COVID-19 (Coronavirus)
UMBC campuses are closed, but courses are now online and employees are working remotely.

talk: Identifying and Addressing Concerning Behavior in the Digital Age, 12-1 Fri 5/8

two secret service agents confer

The UMBC Cyber Defense Lab presents

Identifying and Addressing Concerning
Behavior in the Digital Age

 

Jason W. Wells
Graduate Student, Cybersecurity MPS
University of Maryland, Baltimore County

12:00–1pm Friday, 8 May 2020, webex

 

The United States Secret Service (USSS) is widely known as the premier law enforcement agency that is charged with protecting some of the most important political figures in the world. Some of these protectees include the President of the United States, the Vice-President, the First Family and Second Family, and Heads of State visiting the United States, to name a few. A major part of the protective mission of the USSS is focused around “protective intelligence,” where agents are trained to identify concerning and threatening behavioral indicators in others, and then to address those issues in a proactive and positive manner and ensure that the community is safe from harm. This proactive methodology has been researched and applied for decades and has a very high rate of success. Now, other law enforcement agencies throughout the country have started to apply this training to their agents and officers. Can these methodologies be used and/or modified to recognize threats in cyberspace as well?


Jason Wells is a former special agent with the United States Secret Service, where he served for nine years from 2005 – 2014. During that time, Mr. Wells was extensively trained in identifying and addressing threat-related and concerning behavioral indicators, and how to address those behaviors in a positive and proactive manner. In 2016, Mr. Wells published his first book Our Path to Safety: A U.S. Secret Service Agent’s Guide to Creating Safe Communities (ISBN-13: 978-0-9982488-0-6) on how the community can identify these behavioral conditions in the same way that federal law enforcement does every day. Mr. Wells earned his undergraduate degree from the Virginia Military Institute and his first graduate degree from Henley-Putnam University in Strategic Security and Protection Management in 2014. Additionally, Mr. Wells has published 11 editorial articles in print media on improving safety and security methodologies in schools and businesses. Currently, he is an SFS scholarship graduate student at UMBC with plans to complete his degree in spring 2020. He and his wife, Blythe, have two children and have lived in Baltimore County since 2008.


Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings: May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, via WebEx.

talk: Cybersecurity during COVID-19 and other emergencies, 12-1 Tue May 5

talk: Cybersecurity during COVID-19 and other emergencies, 12-1 Tue May 5

The UMBC Center for Cybersecurity (UCYBR) Presents

Cybersecurity during COVID-19 and other emergencies

Dr. Richard Forno
Senior Lecturer, Computer Science & Electrical Engineering
Director, UMBC Graduate Cybersecurity Program & Assistant Director, UMBC Center for Cybersecurity

12–1 pm Tuesday, 5 May 2020
online via webex

‘Cyber’ touches many, if not all, parts of society and organizations. However, even in 2020, cybersecurity often still is seen as exclusively a function of IT and not a function of enterprise mission assurance or operational resiliency. Accordingly, operational performance can be compromised by a failure to consider, if not embrace, cybersecurity principles and concerns during crisis planning – which can significantly impede effective crisis response and incident management during actual events and make a bad situation even worse. This talk will discuss the role of cybersecurity and cybersecurity thinking within crisis management and incident handling, with a particular emphasis on maintaining operational resiliency and mission assurance during the ongoing COVID-19 pandemic.


Dr. Richard Forno is a Senior Lecturer in the UMBC Department of Computer Science and Electrical Engineering, where he directs the UMBC Graduate Cybersecurity Program and serves as the Assistant Director of UMBC’s Center for Cybersecurity. Prior to joining UMBC in 2010, his twenty-year career in operational cybersecurity spanned the government, military, and private sector, including helping build a formal cybersecurity program for the US House of Representatives, serving as the first Chief Security Officer for Network Solutions (then, the global center of the internet DNS system), consulting to Fortune 100 companies, and more. From 2005-12 he was a Visiting Scientist at the Software Engineering Institute at Carnegie Mellon University, where he taught courses on incident handling for the CERT Coordination Center (CERT/CC).

