Webex Talk: Hard-Learned Lesson in Defense of a Network, 12-1 Fri 3/27

The UMBC Cyber Defense Lab presents

Hard-Learned Lesson in Defense of a Network

Dan Yaroslaski
Former Operations Officer at Marine Forces Cyberspace Command, Colonel, USMC

12–1:00pm, Friday, 27 March 2020
WebEx: https://umbc.webex.com/meet/sherman

Often network defenders fail to take into account organizational culture when attempting to provide a secure, reliable, and usable enterprise network. Users and process leaders often fall victim to the false allure of the value of networked systems, without asking the question, “Should this be networked?” Collectively, organizations also forget that networks are a combination of the humans who use the network, the personas we all have to form to gain access to this manmade domain, and the interplay of logical and physical network architecture manifested in geographical locations. The value of some simple military principles—including defense-in-depth, mission focus, redundancy, and resiliency versus efficiency—can help a network defender better advise everyone from the “C Suite” decision-makers to the average network user, on how to have a secure network while accepting reasonable limitations.

Colonel Dan Yaroslaski is a career Marine with over 30 years of service to the nation. He started as an enlisted anti-armor missileman, who then became an Assault Amphibian Vehicle Officer (AAV’s are 27 Ton armored amphibious descendants of the WW II vehicles used from Tarawa to Iwo Jima). He has made a career of integrating technology and human beings to form cohesive combat organizations. Dan’s diverse career placed him at the forefront of high-end, top-secret compartmentalized planning and execution, to the extremely human act of advising an Afghan National Army Kandak (Battalion). During his five-year tenure at Marine Forces Cyberspace Command, he successfully architected new techniques that took advantage of boundary defenses, to new and innovative ways to integrate traditional warfare methods with cyberspace operations, as highlighted in a recent NPR story about USCYBERCOM’s Operation GLOWING SYMPHONY. Dan also spent time creating effective policy directing network operations and defense, to include an extremely frustrating year negotiating the interplay of network operations, operations in the information environment, and Marine Corps culture. Dan and his wife are now empty nesters, so they spend an enormous amount of time nurturing two dogs to fill the void left by their children. As the Rolling Stones point out, “What a drag it is getting old.”

Host: Alan T. Sherman,

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:

  • Apr 10, Russ Fink (APL), ransomware
  • Apr 24, Lance Hoffman (GWU), policy
  • May 8, Jason Wells (UMBC SFS scholar), law enforcement
  • May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

talk: Autonomous Agents, Deep Learning, and Graphs for Cyber Defense, 12-1 Fri. 3/13

The UMBC Cyber Defense Lab presents

Autonomous Agents, Deep Learning,
and Graphs for Cyber Defense

Dr. Hasan Cam
Army Research Laboratory

12–1 pm Friday, 13 March 2020, ITE 227, UMBC

Cyber resilience usually refers to the ability of an entity to detect, respond to, and recover from cybersecurity attacks to the extent that the entity can continuously deliver the intended outcome despite their presence. Cybersecurity tools such as intrusion detection and prevention systems usually generate far too many alerts, indicators or log data, many of which do not have obvious security implications unless their correlations and temporal causality relationships are determined. In this talk, I will present methods to first estimate the infected and exploited assets and then take recovery and preventive actions using autonomous agents, deep learning, and graphs. Autonomous adversary and defender agents are designed such that the adversary agent can infer the adversary activities and intentions, based on cybersecurity observations and measurements, while the defender agent aims at estimating the best reactive and pro-active actions to protect assets and mitigate the adversary activities. The graph thinking and causality analysis of cyber infection and exploitation helps predict the infection states of some assets. This prediction data of infections is taken as input data by deep reinforcement learning to train agents for determining effective actions. This talk will discuss some preliminary results from the development of building an automated system of autonomous agents to provide cyber resiliency over networks.

