talk: NSF Advanced Cyberinfrastructure Research Workforce Development and Education Programs

UMBC Information Systems Department

Innovations in NSF Advanced Cyberinfrastructure Research Workforce Development and Education Programs

Dr. Sushil K. Prasad
National Science Foundation

2:00pm Tuesday, 18 September 2018, ITE459, UMBC

The National Science Foundation Office of Advanced Cyberinfrastructure (OAC) has growing research and education programs, including programs for early career multidisciplinary faculty such as CAREER and CISE Research Initiation Initiative (CRII). OAC is pleased to announce its newest program, its core research program solicitation (NSF 18-567), with the goals of supporting all aspects of advanced cyberinfrastructure (CI) research that will significantly impact the future capabilities of advanced research CI, as well as the research career paths of computer as well as computational and data-driven scientists and engineers. Through this solicitation, OAC seeks to foster the development of new knowledge in the innovative design, development, and utilization of robust research CI. The OAC core research areas include architectures and middleware for extreme-scale systems, scalable algorithms and applications, including simulation and modeling, and the advanced CI ecosystem, including tools and sociotechnical aspects.

OAC also introduced a CyberTraining program (NSF 18-516) for education and training aimed to fully prepare scientific workforce for nation’s research enterprise to innovate and utilize high performance computing resources, tools and methods. The community response in its two rounds of competition have exceeded expectations. OAC also has programs for research training of undergraduate students (REU sites).

I will introduce these and share some of the recent awards. I will also touch on other OAC opportunities in cyberinfrastructure including those on high performance computing (HPC) hardware, software, data, networking and security, and on NSF’s ten big ideas, including Harnessing the Data Revolution.

Sushil K. Prasad is a Program Director at National Science Foundation in its Office of Advanced Cyberinfrastructure (OAC) in the Computer and Information Science and Engineering (CISE) directorate leading its emerging research and education programs such as CAREER, CRII, Expeditions, CyberTraining, and the most-recently introduced OAC-Core research. He is an ACM Distinguished Scientist and a Professor of Computer Science at Georgia State University. He is the director of Distributed and Mobile Systems Lab carrying out research in Parallel, Distributed, and Data Intensive Computing and Systems. He has been twice-elected chair of IEEE-CS Technical Committee on Parallel Processing (TCPP), and leads the NSF-supported TCPP Curriculum Initiative on Parallel and Distributed Computing for undergraduate education.

talk: Phishing in an Academic Community, a Study of User Susceptibility and Behavior

The UMBC Cyber Defense Lab

Phishing in an Academic Community:
a Study of User Susceptibility and Behavior

Alejandra Diaz
University of Maryland, Baltimore County

12:00–1:00pm, Friday, 14 September 2018, ITE 227

(joint work with Alan T. Sherman Anupam Joshi)

We present an observational study on the relationship between demographic factors and phishing susceptibility at the University of Maryland, Baltimore County (UMBC). From March through May 2018, we performed three experiments that delivered phishing attacks to 450 randomly-selected students on three different days (1,350 students total) to examine user click rates and demographics within UMBC’s undergraduate student population. The participants were initially unaware of the study. We deployed the Billing Problem, Contest Winner, and Expiration Date phishing tactics. Experiment 1 impersonated banking authorities; Experiment 2 enticed users with monetary rewards; and Experiment 3 threatened users with account cancellation.

We found correlations resulting in lowered susceptibility based on college affiliation, academic year progression, cyber training, involvement in cyber clubs or cyber scholarship programs, amount of time spent on the computer, and age demographics. We found no significant correlation between gender and susceptibility. Contrary to our expectations, we observed an inverse correlation between phishing awareness and student resistance to clicking a phishing link. Students who identified themselves as understanding the definition of phishing had a higher susceptibility rate than did their peers who were merely aware of phishing attacks, with both groups of students having a higher susceptibility rate than those with no knowledge whatsoever. Overall, approximately 70% of the students who opened a phishing email clicked on it.

Alejandra Diaz () is a cyber software engineer at Northrop Grumman. She earned her BS in computer science from UMBC with a concentration in cybersecurity in May 2017, and her MS in computer science in August 2018. As a Cyber Scholar and a Society of Women Studying Information Security Scholar, she has a special interest in the human aspects of cybersecurity.