Talk: Lance Hoffman (GWU) Cyber Policy Challenges, 12-1pm 4/24 online

The UMBC Cyber Defense Lab presents

Cyber Policy Challenges

Lance J. Hoffman
Distinguished Professor, George Washington University

12–1:00 pm, Friday, 24 April 2020

remotely via WebEx


System attackers and defenders operate on a constantly changing battlefield, and some of the more serious conflicts involving nation-states could be considered acts of war, though we are still in the early stages of defining war in cyberspace. Policies for security and privacy can vary wildly, and have important personal, national, and global consequences for privacy, free speech, censorship, and other issues. Things get even more complicated with the advent of the Internet of Things, where (mostly unsophisticated) users may think they have more control than they actually do and can make bad mistakes. Various ethical issues related to the development of these systems, including bias in artificial intelligence and what harm to choose when harm is unavoidable have only started to be examined. This talk will provide both historical context and some discussion of topical issues such as Zoombombing and the security of electronic voting systems as compared to mail ballots and traditional voting.


Professor Lance J. Hoffman is the author or editor of numerous articles and five books on computer security and privacy. He developed the first regularly offered course on computer security at the University of California, Berkeley in 1970. A Fellow of the Association for Computing Machinery and a member of the Cyber Security Hall of Fame, Dr. Hoffman institutionalized the ACM Conference on Computers, Freedom, and Privacy. He has served on a number of Advisory Committees including those of Federal Trade Commission and the Department of Homeland Security and has testified before Congress on security and privacy-related issues. He is the principal investigator of the CyberCorps program at GWU. Dr. Hoffman earned his Ph. D. in Computer Science from Stanford University, after a B.S. in Mathematics from Carnegie Mellon University.


Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL meetings: May 8, Jason Wells (UMBC SFS scholar) law enforcement; May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE456

online talk: Opal Hard Drives for Ransomware Resilience

The UMBC Cyber Defense Lab presents

Opal Hard Drives for Ransomware Resilience

Russ Fink, Ph.D.
Senior Staff, the Johns Hopkins University / Applied Physics Laboratory

12:00–1 pm,  Friday, 10 April 2020
via WebEx: umbc.webex.com/meet/sherman

 

Ransomware is crippling industry and government alike.  Paying the ransom doesn’t guarantee you’ll get your files back, but it funds the criminals who will continue on. Restoring from traditional network backups takes time, and never gets you back to the system you had before the attack.  In response, we have developed a resilient, local malware restore and recovery capability, capable of quickly restoring OS images onto “bare metal” after an attack or misconfiguration, useful for many applications.

I will discuss the technical details, including a description of the Opal hard drive specification, the Trusted Computing Group’s Trusted Platform Module (TPM), and how we secure secrets needed for WUBU – Wake-Up-Back-Up.  I’ll talk through some of the open-source technologies that we used to build our solution.  WebEx willing, I will give a live demonstration of a ShinoLocker ransomware infection, followed by an “as if nothing ever happened” recovery that takes only ten minutes.

Russ Fink is a senior staff member at the Johns Hopkins University / Applied Physics Laboratory.  His research interests include computational private information retrieval, trusted computing applications, applied cryptography, and enterprise and mission cyber resiliency techniques.  He earned a Ph.D. in computer science from UMBC in 2010 working with Dr. Alan Sherman.  email: 

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.  The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.  Upcoming CDL Meetings:

  • Apr 24, Lance Hoffman (GWU), policy
  • May 8, Jason Wells (UMBC SFS scholar), law enforcement
  • May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

Online Talks Double Feature: Blockchain and Network Defense, 12-2 Fri 3/27, UMBC

UMBC will hold a double feature with two online security-oriented talks from 12:00 pm to 2:00 pm EDT on Friday, March 27. Both talks will be shared via Webex.





From 1:00-2:00 pm, Professor Dr. John Mitchell of Stanford University will give a Lockheed Martin Distinguished lecture on “Will Blockchain Change Everything“. Join the presentation online at 1:00 pm EDT at https://umbc.webex.com/meet/joshi.

Far from serving only as a foundation for cryptocurrency, blockchain technology provides a general framework for trusted distributed ledgers. Over the past few years, their popularity has grown tremendously, as shown by the number of companies and efforts associated with the Linux Foundation’s Hyperledger project, for example. From a technical standpoint, a blockchain combines a storage layer, networking protocols, a consensus layer, and a programmable transaction layer, leveraging cryptographic operations. The distributed state machine paradigm provides atomicity and transaction rollback, while consensus supports distributed availability as well as certain forms of fair access. From an applications perspective, blockchains appeal to distributed networks of independent agents, as arise in supply chain, credentialing, and decentralized financial services. The talk will look at the potential for radical change as well as specific technical challenges associated with verifiable consensus protocols and trustworthy smart contracts.





