COVID-19 (Coronavirus)
UMBC is open. The physical campus is closed, but courses are now online and employees are working remotely.

talk: Security for Smart Cyber-Physical Systems, 12-1 5/3, ITE 227

UMBC Cyber Defense Lab

Security for Smart Cyber-Physical Systems

Prof. Anupam Joshi, UMBC

12:00–1:00pm, Friday, 3 May 2019, ITE 227

Smart Cyber-Physical Systems (CPS) are increasingly embedded in our everyday life. Security incidents involving them are often high-profile because of their ability to control critical infrastructure. Stuxnet and the Ukrainian power-grid attack are some notorious attacks reported against CPS which impacted governmental programs to ordinary users. In addition to the deliberate attacks, device malfunction and human error can also result in incidents with grave consequences. Hence the detection and mitigation of abnormal behaviors resulting from security incidents is imperative for the trustworthiness and broader acceptance of smart cyber-physical systems. We propose an automatic behavioral abstraction technique, ABATe, which automatically learns their typical behavior by finding the latent “context” space using available operational data and is used to discern anomalies. We evaluate our technique using two real-world datasets (a sewage water treatment plant dataset and an automotive dataset) to demonstrate the multi-domain adaptability and efficacy of our approach.

Anupam Joshi is the Oros Family Professor and Chair of Computer Science and Electrical Engineering Department at the University of Maryland, Baltimore County(UMBC). He is the Director of UMBC’s Center for Cybersecurity, and one of the USM leads for the National Cybersecurity FFRDC. He is a Fellow of IEEE. Dr. Joshi obtained a B.Tech degree from IIT Delhi in 1989, and a Masters and Ph.D. from Purdue University in 1991 and 1993 respectively. His research interests are in the broad area of networked computing and intelligent systems. His primary focus has been on data management and security/privacy in mobile/pervasive computing environments, and policy driven approaches to security and privacy. He is also interested in Semantic Web and Data/Text/Web Analytics, especially their applications to (cyber) security. He has published over 250 technical papers with an h-index of 79 and over 23,250 citations (per Google scholar), filed and been granted several patents, and has obtained research support from National Science Foundation (NSF), NASA, Defense Advanced Research Projects Agency (DARPA), US Dept of Defense (DoD), NIST, IBM, Microsoft, Qualcom, Northrop Grumman, and Lockheed Martin amongst others

talk: Data-driven Approach for Sustainable Smart Cities, 11am 5/6, ITE 459, UMBC

Information Systems Spring 2019 Distinguished Lecture on Sustainable Smart Cities

A Data-driven Approach for Sustainable Smart Cities

Prof. Prashant Shenoy, University of Massachusetts

11:00am Monday, 6 May 2019, ITE 459, UMBC

Recent technological advances have enabled deployments of pervasive sensing and actuation in our physical world, which has led to the emergence of cyber-physical systems where computing and sensing interact with the physical world and humans in unique and exciting ways. Such systems are increasingly being deployed in smart city domains such as energy, transportation, health, grids, and agriculture.

In this talk, I will argue that the rich and vast amounts of data generated by smart city applications necessitate a data-driven approach where AI and systems techniques are employed in a symbiotic manner to tackle smart city challenges. I will present two smart city applications from the energy domain as examples of such a symbiotic approach. I will first present WattHome, a city-scale machine-learning-based approach that can determine the least efficient buildings within a large city or region. I will present the results of a city-scale evaluation performed in collaboration with a local utility, where WattHome successfully identified causes of energy inefficiency for thousands of buildings. Second, I will present SolarClique, a sensor-less data-driven approach that is designed to detect anomalies in power generation of large number of existing solar sites without requiring any additional sensor instrumentation. I will conclude my talk by describing a number of open challenges in designing data-driven approaches for smart cities.

