Department of Computer Science and Electrical Engineering

This weekend, UMBC’s Cyber Defense Team (the ‘CyberDawgs’) took first place at the 2015 National CyberWatch Mid-Atlantic Collegiate Cyber Defense Competition (CCDC).

UMBC was one of ten teams that advanced to the regional finals held at the Johns Hopkins Applied Physics Lab on March 25-28. As the first place winner, the CyberDawgs will represent UMBC and the Mid-Atlantic region at the National CCDC in San Antonio, Texas April 24-26, 2015.

According to CyberDawgs president Jacob Rust (CMSC ’16), UMBC maintained a strong lead throughout the event, finishing with a raw score of 1674450 — which was 353400 more points than the second place team. Jacob also reported that UMBC ended the first day solidly in first place and remained in the lead for almost the entire competition.

The final standings for this weekend’s action are:

1st: UMBC 1674450
2nd: UMCP 1321050
3rd: Towson 1159925

The CyberDawgs participating in the MA-CCDC finals were Jacob Rust, Tyler Campbell, Anh Ho, John Beers, Joshua Domangue, Chris Gardner, Julio Valcarcel, and David Young.

As a highly motivated and self-directed team, this is the first time the CyberDawgs have won MA-CCDC, but certainly will not be the last. We wish the team luck as they prepare to compete in the National CCDC finals!

Interested in joining the CyberDawgs? Contact Jacob Rust () for more information — they’re always looking for new members! (The team meets weekly on Tuesdays at 7PM in ITE 227.)

The CyberDawg faculty advisors are Dr. Charles Nicholas and Dr. Richard Forno.

Enhancing System Security and Privacy with Program Analysis

Yinzhi Cao

Columbia University

12:00-1:00pm Tuesday, 31 March 2015, ITE 325b, UMBC

Cyber security and privacy have brought the attention from the general public these days. Melissa Hathaway, who advised both President Obama and President Bush, estimated in a report that governments and consumers lost $125 billion annually to cyber-attacks, including losses in tax revenue. In this talk, from the perspective of program analysis, I will discuss the security and privacy of two important computer systems: Web browser and Android system. In the first part, I will introduce how to prevent and detect drive-by download attacks, which penetrate the boundary of a browser principal. In particular, I will present JShield, a vulnerability-based detection engine that is more robust to obfuscated drive-by download attacks, when compared to various anti-virus software and most recent research papers. In the second part, I will introduce EdgeMiner, the first automatic tool that creates summaries of Android framework in the form of callback and registration pairs. With the summaries, existing static analysis system can correctly construct a control flow graph with hidden control flow dependencies introduced by callback methods.

Yinzhi Cao is a postdoctoral scientist at Columbia University. He earned his PhD in computer science at Northwestern University. Before that, he obtained his B.E. degree in electronics engineering at Tsinghua University in China. His research mainly focuses on the security and privacy of web, smart phones, and machine learning. He has published more than ten papers at various security conferences, such as Oakland, NDSS, ACSAC and DSN. His JShield system has been adopted by Huawei, the world’s largest telecommunication company. In the past, he served as a program committee member for IEEE CNS’14 and web chair for AsiaCCS SESP’13. Previously, he also conducted research at SRI International and UC Santa Barbara as a summer intern.

UMBC Cyber Defense Lab

Blind Hashing; a new way to secure
passwords against offline attack

Jeremy Spilman

Founder/CTO of TapLink

11-12 Friday 27 March 2015, M/P 101, UMBC

Industry best practice is to secure passwords using a tunable hashing algorithm; pick the right hashing algorithm, tune its cost factors so it runs slowly and makes optimal use of your hardware, and it’s possible to protect very strong passwords from being cracked. However when average password strength and login latency requirements face off against bot-nets and GPU powered dictionary attacks, the vast majority of passwords are easily cracked. Blind hashing entangles password hashes with a massive pool of random data, so large it cannot be stolen over the network. A simple protocol allows any number of sites to share a centralized petabyte-scale data pool, amortizing the cost for defenders, while protecting low-entropy passwords with minimal run-time cost. Blind hashing can also be used as a general-purpose PBKDF to protect against brute-force attacks, and providing the opportunity to add server-based access policies and revocability to the key derivation process. Following his talk, Jeremy will be happy to discuss potential research opportunities with the company for students interested in developing new implementations of blind hashing for password-based authentication and encryption services.

