talk: Results of a student study of UMBC computer systems security

The UMBC Cyber Defense Lab presents

 

Results from the January 2018 SFS Research Study at UMBC

Enis Golaszewski, CSEE, UMBC

12:00-1:00pm Friday, 12 October 2018, ITE 227

January 22-26, 2018, UMBC SFS scholars worked collaboratively to analyze the security of a targeted aspect of the UMBC computer system. The focus of this year’s study was the WebAdmin module that enables users to perform various functions on their accounts, including changing the password. Students identified vulnerabilities involving failure to sanitize user input properly and suggested mitigations. Participants comprised BS, MS, MPS, and PhD students studying computer science, computer engineering, information systems, and cybersecurity, including SFS scholars who transferred from Montgomery College (MC) and Prince George’s Community College (PGCC) to complete their four-year degrees at UMBC. We hope that other universities can benefit from our motivational and educational strategy of cooperating with the university’s IT staff to engage students in active project-based learning centering on focused questions about the university computer system.

Enis Golaszewski is a PhD student and SFS scholar in computer science working with Dr. Sherman on blockchain, protocol analysis, and the security of software-defined networks.

This project was supported in part by the National Science Foundation under SFS grant 1241576.

Host: Alan T. Sherman,

The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public.

MD-AI Meetup holds 1st event at UMBC 6-8pm Wed 10/3, 7th floor library


MD-AI Meetup holds 1st event at UMBC
6-8pm Wed 10/3, 7th floor library

 

A new Maryland-based meetup interest group has been established for Artificial Intelligence (MD-AI Meetup) and will have its first meeting at UMBC this coming Wednesday (Oct 3) from 6:00-8:00pm in the 7th floor of the library.  The first meeting will feature a talk by UMCP Professor Phil Resnik on the state of NLP and an AI research agenda.  Refreshments will be provided.  The meetup is organized by Seth Grimes and supported by TEDCO, local AI startup RedShred, and the Maryland Tech Council.

If you are interested in attending this and possibly future meetings (which will probably be monthly), go to the Meetup site and join (it’s free) and RSVP to attend this meeting (if there’s still room).  If you join the meetup and RSVP, you can see who’s registered to attend.

These meetups are good opportunities to meet and network with people in the area who share interests. It’s a great opportunity for students who are will be looking for internships or jobs in the coming year.

talk: NSF Advanced Cyberinfrastructure Research Workforce Development and Education Programs

UMBC Information Systems Department

Innovations in NSF Advanced Cyberinfrastructure Research Workforce Development and Education Programs

Dr. Sushil K. Prasad
National Science Foundation

2:00pm Tuesday, 18 September 2018, ITE459, UMBC

The National Science Foundation Office of Advanced Cyberinfrastructure (OAC) has growing research and education programs, including programs for early career multidisciplinary faculty such as CAREER and CISE Research Initiation Initiative (CRII). OAC is pleased to announce its newest program, its core research program solicitation (NSF 18-567), with the goals of supporting all aspects of advanced cyberinfrastructure (CI) research that will significantly impact the future capabilities of advanced research CI, as well as the research career paths of computer as well as computational and data-driven scientists and engineers. Through this solicitation, OAC seeks to foster the development of new knowledge in the innovative design, development, and utilization of robust research CI. The OAC core research areas include architectures and middleware for extreme-scale systems, scalable algorithms and applications, including simulation and modeling, and the advanced CI ecosystem, including tools and sociotechnical aspects.

OAC also introduced a CyberTraining program (NSF 18-516) for education and training aimed to fully prepare scientific workforce for nation’s research enterprise to innovate and utilize high performance computing resources, tools and methods. The community response in its two rounds of competition have exceeded expectations. OAC also has programs for research training of undergraduate students (REU sites).

I will introduce these and share some of the recent awards. I will also touch on other OAC opportunities in cyberinfrastructure including those on high performance computing (HPC) hardware, software, data, networking and security, and on NSF’s ten big ideas, including Harnessing the Data Revolution.