Hasan Cam is a Computer Scientist at US Army Research Laboratory. He currently works on the projects involved with autonomous agents, active malware defense, cyber resiliency, and risk assessment over wired, mobile, and tactical networks. His research interests include cybersecurity, machine learning, data analytics, networks, algorithms, and parallel processing. He served as the government lead for the Risk area in Cyber Collaborative Research Alliance. He has previously worked as a faculty member in academia and a senior research scientist in the industry. He has served as an editorial member of two journals, a guest editor of two special issues of journals, an organizer of symposiums and workshops, and a Technical Program Committee Member in numerous conferences. He received a Ph.D. degree in electrical and computer engineering from Purdue University, and an M.S. degree in computer science from Polytechnic University, New York. He is a Senior Member of IEEE.

Host: Alan T. Sherman,

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:

  • Mar 27, Dan Yaroslaski, cybercommand
  • Apr 10, Russ Fink (APL), ransomware
  • Apr 24, Lance Hoffman (GWU), policy
  • May 8, Jason Wells, law enforcement
  • May 22, Spring SFS Meeting at UMBC, 9:30-2, ITE 456

❌ Canceled: UMBC Data Science Meetup: Rapid Data Exploration with Apache Drill ❌

❌ Canceled: UMBC Data Science Meetup:
Rapid Data Exploration with Apache Drill

5:30-7:00 pm 11 March 2020, UC 310, UMBC

Join Charles Givre for a hands-on introduction to data exploration with Apache Drill. Becoming a data-driven business means using all the data you have available, but a common problem in many organizations is that data is not optimally arranged for ad-hoc analysis. Through a combination of lecture and hands-on exercises, you’ll gain the ability to access previously inaccessible data sources and analyze them with ease. You’ll learn how to use Drill to query and analyze structured data, connect multiple data sources to Drill, and perform cross-silo queries. Study after study shows that data scientists and analysts spend between 50% and 90% of their time preparing their data for analysis. Using Drill, you can dramatically reduce the time it takes to go from raw data to insight. This workshop will show you how.

UMBC University Center, Room 310
March 11, 2020, from 5:30 pm to 7:00 pm
(5:30 – 6:00 pm) Social
(6:00 – 6:50 pm) Workshop: Rapid Data Exploration with Apache Drill
(6:50 – 7:00 pm) Question and Answer Session

Register on the Meetup page.

Note that we formally end our Q&A session at 7 pm (so that graduate students can catch their classes starting at 7:10 pm) but in our previous events we’ve seen that one-on-one and group discussions with the speaker(s) continue even after Q&A session

Speaker: Mr. Charles Givre works as a manager at JP Morgan Chase. Prior to joining Deutsche Bank, Mr. Givre worked as a Senior Lead Data Scientist for Booz Allen Hamilton for the last seven years where he works in the intersection of cybersecurity and data science. Mr. Givre taught data science classes at BlackHat, the O’Reilly Security Conference, the Center for Research in Applied Cryptography and Cyber Security at Bar Ilan University. One of Mr. Givre’s research interests is increasing the productivity of data science and analytic teams, and towards that end, he has been working extensively to promote the use of Apache Drill in security applications and is a committer and PMC Chair for the Drill project. Mr. Givre teaches online classes for O’Reilly about Drill and Security Data Science and is a coauthor for the O’Reilly book Learning Apache Drill. Mr. Givre holds a Masters Degree in Middle Eastern Studies from Brandeis University, as well as a Bachelors of Science in Computer Science and a Bachelor’s of Music both from the University of Arizona. He blogs at thedataist.com and tweets @cgivre.

Complimentary food, such as pizza and chips, and non-alcoholic beverages will be provided

Visitor parking spaces are located at Administration Drive Garage upper level, Commons Garage first level, Walker Avenue Garage upper level, Lot 9 and Lot 7 on Walker Avenue. Visitors do not need to pay for parking after 4:00 pm.

Join the UMBC Data Science Meetup group and register for this event here.

talk: Hardware Security Kernel for Managing Memory and Instruction Execution, 12pm Fri 2/28

The UMBC Cyber Defense Lab presents

Hardware Security Kernel for Managing Memory and Instruction Execution

 Patrick Jungwirth, PhD

Computational and Information Sciences Directorate
Army Research Lab, Aberdeen Proving Ground, USA

12–1 pm Friday, 28 February 2020, ITE 227, UMBC

The cybersecurity world faces multiple attack vectors from hardware-level exploits, including cache bank malicious operations, rowhammer, Spectre, Meltdown, and Foreshadow attacks, and software-based attacks including buffer-overflows, et al.  Hardware-level exploits bypass protections provided by software-based separation kernels.  Current microprocessor execution pipelines are not designed to understand security:  they treat malicious instructions, software bugs, and harmless code the same. This presentation explores adding a hardware-level security monitor below the execution pipeline [1,2,3].

