Department of Computer Science and Electrical Engineering

TL;DR version: if you have Java 7 on your computer, update it. Now.

The Java programming language helped to make the Web popular in the mid 1990s by its invention of the Web applet. The idea was powerful and enabled complex programs to be automatically downloaded when you visited a Web page and run securely on your personal computer in a sandbox. The sandbox prevented any applet running in it from doing the things on your computer you would not want it to do — like accessing your files, sending email, accessing other computers on the Internet, or installing new programs.

If you've read any technology news in the past week you know that several very nasty security vulnerabilities were discovered in Java version 7 that can be exploited by attackers, allowing them to create applets that can execute arbitrary code on your computer.

The exploit applies to Java 7 and not to earlier versions of Java and only when that is used to run a Java applet in your browser. The problem does not affect the use of Java 7 on servers, in Java desktop applications, or embedded Java.

Today Oracle released a security alert to address the vulnerabilities. The vulnerabilities are remotely exploitable without authentication and have the highest CVSS severity score of 10. Oracle recommends that their fix be applied as soon as possible — some exploits are already available in hacking tools like Metasploit, which means that relatively unsophisticated people can use them.

Java developers and programmers should download the latest Java SE JDK and JRE 7 releases from Oracle and users running Java SE with a browser should download the latest JRE 7 from java.com. Windows users can also use automatic updates to get the latest JRE 7 release.

You can test the version of Java available to your browser <a href="http://www.java.com/en/download/installed.jsp">here</a>.  Note that Google's popular Chrome browser does not support Java 7, so Chome users need not update Java unless they also use another browser, such as Firefox or Safai.

Oracle also changed the default security setting for Java to "High," which means that most users will need to approve Java applets before they run.

Ph.D. Dissertation Defense

Supporting Citizen Science and
Biodiversity Informatics on the Semantic Web

Joel Sachs

10:00am Friday, 14 December 2012, ITE 325b

It is common for Semantic Web documents to use terms from multiple ontologies, with no expectation that the full semantics of each ontology will be imported by consuming applications. This makes sense, because importing all ontologies referenced by a document causes both practical and logical problems. But it has the drawback of leaving it to the consuming application to determine appropriate semantics for the terms being used. We describe an approach to constructing ontologies by layer, designed to make it easier for both data publishers and application developers to tailor-fit semantics to use cases.

The layers that we develop correspond to patterns in the RDF graph. This contrasts with typical approaches to modular ontology development, where the layers are domain based. The three primary motivations for this approach are i) preserving computational tractability; ii) enabling easy coupling and decoupling with foundational ontologies and iii) maintaining cognitive tractability. This third motivation is still under-studied in semantic web development; we consider it in relation to reducing the ease with which ontology users can publish data that accidentally implies things that they do not mean. This is important always, but becomes especially so in citizen science, where users will naturally bring intuitive semantics to the terms that they encounter.

We describe case studies that involved deploying our approach in the context of citizen science activities, and which provided opportunities to assess its capabilities and limitations. We also describe subsequent work aimed at addressing these limitations, and, by applying newly defined layers over the underlying data, show that we are able to improve the competency of our knowledge base. More generally, we show that appropriately combining triple-pattern-based layers allows us to support a wide variety of use cases with varied (and occasionally conflicting) requirements.

In addition to our approach to semantic layering, contributions include an improved understanding of how to blend social and semantic computing to support citizen science, and a collection of layers for representing biodiversity information in RDF, with a focus on invasive species. Compared with other proposed “semanticizations” of the Darwin Core standard for representing biodiversity occurrence data, these layers involve minimal modification to the Darwin Core vocabulary, and make maximal use of the Darwin Core namespace, thereby simplifying the transition of current practices onto the semantic web.

Committee: Drs. Tim Finin (Chair), Anupam Joshi, Tim Oates, Cynthia Parr, Yelena Yesha, Laura Zavala

On December 12, CSEE professor Hillol Kargupta will receive the 10-year Highest-Impact Paper Award from the IEEE International Data Mining Conference (ICDM) in Brussels, Belgium.

The winning paper—“On the Privacy Preserving Properties of Random Data Perturbation Techniques”—discusses privacy-preserving data mining and it also received the 2003 ICDM Best Paper Award. It is co-authored by former UMBC PhD student Souptik Datta (CS '08) and Dr. Kargupta’s colleagues at Washington State University—Qi Wang and Professor Krishnamoorthy Sivakumar.

Privacy Preserving Data Mining (PPDM) is important in many domains where the data is privacy sensitive and exposing the data to a third party for mining is not an option. Researchers have come up with many PPDM algorithms that attempt to protect data privacy while allowing analysis of the data for detecting patterns. Many of these algorithms make use of randomized techniques. This paper offers a perspective on the structure of random noise using theories of random matrices and their spectral properties in order to analyze their role in preserving data privacy while still keeping data patterns intact for analysis. It points out that spectral properties of random matrices can be exploited to create attacks on many commonly used privacy-preserving data mining algorithms.

