MS Thesis Defense

Comparison of Cloud Security Standards and a
Cloud Security Control Recommendation System

Amit S. Hendre

8:30am Thursday, 31 July 2014, ITE346

Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users’ data remains confidential and secure. On one hand, cloud providers are implementing their own security and privacy controls. On the other hand, standards bodies like Cloud Security Alliance (CSA), International Organization for Standards (ISO), National Institute for Standards and Technology (NIST), etc. are developing broad standards for cloud security. In this thesis we provide a comprehensive analysis of the cloud security standards that are being developed and how they compare with the security controls of cloud providers. Our study is mainly focused on policies about mobility of resources, identity and access management, data protection, incident response and audit and assessment. This thesis will help consumer organizations with their compliance needs by evaluating the security controls and policies of cloud providers and assisting them in identifying their enterprise cloud security policies.

Committee: Drs. Karuna Joshi, Tim Finin and Yelena Yesha

MS Thesis Defense

Android Malware Detection and Classification
using Machine Learning Techniques

Satyajit Padalkar

10:30am Wednesday, 30 July 2014, ITE 325b

Android is popular mobile operating system and there exists multiple marketplaces for Android applications. Most of these market places allow applications to be signed using self-signed certificates. Due to this practice there exists little or very limited control over the kind of applications that are being distributed. Also advancement of Android root kits are increasingly making it easier to repackage existing Android application with malicious code. Conventional signature based techniques fail to detect such malware. So detection and classification of Android malware is a very difficult problem. We present a method to classify and detect such malware by performing a dynamic analysis of the system call sequences. Here we make use of machine learning techniques to build multiple models using distributions of syscalls as features. Using these models we predict whether given application is malicious or benign. Also we try to classify given application to specific known malware family. We also explore deep learning methods such as stacked denoising autoencoder algorithms (SdA) and its effectiveness. We experimentally evaluate our methods using a real dataset of 600 applications from 38 malware families and 25 popular benign applications from various areas. We find that a deep learning algorithm (SdA) is most accurate in detecting a malware with lowest false positives while AdaBoost performs better in classifying a malware family.

Committee: Drs. Anupam Joshi (chair), Tim Finin and Charles Nicholas

Earlier this year HP and the Scholarship for Women Studying Information Security (SWSIS) selected UMBC undergraduate Victoria Lentz (Computer Science, 2015) and ten other female cybersecurity students from across the U.S. to receive scholarships.

Lentz was in the first cohort of students to be accepted into the UMBC Cyber Scholars Program, which began in Fall 2013. The program prides itself on influencing minorities and women to become involved in the cyber security and computing industries.

With particular interests in malware and digital forensics, Lentz plans to work in the cybersecurity industry after finishing her undergraduate education to gain experience before returning to school for a Master’s degree.

More from Lentz appears in Technically Baltimore.

from a post by Achsah Joseph on UMBC Insights

CSEE professor Nilanjan Banerjee was interviewed at the Microsoft Faculty Summit on UMBC research that is developing sensors that can be sewn into textiles such as clothing or bedding and used control devices though gestures. Professor Banerjee is working with colleagues Ryan Robucci, Chintan Patel and Sandy McCombe-Waller (UMB) and students to prototype the hardware sensors and software components that can be part of an Internet of Things environment.

With support from Microsoft, their experimental systems are using Microsoft’s Lab of Things platform for research on connected devices in homes and other spaces. One of the use cases driving the research is helping people with limited mobility lead more independent lives by enabling them to control the environment. Buz Chmielewski, who became a quadriplegic after a surfing accident, is helping the team test and refine the system and its usability.

UMBC CSEE Professor Marie desJardins will be a guest on WAMU’s Kojo Nnamdi show from 12:00 to 1:00pm tomorrow, Tuesday, June 17, 2014. She will be one of three experts discussing Coding and the Computer Science Conundrum with Kojo and callers. Listen live over the air on WAMU (88.5 mhz) or online.  After she broadcast, you can hear it on the segment’s page or download it from their podcast archives.