Sushil K. Prasad is a Program Director at National Science Foundation in its Office of Advanced Cyberinfrastructure (OAC) in the Computer and Information Science and Engineering (CISE) directorate leading its emerging research and education programs such as CAREER, CRII, Expeditions, CyberTraining, and the most-recently introduced OAC-Core research. He is an ACM Distinguished Scientist and a Professor of Computer Science at Georgia State University. He is the director of Distributed and Mobile Systems Lab carrying out research in Parallel, Distributed, and Data Intensive Computing and Systems. He has been twice-elected chair of IEEE-CS Technical Committee on Parallel Processing (TCPP), and leads the NSF-supported TCPP Curriculum Initiative on Parallel and Distributed Computing for undergraduate education.

talk: Phishing in an Academic Community, a Study of User Susceptibility and Behavior

The UMBC Cyber Defense Lab

Phishing in an Academic Community:
a Study of User Susceptibility and Behavior

Alejandra Diaz
University of Maryland, Baltimore County

12:00–1:00pm, Friday, 14 September 2018, ITE 227

(joint work with Alan T. Sherman Anupam Joshi)

We present an observational study on the relationship between demographic factors and phishing susceptibility at the University of Maryland, Baltimore County (UMBC). From March through May 2018, we performed three experiments that delivered phishing attacks to 450 randomly-selected students on three different days (1,350 students total) to examine user click rates and demographics within UMBC’s undergraduate student population. The participants were initially unaware of the study. We deployed the Billing Problem, Contest Winner, and Expiration Date phishing tactics. Experiment 1 impersonated banking authorities; Experiment 2 enticed users with monetary rewards; and Experiment 3 threatened users with account cancellation.

We found correlations resulting in lowered susceptibility based on college affiliation, academic year progression, cyber training, involvement in cyber clubs or cyber scholarship programs, amount of time spent on the computer, and age demographics. We found no significant correlation between gender and susceptibility. Contrary to our expectations, we observed an inverse correlation between phishing awareness and student resistance to clicking a phishing link. Students who identified themselves as understanding the definition of phishing had a higher susceptibility rate than did their peers who were merely aware of phishing attacks, with both groups of students having a higher susceptibility rate than those with no knowledge whatsoever. Overall, approximately 70% of the students who opened a phishing email clicked on it.

Alejandra Diaz () is a cyber software engineer at Northrop Grumman. She earned her BS in computer science from UMBC with a concentration in cybersecurity in May 2017, and her MS in computer science in August 2018. As a Cyber Scholar and a Society of Women Studying Information Security Scholar, she has a special interest in the human aspects of cybersecurity.

Host: Alan T. Sherman,

Support for this research was provided in part by the National Science Foundation under SFS grant 1241576, the U.S. Department of Defense under CAE grant H988230-17-1-0349, and IBM.

talk: Ballerina, a modern programming language focused on integration, 2pm Thr 9/6, ITE325

Ballerina, a modern programming language
focused on integration

Dr. Sanjiva Weerawarana
Founder, Chairman and Chief Architect, WSO2

2:00-3:00pm, Thursday, 6 September 2018, ITE325, UMBC

Ballerina is a concurrent, transactional, statically typed programming language. It provides all the functionality expected of a modern, general purpose programming language, but it is designed specifically for integration: it brings fundamental concepts, ideas and tools of distributed system integration into the language with direct support for providing and consuming network services, distributed transactions, reliable messaging, stream processing, security and workflows. It is intended to be a pragmatic language suitable for mass-market commercial adoption; it tries to feel familiar to programmers who are used to popular, modern C-family languages, notably Java, C# JavaScript.

Ballerina’s type system is much more flexible than traditional statically typed languages. The type system is structural, has union types and open records with optional/mandatory fields. This flexibility allows it also to be used as a schema for the data that is exchanged in distributed applications. Ballerina’s data types are designed to work particularly well with JSON; any JSON value has a direct, natural representation as a Ballerina value. Ballerina also provides support for XML and relational data.