Jeremy Spilman is the Founder and CTO of TapLink, a startup company that is developing systems using its patented Blind Hashing technique, which can completely protect passwords against offline attack, even if the password database is stolen. He was a double major in Computer Science and Economics at Brandeis University.

Summarizing Information in Big Data: Algorithms and Applications

Dr. Fei Liu

School of Computer Science
Carnegie Mellon University

12:00p Friday, 27 March 2015, ITE 325b

Information floods the lives of modern people, and we find it overwhelming. Summarization systems that identify salient pieces of information and present it concisely can help. In this talk, I will discuss both algorithmic and application perspectives of summarization. Algorithm-wise, I will describe keyword extraction, sentence extraction, and summary generation, including a range of techniques from information extraction to semantic representation of data sources; application-wise, I focus on summarizing human conversations, social media contents, and news articles. The data sources span low-quality speech recognizer outputs and social media chats to high-quality content produced by professional writers. A special focus of my work is exploring multiple information sources. In addition to better integration across sources, this allows abstraction to shared research challenges for broader impact. Finally, I try to identify the missing links in cross-genre summarization studies and discuss future research directions.

Dr. Fei Liu is a postdoctoral fellow at Carnegie Mellon University, member of Noah’s ARK. Fei’s research interests are in the areas of natural language processing, machine learning, and data mining, with special emphasis on automatic summarization and social media. From 2011 to 2013, Fei worked as a Senior Research Scientist at Bosch Research, Palo Alto, California, one of the largest German companies providing intelligent car systems and home appliances. Fei received her Ph.D. in Computer Science from the University of Texas at Dallas in 2011, supported by Erik Jonsson Distinguished Research Fellowship. Prior to that, she obtained her Bachelors and Masters degrees in Computer Science from Fudan University, Shanghai, China. Fei has published over twenty peer reviewed articles, and she serves as a referee for leading journals and conferences.

Host: Nilanjan Banerjee and Mohamed Younis

UMBC’s 37th Annual Graduate Research Conference will take place between 9:00am and 5:00pm on Wednesday, 25 March 2015. The GRC program includes both oral and poster presentations, lunch and a keynote panel, a research information fair and a reception. The event is free, but online registration is requested.

Here is a summary of the presentations from Computer Science and Electrical Engineering students. See the GRC program for abstracts and a complete list of presentations and posters from all UMBC graduate programs.

Session I 9:00am-10:15am in UC 312

• Prajit Das – Computer Science
  FaceBlock: Semantic Context-Aware Privacy for Mobile Devices
• Ari Rapkin Blenkhorn – Computer Science
  Real-time GPU Rendering of Atmospheric Glories
• Tanmay Kulkarni – Electrical Engineering
  Palladium Nanowire Based Enzymatic Biofuel Cell
• Robert Weiblen – Electrical Engineering
  Increased Laser Damage Threshold in As2S3 Motheye Structures
• Muhammad Rahman – Computer Science
  Semantic Information Extraction from RFP Documents

Session II 10:30am-11:45am in Commons 329

• Muhammad Rahman – Computer Science (Oral Presentation)
  Open Information Extraction and Topic Modeling on Academic Profiles
• Vladimir Korolev – Computer Science (Oral Presentation)
  PROB: A Tool for Tracking of PRovenance of Big data Computational Experiments
• Jennifer Sleeman – Computer Science (Oral Presentation)
  Improving Entity Disambiguation for Wild Big Data Through Contextualization and FineGrained Entity Type Recognition

Session II 10:30am-11:45am in Sherman Hall 145

• Jon Ward – Electrical Engineering (Oral Presentation)
  Distributed Beamforming Relay Selection to Increase Base Station Anonymity in Wireless Sensor Networks
• Yin Huang – Computer Science and Electrical Engineering
  An Eigensolver for large sparse graph with Accumulo and D4M
• Abhay Kashyap – Computer Science (Oral Presentation)
  Rapalytics: When Data Science meets Rap!
• Zheng Li – Computer Engineering (Oral Presentation)
  Tongue-n-Cheek: Non-contact Tongue Gesture Recognition

