Department of Computer Science and Electrical Engineering

TL;DR version: if you have Java 7 on your computer, update it. Now.

The Java programming language helped to make the Web popular in the mid 1990s by its invention of the Web applet. The idea was powerful and enabled complex programs to be automatically downloaded when you visited a Web page and run securely on your personal computer in a sandbox. The sandbox prevented any applet running in it from doing the things on your computer you would not want it to do — like accessing your files, sending email, accessing other computers on the Internet, or installing new programs.

If you've read any technology news in the past week you know that several very nasty security vulnerabilities were discovered in Java version 7 that can be exploited by attackers, allowing them to create applets that can execute arbitrary code on your computer.

The exploit applies to Java 7 and not to earlier versions of Java and only when that is used to run a Java applet in your browser. The problem does not affect the use of Java 7 on servers, in Java desktop applications, or embedded Java.

Today Oracle released a security alert to address the vulnerabilities. The vulnerabilities are remotely exploitable without authentication and have the highest CVSS severity score of 10. Oracle recommends that their fix be applied as soon as possible — some exploits are already available in hacking tools like Metasploit, which means that relatively unsophisticated people can use them.

Java developers and programmers should download the latest Java SE JDK and JRE 7 releases from Oracle and users running Java SE with a browser should download the latest JRE 7 from java.com. Windows users can also use automatic updates to get the latest JRE 7 release.

You can test the version of Java available to your browser <a href="http://www.java.com/en/download/installed.jsp">here</a>.  Note that Google's popular Chrome browser does not support Java 7, so Chome users need not update Java unless they also use another browser, such as Firefox or Safai.

Oracle also changed the default security setting for Java to "High," which means that most users will need to approve Java applets before they run.

On December 12, CSEE professor Hillol Kargupta will receive the 10-year Highest-Impact Paper Award from the IEEE International Data Mining Conference (ICDM) in Brussels, Belgium.

The winning paper—“On the Privacy Preserving Properties of Random Data Perturbation Techniques”—discusses privacy-preserving data mining and it also received the 2003 ICDM Best Paper Award. It is co-authored by former UMBC PhD student Souptik Datta (CS '08) and Dr. Kargupta’s colleagues at Washington State University—Qi Wang and Professor Krishnamoorthy Sivakumar.

Privacy Preserving Data Mining (PPDM) is important in many domains where the data is privacy sensitive and exposing the data to a third party for mining is not an option. Researchers have come up with many PPDM algorithms that attempt to protect data privacy while allowing analysis of the data for detecting patterns. Many of these algorithms make use of randomized techniques. This paper offers a perspective on the structure of random noise using theories of random matrices and their spectral properties in order to analyze their role in preserving data privacy while still keeping data patterns intact for analysis. It points out that spectral properties of random matrices can be exploited to create attacks on many commonly used privacy-preserving data mining algorithms.

Kargupta and his associates point out is that you must be very careful when using random noise to protect data, since it can be easily filtered out. “Random noise is really not that unpredictable,” explains Kargupta, since it has a pattern of its own.

Out of all of the papers on data mining published within the last ten years, this year Dr. Kargupta’s paper was chosen by IEEE as the most impactful paper in its field.

The TRUST Research Experiences for Undergraduates (TRUST REU) is a nine-week summer program in Cybersecurity, Privacy and Trustworthy Systems, was established to promote access to graduate education among undergraduates who have been educationally or economically disadvantaged and who may not have exposure to the academic environment of a research university.

The goal of the TRUST REU program is to increase the level of diversity among students entering graduate programs in computer science and engineering by providing research opportunities under the supervision of a faculty member and graduate student mentor. Program objectives are:

• To provide students with preparation to become research scholars
• To stimulate serious consideration of graduate study
• To increase the number of successful underserved applicants able to enroll in graduate school

Special consideration will be given to applicants who have shown potential for success, but may have had limited access to undergraduate research or other academic opportunities. Upon completion of this program students will be better prepared and motivated to attend graduate school.N/p>

There are five research program locations:

• Carnegie Mellon University (Pittsburgh, PA)
• Cornell University (Ithaca, NY)
• Stanford University (Palo Alto, CA)
• UC Berkeley (Berkeley, CA)
• Vanderbilt University (Nashville, TN)

The application deadline is 15 February 2012. For more information and to apply, see the TRUST REU site.