Kargupta and his associates point out is that you must be very careful when using random noise to protect data, since it can be easily filtered out. “Random noise is really not that unpredictable,” explains Kargupta, since it has a pattern of its own.

Out of all of the papers on data mining published within the last ten years, this year Dr. Kargupta’s paper was chosen by IEEE as the most impactful paper in its field.

The TRUST Research Experiences for Undergraduates (TRUST REU) is a nine-week summer program in Cybersecurity, Privacy and Trustworthy Systems, was established to promote access to graduate education among undergraduates who have been educationally or economically disadvantaged and who may not have exposure to the academic environment of a research university.

The goal of the TRUST REU program is to increase the level of diversity among students entering graduate programs in computer science and engineering by providing research opportunities under the supervision of a faculty member and graduate student mentor. Program objectives are:

• To provide students with preparation to become research scholars
• To stimulate serious consideration of graduate study
• To increase the number of successful underserved applicants able to enroll in graduate school

Special consideration will be given to applicants who have shown potential for success, but may have had limited access to undergraduate research or other academic opportunities. Upon completion of this program students will be better prepared and motivated to attend graduate school.N/p>

There are five research program locations:

• Carnegie Mellon University (Pittsburgh, PA)
• Cornell University (Ithaca, NY)
• Stanford University (Palo Alto, CA)
• UC Berkeley (Berkeley, CA)
• Vanderbilt University (Nashville, TN)

The application deadline is 15 February 2012. For more information and to apply, see the TRUST REU site.

UMBC will once again host the Global Game Jam. The weekend-long game development event will be held this year from January 25-27. UMBC is one of hundreds of host sites around the world. Other local sites include College Park, the Universities at Shady Grove, and George Mason.

“I expect an exciting mix of students, friends, alumni, and game developers for a weekend of creative fun,” says Dr. Olano, director of UMBC’s Game Development Track. Last year he and Visual Arts professor Neal McDonald ran the event out of UMBC’s GAIM Lab where game developers of all levels gathered to conceive and create video games around a common theme.

Last year the theme was Ouroboros, a symbol of perpetual renewal. The theme inspired games like Bit Exhaust, a space-invaders-esque Windows phone game and Snake ‘N Bake (pictured above), a two-player game where a snake must help a cupcake make it to the oven before the tasty confection gets hit by a fireball.

The theme for this year’s competition will be announced at 5 p.m. on January 25^th so that all parts of the game development process—from coming up with a game concept to finishing a playable video game–will have to be carried out during one single adrenaline-filled weekend.

Visit globalgamejam.org to register for the event. Thanks to support from Next Century Corporation, registration for the UMBC site is free and open to anyone 18+.

CyberPoint is seeking Paid Summer Intern Scientists and a Jr. IT Specilist. US Citizenship required. APPLY VIA UMBCworks.

CyberPoint delivers innovative, leading-edge cyber security products, solutions and services to customers worldwide. We discover the threats and vulnerabilities that expose data, systems, and infrastructure to compromise, and we design defenses that provide critical protection. Our approach is tailored to our customers’ need to reduce risks and ensure ongoing protection in a world of continuously emerging cyber threats. At CyberPoint, we seek out hard problems, develop new products and solutions, and drive innovation in cyber security. Employing world-class engineers, mathematicians, computer scientists, and other industry experts, CyberPoint supports a broad array of commercial and government customers.

Paid Summer Intern Scientist Needed (UMBCworks position 9255053)

Join CyberPoint Labs as a summer intern scientist and conduct research in program analysis, machine learning, and high performance computing. Skills that will be needed include Python, C/C++, Intel x86 and ARM assembly language, and/or functional programming (Haskell, OCaml, Erlang). Some candidate projects include:

• Using Dynamic Bayesian Networks to develop risk models for IT infrastructure.
• Developing CUDA integration into Unified Parallel C or other PGAS systems.
• Developing machine learning based network models of insider threat activity.
• Developing malware analysis scripts using Intel PIN tool, DynamoRIO, and IDA Pro/Immunity scripts.

They will consider all years, rising junior, senior and graduate level students. US Citiznship and 3.00 GPA or above GPA required.

Jr IT Specialist— Temp to Hire position (UMBCworks position 9255090)

CyberPoint International is adding to its Corporate IT Team. The Jr IT Helpdesk will work as a member of the IT Service Desk team providing daily system support including hardware, operating systems and applications, installation and modifications. Troubleshoot system and user problems. Manage user accounts. Perform system maintenance on software; evaluate, test and integrate upgrades to hardware; upgrade operating systems and applications. Investigate problems, research and develop effective and logical solutions considering operational policies and information assurance requirements.

They are looking for an enthusiastic team player with outstanding customer service skills and a strong drive to learn and develop your technical skills. CyberPoint is open to hiring a current student and we can work around your school schedule. The ultimate goal is to have this position convert to a Full time role with an outstanding benefits package. Hourly pay is $16-18/hr + based on experience. Candidate must be a US Citizen

The NITRD Senior Steering Group (SSG) for Cybersecurity R&D issued a request for public comments on the Federal cybersecurity R&D strategic plan . The SSG seeks comments on the progress over the past year in the research areas identified in the strategic plan, the strategic plan's impact in orienting private sector cybersecurity R&D activities, the successes and challenges in achieving the objectives outlined in the plan, and on any emerging areas in cybersecurity research and development that warrant further focus. Comments should be submitted to , by December 19, 2012.