Prashant Shenoy is currently a Professor and Associate Dean in the College of Information and Computer Sciences at the University of Massachusetts Amherst. He received the B.Tech degree in Computer Science and Engineering from the Indian Institute of Technology, Bombay and the M.S and Ph.D degrees in Computer Science from the University of Texas, Austin. His research interests lie in distributed systems and networking, with a recent emphasis on cloud and green computing. He has been the recipient of several best paper awards at leading conferences, including a Sigmetrics Test of Time Award. He serves on editorial boards of the several journals and has served as the program chair of over a dozen ACM and IEEE conferences. He is a fellow of the IEEE and the AAAS and a distinguished member of the ACM.

talk: The Evolution of Mobile Authentication, 1pm 4/30, ITE325, UMBC

The Evolution of Mobile Authentication

Prof. Keith Mayes, Royal Holloway University of London

1:00pm Tuesday 30 April 2019, ITE325, UMBC

Mobile communication is an essential part or modern life, however it is dependent on some fundamental security technologies. Critical amongst these technologies, is mobile authentication, the ability to identify valid users (and networks) and enable their secure usage of communication services. In the GSM standards and the 3GPP standards that evolved from them, the subscriber-side security has been founded on a removable, attack-resistant smart card known as a SIM (or USIM) card. The presentation explains how this situation came about, and how and why the protocols and algorithms have improved over time. It will cover some work by the author on a recent algorithm for 3GPP and then discuss how Machine-to-Machine and IoT considerations have led to new standards, which may herald the demise of the conventional removable SIM, in favour of an embedded eSIM.

Professor Keith Mayes B.Sc. Ph.D. CEng FIET A.Inst.ISP, is a professor of information security within the Information Security Group (ISG) at Royal Holloway University of London. Prior to his sabbatical, he was the Director of the ISG and Head of the School of Mathematics and Information Security. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His current research interests are diverse, including, mobile communications, smart cards/RFIDS, the Internet of Things, and embedded systems. Keith joined the ISG in 2002, originally as the Founder Director of the ISG Smart Card Centre, following a career in industry working for Pye TVT, Honeywell Aerospace and Defence, Racal Research and Vodafone. Keith is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and an experienced company director and consultant. He is active in the UK All Party Parliamentary Group (APPG) on Cyber Security and is an adjunct professor at UMBC.

talk: Using CPSA to Analyze Force-Latency Protocols, 12-1 4/19

UMBC Cyber Defense Lab

Using CPSA to Analyze Force-Latency Protocols

Dr. Edward Zieglar, National Security Agency

12-1 Friday, 19 April 19, ITE 227

Several cryptographic protocols have been proposed to address the Man-in-the-Middle attack without the prior exchange of keys. This talk will describe a formal analysis of one such protocol proposed by Zooko Wilcox-O’Hearn, the forced-latency defense against the chess grandmaster attack. Using the Cryptographic Protocol Shapes Analyzer (CPSA), we validate the security properties of the protocol through the novel use of CPSA’s state features to represent time. We also describe a small message space attack that highlights how assumptions made in protocol design can affect the security of a protocol in use, even for a protocol with proven security properties.

Edward Zieglar is a security researcher in the Research Directorate of the National Security Agency, where he concentrates on formal analysis and verification of cryptographic protocols and network security. He is also an adjunct professor at UMBC where he teaches courses in networking and network security. He received his master’s and doctoral degrees in computer science from UMBC.

Host: Alan T. Sherman,

talk: IPv6 and its Security Issues, 5:30 Mon. 4/22

IPv6 and its Security Issues

Neal Ziring, National Security Agency

5:30-6:45 Monday 22 April 2019, Math/Psych 101

CMSC 626 Guest Lecture — all are welcome to attend

In this talk, we will introduce the basics of IPv6 and some of the security issues associated with it. Specifically, we discuss the motivations, history and adoption of IPv6, and current status in the global Internet. We then detail the structure of an IPv6 address and the types of addresses used, and the conceptual model for address assignment in IPv6. The modes of deployment of IPv6, and understanding of how dual-stack mode works, is then provided. We then discuss the basic model for IPv6 control protocols, ICMPv6, and how they support low-level network operations. We then identify IPv6’s place in the network stack, and explain how that does, and does not, affect security. Several basic threats to IPv6 devices and networks will be identified as well as how common network security posture/hygiene can be affected by dual stack operation. Lastly, we identify some key concepts in secure use of IPv6, and discuss the concept of NAT and its use in IPv4 and why IPv6 does not use it.