CyberPoint is seeking Paid Summer Intern Scientists and a Jr. IT Specilist. US Citizenship required. APPLY VIA UMBCworks.

CyberPoint delivers innovative, leading-edge cyber security products, solutions and services to customers worldwide. We discover the threats and vulnerabilities that expose data, systems, and infrastructure to compromise, and we design defenses that provide critical protection. Our approach is tailored to our customers’ need to reduce risks and ensure ongoing protection in a world of continuously emerging cyber threats. At CyberPoint, we seek out hard problems, develop new products and solutions, and drive innovation in cyber security. Employing world-class engineers, mathematicians, computer scientists, and other industry experts, CyberPoint supports a broad array of commercial and government customers.

Paid Summer Intern Scientist Needed (UMBCworks position 9255053)

Join CyberPoint Labs as a summer intern scientist and conduct research in program analysis, machine learning, and high performance computing. Skills that will be needed include Python, C/C++, Intel x86 and ARM assembly language, and/or functional programming (Haskell, OCaml, Erlang). Some candidate projects include:

• Using Dynamic Bayesian Networks to develop risk models for IT infrastructure.
• Developing CUDA integration into Unified Parallel C or other PGAS systems.
• Developing machine learning based network models of insider threat activity.
• Developing malware analysis scripts using Intel PIN tool, DynamoRIO, and IDA Pro/Immunity scripts.

They will consider all years, rising junior, senior and graduate level students. US Citiznship and 3.00 GPA or above GPA required.

Jr IT Specialist— Temp to Hire position (UMBCworks position 9255090)

CyberPoint International is adding to its Corporate IT Team. The Jr IT Helpdesk will work as a member of the IT Service Desk team providing daily system support including hardware, operating systems and applications, installation and modifications. Troubleshoot system and user problems. Manage user accounts. Perform system maintenance on software; evaluate, test and integrate upgrades to hardware; upgrade operating systems and applications. Investigate problems, research and develop effective and logical solutions considering operational policies and information assurance requirements.

They are looking for an enthusiastic team player with outstanding customer service skills and a strong drive to learn and develop your technical skills. CyberPoint is open to hiring a current student and we can work around your school schedule. The ultimate goal is to have this position convert to a Full time role with an outstanding benefits package. Hourly pay is $16-18/hr + based on experience. Candidate must be a US Citizen

The NITRD Senior Steering Group (SSG) for Cybersecurity R&D issued a request for public comments on the Federal cybersecurity R&D strategic plan . The SSG seeks comments on the progress over the past year in the research areas identified in the strategic plan, the strategic plan's impact in orienting private sector cybersecurity R&D activities, the successes and challenges in achieving the objectives outlined in the plan, and on any emerging areas in cybersecurity research and development that warrant further focus. Comments should be submitted to , by December 19, 2012.

The new UMBC Cyber Scholars Program is seeking applicants. Incoming Freshman for the Fall 2013 school year, current students, and transfer students interested in careers in cybersecurity are encouraged to apply by January 15, 2013.

Starting Fall 2013, the Scholarship program will support 15-20 students annually with financial awards of $5,000-15,000 per year. The scholarship is more than a financial award; it is a scholarship program that fosters a community through common on-campus living-learning housing, events, and activities. Cyber Scholars will learn from and support one another throughout their college careers, and from core interaction with UMBC faculty and mentors.

Every Cyber scholar is assigned a faculty advisor who is pursuing cybersecurity-related research of their own. Advisors will help students find research and internship opportunities best suited to them.

To apply for the UMBC Cyber Scholars Program, visit Cybersecurity.umbc.edu/cyberscholars

The Visual Analytics Research Team at Oak Ridge National Laboratory is looking for summer interns at all levels as well as post-docs, post-masters, and post-bacs. We are also looking for qualified full time candidates.

We have a variety of projects in the areas of cyber security/network defense and health care. Projects tend to be 'big data' type projects that leverage diverse open-source platforms and technologies, such as Hadoop, Storm, graph databases, node.js, and d3js. Successful candidates will perform research and development activities in visual analytics, HCI, user testing, machine learning, probabilistic modeling, data fusion, or distributed computing.