UMBC CSEE Colloquium

Energy Efficient Platforms for
High Performance and Embedded Computing

Dr. Tinoosh Mohsenin
Computer Science and Electrical Engineering
University of Maryland, Baltimore County

1:00pm Friday, 7 December 2012, ITE 227, UMBC

Future embedded, high performance, and cloud computing must meet limited energy capacity, cost, and sustainability. These devices will regularly execute over one tera-operations per second (TOPS) with a variety of diverse workloads—from baseband communications to wearable medical devices—while operating on a 5 to 25 Watt-hour cellphone/tablet battery. The need for greater energy efficiency, smaller size and improved performance of these devices demands a co-optimization of algorithms, architectures, and implementations. This talk presents several programmable and application specific solutions that illustrate the cross-domain optimization.

The design of system-on-Chip blocks becomes increasingly sophisticated with emerging real-time computational and limited power budget requirements. Two such algorithms, Low Density Parity Check (LDPC) decoding and Compressive Sensing (CS), have received significant attention. LDPC decoding is an error correction technique which has shown superior error correction performance and has been adopted by several recent communication standards. Compressive sensing is a revolutionary technique which significantly reduces the amount of data collected during acquisition. While both LDPC decoding and compressive sampling have several advantages, they require high computational intensive algorithms which typically suffer from high power consumption and low clock rates. We present novel algorithms and architectures to address these challenges.

As future systems demand increasing flexibility and performance within a limited power budget, many-core chip architectures have become a promising solution. The design and implementation of a programmable many-core platform containing 64 cores routed in a hierarchical network is presented. For demonstration, Electroencephalogram (EEG) seizure detection and analysis and ultrasound spectral doppler are mapped onto the cores. The seizure detection and analysis takes 900 ns and consumes 240 nJ of energy. Spectral doppler takes 715 ns and consumes 182 nJ of energy. The prototype is implemented in 65 nm CMOS which contains 64 cores, occupies 19.51 mm2 and runs at 1.18 GHz at 1 V.

Dr. Tinoosh Mohsenin is an assistant professor in the Department of Computer Science and Electrical Engineering at the University of Maryland Baltimore County since 2011. Prior to joining UMBC, she was finishing her PhD at the University of California, Davis. Dr. Mohsenin’s research interests lie in the areas of high performance and energy-efficiency in programmable and special purpose processors. She is the director of Energy Efficient High Performance Computing (EEHPC) Lab where she leads projects in architecture, hardware, software tools, and applications for VLSI computation with an emphasis on digital signal processing workloads. She has been consultant to early stage technology companies and currently serves in the Technical Program Committees of the IEEE Biomedical Circuits & Systems Conference (BioCAS), Life Science Systems and Applications Workshop (LiSSA), International Symposium on Quality Electronic Design (ISQED) and IEEE Women in Circuits and Systems (WiCAS).

More information and directions: http://bit.ly/UMBCtalks

The new UMBC Cyber Scholars Program is seeking applicants. Incoming Freshman for the Fall 2013 school year, current students, and transfer students interested in careers in cybersecurity are encouraged to apply by January 15, 2013.

Starting Fall 2013, the Scholarship program will support 15-20 students annually with financial awards of $5,000-15,000 per year. The scholarship is more than a financial award; it is a scholarship program that fosters a community through common on-campus living-learning housing, events, and activities. Cyber Scholars will learn from and support one another throughout their college careers, and from core interaction with UMBC faculty and mentors.

Every Cyber scholar is assigned a faculty advisor who is pursuing cybersecurity-related research of their own. Advisors will help students find research and internship opportunities best suited to them.

To apply for the UMBC Cyber Scholars Program, visit Cybersecurity.umbc.edu/cyberscholars

MS Thesis Defense

Simultaneous Feature Acquisition and Cost Estimation

Zachary Kurtz

11:00am Thursday, 6 December 2012, ITE 325b

This thesis will address classification problems with two sources of cost: the cost of acquiring feature values and the cost of incorrect classifications. In particular, I address problems with feature costs and instance-dependent misclassification costs. Many real-world applications, such as medical diagnosis, contain both feature acquisition costs and instance-dependent misclassification costs. The goal of my research is to minimize the total cost of classifying an unknown instance. This goal is accomplished with a new approach: Simultaneous Feature Acquisition and Cost Estimation (SFACE), which combines feature acquisition methods with a regression algorithm that estimates misclassification costs. The estimated cost values are used to estimate the expected cost reduction for the acquisition of each feature. SFACE is evaluated by comparing the total cost of operation to the cost incurred by existing cost-insensitive, cost-sensitive, and feature acquisition algorithms. The results show that SFACE results in lower total cost for the tested datasets.

Committee: Dr. Marie desJardins (Chair), Dr. Tim Oates and Dr. Michael Grasso