CHMPR Distinguished Lecturers Series

The Need for Speed

Dr. Phyllis A. Schneck

Deputy Under Secretary of Cybersecurity
Department of Homeland Security

3:30pm Thursday, 1 December 2016, UC 310
3:00pm Coffee, tea, and cookies

As computers get faster, they change the world. Processors get smaller, the number of devices with processors gets bigger, and the amount of information that can be produced and transported grows exponentially. Everything on the planet, unless one can eat it, is likely to have electronic logic within – and, most recently, to be connected to other devices. Our way of life and critical infrastructures, from power and water to finance is enabled by this ability to process light, and transport information at that speed. The speed of computing is enabling new conveniences and capabilities, and furthering science in directions never before imagined from DNA studies to particle physics. This amazingly connected world, however, introduces new vulnerabilities as many connected devices were not designed to be safe from unauthorized access and use. We must pay special attention to protecting infrastructure components such as information and the intricate signaling systems that generate and distribute electricity. This requires specialized algorithms to mine the masses of data to recognize normal internet activity from potential threat indicators. The goal is to create a more self-healing network, accomplishing with information what nature does with biological responses – creating an electronic immune system. Cognitive computing can provide groundbreaking results in data mining and analysis that will enhance the Cybersecurity to protect the other applications such as genomic and physics research. Software and hardware developers need to work together to create the algorithms and custom hardware to minimize heat, maximize computation and, finally, create a secure design.

We can use the speed of computing to enhance Cybersecurity as well – thus the paradox of the need for speed to protect itself.

Dr. Phyllis Schneck is the Deputy Under Secretary for Cybersecurity & Communications with the Department of Homeland Security, where she is also the Chief Cybersecurity Official. Previously held positions include Chief Technology Officer for Global Public Sector, McAfee, Inc.; VP of Enterprise Services, eCommSecurity; and VP of Corporate Strategy for SecureWorks, Inc. Schneck earned her Ph.D. in computer science from Georgia Tech and pioneered the field of info security and security-based high-performance computing at Georgia Tech. She holds seven information security patents and has six research publications in the areas of info security, real-time systems, telecom and software engineering.

If you plan on attending, please RSVP to Michelle Bobovych at to ensure we have a sufficient number of chairs.

The CS Education student org, with support from the CS Matters in Maryland CS education project, is planning UMBC’s first-ever Hour of Code event. Hour of Code is an initiative that organizes hands-on learning experiences for students of all ages during CS Education Week (December 5-11, 2016, coinciding with Admiral Grace Hopper’s birthday).

UMBC’s Hour of Code will offer a hands-on experience for anybody who wants to try their hand at coding, December 7 and 8 from 11am-2pm on Main Street. We will have several special guests on Thursday — some students from Lakeland Elementary School will learn to code along with President Freeman Hrabowski from 11am-noon that day.

We need many volunteers to help make this event a success! Although coding experience is useful, it is NOT necessary! We will have training events in advance of the event for everyone who volunteers, and we also have some no-coding-required jobs as well, including running a Makey Makey activity and helping out with the elementary school students.

Please sign up to volunteer. Stephanie Milani (Psychology major / CS minor) is organizing the volunteer effort — please feel free to contact her if you have any questions at .

Mobile Security Architectures, Threats and Mitigation

Joshua Franklin, NIST

6:00-8:00pm Tuesday, 15 November 2016
Building III Room 2226, UMBC@Universities at Shady Grove
directions

Cellular technology plays an increasingly large role in society as it has become the primary portal to the internet for a large segment of the population. One of the main drivers making this change possible is the deployment of modern 4G LTE cellular technologies. This talk will cover the fundamentals of cellular network operation and explores the evolution of 2G GSM, 3G UMTS and 4G cellular security architectures. Then, the talk will turn to an analysis and discussion of the threats posed to cellular networks and supporting mitigation techniques. Although the talk will include older GSM and UMTS technologies, it will be focused heavily on LTE as the current-state of industry.

Joshua Franklin is a Security Engineer at the National Institute of Standards and Technology (NIST) focusing on cellular security, electronic voting, and public safety. Prior to NIST, Joshua worked at the U.S. Election Assistance Commission gathering extensive experience with voting technologies. After graduating from Kennesaw State University with a Bachelors of Science in Information Systems, he received a Masters of Science in Information Security and Assurance from George Mason University.