[1] P. Jungwirth, et al.:  “Hardware security kernel for cyber-defense,” Proc. SPIE 11013, Disruptive Technologies in Information Sciences II, 110130J, Baltimore 10 May 2019); https://doi.org/10.1117/12.2513224
[2] P. Jungwirth, and J. Ross:  “Security Tag Fields and Control Flow Management,” IEEE SouthEastCon 2019, Huntsville, AL, April 2019.
[3] P. Jungwirth and D. Hahs:  “Transfer Entropy Quantifies Information Leakage,” IEEE SouthEastCon 2019, Huntsville, AL, April 2019.

About the SpeakerDr. Jungwirth is a computer architecture researcher at the Army Research Lab.  Previously he worked for the Aviation and Missile, RDEC in Huntsville, AL.  Currently, he is researching hardware state machines to provide simple operating system support (monitor) and control flow integrity in hardware.  Dr. Jungwirth is co-inventor of the OS Friendly Microprocessor Architecture, US Patent 9122610.  The OS Friendly Microprocessor Architecture includes hardware security features for an operating system and supports near single-cycle context switches in hardware. Email: 

Host: Alan T. Sherman, 

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

Upcoming CDL Meetings:

Mar 13, Hasan Cam, autonomous agents
Mar 27, Dan Yaroslaski, cybercommand
Apr 10, Russ Fink (APL), ransomware
Apr 24, TBA
May 8, Jason Wells, law enforcement
May 22, Spring SFS Meeting at UMBC, 9:30am-2pm, ITE 456

talk: Ian Blumenfeld on Interactive Proof Assistants for Verification, Fri 1/31

The UMBC Cyber Defense Lab presents

Interactive Proof Assistants for Verification

Ian Blumenfeld
Principal Research Mathematician
Two Six Labs

12:00-1:00 pm Friday,  31 January 2020, ITE 227

Many advances have been made in software and hardware assurance using automated tooling.  Constraint-based solving tools like SAT and SMT solvers have proved very useful proving functional correctness in the world of software, while the hardware world relies heavily on the use of industrial-strength model checkers to provide formal verification of important properties like liveness and non-interference.  Sometimes, however, push-button tools are simply not enough. In this talk, we will discuss formal mathematical reasoning using interactive proof assistants, particularly Isabelle. While Isabelle is often thought of as a tool for checking the work of mathematicians, it is, in fact, a powerful engine for reasoning about software and hardware security.  We will work through an example of the verification of a multi-precision arithmetic software library using Isabelle. This talk is aimed at total beginners in the realm of automated theorem proving, and seeks to provide an overview of the fundamental techniques and ideas. 

Ian Blumenfeld is a Principal Research Mathematician at Two Six Labs.  He currently is the principal investigator of TwoSix’s efforts on the DARPA SafeDocs program, attempting to help do type-theoretic reasoning about document specification formats.  He is a former employee of Apple where he worked on the formal verification team, ensuring the security of the iPhone SEP chip. He has done extensive work verifying cyber-physical systems at Johns Hopkins APL.  Mr. Blumenfeld’s interest in formal methods began with his time working as an Applied Research Mathematician in NSA’s Research Directorate. He’s also a pretty good swing dancer.

Host: Alan T. Sherman, 

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. 

The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

TALK: Reasoning About Time in a Crypto Protocol Analysis Tool

The UMBC Cyber Defense Lab presents

Reasoning About Time in a Crypto Protocol Analysis Tool

Dr. Catherine Meadows, Naval Research Laboratory

12:00–1:00pm Friday, 15 November 2019, ITE 227

The ability to guarantee timing properties, and in turn to use assumption about time to guarantee the security of protocols, is important to many of the applications we rely upon. For example, to compute locations, GPS depends on time synchronization between entities. Blockchain protocols require loose time synchronization to guarantee agreement on block timestamps. Distance-bounding protocols use the roundtrip time of an RF signal to enforce constraints on location. To analyze these types protocols formally, it is necessary to reason about time. This talk describes recent research in extending the Maude-NPA cryptographic protocol analysis tool to reason about cryptographic protocols that rely on or enforce timing properties. We describe the timing model we have created for the tool. We show how we we represent timing properties as constraints, whose solution is outsourced to an SMT solver. We also discuss our experimental results.