Host: Alan T. Sherman,

Support for this research was provided in part by the National Science Foundation under SFS grant 1241576, the U.S. Department of Defense under CAE grant H988230-17-1-0349, and IBM.

NSA highlights strong partnership with UMBC through Featured School campaign


NSA highlights strong partnership with UMBC in Featured School campaign

Over the past two decades, UMBC and the National Security Agency (NSA) have developed a strong relationship, which has led to research, internship, and career opportunities for faculty, students, and alumni. UMBC is the first institution to be highlighted in NSA’s Featured School Series, which launched on September 4.

“UMBC’s long-standing partnership with NSA has provided valuable experiences for our students, faculty, and alumni to pursue internships, careers, and collaborative research opportunities,” said President Freeman Hrabowski. “Through this work we are helping to address the need for well-trained cyber professionals by creating a network of talented people to protect the state, nation, and world.”

More than 1100 NSA employees are UMBC alumni, including Darniet Jennings ‘98, M.S. ‘99, Ph.D. ‘03, information systems management. Jennings continued his dissertation research when he took a job at NSA, where he developed a system to manage big data effectively, which was patented in 2010.

The opportunities at NSA include careers in a broad range of disciplines including cybersecurity, engineering, computer science, language, and biological and chemical sciences. Regina Hambleton ‘87, mathematics, has held a number of positions at NSA and is currently the Agency’s deputy director of Engagement and Policy. She began working at NSA while she was a student at UMBC, and participated in a program that allowed her to spend a semester at UMBC taking courses followed by a semester working at NSA.

The partnership between NSA and UMBC also helps prepare an increasing number of graduates for careers in cybersecurity-related fields, to protect the nation from cyber threats.

Charles Nicholas, professor of computer science and electrical engineering, is also highlighted in the Featured School Series campaign. He has spent two sabbaticals at NSA during his time at UMBC, and has mentored students who completed NSA internships, in addition to students who went on to pursue careers at NSA. Nicholas is interested in the intersection of cybersecurity and data science, and the tools that are used to compare malware specimens.

“There are so many opportunities in the intelligence community, including at NSA,” Nicholas says. “It is important for students interested in those careers to develop technical ability, as well as critical and creative thinking, and I enjoy the chance to help them grow those skills.”

For more information about the partnership, and a few UMBC alumni who work at NSA, visit the UMBC page on the NSA website.

Adapted from a UMBC News article by Megan Hanks. Banner image by Marlayna Demond for UMBC.

talk: Ballerina, a modern programming language focused on integration, 2pm Thr 9/6, ITE325

Ballerina, a modern programming language
focused on integration

Dr. Sanjiva Weerawarana
Founder, Chairman and Chief Architect, WSO2

2:00-3:00pm, Thursday, 6 September 2018, ITE325, UMBC

Ballerina is a concurrent, transactional, statically typed programming language. It provides all the functionality expected of a modern, general purpose programming language, but it is designed specifically for integration: it brings fundamental concepts, ideas and tools of distributed system integration into the language with direct support for providing and consuming network services, distributed transactions, reliable messaging, stream processing, security and workflows. It is intended to be a pragmatic language suitable for mass-market commercial adoption; it tries to feel familiar to programmers who are used to popular, modern C-family languages, notably Java, C# JavaScript.

Ballerina’s type system is much more flexible than traditional statically typed languages. The type system is structural, has union types and open records with optional/mandatory fields. This flexibility allows it also to be used as a schema for the data that is exchanged in distributed applications. Ballerina’s data types are designed to work particularly well with JSON; any JSON value has a direct, natural representation as a Ballerina value. Ballerina also provides support for XML and relational data.

Ballerina’s concurrency model is built on the sequence diagram metaphor and offers simple constructs for writing concurrent programs. Its type system is a modern type system designed with sufficient power to describe data that occurs in distributed applications. It also includes a distributed security architecture to make it easier to write applications that are secure by design.

Ballerina is designed for modern development practices with a modularity architecture based on packages that are easily shared widely. Version management, dependency management, testing, documentation, building and sharing are part of the language design architecture and not left for later add-on tools. The Ballerina standard library is in two parts: the usual standard library level functionality (akin to libc) and a standard library of network protocols, interface standards, data formats, authentication/authorization standards that make writing secure, resilient distributed applications significantly easier than with other languages.

