This post is adapted from a UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations written by Adriana Fraser.
Six UMBC faculty members have just received grants from the Maryland Industrial Partnerships (MIPS) program to develop new technologies with potential to grow the state’s economy. This is UMBC’s largest number of winning proposals within a single proposal round since MIPS began in 1987. The program connects University System of Maryland (USM) faculty and students with Maryland businesses. UMBC’s latest MIPS grantees include computer science and electrical engineering faculty Tim Oates, Chein-I Chang, and Anupam Joshi; Soobum Lee, mechanical engineering; Dipanjan Pan, chemical, biochemical, and environmental engineering; and Vikram Vakharia, marine biotechnology. Among their industry partners are UMBC alumni entrepreneurs who are building businesses in Maryland.
Joshi, professor and chair of computer science and electrical engineering, received a MIPS grant for a cybersecurity collaboration with the startup CyDeploy. They are developing a platform that automates the quality assurance process for cybersecurity updates made to IT and “internet of things” (IoT) devices like Amazon Alexa, Google Home, and health and medical devices. CyDeploy CEO Tina Williams-Koroma ’02, computer science, presented Joshi with the idea to develop a “cybersecurity-driven change management system.” The technology is based on and leverages the use of artificial intelligence and machine learning to create a cloud-based replica of a company’s systems.
Williams-Koroma and Joshi’s group at UMBC developed a conceptual prototype. It shows the infrastructure and technology that would make the system feasible, combining off-the-shelf tools with novel research. “Increasingly, the government is now beginning to mandate security requirements around IoT devices. The longer-term vision that CyDeploy has is capturing the state of these systems, virtually recreating them and then running the security changes against virtual versions to see how the changes would affect those systems,” Joshi adds.
Williams-Koroma, who is also an adjunct instructor at UMBC, projects that the initial development of the platform will be complete in late spring 2021. They anticipate launching a free pilot version for businesses to test their IT systems. IoT pilots will come in a later phase.
Read more about these awards in the UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations.
11:00-12:00 ET Wednesday, 10 February 2021
The reduction of losses related to hurricanes and other extreme weather phenomena involves many complex aspects ranging from purely theoretical, observational, computational, and numerical, to operational and decisional. A correct warning can lead to proper evacuation and damage mitigation, and produce immense benefits. However, over-warning can lead to substantial unnecessary costs, a reduction of confidence in warnings, and a lack of appropriate response. In this chain of information, the role played by scientific research is crucial.
The National Oceanic and Atmospheric Administration (NOAA), in combination with the National Aeronautics and Space Administration (NASA), other agencies, and universities is contributing to these efforts through observational and theoretical research to better understand the processes associated with extreme weather. This includes model and data assimilation development, Observing System Experiments (OSE), and Observing System Simulation Experiments (OSSE) designed to ascertain the value of existing observing systems and the potential of new observing systems to improve weather prediction and theoretical understanding. This high-level talk, which was first given as the Keynote address at the 2019 Winter Simulation Conference, will describe innovative research for developing advanced next-generation global and regional models to improve weather prediction, and the application of OSSEs to optimize the observing system.
Dr. Robert Atlas is the former Chief Meteorologist at NASA’s Goddard Laboratory for Atmospheres and is Director Emeritus of the National Oceanic and Atmospheric Administration’s (NOAA) Atlantic Oceanographic and Meteorological Laboratory in Miami, Fla. Some of the areas he focused his research on included the prediction, movement, and strengthening of hurricanes. He has worked with both satellite data and computer models as a means to study these hurricane behaviors.
Dr. Atlas received his Ph.D. in Meteorology and Oceanography in 1976 from New York University. Prior to receiving the doctorate, he was a weather forecaster in the U.S. Air Force where he maintained greater than 95 percent forecast accuracy. From 1976 to 1978, Dr. Atlas was a National Research Council Research Associate at NASA’s Goddard Institute for Space Studies, New York, an Assistant Professor of Atmospheric and Oceanic Science for SUNY, and Chief Consulting Meteorologist for the ABC television network.
