurity, ” he says, “some new attack vector will always be out there.” Brendan thinks cell phones and mobile devices that enable us to do things like online baking, check mail, and other private tasks, are our biggest cyber threat. “The risk for data loss and identity fraud is going to be more and more rampant.”

Right now Brendan is interning at Tresys Technology in Columbia, where he works on testing and developing software. After finishing up school, he will be looking for a job within Maryland’s IT industry. “My dream job is one that will be setting precedents, whether it be through policy or through methods used,” he explains.  His role model is Dr. Steven Yalowitz of UMBC’s Philosophy Department, who got Brendan hooked on the subject. “I hope one day to instill that same curiosity into others.”

Lisa Mathews

Major: M.S. Computer Engineering, Ph.D. Computer Science '15

What is it about Cybersecurity and Information Assurance that appeals to Ph.D. student Lisa Matthews? “They are challenging fields that provide many opportunities to apply one’s knowledge and skill set to tackle various security issues or vulnerabilities,” explains Lisa. “Protecting computers and information from various threats is an important function, especially given the number of security attacks that have happened and are likely to occur.”

Lisa thinks that a new wave of “low-and-slow” attacks—ones that surreptitiously strike in different phases and can spend days, weeks, or even months weakening a system’s defenses–are a big threat. “These are difficult to detect, hard to contain, and can do considerable damage before they are stopped.” In fact, Lisa is working towards a solution to these types of attacks with her thesis research. “My current research is focused on taking a semantic approach to intrusion detection by combining data from various sources, integrating data, and performing additional analysis using a knowledge base that would enable the detection of a threat or attack. This method should prove to be useful in stopping attacks that follow a low-and-sow intrusion pattern.”

After graduating, Lisa hopes to work for one of the Department of Defense agencies. “My dream job is one where I can continue research on the constantly evolving fields of information assurance and cybersecurity,” she says. “This scholarship is providing me a great opportunity to attain this job.”

UMBC and our Cyber Incubator@bwtech are founding sponsors of the new National Cyber Security Hall of Fame that will induct its first 11 honorees on October 17 at the Four Seasons Hotel in Baltimore.

“The Cyber Security Hall of Fame will represent the mission: “Respect the Past – Protect the Future” and will honor the innovative individuals and organizations which had the vision and leadership to create the foundational building blocks for the Cyber Security Industry,” explains the website.

Out of 200 nominations, the Hall of Fame’s board of advisors chose 11 inductees–individuals who “collectively invented the technologies, created awareness, promoted and delivered education, developed and influenced policy and created businesses to begin addressing the cybersecurity problem,” says a press release.

The inductees include: Dorothy Denning, Professor, Department of Defense Analysis, Naval Postgraduate School; Carl Landwehr, Editor-in-Chief, IEEE Security & Privacy Magazine; Peter Neumann, Ph.D., Principal Scientist, SRI International; Roger Schell, President, ÆSec; Whitfield Diffie, Martin Hellman and Ralph Merkle, Inventors, Public Key Cryptograph; and, Ron Rivest, Adi Shamir and Leonard Adelman, Inventors, RSA Algorithm. F. Lynn McNulty, a Federal Information Systems Security Pioneer was named to the 2012 class posthumously.              

Four students in UMBC's Department of Computer Science and Electrical Engineering have been selected for major scholarships to study cybersecurity in the National Science Foundation's (NSF) Scholarship for Service (SFS) CyberCorps program.   Each student will receive full tuition, fees, and a nine-month stipend ($20,000 for undergraduates, $25,000 for MS/MPS students, and $30,000 for PhD students) for up to  two years (three years for PhD).  For this first year of the program at UMBC, recipients are Oliver Kubik (BS student in computer science), Brendan Masiar and Brandyn Schult (MPS students in cybersecurity), and Mary Mathews (PhD student in computer science).  