Ballerina has been inspired by Java, Go, C, C++, Rust, Haskell, Kotlin, Dart, Typescript, Javascript, Swift and other languages. This talk will discuss the core principles behind Ballerina including the semantics of combining aspects of networking, security, transactions, concurrency and events into a single architecture.

Sanjiva Weerawarana founded WSO2 in 2005 with a vision to reinvent the way enterprise middleware is developed, sold, delivered, and supported through an open source model. Prior to starting WSO2, Sanjiva worked for nearly eight years in IBM Research, where he focused on innovations in middleware and emerging industry standards. At IBM, he was one of the founders of the Web services platform, and he co-authored many Web services specifications, including WSDL, BPEL4WS, WS-Addressing, WS-RF, and WS-Eventing. In recognition for his company-wide technical leadership, Sanjiva was elected to the IBM Academy of Technology in 2003.

Sanjiva also has been committed to open source development for many years. An elected member of the Apache Software Foundation, Sanjiva was the original creator of Apache SOAP, and he has contributed to Apache Axis, Apache Axis2 and most Apache Web services projects.

In 2003, Sanjiva founded the Lanka Software Foundation (LSF), a non-profit organization formed with the objective of promoting open source development, not usage, by Sri Lankan developers. He is currently its chief scientist and a director. LSF’s success stories include many Apache Web services projects and Sahana, the predominant disaster management system in the world. In recognition of his role in promoting open source participation from developing countries, Sanjiva was elected to the board of the Open Source Initiative (OSI) in April 2005, where he served for two years.

Sanjiva also teaches and guides student projects part-time in the Computer Science & Engineering department of the University of Moratuwa, and he is a member of the university’s Faculty of Engineering Industry consultative board. Prior to joining IBM, Sanjiva spent three years at Purdue University as visiting faculty, where he received his Ph.D. in Computer Science in 1994.

Game Developers Club Fall 2018 Opening Meeting and Game Jam, 1pm Fri 9/7


Game Developers Club Fall 2018
Opening Meeting and Game Jam

The UMBC Game Developer’s Club (GDC) explores the art and science of game development in a club environment and includes members from many backgrounds, including computing, digital art, computer modeling and music composition.

Their first meeting will start next week at 1pm on Friday, September 7th, in Engineering 005a. This meeting will kick off their annual Fall Game Jam, where participants will have a chance to propose game ideas, form teams, and develop a prototype over the course of the weekend (9/7 through 9/9).

The meeting will start with announcements and a brief presentation about the club for new members, followed by game idea proposals and the Game Jam itself. If you want to propose an idea for the Game Jam, be ready to give a brief presentation on the following things on September 7th:

  • A 1-2 sentence summary of your idea
  • What you want to have done by the end of the game jam
  • What team roles you still need to fill
  • Whether it will be 2D/3D/no preference
  • Game engine preference (if any)


talk: Methods and Models: Data Science for Campus Parking, 11:15am Mon 8/13

Methods and Models: Data Science for Campus Parking

Professor John Hoag
Associate Professor, Ohio University
11:15-12:15pm Monday, 13 August 2018 in ITE 325B

How can data science improve the parking experience for students, faculty, and staff? Or are there other motives at work? This talk will define and approach this perennial campus problem from perspectives of telematics and modeling, starting with the “Smart Cities” life cycle of data collection and analysis – from best practices through optimization. Next, we will consider relevant probabilistic models and their implementations over a century of study. We will conclude by discussing unintended consequences such as LPRs and other outcomes.

Dr. John Hoag is Associate Professor of Information and Telecommunication Systems at Ohio University in Athens, OH. He earned Ph.D. and M.S. Degrees in Operations Research from Ohio State University and holds a Bachelor’s degree in Computer Science. His current portfolio can be termed Smart Cities, which subsumes transportation, energy, finance, public health, and more, for which he is forming interdisciplinary public-private teams whose scope encompasses data collection, telemetry, storage, and analysis. The Smart Cities displaced work he started in bioinformatics and translational biomedical science, where his efforts focused on computational complexity and system performance. He maintains an adjunct appointment in EECS at Case Western Reserve University.