Ballerina’s concurrency model is built on the sequence diagram metaphor and offers simple constructs for writing concurrent programs. Its type system is a modern type system designed with sufficient power to describe data that occurs in distributed applications. It also includes a distributed security architecture to make it easier to write applications that are secure by design.

Ballerina is designed for modern development practices with a modularity architecture based on packages that are easily shared widely. Version management, dependency management, testing, documentation, building and sharing are part of the language design architecture and not left for later add-on tools. The Ballerina standard library is in two parts: the usual standard library level functionality (akin to libc) and a standard library of network protocols, interface standards, data formats, authentication/authorization standards that make writing secure, resilient distributed applications significantly easier than with other languages.

Ballerina has been inspired by Java, Go, C, C++, Rust, Haskell, Kotlin, Dart, Typescript, Javascript, Swift and other languages. This talk will discuss the core principles behind Ballerina including the semantics of combining aspects of networking, security, transactions, concurrency and events into a single architecture.


Sanjiva Weerawarana founded WSO2 in 2005 with a vision to reinvent the way enterprise middleware is developed, sold, delivered, and supported through an open source model. Prior to starting WSO2, Sanjiva worked for nearly eight years in IBM Research, where he focused on innovations in middleware and emerging industry standards. At IBM, he was one of the founders of the Web services platform, and he co-authored many Web services specifications, including WSDL, BPEL4WS, WS-Addressing, WS-RF, and WS-Eventing. In recognition for his company-wide technical leadership, Sanjiva was elected to the IBM Academy of Technology in 2003.

Sanjiva also has been committed to open source development for many years. An elected member of the Apache Software Foundation, Sanjiva was the original creator of Apache SOAP, and he has contributed to Apache Axis, Apache Axis2 and most Apache Web services projects.

In 2003, Sanjiva founded the Lanka Software Foundation (LSF), a non-profit organization formed with the objective of promoting open source development, not usage, by Sri Lankan developers. He is currently its chief scientist and a director. LSF’s success stories include many Apache Web services projects and Sahana, the predominant disaster management system in the world. In recognition of his role in promoting open source participation from developing countries, Sanjiva was elected to the board of the Open Source Initiative (OSI) in April 2005, where he served for two years.

Sanjiva also teaches and guides student projects part-time in the Computer Science & Engineering department of the University of Moratuwa, and he is a member of the university’s Faculty of Engineering Industry consultative board. Prior to joining IBM, Sanjiva spent three years at Purdue University as visiting faculty, where he received his Ph.D. in Computer Science in 1994.

talk: Methods and Models: Data Science for Campus Parking, 11:15am Mon 8/13

Methods and Models: Data Science for Campus Parking

Professor John Hoag
Associate Professor, Ohio University
11:15-12:15pm Monday, 13 August 2018 in ITE 325B

How can data science improve the parking experience for students, faculty, and staff? Or are there other motives at work? This talk will define and approach this perennial campus problem from perspectives of telematics and modeling, starting with the “Smart Cities” life cycle of data collection and analysis – from best practices through optimization. Next, we will consider relevant probabilistic models and their implementations over a century of study. We will conclude by discussing unintended consequences such as LPRs and other outcomes.

Dr. John Hoag is Associate Professor of Information and Telecommunication Systems at Ohio University in Athens, OH. He earned Ph.D. and M.S. Degrees in Operations Research from Ohio State University and holds a Bachelor’s degree in Computer Science. His current portfolio can be termed Smart Cities, which subsumes transportation, energy, finance, public health, and more, for which he is forming interdisciplinary public-private teams whose scope encompasses data collection, telemetry, storage, and analysis. The Smart Cities displaced work he started in bioinformatics and translational biomedical science, where his efforts focused on computational complexity and system performance. He maintains an adjunct appointment in EECS at Case Western Reserve University.