While in the program at UMBC, each student will participate in paid summer internships and have opportunities to engage in mentored research opportunities at the UMBC Center for Information Security and Assurance (CISA) and its partners from industry and government.  Following graduation, each student must work for the government (for pay) for one year for each year of scholarship received.  Drs. Alan T. Sherman and Richard Forno direct the program using support they received from their recently awarded $2.5 million NSF grant.  The CyberCorps program will produce highly-qualified professionals to meet the increasing need to protect American's cyber infrastructure.

Each year students may apply for SFS CyberCorps scholarships at UMBC, with application deadline in mid January.  For details, see www.cisa.umbc.edu.  In each of the next three years, UMBC expects to make six new awards.   Applicants must be accepted to a full-time degree program in a cybersecurity-related field (CS, CE, cyber, EE, IS, math, physics, education, public policy).

If you’d like to be part of Maryland’s biggest Cybersecurity battle this October, then don’t forget to register before September 19, 2012.

In its second year, The Maryland Cyber Challenge & Competition (MDC3) will pit teams of high schoolers, college students, and industry professionals against one another in a series of “hackathons” that test their problem solving mettle.

Last year 150 finalists competed for the MDC3 title and more than $100,000 in prizes. In the end, three teams prevailed, one at each level: Team ICF (Industry level), Towson University (College level), and the Sherwood Cyber Warriors from Sherwood High School.

To be held at the Baltimore Convention Center on October 16 and 17,  MDC3 features a series workshops, panels and talks by industry professionals, including a keynote speech from UMBC president Dr. Freeman Hrabowski  called “Creating the Cyber Generation.”

You can learn more about the competition at a special Information session this Friday, September 7, 2012 at the UMBC Training Centers in Columbia, MD. The session will go over rules, format, and scoring of the competition, as well as the CyberNEXS competition platform.

To learn more and to register for the Maryland Cyber Challenge & Competition, visit the CyberMaryland 2012 website.

CSEE Professor Dr. Alan Sherman (PI) and Dr. Rick Forno (Co-PI), Graduate Program Director, Cybersecurity have received an NSF grant of $2.5 million over five years to fund 22 students studying Information Assurance (IA) and Cybersecurity. The scholarships are part of the Federal Cyber Scholarship for Service (SFS) program.

Future scholars will come from UMBC’s undergraduate, graduate, and professional studies programs. In addition to a generous full-ride scholarship, scholars are granted an annual stipend during their last two or three years.  The yearly stipends are $20,000 for underdergraduate, $25,000 for M.S. and $30,000 for PhD students.  Students will also engage in paid summer internships with federal government agencies and have opportunities to carry out mentored research projects at UMBC and its cyber partners from government and industry.

“Our goal is to encourage students to pursue cybersecurity education at UMBC and then move into careers that can build upon their education,” explains Dr. Forno. “The SFS program is one way to do that, with the outcome being to provide educated, qualified and highly competent cybersecurity practitioners to the federal government.”

The scholarships will be coordinated through UMBC’s Center for Information Security and Assurance (CISA), and both CISA and UMBC’s Cyber Defense Lab (CDL) will play a key role in the overall academic experience of the SFS scholars.

Along with the monetary award come a few scholarship program requirements. During their scholarship period (typically two years), students are required to intern at a federal organization. After graduation, scholars must serve at a Federal agency in an information assurance position for one to two years, depending on their level of support.

During the upcoming 2012-2013 school year, the program will support two Masters students and two Master in Professional Studies students, though in the future, one B.S., two M.S., two M.P.S., and one Ph.D. students will be supported annually.

Degree-seeking students in Computer Science, Computer Engineering, or any related field, including Electrical Engineering, Math, Physics, Information Systems, Public Policy, or Education, are eligible. “We are interested in fostering a diverse group of SFS scholars,” says Forno. “To that end, we intend to work closely with groups like CWIT and the Meyerhoff Scholars (among others) to help in our outreach and recruiting efforts in this critical academic discipline.” To learn more about applying for the scholarship, visit the CISA scholarship oppotunities page.

The grant will also fund a new one-day annual regional workshop that will focus on innovations for K-12, undergraduate, and graduate cybersecurity education. The goal is to develop "innovative, relevant, meaningful, and real-world oriented pedagogical materials that can be applied across the academic spectrum in conducting cybersecurity education."