Mr. Neal Ziring is the Technical Director for the National Security Agency’s Capabilities Directorate, serving as a technical advisor to the Capabilities Director, Deputy Director, and other senior leadership. Mr. Ziring is responsible for setting the technical direction across many parts of the capabilities mission space, including in cyber-security. Mr. Ziring tracks technical activities, promotes technical health of the staff, and acts as liaison to various industry, intelligence, academic, and government partners. Prior to the formation of the Capabilities Directorate, Mr. Ziring served five years as Technical Director of the Information Assurance Directorate. His personal expertise areas include security automation, IPv6, cloud computing, cross-domain information exchange, and data access control, and cyber defense. Prior to coming to NSA in 1988, Neal worked at AT&T Bell Labs. He has BS degrees in Computer Science and Electrical Engineering, and an MS degree in Computer Science, all from Washington University in St. Louis.

talk: Why are memory-corruption bugs still a thing?, 10:30am Mon 4/8, ITE325

Why are memory-corruption bugs still a thing?

The challenges of securing software at an assembly level

Doug Britton
CTO, RunSafe Security Inc.

10:30-11:30 Monday, 8 April 2019, ITE346

Methods to chip away at the danger of memory-corruption bugs have been available for some time.  Why has the going-price of memory-corruption-based exploits not spiked?  If the methods were have a broad-based result in mitigating exploit vectors, there would be a reduction in supply, causing an increase in prices.  Also, there would be a reduction in the pool of people qualified to develop zero-days, allowing them to push the prices up.  The data suggest that prices have remained generally stable and attackers are able to move with impunity.  What are the challenges to large-scale adoption of memory-corruption based mitigation methods. 

Doug Britton serves as Chief Technology Officer and Director of RunSafe Security, Inc. Mr. Britton Co-founded Kaprica Security, Inc., in 2011 and serves as its Chief Executive Officer. Prior to his leadership role in Kaprica, Mr. Britton was a cyber-security focused research and development manager at Lockheed Martin. He has an MBA and MS from University of Maryland and a BS in Computer Science from the University of Illinois.

talk: Learning to Ground Instructions to Plans, 2:30 Thr 3/21, ITE346

Learning to Ground Natural Language Instructions to Plans

Nakul Gopalan, Brown University

2:30-3:30pm Thursday, 21 March 2019, ITE 346, UMBC

In order to easily and efficiently collaborate with humans, robots must learn to complete tasks specified using natural language. Natural language provides an intuitive interface for a layperson to interact with a robot without the person needing to program a robot, which might require expertise. Natural language instructions can easily specify goal conditions or provide guidances and constraints required to complete a task. Given a natural language command, a robot needs to ground the instruction to a plan that can be executed in the environment. This grounding can be challenging to perform, especially when we expect robots to generalize to novel natural language descriptions and novel task specifications while providing as little prior information as possible. In this talk, I will present a model for grounding instructions to plans. Furthermore, I will present two strategies under this model for language grounding and compare their effectiveness. We will explore the use of approaches using deep learning, semantic parsing, predicate logic and linear temporal logic for task grounding and execution during the talk.

Nakul Gopalan is a graduate student in the H2R lab at Brown University. His interests are in the problems of language grounding for robotics, and abstractions within reinforcement learning and planning. He has an MSc. in Computer Science from Brown University (2015) and an MSc. in Information and Communication Engineering from T.U. Darmstadt (2013) in Germany. He completed a Bachelor of Engineering from R.V. College of Engineering in Bangalore, India (2008). His team recently won the Brown-Hyundai Visionary Challenge for their proposal to use Mixed Reality and Social Feedback for Human-Robot collaboration.

Host: Prof. Cynthia Matuszek (cmat at

talk: Algorithms for Weakly Supervised Denoising of EEG Data, 6:30pm Feb 28

The February meeting of the Data Works MD Meetup features a talk by UMBC Professor Tim Oates on  Two Algorithms for Weakly Supervised Denoising of EEG Data, 6:30-9pm Thursday, February 28, 2019 at UMBC’s South Campus.  Join the meetup and register to attend this free talk and network with members of the Maryland data science community.  The talk abstract and Dr. Oates’s biosketch are given below.