In 1978, Dr. Atlas joined NASA as a research scientist. He served as head of the NASA Data Assimilation Office from 1998-2003, and as Chief meteorologist at NASA GSFC from 2003-2005. Dr. Atlas has performed research to assess and improve the impact of satellite data on numerical weather prediction since 1973. He was a key member of the team that first demonstrated the significant impact of quantitative satellite data on numerical weather prediction and is the world’s leading expert on Observing System Simulation Experiments, a technology that enables scientists to determine the quantitative value of new observing systems before funds are allocated for their development.
He served as a member of the Satellite Surface Stress Working Group, the NASA Scatterometer (NSCAT) Science Team, the ERS Science Team, the SeaWinds Satellite Team, the Working Group for Space-based Laser Winds, the Scientific Steering Group for GEWEX, the Council of the American Meteorological Society, and as Chairman of the U.S. World Ocean Circulation Experiment (WOCE) Advisory Group for model-based air-sea fluxes. He is currently a member of the Science Teams for two NASA space missions.
From 1974-1976, he developed a global upper-ocean model and studied oceanic response to atmospheric wind forcing as well as large-scale atmospheric response to sea surface temperature (SST) anomalies (unusual events). In more recent years, his research concentrated on the role of how the air and sea interact in the development of cyclones, the role of soil moisture and unusual SST events in the initiation, maintenance, and decay of prolonged heatwaves and drought, and most recently on the modeling and prediction of hurricane formation, movement, and intensification.
He is a recipient of the NASA Medal for Exceptional Scientific Achievement and the American Meteorological Society’s Banner I. Miller Award. In 2019, just prior to his retirement from NOAA, he was honored by the National Hurricane Center for Enduring Contributions to the nation’s hurricane forecast and warning program, and by the U.S. House of Representatives for his service to the nation.
This talk will explore the technology and lessons learned by UMBC alumnus Richard Carback from his experience co-founding and closing the security startup Lexumo, which provided the only automated service that continuously monitors IoT software platforms for the latest public vulnerabilities. In addition to covering some of the hard problems and Lexumo’s technical approach for monitoring all the world’s open-source software to assist companies in managing their vulnerabilities, Dr. Carback will discuss the mistakes and complexities of getting funded, delivering a product, and finding customers.
Dr. Richard Carback is a UMBC Alumnus (CS Ph.D., 2010) who is an entrepreneur who currently runs a private consultancy for computer security, computer forensics, cryptography, and smart contracts. He is a privacy-preserving systems expert with a background in elections and anonymity networks. While the group leader for the embedded systems security group at Charles Stark Draper Laboratories, he spun out an IoT vulnerability startup called Lexumo that provided the only automated service that continuously monitored IoT software platforms for the latest public vulnerabilities. At UMBC, he worked with Alan Sherman on secure elections and was the primary researcher behind Takoma Park’s deployment of the Scantegrity voting system, the first usage of voter-verifiable end-to-end election technology in a municipal election. email:
Host: Alan T. Sherman, . Support for this event was provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings:
The CyberWire produced a special podcast, In the clear: what it’s like working as a woman in the cleared community, that features three women working on cybersecurity at Northrop Grumman. Two are UMBC alumnae, software engineering manager Lauren and cyber software engineer Priyanka.
Lauren received a BS in Computer Science in 2015 and an M.S. in Computer Science in 2017. As an undergraduate student, she worked part-time as an IT Security Analyst tracking, locating, and performing forensics on infected computers located on campus. She joined Northrop Grumman in 2015 and continued her studies as a part-time graduate student, doing research on investigating different ways of characterizing cybersecurity exploit kits and the malware they produce.
Priyanka received a BS in Computer Science in 2018 and an MS in Computer Science in 2019. Her MS research was on multilingual text alignment for cybersecurity. She has been a lecture in the UMBC Computer Science program and the UMD Advanced Cybersecurity Experience for Students (ACES) program. She is currently working on a Computer Science Ph.D. at UMBC focused on how AI can help protect cybersecurity systems from data poisoning attacks.