Catherine Meadows is a senior researcher in computer security at the Center for High Assurance Systems at the Naval Research Laboratory and heads that group’s Formal Methods Section. She was the principal developer of the NRL Protocol Analyzer (NPA), which was one of the first software tools to find previously undiscovered flaws in cryptographic protocols, and was used successfully in the analysis of a number of protocol standards. She is also leading, or has recently led, a number of projects related to the design and analysis of cryptographic protocols, including one focused the development of an analysis tool, Maude-NPA, that takes into account the the complex algebraic properties of cryptosystems, another that is focusing on the automatic generation of secure cryptosystems, and another devoted to formal methods for the design of cyber-physical systems with legacy components.

This work was supported by ONR 321 ()

Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant 175368. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Events:

  • December 6, Karl Henderson, Verisign
  • 9am—5pm daily, January 13-17, UMBC SFS/CySP Research Study, ITE 456
  • January 31, 2020, TBA, biweekly CDL talks resume

Talk: Dr.Rosenbloom on Three Related Takes on Investigating Human-Like Intelligence

On October 11th, 2019, Dr. Paul Roosenbloom, distinguished speaker from Lockheed Martin delivered a talk on ” Three Related takes on investigating Human-like intelligence”. This talk explored a trio of related takes on how to investigate the nature of human-like intelligence. The first concerns cognitive architectures – implemented models of the fixed structure and processes that yield natural and artificial minds – with a drill down to Sigma, an attempt at a deep synthesis across what has been learned over the past four decades on (what started as) high-level symbolic cognitive architectures versus the low-level graphical/network technologies of probabilistic graphical models (such as Bayesian networks) and neural networks. The second concerns a more abstract attempt at specifying a Common Model of Cognition that yields an evolving community consensus over what must be part of any cognitive architecture for human-like intelligence. The final take concerns an even more abstract (and speculative) attempt at understanding more deeply the space of approaches to intelligence – framed as maps resulting from cross products among core cognitive dichotomies – along with how such maps may help to understand and structure the capabilities required for (human-like) intelligence.

This event was attended by more than 100 members spilling out into the hallway.

Science Unscripted: Conversations with AI Experts, 5-8:00pm 29&30 Oct 2019, UMBC

On October 29 and 30 the National Science and Technology Medals Foundation will host Science Unscripted: Conversations with AI Experts, two early evening events at UMBC from 5:00 to 8:00pm that bring together AI experts to discuss how AI will impact our lives. The events will be held in the Fine Arts Recital Hall with doors open at 5:00 prior to the 5:30 start and will conclude with a reception starting at 7:00pm with food and drinks. Both events are free, but registration is requested.

These events are a part of the NSTMF’s Science Unscripted program. Through the SU program, the Foundation is building an inclusive coalition of inspired STEM students. By highlighting voices often left unheard in the STEM community, we show audiences that there is no “right” way to be a trailblazer in science and technology. Each evening, attendees will have the chance to hear about the lives and experiences of the women and men dedicated to creating smart, socially conscious AI.

Tuesday, Oct. 29: Code-ifying AI is a a discussion about AI policy. A panel including UMBC Professor Cynthia Matuszek, Dr. José-Marie Griffiths and moderated by Rosario Robinson will examine what it will take to govern AI as well as the implications of incorporating AI into our everyday lives. Register on Eventbright.

Wednesday, Oct. 30: Decoding Bias in AI is a panel discussion about implicit bias and how we can create more socially conscious AI with UMBC Professor James Foulds, Loretta Cheeks, Emmanuel Johnson and moderator Deborah Kariuki. Implicit bias remains one of the most prevalent concerns about incorporating AI into the mainstream, and our panel is poised to deliberate the ethics and possible solutions to this issue. Register on Eventbright.

The events will be webcast live with closed-captions on Facebook, and the full event videos will be available on our YouTube channel afterward. Webcast audiences are encouraged to participate in the conversation using #ScienceUnscripted on Twitter, Facebook and Instagram.