The program’s description is:

“For years following the dot-com bust, computer science enrollment plunged steadily, prompting hand wringing over America’s competitiveness in technology and innovation. But a nationwide push to bring coding to classrooms, plus rapid innovation in apps and communications, has prompted a 13.4% jump in computer science majors in the 2012-13 academic year alone. But retaining those budding programmers — especially females and minorities — remains a significant challenge. Kojo explores local and national efforts to boost computer science competency, and learns how educators are revamping computational learning to give it relevance far beyond the classroom.”

The expert guests are:

• Pat Yongpradit, Director of Education, Code.org
• Marie desJardins, Prof. of Computer Science and Electrical Engineering, University of Maryland, Baltimore County
• Janice Cuny, Program Director of Computing Education, National Science Foundation

Listeners can ask questions or make comments during the show via Twitter (@kojoshow) or phone (800-433-8850).

Ph.D. Dissertation proposal

Creating a Collaborative Situational-Aware IDPS

Lisa Mathews

11:00am Tuesday, 10 June 2014, ITE 346

Traditional intrusion detection and prevention systems (IDPSs) have well known limitations that decrease their utility against many kinds of attacks. Current state-of-the-art IDPSs are point based solutions that perform a simple analysis of host or network data and then flag an alert. Only known attacks whose signatures have been identified and stored in some form can be discovered by most of these systems. They cannot detect “zero day” type attacks or attacks that use “low-and-slow” vectors. Many times an attack is only revealed by post facto forensics after some damage has already been done.

To address these issues, we are developing a semantic approach to intrusion detection that uses traditional as well non-traditional sensors collaboratively. Traditional sensors include hardware or software such as network scanners, host scanners, and IDPSs like Snort. Potential non-traditional sensors include open sources or information such as online forums, blogs, and vulnerability databases which contain textual descriptions of proposed attacks or discovered exploits. After analyzing the data streams from these sensors, the information extracted is added as facts to a knowledge base using a W3C standards based ontology that our group has developed. We have also developed rules/policies that can reason over the facts to identify the situation or context in which an attack can occur. By having different sources collaborate to discover potential security threats and create additional rules/policies, the resulting situational-aware IDPS is better equipped to stop creative attacks such as those that follow a low-and-slow intrusion pattern. Leveraging information from these heterogeneous sources leads to a more robust, situational-aware IDPS that is better equipped to detect complicated attacks. This will allow for detection in soft real time. We will create a prototype of this system and test the efficiency and accuracy of its ability to detect complex malware.

Committee: Drs. Anupam Joshi (Chair), Tim Finin, John Pinkston, Charles Nicholas, Claudia Pearce, Yul Williams

UMBC has been redesignated as a National Center of Academic Excellence in Information Assurance by the National Security Agency and Department of Homeland Security for both Cyber Defense Research (CAE-R) and Education (CAE-IA/CD) for the academic years 2014-2021. UMBC is one of only 38 institutions in the US. that have recognized by NSA and DHS for both education and research.

The CAE educational designation includes (among other elements) a certification that our curriculum satisfies focus areas and knowledge units (KUs) as outlined in the NICE Framework. This framework aims to establish a common lexicon for students, universities, and employers for describing knoweldge and skills needed for various cybersecurity jobs. The CAE research designation signifies UMBC’s demonstrated excellence in conducting quality research activities pertaining to cybersecurity.

The CAE certification process was coordinated by Dr. Alan Sherman through the Center for Information Security and Assurance (CISA). Among other things, CISA oversees UMBC’s Federal CyberCorps Scholarship For Service program and is actively involved with cybersecurity education and research activities at UMBC, to include the upcoming Innovations in Cybersecurity Education Workshop on June 24.

In recent days, the United States and China have traded accusations about each nation’s alleged (or actual) espionage activities in cyberspace. Moreover, high-profile events like Stuxnet and recurring high-profile cyber-attacks such as the Target data breach continue to keep ‘cyber’ and cybersecurity issues in the news.

Today, CSEE’s Dr. Rick Forno, Cybersecurity GPD and Assistant Director of the UMBC Center for Cybersecurity, was a guest on PRI’s ‘The World’ where he discussed issues related to cyberwarfare, cybersecurity and the international application of cyberpower.