From 12:00-1:00 pm EDT Col. Dan Yaroslaski, a former operations officer at the Marine Forces Cyberspace Command will talk on “Hard-Learned Lesson in Defense of a Network“. You can join the presentation online at 12:00 pm at https://umbc.webex.com/meet/sherman.

Often network defenders fail to take into account organizational culture when attempting to provide a secure, reliable, and usable enterprise network. Users and process leaders often fall victim to the false allure of the value of networked systems, without asking the question, “Should this be networked?” Collectively, organizations also forget that networks are a combination of the humans who use the network, the personas we all have to form to gain access to this manmade domain, and the interplay of logical and physical network architecture manifested in geographical locations. The value of some simple military principles—including defense-in-depth, mission focus, redundancy, and resiliency versus efficiency—can help a network defender better advise everyone from the “C Suite” decision-makers to the average network user, on how to have a secure network while accepting reasonable limitations.

Webex talk: John Mitchell: Will Blockchain Change Everything? Fri 3/27 1-2pm

Lockheed Martin Distinguished Speaker Series

Will Blockchain Change Everything?

Dr. John Mitchell
Mary and Gordon Crary Family Professor
Departments of Computer Science & Electrical Engineering
Stanford University

1:00-2:00pm EST, Friday, 27 March 2020
Webex meeting hosted by Anupam Joshi
https://umbc.webex.com/meet/joshi

Far from serving only as a foundation for cryptocurrency, blockchain technology provides a general framework for trusted distributed ledgers. Over the past few years, their popularity has grown tremendously, as shown by the number of companies and efforts associated with the Linux Foundation’s Hyperledger project, for example. From a technical standpoint, a blockchain combines a storage layer, networking protocols, a consensus layer, and a programmable transaction layer, leveraging cryptographic operations. The distributed state machine paradigm provides atomicity and transaction rollback, while consensus supports distributed availability as well as certain forms of fair access. From an applications perspective, blockchains appeal to distributed networks of independent agents, as arise in supply chain, credentialing, and decentralized financial services. The talk will look at the potential for radical change as well as specific technical challenges associated with verifiable consensus protocols and trustworthy smart contracts.

John Mitchell is the Mary and Gordon Crary Family Professor in the School of Engineering, Professor of Computer Science, co-director of the Stanford Computer Security Lab, and Professor (by courtesy) of Education. He was Vice Provost at Stanford University from 2012 to 2018. Mitchell’s research focusses on programming languages, computer, and network security, privacy, and education. He has published over 200 research papers, served as editor of eleven journals, including Editor-in-Chief of the Journal of Computer Security, and written two books. He has led research projects funded by numerous organizations and served as advisor and consultant to successful small and large companies. His first research project in online learning started in 2009 when he and six undergraduate students built Stanford CourseWare, an innovative platform that served as the foundation for initial flipped classroom experiments at Stanford and helped inspire the first massive open online courses (MOOCs) from Stanford. Professor Mitchell currently serves as Chair of the Stanford Department of Computer Science.

Webex Talk: Hard-Learned Lesson in Defense of a Network, 12-1 Fri 3/27

The UMBC Cyber Defense Lab presents

Hard-Learned Lesson in Defense of a Network

Dan Yaroslaski
Former Operations Officer at Marine Forces Cyberspace Command, Colonel, USMC


12–1:00pm, Friday, 27 March 2020
WebEx: https://umbc.webex.com/meet/sherman

Often network defenders fail to take into account organizational culture when attempting to provide a secure, reliable, and usable enterprise network. Users and process leaders often fall victim to the false allure of the value of networked systems, without asking the question, “Should this be networked?” Collectively, organizations also forget that networks are a combination of the humans who use the network, the personas we all have to form to gain access to this manmade domain, and the interplay of logical and physical network architecture manifested in geographical locations. The value of some simple military principles—including defense-in-depth, mission focus, redundancy, and resiliency versus efficiency—can help a network defender better advise everyone from the “C Suite” decision-makers to the average network user, on how to have a secure network while accepting reasonable limitations.