Session II 10:30am-11:45am in Sondheim 103

• Piyush Waradpande – Computer Science (Work in Progress)
  Use of Doppler Radars in Activity Recognition
• Genaro Hernandez – Computer Science (Work in Progress)
  Toward Category Detection for Physically-Grounded Language
• Deepak Krishnankutty – Computer Engineering (Work in Progress)
  Multi Vantage Point Analysis of Power Supply Signatures
• Jorge Teixeira – Electrical Engineering (Work in Progress)
  Advantages and Improvements of BER/WER Performance Evaluation of Error Correcting Codes Using Dual Adaptive Importance Sampling (DAIS)

Session II 10:30am-11:45am, Poster Presentations in Library 7th floor

• Shaokang Wang – Electrical Engineering
  Soliton Wake Instability in a SESAM Modelocked Fiber Laser
• Isaac Mativo – Computer Science
  Clinical Predictive Modeling with Patient Reported Data
• Yichuan Gui – Computer Science
  A Pairwise Algorithm to Overcome the Local Minimum Problem in Training
• David Harris – Computer Science
  Developing User Interface Frameworks to Facilitate Usage Amongst Technologically UnderServed Populations
• Hsiao-Chi Li – Electrical Engineering
  Progressive Band Processing of Orthogonal Subspace Projection in Hyperspectral Imagery
• Lisa Mathews – Computer Science
  A Collaborative Approach to Situational Awareness for CyberSecurity
• Yu Wang – Computer Science
  Isosurface Smoothing using Marching Cubes and PN-Triangles
• Yue Hu – Electrical Engineering
  Impact of the Coulomb Interaction on the Franz-Keldysh Effect in a High-Current Photodetector
• Hadis Dashtestani – Computer Science
  Massively Distributed Online Neuroscience for Improving Virtual Experience

Session III 1:45pm-3:00pm, Poster Presentations in UC 312

• Bryan Wilkinson – Computer Science
  A Resource for Evaluating Adjective Scales
• Adam Price – Computer Science
  Big Data Analytics for Expanding Alice Analysis for the United States
• Seyed Ehsan Jamali Mahabadi and Yue Hu – Electrical Engineering
  Gain Recovery in Quantum Cascade Lasers
• Brian Stevens – Computer Engineering
  Characterization of Glucose Responsive Phenylboronic Acid-Based Hydrogel Using Optical Coherence Tomography

Computer Science and Electrical Engineering
University of Maryland, Baltimore County

 Towards Large-Scale Measurement of Vulnerabilities
and Design of Usable New Systems

Prof. Chuan Yue
University of Colorado Colorado Springs

12:00-1:00 Monday, 23 March 2015, ITE325b, UMBC

Security and privacy vulnerabilities are pervasive in computer and network systems. In my research group, we aim to accurately measure and analyze the vulnerabilities of Web, Cloud, and Mobile systems on a large scale; we also aim to design usable new systems that provide better security and privacy protection to millions of users. In this talk, I will first present our research on analyzing the vulnerabilities of popular Web browsers’ built-in password managers and some third-party browser-and-cloud-based password managers. Next, I will present a framework for automatic detection of information leakage vulnerabilities in JavaScript-based browser extensions including password managers. I will explain why it is very challenging to accurately and automatically analyze JavaScript-based browser extensions, justify why our static and dynamic combined approach is practical and appropriate, and further discuss how we may increase the capabilities of this framework to automatically measure and analyze JavaScript related security and privacy vulnerabilities on a large scale. Finally, I will discuss some of our current and future projects on security and privacy research and education, for example, one project is on measuring users’ susceptibility to sophisticated and highly insidious phishing attacks.

Chuan Yue is an Assistant Professor of Computer Science at the University of Colorado Colorado Springs. His current research focuses on Web, Cloud, and Mobile Systems Security and Privacy. He received his B.E. and M.E. degrees in Computer Science from Xidian University, China, in 1996 and 1999, respectively, and his Ph.D. in Computer Science from the College of William and Mary in 2010. He worked as a Member of Technical Staff at Bell Labs China, Lucent Technologies for four years from 1999 to 2003, mainly on the design and development of the Web-based Distributed Service Management System for Intelligent Network.

For more information and directions: http://bit.ly/UMBCtalks.