Host: Dr. Richard Forno ()

CMSC 201: Computer Science I for Non-CS Disciplines – Fall 2018

CMSC 201 Computer Science I for Non-CS Disciplines – Fall 2018

This fall, Dr. Susan Mitchell will teach a special section of CMSC 201 Computer Science I designed for social and biological sciences *and other majors*. The course will cover the same content and have the same rigor as the regular sections of CMSC 201 and prepare students to continue on to CMSC 202 if they wish.  As with other sections, it fulfills any major’s requirement for CMSC 201. The key difference will be that the assignments and projects will emphasize topics applicable to many non-CS disciplines, such as statistical analysis, working with large data sets, and data visualization. The catalog description is:

An introduction to computer science through problem solving and computer programming. Programming techniques covered by this course include modularity, abstraction, top-down design, specifications documentation, debugging and testing. The core material for this course includes control structures, functions, lists, strings, abstract data types, file I/O, and recursion.

The course will include a lecture from 2:30pm to 3:45pm on Mondays and Wednesdays (Section 36-LEC) and a one-hour lab on either Monday (Section 37-DIS) or Wednesday (Section 38-DIS) from 11:00-11:50am.

Permission from the instructor is required to register for this section. No prior programming experience is required. The only prerequisite is that students must have completed MATH 150, 151 or 152 with a C or better; OR have MATH test placement into MATH 151; OR be concurrently enrolled in MATH 155 or completed it with a C or better.

For permission or questions, email Dr. Susan Mitchell at

Weaponized information seeks a new target in cyberspace: Users’ minds

Cyberattacks target Americans’ thinking. Fancy Tapis/


Weaponized information seeks a new target in cyberspace: Users’ minds

Richard Forno, University of Maryland, Baltimore County

The Russian attacks on the 2016 U.S. presidential election and the country’s continuing election-related hacking have happened across all three dimensions of cyberspace – physical, informational and cognitive. The first two are well-known: For years, hackers have exploited hardware and software flaws to gain unauthorized access to computers and networks – and stolen information they’ve found. The third dimension, however, is a newer target – and a more concerning one.

This three-dimensional view of cyberspace comes from my late mentor, Professor Dan Kuehl of the National Defense University, who expressed concern about traditional hacking activities and what they meant for national security. But he also foresaw the potential – now clear to the public at large – that those tools could be used to target people’s perceptions and thought processes, too. That’s what the Russians allegedly did, according to federal indictments issued in February and July, laying out evidence that Russian civilians and military personnel used online tools to influence Americans’ political views – and, potentially, their votes. They may be setting up to do it again for the 2018 midterm elections.

Some observers suggest that using internet tools for espionage and as fuel for disinformation campaigns is a new form of “hybrid warfare.” Their idea is that the lines are blurring between the traditional kinetic warfare of bombs, missiles and guns, and the unconventional, stealthy warfare long practiced against foreigners’ “hearts and minds” by intelligence and special forces capabilities.

However, I believe this isn’t a new form of war at all: Rather, it is the same old strategies taking advantage of the latest available technologies. Just as online marketing companies use sponsored content and search engine manipulation to distribute biased information to the public, governments are using internet-based tools to pursue their agendas. In other words, they’re hacking a different kind of system through social engineering on a grand scale.


Americans are used to seeing Russian propaganda that looks like this. AP Photo/Kirsty Wigglesworth


Old goals, new techniques

More than 2,400 years ago, the Chinese military strategist and philosopher Sun Tzu made it an axiom of war that it’s best to “subdue the enemy without fighting.” Using information – or disinformation, or propaganda – as a weapon can be one way to destabilize a population and disable the target country. In 1984 a former KGB agent who defected to the West discussed this as a long-term process and more or less predicted what’s happening in the U.S. now.

The Russians created false social media accounts to simulate political activists – such as @TEN_GOP, which purported to be associated with the Tennessee Republican Party. Just that one account attracted more than 100,000 followers. The goal was to distribute propaganda, such as captioned photos, posters or short animated graphics, purposely designed to enrage and engage these accounts’ followers. Those people would then pass the information along through their own personal social networks.