Colonel Dan Yaroslaski is a career Marine with over 30 years of service to the nation. He started as an enlisted anti-armor missileman, who then became an Assault Amphibian Vehicle Officer (AAV’s are 27 Ton armored amphibious descendants of the WW II vehicles used from Tarawa to Iwo Jima). He has made a career of integrating technology and human beings to form cohesive combat organizations. Dan’s diverse career placed him at the forefront of high-end, top-secret compartmentalized planning and execution, to the extremely human act of advising an Afghan National Army Kandak (Battalion). During his five-year tenure at Marine Forces Cyberspace Command, he successfully architected new techniques that took advantage of boundary defenses, to new and innovative ways to integrate traditional warfare methods with cyberspace operations, as highlighted in a recent NPR story about USCYBERCOM’s Operation GLOWING SYMPHONY. Dan also spent time creating effective policy directing network operations and defense, to include an extremely frustrating year negotiating the interplay of network operations, operations in the information environment, and Marine Corps culture. Dan and his wife are now empty nesters, so they spend an enormous amount of time nurturing two dogs to fill the void left by their children. As the Rolling Stones point out, “What a drag it is getting old.”

Host: Alan T. Sherman,

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:

  • Apr 10, Russ Fink (APL), ransomware
  • Apr 24, Lance Hoffman (GWU), policy
  • May 8, Jason Wells (UMBC SFS scholar), law enforcement
  • May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

talk: Autonomous Agents, Deep Learning, and Graphs for Cyber Defense, 12-1 Fri. 3/13

The UMBC Cyber Defense Lab presents

Autonomous Agents, Deep Learning,
and Graphs for Cyber Defense

Dr. Hasan Cam
Army Research Laboratory

12–1 pm Friday, 13 March 2020, ITE 227, UMBC


Cyber resilience usually refers to the ability of an entity to detect, respond to, and recover from cybersecurity attacks to the extent that the entity can continuously deliver the intended outcome despite their presence. Cybersecurity tools such as intrusion detection and prevention systems usually generate far too many alerts, indicators or log data, many of which do not have obvious security implications unless their correlations and temporal causality relationships are determined. In this talk, I will present methods to first estimate the infected and exploited assets and then take recovery and preventive actions using autonomous agents, deep learning, and graphs. Autonomous adversary and defender agents are designed such that the adversary agent can infer the adversary activities and intentions, based on cybersecurity observations and measurements, while the defender agent aims at estimating the best reactive and pro-active actions to protect assets and mitigate the adversary activities. The graph thinking and causality analysis of cyber infection and exploitation helps predict the infection states of some assets. This prediction data of infections is taken as input data by deep reinforcement learning to train agents for determining effective actions. This talk will discuss some preliminary results from the development of building an automated system of autonomous agents to provide cyber resiliency over networks.

Hasan Cam is a Computer Scientist at US Army Research Laboratory. He currently works on the projects involved with autonomous agents, active malware defense, cyber resiliency, and risk assessment over wired, mobile, and tactical networks. His research interests include cybersecurity, machine learning, data analytics, networks, algorithms, and parallel processing. He served as the government lead for the Risk area in Cyber Collaborative Research Alliance. He has previously worked as a faculty member in academia and a senior research scientist in the industry. He has served as an editorial member of two journals, a guest editor of two special issues of journals, an organizer of symposiums and workshops, and a Technical Program Committee Member in numerous conferences. He received a Ph.D. degree in electrical and computer engineering from Purdue University, and an M.S. degree in computer science from Polytechnic University, New York. He is a Senior Member of IEEE.

Host: Alan T. Sherman,

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:

  • Mar 27, Dan Yaroslaski, cybercommand
  • Apr 10, Russ Fink (APL), ransomware
  • Apr 24, Lance Hoffman (GWU), policy
  • May 8, Jason Wells, law enforcement
  • May 22, Spring SFS Meeting at UMBC, 9:30-2, ITE 456

❌ Canceled: UMBC Data Science Meetup: Rapid Data Exploration with Apache Drill ❌

❌ Canceled: UMBC Data Science Meetup:
Rapid Data Exploration with Apache Drill

5:30-7:00 pm 11 March 2020, UC 310, UMBC

Join Charles Givre for a hands-on introduction to data exploration with Apache Drill. Becoming a data-driven business means using all the data you have available, but a common problem in many organizations is that data is not optimally arranged for ad-hoc analysis. Through a combination of lecture and hands-on exercises, you’ll gain the ability to access previously inaccessible data sources and analyze them with ease. You’ll learn how to use Drill to query and analyze structured data, connect multiple data sources to Drill, and perform cross-silo queries. Study after study shows that data scientists and analysts spend between 50% and 90% of their time preparing their data for analysis. Using Drill, you can dramatically reduce the time it takes to go from raw data to insight. This workshop will show you how.