Host: Dr. Richard Forno ()

talk: Robot Governance – Institutions and Issues, 10:30 Tue 7/24, ITR346

 

Robot Governance – Institutions and Issues

 

Dr. Aaron Mannes, ISHPI Information Technologies

10:30-11:30 Tuesday, 24 July 2018, ITE 346

 

Inexpensive sensors and information storage and processing have enabled the large-scale production of robots: autonomous systems capable of acting on the world. These systems represent an enormous technological and economic opportunity that will change society in countless and unpredictable ways. They will also bring new policy challenges. This presentation examines the missions the government will need to undertake to address the challenges raised by this new technology, identifies critical gaps the government faces in carrying out these missions, and discusses institutional options to address these gaps.

 


 

Dr. Aaron Mannes is the Senior Policy Advisor at ISHPI Information Technologies, where he supports the Apex Data Analytics Engine (DA-E) at the Department of Homeland Security Science and Technology Directorate. In supporting DA-E, Dr. Mannes collaborates on big data projects that support the Homeland Security Enterprise and researches technology policy. He started at DHS as an American Association for the Advancement of Science Policy Fellow in September 2015. From 2004 to 2015, Dr. Mannes was a researcher at the University of Maryland Institute for Advanced Computer Studies (UMIACS) where he was the subject matter expert on terrorism and international affairs collaborating with a team of inter-disciplinary scientists to build computational tools to support decision-makers facing 21st century security and development problems. Dr. Mannes earned his Ph.D. at the University of Maryland’s School of Public Policy in 2014. His dissertation topic was the evolving national security role of the vice president.

Dr. Mannes is the author or co-author of four books on terrorism and has written scores of articles, papers, and book chapters on an array of topics including Middle East affairs, terrorism, technology, and other international security issues for popular and scholarly publications including Politico, Policy Review, The Wall Street Journal, Foreign Policy, The Journal of International Security Affairs, The Huffington Post, The National Interest, The Jerusalem Post, and The Guardian.

This research was conducted with the support of the Apex Data Analytics Engine in the Department of Homeland Security (DHS) Science and Technology Directorate (S&T). In no way should anything stated in this seminar be construed as representing the official position of DHS S&T or any other component of DHS. Opinions and findings expressed in this seminar, as well as any errors and omissions, are the responsibility of the presenter alone.

talk: Big Data, Security and Privacy, 11am Wed 5/16

Big Data, Security and Privacy

Prof. Bhavani Thuraisingham, University of Texas at Dallas
11:00-12:00 Wednesday, 16 May 2018, ITE 459, UMBC

The collection, storage, manipulation and retention of massive amounts of data have resulted in serious security and privacy considerations. Various regulations are being proposed to handle big data so that the privacy of the individuals is not violated. For example, even if personally identifiable information is removed from the data, when data is combined with other data, an individual can be identified. This is essentially the inference and aggregation problem that data security researchers have been exploring for the past four decades. This problem is exacerbated with the management of big data as different sources of data now exist that are related to various individuals.

While collecting massive amounts of data causes security and privacy concerns, big data analytics applications in cyber security is exploding. For example, an organization can outsource activities such as identity management, email filtering and intrusion detection to the cloud. This is because massive amounts of data are being collected for such applications and this data has to be analyzed. The question is, how can the developments in big data management and analytics techniques be used to solve security problems? These problems include malware detection, insider threat detection, and intrusion detection.

To address the challenges of big data security and privacy as well as big data analytics for cyber security applications, we organized a workshop sponsored by the National Science Foundation in September 2014 and presented the results in 2015 at an inter-agency workshop in Washington DC. Since then several developments have been reported on big data security and privacy as well as on big data analytics of cyber security. This presenting will summarize the findings of the workshop and discuss the developments and directions.


Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) and the Executive Director of UTD’s Cyber Security Research and Education Institute since October 2004. She is also a Senior Research Fellow at Kings College, University of London (2015-2018) and a New America Cyber Security Policy Fellow (2017-2018). Her current research is on integrating cyber security and data science. Prior to joining UTD she worked at the MITRE Corporation for 16 years including a three-year stint as a Program Director at the NSF. She initiated the Data and Applications Security program at NSF and was a member of the Cyber Trust theme. While at MITRE she was a department head and was also a technical advisor to the DoD, the NSA, the CIA, and the IRS. Prior to that, she worked for the commercial industry for six years including at Honeywell, Inc. She is the recipient of numerous awards including the IEEE CS 1997 Technical Achievement Award, the IEEE ISI 2010 Research Leadership Award, ACM SIGSAC 2010 Outstanding Contributions Award, SDPS 2012 Transformative Achievement Gold Medal, 2013 IBM Faculty Award, ACM CODASPY 2017 Innovative and Lasting Research Contributions Award, IEEE CS Services Computing 2017 Research Innovation Award, and Dallas Business Journal 2017 Women in Technology Award. She is a 2003 Fellow of the IEEE and the AAAS and a 2005 Fellow of the British Computer Society. She has published over 120 journal articles, 250 conference papers, 15 books, has delivered over 130 keynote and featured addresses, and is the inventor of six US patents. She has chaired/co-chaired top tier conferences including the Women in Cyber Security (WiCyS) 2016, ACM CCS 2017, and is serving as the Program co-Chair for IEEE ICDM 2018. She also delivered a featured address at the Women in Data Science (WiDS) conference in 2018. She received her PhD at the University of Wales, Swansea, UK, and the earned higher doctorate (D. Eng) from the University of Bristol, England, UK for her published research in secure data management.

Meet Your Professor Series: Marie desJardins, 12-1 Wed. May 2, ITE239

Meet Your Professor Series: Marie desJardins

Join the CS Education Club for its fourth and final installment of the Meet Your Professor series this semester featuring Dr. Marie desJardins. The series provides students with the opportunity to learn more about their professors, including how they achieved their position, what they believe makes an effective teacher, what research they conduct, and more!

Dr. Marie desJardins is Associate Dean of Academic Affairs in the College of Engineering and Information Technology, and Professor in the Department of Computer Science and Electrical Engineering, at the University of Maryland, Baltimore County.  Prior to joining the faculty in 2001, Dr. desJardins was a senior computer scientist at SRI International in Menlo Park, California.  Her research is in artificial intelligence, focusing on the areas of machine learning, multi-agent systems, planning, interactive AI techniques, information management, reasoning with uncertainty, and decision theory.  She has mentored 13 Ph.D. students, 27 M.S. students, and nearly 100 undergraduate researchers.   She is also active in the CS education community, chairs the Maryland Steering Committee for Computer Science Education, and frequently serves as a mentor and invited speaker at CS education and outreach events.

The event is Wednesday 5/2 from 12:00-12:50 in ITE 239. Light refreshments will be provided. Bring questions!

talk: SPARCLE: Practical Homomorphic Encryption, 12pm Fri 4/27

UMBC Cyber Defense Lab

SPARCLE: Practical Homomorphic Encryption

Russ Fink

Senior Scientist
Johns Hopkins University / Applied Physics Laboratory

12:00–1:00pm Friday, April 27, 2018, ITE 237, UMBC

In the newly coined Privacy Age, researchers are building systems with homomorphic algorithms that enable “never decrypt” operations on sensitive data in applications such as computational private information retrieval (cPIR). The trouble is, the leading algorithms incur significant computational and space challenges, relegating them mainly to large cloud computing platforms. We have invented a special-purpose, ring-homomorphic (aka, “fully homomorphic”) algorithm that, owing to some specializing assumptions, trades general-purpose cryptographic utility for linear performance in speed and space.

We will present the cryptosystem and discuss several current challenges. We will also throw in a fun, simple, tactile concept demonstration of PIR for those just generally curious about what all this is, hopefully demystifying how you can enable a server to search for something without knowing what it’s looking for, and without knowing what (if any) results it found.

Russ Fink (UMBC ’10) is a senior scientist at the Johns Hopkins University / Applied Physics Laboratory. His current research interests include private information retrieval, applied cryptography, and cyber security.

Host: Alan T. Sherman,

1 2 3 50