January 11–15, 2020, UMBC scholars in the CyberCorps: Scholarship for Service (SFS) and the DoD Cybersecurity Scholarship (CySP) programs collaboratively analyzed the security of UMBC’s Incident Management System (IMS). Students found numerous serious issues, including race conditions, code-injection, and cross-site scripting attacks, improper API implementation, and denial-of-service attacks. We present findings, recommendations, and details of these vulnerabilities.
UMBC’s Incident Management System (IMS) is a web application under development by UMBC’s DoIT to supplement their RequestTracker (RT). IMS allows DoIT security staff to supplement the information in RT by linking IMS incidents to RT tickets. IMS incidents store additional information and files regarding existing and potential security campaigns. Using the information in IMS and RT, DoIT generates executive reports, which can influence decisions related to budget, training, and other security concerns. Our study is helping to improve the architecture and implementation of IMS.
Participants comprised BS, MS, MPS, and Ph.D. students studying computer science, computer engineering, information systems, and cybersecurity, including SFS scholars who transferred from Montgomery College (MC) and Prince George’s Community College (PGCC) to complete their four-year degrees at UMBC.
About the Speakers. Cyrus Jian Bonyadi is a Ph.D. Student at UMBC working on distributed computing consensus theory. He is an alumnus of the varsity CyberDawgs team. email: . Enis Golaszewski is a Ph.D. Student at UMBC working on protocol analysis. He is a leading member of the Protocol Analysis Lab under Dr. Sherman. email: ,
Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings:
Congratulation to Dr. Edward Raff for his forthcoming book Inside Deep Learning being published by Manning. The first three chapters are now available free online via Manning’s Early Access Program, with more to come. Dr. Raff is a Chief Scientist at Booz Allen Hamilton and both an alumnus of and visiting assistant professor in the UMBC CSEE department.
He describes the target audience for his book as “the middle between “give me a tool” and ‘CS/Stats/ML Ph.D. graduate book’ that gives utility and understanding.” He gives thanks to his UMBC students in his Computer Science and Data Science classes who have been “guinea pigs for this book/course material.”
Here’s how the publisher describes the book: “Inside Deep Learning is a fast-paced beginners guide to solving common technical problems with deep learning. Written for everyday developers, there are no complex mathematical proofs or unnecessary academic theory. You’ll learn how deep learning works through plain language, annotated code, and equations as you work through dozens of instantly useful PyTorch examples. As you go, you’ll build a French-English translator that works on the same principles as professional machine translation and discover cutting-edge techniques just emerging from the latest research. Best of all, every deep learning solution in this book can run in less than fifteen minutes using free GPU hardware!”
Ed Raff received a Ph.D. in Computer Science in 2018 with a dissertation on “Malware Detection and Cyber Security via Compression.” He is currently a Chief Scientist at Booz Allen Hamilton. He has done research on deep learning, malware detection, reproducibility in machine learning, detecting fairness and bias in machine learning models and data analytics, and high-performance computing. He has also been a visiting Assistant Professor at UMBC since 2018 and taught in both the Computer Science and Data Science programs. Dr. Raff has over 40 peer-reviewed publications, three best paper awards, and has presented at many major conferences.
The Information Security Research and Education (INSuRE) research collaborative is a network of National Centers of Academic Excellence in Cyber Defense Research (CAE-Rs) universities that cooperate to engage students in solving applied cybersecurity research problems. Since fall 2012, INSuRE has fielded a multi-institutional cybersecurity research course in which BS, MS, and Ph.D. students work in small groups to solve unclassified problems proposed by the National Security Agency (NSA) and by other government and private organizations and laboratories.