UMBC University Center, Room 310
March 11, 2020, from 5:30 pm to 7:00 pm
(5:30 – 6:00 pm) Social
(6:00 – 6:50 pm) Workshop: Rapid Data Exploration with Apache Drill
(6:50 – 7:00 pm) Question and Answer Session

Register on the Meetup page.

Note that we formally end our Q&A session at 7 pm (so that graduate students can catch their classes starting at 7:10 pm) but in our previous events we’ve seen that one-on-one and group discussions with the speaker(s) continue even after Q&A session

Speaker: Mr. Charles Givre works as a manager at JP Morgan Chase. Prior to joining Deutsche Bank, Mr. Givre worked as a Senior Lead Data Scientist for Booz Allen Hamilton for the last seven years where he works in the intersection of cybersecurity and data science. Mr. Givre taught data science classes at BlackHat, the O’Reilly Security Conference, the Center for Research in Applied Cryptography and Cyber Security at Bar Ilan University. One of Mr. Givre’s research interests is increasing the productivity of data science and analytic teams, and towards that end, he has been working extensively to promote the use of Apache Drill in security applications and is a committer and PMC Chair for the Drill project. Mr. Givre teaches online classes for O’Reilly about Drill and Security Data Science and is a coauthor for the O’Reilly book Learning Apache Drill. Mr. Givre holds a Masters Degree in Middle Eastern Studies from Brandeis University, as well as a Bachelors of Science in Computer Science and a Bachelor’s of Music both from the University of Arizona. He blogs at thedataist.com and tweets @cgivre.

Complimentary food, such as pizza and chips, and non-alcoholic beverages will be provided

Visitor parking spaces are located at Administration Drive Garage upper level, Commons Garage first level, Walker Avenue Garage upper level, Lot 9 and Lot 7 on Walker Avenue. Visitors do not need to pay for parking after 4:00 pm.

Join the UMBC Data Science Meetup group and register for this event here.

talk: Hardware Security Kernel for Managing Memory and Instruction Execution, 12pm Fri 2/28

The UMBC Cyber Defense Lab presents

Hardware Security Kernel for Managing Memory and Instruction Execution

 Patrick Jungwirth, PhD

Computational and Information Sciences Directorate
Army Research Lab, Aberdeen Proving Ground, USA

12–1 pm Friday, 28 February 2020, ITE 227, UMBC

The cybersecurity world faces multiple attack vectors from hardware-level exploits, including cache bank malicious operations, rowhammer, Spectre, Meltdown, and Foreshadow attacks, and software-based attacks including buffer-overflows, et al.  Hardware-level exploits bypass protections provided by software-based separation kernels.  Current microprocessor execution pipelines are not designed to understand security:  they treat malicious instructions, software bugs, and harmless code the same. This presentation explores adding a hardware-level security monitor below the execution pipeline [1,2,3].

[1] P. Jungwirth, et al.:  “Hardware security kernel for cyber-defense,” Proc. SPIE 11013, Disruptive Technologies in Information Sciences II, 110130J, Baltimore 10 May 2019); https://doi.org/10.1117/12.2513224
[2] P. Jungwirth, and J. Ross:  “Security Tag Fields and Control Flow Management,” IEEE SouthEastCon 2019, Huntsville, AL, April 2019.
[3] P. Jungwirth and D. Hahs:  “Transfer Entropy Quantifies Information Leakage,” IEEE SouthEastCon 2019, Huntsville, AL, April 2019.

About the SpeakerDr. Jungwirth is a computer architecture researcher at the Army Research Lab.  Previously he worked for the Aviation and Missile, RDEC in Huntsville, AL.  Currently, he is researching hardware state machines to provide simple operating system support (monitor) and control flow integrity in hardware.  Dr. Jungwirth is co-inventor of the OS Friendly Microprocessor Architecture, US Patent 9122610.  The OS Friendly Microprocessor Architecture includes hardware security features for an operating system and supports near single-cycle context switches in hardware. Email: 

Host: Alan T. Sherman, 

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

Upcoming CDL Meetings:

Mar 13, Hasan Cam, autonomous agents
Mar 27, Dan Yaroslaski, cybercommand
Apr 10, Russ Fink (APL), ransomware
Apr 24, TBA
May 8, Jason Wells, law enforcement
May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

1 2 3 54