Electroencephalogram (EEG) data is used for a variety of purposes, including brain-computer interfaces, disease diagnosis, and determining cognitive states. Yet EEG signals are susceptible to noise from many sources, such as muscle and eye movements, and motion of electrodes and cables. Traditional approaches to this problem involve supervised training to identify signal components corresponding to noise so that they can be removed. However, these approaches are artifact specific. In this talk, I will discuss two algorithms for solving this problem that uses a weak supervisory signal to indicate that some noise is occurring, but not what the source of the noise is or how it is manifested in the EEG signal. In the first algorithm, the EEG data is decomposed into independent components using Independent Components Analysis, and these components form bags that are labeled and classified by a multi-instance learning algorithm that can identify the noise components for removal to reconstruct a clean EEG signal. The second algorithm is a novel Generative Adversarial Network (GAN) formulation. I’ll present empirical results on EEG data gathered by the Army Research Lab, and discuss pros and cons of both algorithms.

Dr. Tim Oates is an Oros Family Professor in the Computer Science Department at the University of Maryland, Baltimore County. His Ph.D. from the University of Massachusetts Amherst was in the areas of artificial intelligence and machine learning with a focus on situated language learning. After working as a postdoctoral researcher in the MIT Artificial Intelligence Lab, he joined UMBC where he has taught extensively in core areas of Computer Science, including data structures, discrete math, compiler design, artificial intelligence, machine learning, and robotics. Dr. Oates has published more than 150 peer-reviewed papers in areas such as time series analysis, natural language processing, relational learning, and social media analysis. He has developed systems to determine operating room state from video streams, predict the need for blood transfusions and emergency surgery for traumatic brain injury patients based on vital signs data, detect seizures from scalp EEG, and find story chains (causal connections) joining news articles, among many others. Recently Dr. Oates served as the Chief Scientist of a Virginia-based startup where he developed architectures and algorithms for managing contact data, including entity linking, fuzzy record matching, and connected components on billion node graphs stored in a columnar database. He has extensive knowledge of machine learning algorithms, implementations, and usage.

talk: Does Wireless and Mobile Networking Research Still Matter? 12pm Wed 2/27, ITE325

Does Wireless and Mobile Networking Research Still Matter?

Dr. Dmitri Perkins, National Science Foundation

12:00pm Wed. Feb. 27, 2019, ITE325, UMBC

The miniaturization of radio and communication technologies has led to the widespread proliferation of wireless-enabled devices and to an explosion of mobile applications and services. Without question, wireless networking has become an enabling and critical component in practically every business sector. Wireless technologies and terms, such as, WiFi, Bluetooth, and broadband cellular are now embedded in our world and have become a part of society’s regular vocabulary. Given this ever-increasing success, one might be tempted to opine whether any core research challenges remain in the wireless and mobile networking domain.

In this talk, I will present the case that the answer is most certainly “yes” and that the promise of a truly ubiquitous Wireless Internet of Everything, capable of seamlessly interconnecting billions of devices, humans, intelligent systems, information sources, and enabling transformative applications (e.g., remote healthcare monitoring) still faces a plethora of inter-related challenges. These include, for example, exponential growth in mobile traffic, dynamic spectrum allocation, real-time management of network resources, design of intelligent radio technology, energy-efficient protocol designs, and network security/trust/privacy. I will highlight our most recent work on the topic of opportunistic wireless spectrum access, which focused on practical and implementable radio spectrum management frameworks and related spectrum sensing and sharing protocols, using today’s front-end communication technology. I will also discuss my vision for developing a sustainable and nationally recognized wireless networking research program, which includes emerging areas such as networked cyber-physical systems and mobile IoT.