Host: Dr. Ben Shariati ()

The UMBC CSEE Seminar Series Presents

Preventive Neuromonitoring of Critically-ill Infants
Using Advanced Signal Processing Techniques

Rathinaswamy B. Govindan

Division of Fetal and Transitional Medicine
Fetal Medicine Institute
Children’s National Health System, Washington, DC

1:00-2:00pm, Friday, 11 November 2016, ITE 229, UMBC

Several early life complications (caused by, e.g., maternal illness, premature birth, complications during birth) carry a significant risk of irreversible brain injury. Current monitoring methods, designed to prevent brain injury, inadequately monitor sick infants. A multimodal monitor is envisaged and devised for preventive neuromonitoring of critically-ill infants. One of the components of this monitor characterizes cerebral pressure autoregulation – an intrinsic mechanism by which the brain buffers changes in the blood pressure and maintains a steady cerebral blood flow. Cerebral pressure autoregulation is characterized by studying the association between cerebral blood flow (measured using invasive or imaging techniques) and continuous blood pressure. This talk will focus on monitoring cerebral autoregulation at bedside using surrogate markers of cerebral blood flow and intra-arterial blood pressure from indwelling line. The challenges involved in monitoring cerebral autoregulation and alternative non-invasive methods to characterize cerebral pressure autoregulation will also be discussed. These concepts will be demonstrated using physiological signals collected from sick infants monitored in intensive care units.

About the Speaker. Dr. Govindan is director of the Advanced Physiological Signals Processing Lab in the Division of Fetal and Transitional Medicine at Children’s National Medical Center. His duties include: quality control of physiological signals acquired at bedside, developing signal processing routines for offline, and real-time analyses of the signals. His research interests consist of quantifying intactness of the cerebral autoregulation and integrity of the autonomic nervous system of the critically ill infants. These experiments are conducted using sophisticated computers, and custom developed robust signal processing routines at the lab.

Prior to joining Children’s National Health System, Dr. Govindan was an Assistant Professor (Tenure-track) in the Department of Obstetrics and Gynecology, and an Adjunct Assistant Professor in the Division of Biomedical Informatics at the University of Arkansas for Medical Sciences. During this period, his research interests comprised of predicting labor using maternal uterine contraction, and characterizing the autonomic nervous system and functional brain development of human fetus using magnetoencephalography.

Hosts: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

Other UMBC CSEE Seminar Series: The UMBC Cyber Defense Lab (CDL) meets biweekly Fridays 11:15am-12:30pm in ITE 229, for research talks about cybersecurity.

Dissertation Defense Announcement

Cross-Layer Techniques for Boosting Base-Station Anonymity in Wireless Sensor Networks

Sami Alsemairi

9:30 Wednesday, 9 November 2016, ITE 346

Wireless Sensor Networks (WSNs) provide an effective solution for surveillance and data gathering applications in hostile environments where human presence is infeasible, risky or very costly. Examples of these applications include military reconnaissance, guarding boarders against human trafficking, security surveillance, etc. A WSN is typically composed of a large number of sensor nodes that probe their surrounding and transmit measurements over multi-hop paths to an in-situ Base-Station (BS). The BS not only acts as a sink of all collected sensor data but also provides network management and serves as a gateway to remote commend centers. Such an important role makes the BS a target of adversary attacks that opt to achieve Denial-of-Service (DoS) and nullify the WSN utility to the application. Even if the WSN applies conventional security mechanisms such as authentication and data encryption, the adversary may apply traffic analysis techniques to locate the BS and target it with attacks. This motivates a significant need for boosting BS anonymity to conceal its location.

In this dissertation, we address the challenges of BS anonymity and develop a library of techniques to counter the threat of traffic analysis. The focus of our work is on the link and network layers. We first exploit packet combining as a means to vary the traffic density throughout the network. We call this technique combining the data payload of multiple packets (CoDa), where a node groups the payload of multiple incoming data packets into a single packet that is forwarded toward the BS. CoDa cuts on the number of transmissions that constitute evidences for implicating the BS as a destination of all traffic and thus degrades the adversary’s ability in conducting effective traffic analysis.