The scholarship program, coupled with UMBC’s location at the “epicenter of cybersecurity,” will further mark UMBC as a pioneer in the field. “We all know that cybersecurity is a hot field and of critical national interest," says Forno. "UMBC’s strength in Computer Science, Cybersecurity, and related STEM fields, combined with our reputation for producing qualified technologitsts makes our participation in SFS very attractive both to the school and our current and future students.”

Photo Courtesy bioparks.aurp.net

A year ago, Northrop Grumman partnered with bwtech@UMBC to form the Cync program with the goal of “identifying, developing, and commercializing technologies that will meet the cybersecurity needs of the DOD, DHS, DOJ and Intelligence communities,” says the website. Since then, the program has supported five technology startups—AccelerEyes, Five Directions, KoolSpan, Oculis Labs, and Rogue Networks—by providing them with office and laboratory space in UMBC’s research park, business mentorship, and access to the incubator’s resources.

According to a press release, the Cync companies are thriving, and two have earned Defense Advanced Research Projects Agency (DARPA) Fast Track awards. Interest in the program—which seeks out companies that focus on situational awareness/visualization, sensors, processing, workflow management, and modeling simulation–is growing. Throughout the country, there are over 100 additional companies interested in participating.

Dr. Freeman Hrabowski spoke about the benefits of the program:

“This university-industry partnership is helping companies develop solutions to guard against current and future cyber threats, and it’s bringing some of the best minds in cybersecurity to our campus,” said Freeman Hrabowski, president of UMBC. “The companies provide educational and internship opportunities for our students while also contributing to the strength of Maryland’s economy.”

Chris Valentino, director, contract research and development, Cyber Intelligence division, Northrop Grumman Information Systems says the company has plans to extend the program on a global level.

To learn more about the Cync program, visit the program's website.
 

The 2012 Maryland Cyber Challenge (MDC3) will be held this fall with qualification rounds in September and the finals at the Cyber-Maryland Conference in the Baltimore Convention Center on 16-17 October. MDC3 is a statewide cyber competition and conference designed to interest more students and young professionals in pursuing careers in cybersecurity. The goal of the Maryland Cyber Challenge is to help strengthen Maryland’s position as a cybersecurity leader by bringing teams of current and prospective cybersecurity professionals together to develop the skills and techniques needed to protect vital information systems. Founders of the event include SAIC, UMBC, the National Cyber Security Alliance, the Maryland Department of Business and Economic Development, and the Tech Council of Maryland.

UMBC students who are interested in MDC3 or cybersecurity in general are encouraged to contact the UMBC Cyber Defense Team, aka the Cyberdawgs.

MDC3 team registration is now open for the 2012 challenge. Questions about the Cyber Challenge can be sent to Kelli-Ann Tucker (kelli-ann.tucker at saic.com).

MS Thesis Defense

An Operational Study of DNSSEC and its Practical
Application in Establishing a Secure PKI Framework

Colin Roby

4:00pm 19 June 2012, ITE 325b

With the recent completion of signing the DNS Root and various TLD (top level domain), DNSSEC is gradually progressing towards an internet-wide adoption. The extension of DNSSEC security measures addresses many of the security flaws plagued the underlying DNS architecture since its inception. Once widely deployed, DNSSEC will pave the way for extending security service to a wide range of applications. This study focuses on the practicability of current iteration of DNSSEC implementation. Through a virtual network configuration which mimics a typical corporate environment, we explore viable options to establish a secure PKI framework based on DNSSEC in spite of its current limitations. In this endeavour, we propose a simple yet effective method to combine a corporate existing LDAP based directory service with DNSSEC to form a PKI key exchange infrastructure – one which is intuitive to administer and easy to scale to any large corporate network. We demonstrate the advantage of such a PKI framework in one area of its application – the common use of email. Using a prototype email client application, we illustrate how such a framework can promote and facilitate a more secure email system in terms of authenticity, integrity and confidentiality.

Committee: Dr. Deepinder Sidhu (Chair), Dr. Chein-I Chang, Dr. Yun Peng