Dr. Dmitri Perkins is currently a Program Director at the U.S. National Science Foundation (NSF), where he leads the Industry-University Cooperative Research Centers (IUCRC) Program for the Directorate of Computer & Information Science & Engineering (CISE). In this role, Dr. Perkins provides oversight of 25 multi-university industry-focused research centers, spanning all areas of CISE research and comprising over 75 U.S. academic institutions, 5 international sites, and 225+ industry partners. Prior to joining the NSF in 2015, Dr. Perkins was the Hardy Edmiston Endowed Professor of Computer Science and Engineering at the University of Louisiana at Lafayette, where he was the founding Director of the Wireless Systems and Performance Engineering Research (WiSPER) Laboratory. His core research interests include wireless and mobile communications, networking, and computing, with an emphasis on cognitive and adaptive protocols, formal design of experiments, performance engineering, dynamic resource and spectrum management, and security challenges. His research work spans multiple networking paradigms, including sensor/actuator networks, wireless broadband networks, multi-hop wireless networks, cognitive radio networks, and large-scale heterogeneous wireless systems. Dr. Perkins has published over 45 peer-reviewed journal articles and conference papers and is also the co-author of the book, Cognitive Radio Networks: From Theory to Practice. He received the NSF CAREER award in 2005 and was the recipient of the Outstanding Professor Award within the College of Sciences at the University of Louisiana in 2012. In 2013 and 2014, he was an ONR visiting research fellow at the Naval Research Laboratory (NRL), conducting research on dynamic spectrum awareness in heterogeneous wireless networks. Dr. Perkins has held leadership roles at the university and national levels. He was elected to serve as the Chair of the University Graduate Council and served a two-year term as Associate Dean of the Ray P. Authement College of Sciences at the University of Louisiana in 2012-2013. He has served on the technical program committee of numerous IEEE and ACM international conferences and served on advisory committees for Computer and Networks Systems (CNS) Division of the NSF. He is currently an associate editor of IEEE Transactions on Mobile Computing. Dr. Perkins received the Ph.D. degree in computer science and engineering from Michigan State University in 2002 and the B.S. degree in computer science from Tuskegee University in 1995.

talk and demo: Exploiting IoT Vulnerabilities, 11:45-1:00pm Mon 2/18

Exploiting IoT Vulnerabilities

Dr. Yatish Joshi, Senior Engineer, Cisco Systems

11:45am-1:00pm Monday, 18 February 2019, ITE 325-B

The past decade has seen explosive growth in the use and deployment of IoT (Internet of Things) devices. According to Gartner there will be about 20.8 billion IoT devices in use by 2020. These devices are seeing wide spread adoption as they are cheap, easy to use and require little to no maintenance. In most cases, setup simply requires using a web or phone app to configure Wi-Fi credentials. Digital home assistants, security cameras, smart locks, home appliances, smart switches, toys, vacuum cleaners, thermostats, leakage sensors etc are examples of IoT devices that are widely used and deployed in home and enterprise environments.

The threat landscape is constantly evolving and threat actors are always on the prowl for new vulnerabilities they can exploit. With traditional attack methods yielding fewer exploits   due to the increased focus on security testing, frequent patches, increased user awareness, Threat actors have turned their attention on IoT devices and are exploiting inherent vulnerabilities in these devices. The vulnerabilities, always ON nature, and autonomous mode of operation allow attackers to spy on users, spoof data, or leverage them as botnet infrastructure to launch devastating attacks on third parties. Mirai, a well known IoT malware utilized hundreds and thousands of enslaved IoT devices to launch DDoS attacks on Dyn affecting access to Netflix, Twitter, Github and many other websites. With the release of the Mirai source code numerous variants of the malware are infecting IoT devices across the world and using them to carry out attacks.

These attacks are made possible because the devices are manufactured without security in mind!. In this talk I will demonstrate how one can hack a widely available off-the-shelf IP Camera and router by exploiting the vulnerabilities present in these devices to get on the network, steal personal data, spy on a user, disrupt operation etc. We will also look at what can be done to mitigate the dangers posed by IOT devices.

So attend hack & defend!

Dr. Yatish Joshi is a software engineer in the Firepower division at Cisco Systems where he works on developing new features for Cisco’s security offerings. Yatish has a PhD in Computer Engineering from UMBC. Prior to Cisco Yatish worked as a lecturer at UMBC, and was a senior software engineer developing TV software at Samsung Electronics. When not working, he enjoys reading spy thrillers and fantasy novels.

1 2 3 4 5 53