Next we develop a novel technique for increasing BS anonymity by establishing a sleep/active schedule among the nodes that are far away from the BS, and increasing the traffic density in selected parts of the network in order to give the impression that the BS is located in the vicinity of the sleeping nodes. We call this technique Adaptive Sampling Rate for increased Anonymity (ASRA). Moreover, we develop three novel techniques based on a hierarchical routing topology. The first, which we call Hierarchical Anonymity-aware Routing Topology (HART), forms clusters and an inter-cluster-head routing topology so that a high traffic volume can be observed in areas away from the BS. The second is a novel cross-layer technique that forms a mesh topology. We call this technique cluster mesh topology to boost BS’s anonymity (CMBA). CMBA opts to establish a routing topology such that the traffic pattern does not implicate any particular node as a sink.

The third technique creates multiple mesh-based routing topologies among the cluster-heads (CHs). By applying the closed space-filling curves such as the Moore curve, for forming a mesh, the CHs are offered a number of choices for disseminating aggregated data to the BS through inter-CH paths. Then, the BS forwards the aggregated data as well so that it appears as one of the CH. We call this technique boosting the BS anonymity through multiple mesh-based routing topologies (BAMT). We validate the effectiveness of all anonymity-boosting techniques through simulation and highlight the trade-off between anonymity and overhead.

Committee: Drs. Mohamed Younis (Chair), Charles Nicholas, Chintan Patel, Richard Forno and Waleed Youssef

The UMBC CSEE Seminar Series Presents

Practical Engineering of Plaintext
Private Information Retrieval Systems

Dr. Russell Fink

Chief Engineer, Cyber Operations Branch,
Johns Hopkins University / Applied Physics Laboratory

1-2pm Friday, 4 November 2016, ITE 229

Cloud computing has come a long way in the last decade, with many advances in supported platforms, security, and cost effectiveness. As organizations are increasingly turning to the cloud to outsource their big data storage and processing needs, both problems and opportunities arise for understanding and analyzing large repositories of data.

One problem in particular is querying large data in a safe and secure way – querying a large data set can compromise search privacy, revealing the interests, motivations, and true identity of the data querier to the data owner, hindering legitimate uses including data analytics, security, and law enforcement. Alice, wishing to search Bob’s queue of plaintext data, may turn to Private Information Retrieval (PIR) techniques to maintain her privacy without sacrificing bandwidth or deploying a trusted device in Bob’s spaces.

We have prototyped a PIR system based on the homomorphic Paillier cryptosystem and Bethencourt/Song search method, and discovered important engineering techniques along the way that are useful for deploying a scalable system. In this talk, I will introduce and motivate the PIR problem and describe the Paillier homomorphic retrieval system and Bethencourt’s technique. I will give an overview of our specific advances, notably, a novel technique for private regular expression pattern searching over plaintext, including an algorithm for resisting a privacy attack against the resulting search automaton.

Russell A. (“Russ”) Fink is the Chief Engineer of the Cyber Operations Branch, Asymmetric Operations Sector, of the Johns Hopkins University Applied Physics Laboratory. He holds a Bachelor’s degree in computer science from the University of Maryland, College Park; a Master’s degree in computer systems management from the University of Maryland, University College; and a Ph.D. from the University of Maryland, Baltimore County for his work on electronic voting and trustworthy computing. His research interests include systems security engineering, trusted computing, machine learning, and privacy preserving cryptographic applications.

Organizers: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

Statistics and Big Data at Google

Dr. Tim Hesterberg, Google

5:00-6:00pm Thursday, 3 November 2016, UC 310, UMBC

Google lives on data. Search, Ads, YouTube, Maps…they all live on data. Join Senior Quantitative Analyst (and Lady Statistician) Tim Hesterberg, as he shares stories about how we use data, how we’re experimenting to make improvements (yes, this includes your searches), and how we adapt statistical ideas to do things that have never been done before. This will be a general-audience, non-technical talk. No statistics background is needed!

Dr. Hesterberg previously worked at Insightful (S-PLUS), Franklin & Marshall College, and Pacific Gas & Electric Co. He received his Ph.D. in Statistics from Stanford University, under Brad Efron. Hesterberg is author of the “Resample” package for R and primary author of the “S+Resample” package for bootstrapping, permutation tests, jackknife, and other resampling procedures, is co-author of Chihara and Hesterberg “Mathematical Statistics with Resampling and R” (2011), and is lead author of “Bootstrap Methods and Permutation Tests” (2010), W. H. Freeman, ISBN 0-7167-5726-5, and numerous technical articles on resampling.