Starting from seeds planted by Russian fakers, including some who claimed to be U.S. citizens, those ideas grew and flourished through amplification by real people. Unfortunately, whether originating from Russia or elsewhere, fake information and conspiracy theories can form the basis for discussion at major partisan media outlets.

As ideas with niche online beginnings moved into the traditional mass media landscape, they serve to keep controversies alive by sustaining divisive arguments on both sides. For instance, one Russian troll factory had its online personas host rallies both for and against each of the major candidates in the 2016 presidential election. Though the rallies never took place, the online buzz about them helped inflame divisions in society.

The trolls also set up Twitter accounts purportedly representing local news organizations – including defunct ones – to take advantage of Americans’ greater trust of local news sources than national ones. These accounts operated for several years – one for the Chicago Daily News, closed since 1978, was created in May 2014 and collected 20,000 followers – passing along legitimate local news stories, likely seeking to win followers’ trust ahead of future disinformation campaigns. Shut down before they could fulfill that end, these accounts cleverly aimed to exploit the fact that many Americans’ political views cloud their ability to separate fact from opinion in the news.

These sorts of activities are functions of traditional espionage: Foment discord and then sit back while the target population becomes distracted arguing among themselves.

Fighting digital disinformation is hard

Analyzing, let alone countering, this type of provocative behavior can be difficult. Russia isn’t alone, either: The U.S. tries to influence foreign audiences and global opinions, including through Voice of America online and radio services and intelligence services’ activities. And it’s not just governments that get involved. Companies, advocacy groups and others also can conduct disinformation campaigns.

Unfortunately, laws and regulations are ineffective remedies. Further, social media companies have been fairly slow to respond to this phenomenon. Twitter reportedly suspended more than 70 million fake accounts earlier this summer. That included nearly 50 social media accounts like the fake Chicago Daily News one.

Facebook, too, says it is working to reduce the spread of “fake news” on its platform. Yet both companies make their money from users’ activity on their sites – so they are conflicted, trying to stifle misleading content while also boosting users’ involvement.

Real defense happens in the brain

The best protection against threats to the cognitive dimension of cyberspace depends on users’ own actions and knowledge. Objectively educated, rational citizens should serve as the foundation of a strong democratic society. But that defense fails if people don’t have the skills – or worse, don’t use them – to think critically about what they’re seeing and examine claims of fact before accepting them as true.

American voters expect ongoing Russian interference in U.S. elections. In fact, it appears to have already begun. To help combat that influence, the U.S. Justice Department plans to alert the public when its investigations discover foreign espionage, hacking and disinformation relating to the upcoming 2018 midterm elections. And the National Security Agency has created a task force to counter Russian hacking of election systems and major political parties’ computer networks.

The ConversationThese efforts are a good start, but the real solution will begin when people start realizing they’re being subjected to this sort of cognitive attack and that it’s not all just a hoax.

Richard Forno, Senior Lecturer, Cybersecurity & Internet Researcher, University of Maryland, Baltimore County

This article was originally published on The Conversation. Read the original article.

UMBC’s Sherman receives $5.4m in funding for¬†cybersecurity research and scholarships

UMBC receives $5.4m in funding for new cybersecurity projects

NSF and NSA Fund Three Cybersecurity Projects by Prof. Alan Sherman 

Professor Alan Sherman and colleagues were recently awarded more than $5.4 million dollars in three new grants to support cybersecurity research and education at UMBC, including two from the National Science Foundation (NSF) and one from the National Security Agency (NSA).  Dr. Sherman leads UMBC’s Center for Information Security and Assurance which was responsible for UMBC’s designation as a National Center of Academic Excellence in Cybersecurity Research and Education.

This summer, NSF funded Sherman’s second CyberCorps Scholarship for Service (SFS) grant (Richard Forno, CoPI) that will fund 34 cybersecurity scholars over five years and support research at UMBC and in the Cyber Defense Lab (CDL). The $5 million award supports scholarships for BS, MS, MPS, and PhD students to study cybersecurity through UMBC degree programs in computer science, computer engineering, cyber, or information systems. SFS scholars receive tuition, books, health benefits, professional expenses, and an annual stipend ($22,500 for undergraduates, $34,000 for graduate students). In return, each scholar must engage in a summer internship and work for government (federal, state, local, or tribal) for one year for each year of support. The program is highly competitive and many of the graduates now work for the NSA.