Both events are no-cost, equal access (ADA compliant), and open to the public. Save your seat on Eventbrite for day one at Code-ifying AI and for day two at Decoding Bias in AI.

National Science Foundation Graduate Research Fellowship Program Workshop

On October 3, 2019, Dr. Francis Ferraro presented a workshop for the National Science Foundation Graduate Research Fellowship Program (NSF GRFP).  During the workshop, Dr. Ferraro covered many topics including scholarship eligibility, funding, and the application process. He also provided a detailed application checklist as well as suggestions for developing personal and research statements. In addition to giving information about the NSF GRFP, Dr. Ferraro provided an overview of the graduate school experience.

Application deadline for the NSF GRFP is October 22, 2019.

The purpose of the NSF Graduate Research Fellowship Program (GRFP) is to help ensure the vitality and diversity of the scientific and engineering workforce of the United States. The program recognizes and supports outstanding graduate students who are pursuing full-time research-based master’s and doctoral degrees in science, technology, engineering, and mathematics (STEM) or in STEM education. The GRFP provides three years of support for the graduate education of individuals who have demonstrated their potential for significant research achievements in STEM or STEM education. NSF especially encourages women, members of underrepresented minority groups, persons with disabilities, veterans, and undergraduate seniors to apply.

  • Three years of funding to use across five years (in 12 month blocks). Stipend: $34,000 per year. Tuition/education expenses: $12,000 per year.
  • Applicants must be US citizens, national or permanent residents. Applicants must be an undergraduate senior, or first or second year graduate student.
  • Registration information can be found here: http://www.fastlane.nsf.gov/grfp/Login.do
  • All registration materials should be submitted here: https://www.research.gov/grfp/Login.do
  • TALK: Computer Aided Assessment of Computed Tomography Screenings

    UMBC ACM Chapter Talk

    Computer Aided Assessment of Pulmonary Nodule Malignancy in from Low Dose Computed Tomography Screenings

    Professor David Chapman, CSEE, UMBC

    11:30–12:30, Friday 11 October 2019, ITE 346, UMBC

    We propose to develop a novel quantitative algorithm to estimate the probability of malignancy of pulmonary nodules from a time series of successive LDCT screenings in patients with a high risk of developing lung cancer. Lung cancer kills approximately 200,000 Americans annually and is responsible for 25% of all cancer-related deaths. Imaging with Low Dose Computed Tomography (LDCT) has been proven to reduce Non-Small Cell Lung Cancer (NSCLC) mortality by 20% and has become standard guidelines (NLST 2011a,b). These new clinical guidelines have led to hospitals, including Mercy Medical Center in Baltimore, to collect an abundance of LDCT images of high risk individuals since 2014. These LDCT images along with additional CT/biopsy and PET/CT images collected by Mercy hospital in Baltimore have now been organized into an IRB exempt clinical research dataset to use anonymous radiology imagery for the purpose of training and evaluation of improved Computer Aided Diagnosis (CAD) algorithms. Imaging biomarkers including cross-sectional diameter, calcification patterns, irregular margins, wall thickness all of which are known to have discriminating power to differentiate benign and malignant pulmonary nodules. Furthermore, temporal changes in the size and biomarker characteristics of pulmonary nodules over multiple images are also highly informative and yield greater ability to differentiate malignancy. The proposed CAD algorithm will be capable of detecting and quantifying temporal changes of imaging biomakers in order to estimate malignancy probability. The algorithm will make use of convolutional neural networks for feature extraction as well as recurrent neural networks to analyze the temporal changes in extracted features. The Mercy hospital dataset contains approximately 30,000 chest CT images. Training of the algorithm will incorporate semi-supervised learning using chest CT images from Mercy as well as the public portion of the NLST dataset. A fraction of the Mercy images will be designated for evaluation of the sensitivity and specificity of the proposed algorithm for determining nodule malignancy. Pulmonary nodules remain a challenging area for clinical management decision-making, and improved analysis of malignancy including temporal changes of imaging biomarkers have the potential to reduce patient morbidity and mortality through earlier and more accurate diagnosis.

    1 2 3 4 5 55