Schedule
12:00-12:15pm poster presentations
12:15-12:40pm Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories
12:40-1:05pm Meeting Mayhem: A Network Adversary Game
1:05-1:30pm Analysis of the 5G AKA protocol with Comparison to 4G AKA
Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories
Naomi Albert, Elias Enamorado, Benjamin Padgette, Anshika Patel
Technical Director: William J. La Cholter (APL)
UMBC Expert: Charles Nicholas
With the ever-increasing popularity of browser-based cryptomining it is now more important than ever to detect malicious cryptojacking code. This paper serves to identify reliable indicators of injected cryptomining code in open-source repositories using static source code analysis techniques. We analyze static source code features of a curated set of cryptomining projects and innocuous codebases that are available as open-source projects on GitHub. Through this analysis we show that a novel Normalized Halstead Difficulty metric can be an important indicator of the presence of cryptomining software. Specifically, the Normalized Halstead complexity is significantly higher for cryptomining source code files as compared to the sampled non-miners. Using this newfound knowledge of the complexity of browser-based JavaScript cryptominers, supply-chain cryptojacking injection attacks in open-source repositories may be easier to identify through automated code review techniques.
Meeting Mayhem: A Network Adversary Game
Richard Baldwin, Trenton Foster
Technical Director: Edward Zieglar (NSA)
UMBC Experts: Marc Olano, Linda Oliva
Meeting Mayhem, a web-based educational game, teaches adversarial thinking through the Dolev-Yao security model. Meeting Mayhem is based on the paper-and-pencil “Protocol Analysis Game,” introduced by Edward Zieglar and adapted by UMBC PhD student Enis Golaszewski. Two or more users try to arrange a meeting time and place by sending messages through an insecure network controlled by an adversary. Through self discovery, players learn the dangers of network communications and the value of sound protocols supported by encryption, hashing, and digital signatures.
Formal Methods Analysis of the 5G AKA protocol, with Comparison to 4G AKA
Prajna Bhandary, Ryan Jahnige, Jason Schneck
Technical Director: Edward Zieglar (NSA)
We analyze the Fifth Generation (5G) Authentication and Key Agreement (AKA) protocol and the Fourth Generation (4G) Evolved Packet System Authentication and Key Agreement (EPS-AKA) protocol for possible structural faults using the Cryptographic Protocol Shapes Analyzer (CPSA). It is fundamental to provide authentication and key management in the security of cellular networks. 5G AKA provides mutual authentication between subscribers and the network, by providing the keys to protect both signaling and user plane data. 4G defines an authentication method, EPS-AKA, whereas 5G offers several different authentication techniques: 5G AKA, 5G EAP-AKA, and 5G EAP-TLS. In addition to our formal method analysis of 5G AKA and 4G EPS-AKA, we also analyze the differences in security properties between the 4G EPS-AKA protocol, and 5G AKA protocol. We verify that the upgrades made to 4G EPS-AKA improves control of the Home Network (HN) in 5G AKA. Additionally, we found that the ambiguous nature of the documentation regarding the channel between Serving Network (SN) and HN results in authentication concerns and we propose a solution.
Course Instructor: Alan T. Sherman
Support for this event is provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings:
Biweekly CDL talks will resume in the spring 2021 semester.
The 2021 UMBC SFS/CySP Research Study will take place remotely in January (likely January 11-15).
Cybersecurity raises questions about who owns data and how best to discourage security breaches. This talk will offer some unexpected and perhaps controversial perspectives from economics on relevant questions, including: Who presumptively should own data? What is the purpose of liability law? Should those who violate data security always be liable, or only if they fail to take appropriate measures to prevent leaks? Could “the market” solve the problem, e.g., by people choosing where to shop on the basis of data security? Would regulation be a better means than liability to promote cybersecurity? Don’t expect answers to these questions; my hope is to stimulate and hopefully inform the discussion. If time allows, I’ll review some major actions by the Federal Trade Commission, who is the lead national agency policing privacy-related conduct.
Dr. Tim Brennan is professor emeritus of public policy and economics at UMBC, retiring in July 2020 after thirty years on the UMBC faculty. He has also been FCC Chief Economist, held the T.D. MacDonald Chair in the Canadian government’s Competition Bureau, and served on the staff of the White House Council of Economic Advisers. Before UMBC, he was an associate professor of telecommunications and public policy at George Washington University and a staff economist at the US Department of Justice Antitrust Division. He has over 130 articles and book chapters and books on competition policy, economic regulation, telecommunications and energy policy, intellectual property, and economic methods. His MA in math and Ph..D. in economics are from the University of Wisconsin.