CSEE’s Dr. Rick Forno discussed cyber warfare in Ash Hunt’s latest policy paper ‘Cyber Quantifiable Restrictions: The Requirements to Generate Agreed Restrictions on the Use of Cyber Capabilities’ appearing in The Diplomatic Courier. Among other things, Hunt attempts to show that agreed restrictions should not blanket the use of cyber capabilities, but rather the unacceptable use of a range of capabilities that could be used to harm human life.

Recently, it has become apparent that “we’re in a [cyber] arms race” in a largely unregulated domain—the cyber wild west. With the increased diffusion of technology, nations have begun amassing offensive cyber capabilities: utilizing zero-day exploits, distributed denial of server (DDOS) attacks, and weaponized malware technology. Already, “the U.S. has poured billions of dollars into an electronic arsenal,” whilst the “stockpile of exploits runs into the thousands, aimed at every conceivable device.” This exponential growth of cyber arms is particularly dangerous considering the lack of rules and conventions governing the fifth arena of warfare. Dr. Richard Forno from the University of Maryland concedes, “there is no international agreement over what level of cyber warfare is acceptable.” He further recognizes that national systems such as power grids, water treatment plants and medical facilities “do not have adequate protection from hackers.” Clearly, “principles and agreements on cyber warfare must designate sensitive infrastructure as red lines.” It is necessary to afford our critical organizations the same level of protection from cyber hostility as we do from the multitude of other tangible threats.

Source: The Diplomatic Courier Volume 9, Issue 1, January/February 2015

CSEE Ph.D. student Kavita Krishnaswamy is featured in this video created by Suitable Technologies, maker of the Beam telepresence system.

Kavita, who works with CSEE professor Tim Oates, is both a Ford Foundation Predoctoral and National Science Foundation Graduate Research Fellow. She has also worked at the Quality of Life Technology Center run by CMU and the University of Pittsburgh and IBM Business consulting services.

As a professional researcher with a severe physical disability, Kavita is motivated by a powerful, innate force: autonomy is the soul of independent daily living that is achieved with the advancement of technology. Her research involves the development of robotic systems to provide assistance and increase independence for people with disabilities. She is developing several prototype robotic systems that will support transferring, repositioning, and personal care, with a focus on accessible user interfaces for control that are feasible for persons with severe disabilities.

Kavita attends many events and conferences with the Beam, allowing her independence and mobility to meet, learn, and network with professionals all over the world. The Beam gives her independence to be visible in the community to explore and expand technological boundaries from her home.

If you are interested in the Beam, you can sign up to connect to a Beam at the DeYoung Museum or test drive a BeamPro.

Got Linux? If you’ve ever wanted to try Linux but didn’t know where to start, bring your computer to the Linux Installfest this Friday, March 13 between noon and 5:00pm at the UMBC Commons Mainstreet.  Having Linux on your own computer will give you more control and is a great learning experience.  You can also replicate the environment found on UMBC’s servers (e.g., gl.umbc.edu) which will make doing your homework on them easier.

The UMBC Linux Users Group (LUG) will hold a Linux Install Fest from Noon to 5:00pm on Friday, March 13 on Main Street in the Commons. Experts will help you install a free copy of Linux on your computer using any of several options — dual boot, virtual and more. LUG members can also advise you about the hundreds of legal, free apps available for many Linux versions.

See the LUG site for more information and pictures from previous LUG Installfest. You might also want to join UMBC’s LUG — join the LUG mailing list to get news and reminders of their regular meetings

Contact the LUG faculty adviser, Jon Squire (squire at www.csee.umbc.edu) with burning questions.

UMBC’s Graduate Research Conference Program (GRC) will be held on campus on Wednesday, March 25, from 9:00 am to 5:00 pm. There will be a variety of presentations for faculty and students (both graduate and undergraduate). Featured events include professional development workshops, a keynote panel, and a research information fair.

Twenty-eight CSEE graduate students will describe their research in oral or poster presentations. Feel free to attend as many sessions as your schedule allows.

Please note that registration is required for both presenters and attendees. Registration is particularly important, in regards to securing a seat for the lunch and for the professional development workshops.

For more information, visit the GRC web site or email .

To register, please go to https://www.eventbrite.com/e/37th-annual-graduate-researchconference-registration-13201250295.

Please find a link to the program guide and the events flyer listed below:

• GRC 2015 Program
• GRC Featured Events Flyer