RSVP at http://goo.gl/MnqsMd

Six new cybersecurity scholars were inducted into UMBC’s NSF-sponsored Scholarship for Service program in an event held in Germantown on October 20. Three are currently students at Montgomery College and three are from Prince Georges Community College. After they complete their associates degree in spring 2017, they will transfer to UMBC to complete their undergraduate degrees.

This pioneering cooperation between UMBC, Montgomery College, and Prince Georges Community College in cybersecurity is made possible by a grant from the National Science Foundation (Dr. Alan Sherman (UMBC), Joe Roundy (MC), and Casey O’Brien (PGCC), CoPIs). As part of their education, the SFS scholars will solve IT security problems for their county government.

As SFS Scholars, the students receive tuition, fees, annual reimbursement of professional development expenses, a nine-month stipend and assistance with federal cybersecurity internships and career placement.

The UMBC Cyber Defense Lab presents

Regulatory Compliance Software Engineering:
Understanding Ambiguity in Privacy and Security Requirements

Aaron Massey

Department of Information Systems
University of Maryland, Baltimore County

11:15am-12:30pm Friday, 4 November  2016, ITE 229

Software engineers building software systems in regulated environments must ensure that software requirements accurately represent obligations described in laws and regulations. Ambiguities in legal texts can make the difference between compliance and non-compliance. Ensuring alignment and compatibility is challenging because policy analysts who write laws and regulations approach ambiguity differently than the software engineers who implement software in regulated environments. Although software regulation continues to increase in visibility, prevalence, and importance–particularly for security and privacy, few software processes address challenge of identifying, classifying, and understanding regulatory ambiguity. Herein, we develop an ambiguity taxonomy based on software engineering, legal, and linguistic approaches to ambiguity. We also present two case studies of policy analysts and technologists identifying and classifying ambiguities in a portion of the Health Insurance Portability and Accountability Act (HIPAA) using this taxonomy. Results of this work suggest that the taxonomy developed can serve as a guide for identifying and classifying ambiguity but participants were not able to consistently agree on a rationale defending their ambiguity classification. These results suggest a strategy for addressing ambiguities in regulatory text—software engineers are likely to be successful at identifying elements of a legal text that then require supplemental expertise to resolve. The contributions of this work include the ambiguity taxonomy developed as well as mechanism for reporting identified ambiguities in a legal text which we call Ambiguity Intensity Maps.

 Aaron Massey is an Assistant Professor of Software Engineering at UMBC and the Co-Director of ThePrivacyPlace.org.  His research interests include computer security, privacy, software engineering, and regulatory compliance in software systems.  Aaron is a recipient of the Walter H. Wilkinson Graduate Research Ethics Fellowship and a recipient of a Google Policy Fellowship.  Before coming to UMBC, he was a Postdoctoral Fellow at Georgia Tech’s School of Interactive Computing.  Aaron earned a PhD and MS in Computer Science from North Carolina State University and a BS in Computer Engineering from Purdue University.  He is a member of the ACM, IEEE, IAPP, and the USACM Public Policy Council.

Host: Alan T. Sherman,

The UMBC CSEE Seminar Series Presents

Learning to Predict the Future from Unlabeled Data

Hamed Pirsiavash, CSEE Department, UMBC

1-2pm Friday, 28 October 2016, ITE 229

Anticipating actions and objects before they start or appear is a difficult problem in computer vision with several real-world applications. This task is challenging partly because it requires leveraging extensive knowledge of the world that is difficult to write down. We believe that a promising resource for efficiently learning this knowledge is through readily available unlabeled video. I will talk about our framework that capitalizes on temporal structure in unlabeled video to learn to anticipate human actions and objects. The key idea behind our approach is that we can train deep networks to predict the visual representation of images in the future. I will also talk about our recent work on a Generative Adversarial learNing (GAN) architecture that generates a novel video given the first frame.

Hamed Pirsiavash is an assistant professor at the University of Maryland, Baltimore County (UMBC) since August 2015. Prior to that, he was a postdoctoral research associate at MIT working with Antonio Torralba. He earned his PhD at the University of California Irvine under the supervision of Deva Ramanan (now at CMU). He performs research in the intersection of computer vision and machine learning.

Organizers: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.