See below for more information on each of the programs. We also have post-masters and post-doc programs in visual analytics.

If you are interested, have questions, or intend to apply, please contact John Goodall, .

DHS HS-STEM (undergrad)

The HS-STEM program is specific to one of our group's projects, "Visually Fusing Contextual Data for Situational Understanding". For more information on the project, see: https://www3.orau.gov/DHS-Ed/Posting/Details/78.

The U.S. Department of Homeland Security (DHS) sponsors a 10-week summer internship program for students majoring in homeland security related science, technology, engineering and mathematics (HS-STEM) disciplines. Undergraduate students receive a stipend of $500 per week ($5,000 for 10 weeks). The application deadline for summer 2013 is January 15.

DOE SULI (undergrad)

Science Undergraduate Laboratory Internship (SULI) encourages undergraduate students to pursue science, technology, engineering and mathematics careers by providing research experiences at DOE laboratories. Students receive a stipend of $500 per week during the internship period. Appointments are 10 weeks (summer term) or 16 weeks (semester term) and are offered fall/spring/summer. The application deadline for summer 2013 is January 10.

DOE HERE (undergrad, graduate)

Higher Education Research Experiences at Oak Ridge National Laboratory (HERE at ORNL) provides research opportunities and associated activities for students at all levels, beginning the term before college entrance through thesis/dissertation research, and higher education faculty. Stipend is determined by category of participant.

MS Thesis Defense

Stateless Detection of Malicious Traffic:
Emphasis on User Privacy

Paul Halvorsen

1:00pm Monday, 3 December 2012, ITE 346, UMBC

In order to allow flexibility in deployment location and to preserve user privacy we have performed research into stateless classification of network traffic. Stateless detection allows for flexibility in deployment location because traffic on a network does not necessarily follow the same path to and from the end points. By only requiring a single direction of traffic, we have the ability to deploy this classifier anywhere on a network. We also do not require the data from a packet which preserves user privacy and allows for the classification of encrypted traffic.

Our research shows that it is possible to determine if traffic is malicious by using packets traveling in a single direction and without the data contained in the packet. Our research shows that with the use of the timing of the packets, time to live value, and source and destination IP addresses and ports, it is possible to determine if the traffic is malicious. In this way we are able to deploy the classifier anywhere on a network, preserve user privacy, and classify encrypted traffic.

Committee members:

• Dr. Anupam Joshi (chair)
• Dr. Charles Nicholas
• Dr. Tim Finin

CSEE professor Dr. Alan Sherman and his Ph.D. advisee Josiah Dykstra have been invited to give the keynote address at the Institute for Defense and Government Advancement’s (IDGA) Forensic Enabled Intelligence Summit. Scheduled to be held in Washington D.C. in April 2013, the conference is one of the IDGA’s most anticipated government technology summits of the year.

The keynote will discuss Sherman and Dykstra’s research in cloud forensics. Their work explores ways to conduct forensic exams of crimes  committed in the cloud.

A free screening of the new film Codebreaker will be shown on Thursday, November 29 at 5:30pm in Hodson Auditorium at johns Hopkins University. The screening will be followed by a reception and question and answer session with the film's executive producer, Patrick Sammon.

Codebreaker tells the remarkable and tragic story of one of the 20th century's most important people. Alan Turing set in motion the digital revolution and his World War II codebreaking helped turn the tide of war. This maverick British genius is one of the most important scientists ever, yet few people have heard his name, know his story, or understand his legacy. Historians say by breaking the Nazis' Naval Enigma code, Turing helped shorten the Second World War by two years, saving millions of lives. As the founding father of computer science and artificial intelligence, Alan Turing envisioned our digital world long before anyone else. Built on a solid historical foundation of true events, Turing is our storyteller as he defiantly searches for answers. Documentary elements seamlessly interconnect with drama scenes to offer a three dimensional picture of Turing, his accomplishments, his tragic end, and his lasting legacy. (Running time 81 minutes). Learn more about Codebreaker and view a two-minute trailer at www.turingfilm.com.