A novel aspect of UMBC’s SFS program is that it builds connections with two nearby community colleges—Montgomery College (MC) and Prince Georges Community College (PGCC). Each year, one student from each of these schools is selected for a scholarship. Upon graduation from community college, the student transfers to UMBC to complete their four-year degree. In doing so, UMBC taps into a significant pool of talent and increases the number of cybersecurity professionals who will enter government service. Each January, all SFS scholars from UMBC, MC, and PGCC engage in a one-week research study. Working collaboratively, they analyze a targeted aspect of the security of the UMBC computer system. The students enjoy the hands-on experience while helping to improve UMBC’s computer security. Students interested in applying for an SFS scholarship should consult the CISA SFS page and contact Professor Sherman. The next application deadline is November 15.

With $310,000 of support from NSF, Sherman and his CoPIs, Drs. Dhananjay Phatak and Linda Oliva, are developing educational Cybersecurity Assessment Tools (CATS) to measure student understanding of cybersecurity concepts. In particular, they are developing and validating two concept inventories: one for any first course in cybersecurity, and one for college graduates beginning a career in cybersecurity. These inventories will provide science-based criteria by which different approaches to cybersecurity education can be assessed (e.g., competition, gaming, hands-on exercises, and traditional classroom). This project is collaborative with the University of Illinois at Urbana-Champaign.

With $97,000 of support from NSA, Sherman is developing a virtual Protocol Analysis Lab that uses state-of-the-art tools to analyze cryptographic protocols for structural weaknesses. Protocols are the structured communications that take place when computers interact with each other, as for example happens when a browser visits a web page. Experience has shown that protocols are so complicated to analyze that there is tremendous value in studying them using formal methods. Sherman and his graduate students are making it easier to use existing tools including CPSA, Maude NPA, and Tamerin, applying them to analyze particular protocols, and developing associated educational materials.

talk: Robot Governance – Institutions and Issues, 10:30 Tue 7/24, ITR346


Robot Governance – Institutions and Issues


Dr. Aaron Mannes, ISHPI Information Technologies

10:30-11:30 Tuesday, 24 July 2018, ITE 346


Inexpensive sensors and information storage and processing have enabled the large-scale production of robots: autonomous systems capable of acting on the world. These systems represent an enormous technological and economic opportunity that will change society in countless and unpredictable ways. They will also bring new policy challenges. This presentation examines the missions the government will need to undertake to address the challenges raised by this new technology, identifies critical gaps the government faces in carrying out these missions, and discusses institutional options to address these gaps.



Dr. Aaron Mannes is the Senior Policy Advisor at ISHPI Information Technologies, where he supports the Apex Data Analytics Engine (DA-E) at the Department of Homeland Security Science and Technology Directorate. In supporting DA-E, Dr. Mannes collaborates on big data projects that support the Homeland Security Enterprise and researches technology policy. He started at DHS as an American Association for the Advancement of Science Policy Fellow in September 2015. From 2004 to 2015, Dr. Mannes was a researcher at the University of Maryland Institute for Advanced Computer Studies (UMIACS) where he was the subject matter expert on terrorism and international affairs collaborating with a team of inter-disciplinary scientists to build computational tools to support decision-makers facing 21st century security and development problems. Dr. Mannes earned his Ph.D. at the University of Maryland’s School of Public Policy in 2014. His dissertation topic was the evolving national security role of the vice president.

Dr. Mannes is the author or co-author of four books on terrorism and has written scores of articles, papers, and book chapters on an array of topics including Middle East affairs, terrorism, technology, and other international security issues for popular and scholarly publications including Politico, Policy Review, The Wall Street Journal, Foreign Policy, The Journal of International Security Affairs, The Huffington Post, The National Interest, The Jerusalem Post, and The Guardian.

This research was conducted with the support of the Apex Data Analytics Engine in the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). In no way should anything stated in this seminar be construed as representing the official position of DHS S&T or any other component of DHS. Opinions and findings expressed in this seminar, as well as any errors and omissions, are the responsibility of the presenter alone.

1 2 3 4 5 130