CHMPR Distinguished Lecturers Series

The Need for Speed

Dr. Phyllis A. Schneck

Deputy Under Secretary of Cybersecurity
Department of Homeland Security

3:30pm Thursday, 1 December 2016, UC 310
3:00pm Coffee, tea, and cookies

As computers get faster, they change the world. Processors get smaller, the number of devices with processors gets bigger, and the amount of information that can be produced and transported grows exponentially. Everything on the planet, unless one can eat it, is likely to have electronic logic within – and, most recently, to be connected to other devices. Our way of life and critical infrastructures, from power and water to finance is enabled by this ability to process light, and transport information at that speed. The speed of computing is enabling new conveniences and capabilities, and furthering science in directions never before imagined from DNA studies to particle physics. This amazingly connected world, however, introduces new vulnerabilities as many connected devices were not designed to be safe from unauthorized access and use. We must pay special attention to protecting infrastructure components such as information and the intricate signaling systems that generate and distribute electricity. This requires specialized algorithms to mine the masses of data to recognize normal internet activity from potential threat indicators. The goal is to create a more self-healing network, accomplishing with information what nature does with biological responses – creating an electronic immune system. Cognitive computing can provide groundbreaking results in data mining and analysis that will enhance the Cybersecurity to protect the other applications such as genomic and physics research. Software and hardware developers need to work together to create the algorithms and custom hardware to minimize heat, maximize computation and, finally, create a secure design.

We can use the speed of computing to enhance Cybersecurity as well – thus the paradox of the need for speed to protect itself.

Dr. Phyllis Schneck is the Deputy Under Secretary for Cybersecurity & Communications with the Department of Homeland Security, where she is also the Chief Cybersecurity Official. Previously held positions include Chief Technology Officer for Global Public Sector, McAfee, Inc.; VP of Enterprise Services, eCommSecurity; and VP of Corporate Strategy for SecureWorks, Inc. Schneck earned her Ph.D. in computer science from Georgia Tech and pioneered the field of info security and security-based high-performance computing at Georgia Tech. She holds seven information security patents and has six research publications in the areas of info security, real-time systems, telecom and software engineering.

If you plan on attending, please RSVP to Michelle Bobovych at to ensure we have a sufficient number of chairs.

Mobile Security Architectures, Threats and Mitigation

Joshua Franklin, NIST

6:00-8:00pm Tuesday, 15 November 2016
Building III Room 2226, UMBC@Universities at Shady Grove
directions

Cellular technology plays an increasingly large role in society as it has become the primary portal to the internet for a large segment of the population. One of the main drivers making this change possible is the deployment of modern 4G LTE cellular technologies. This talk will cover the fundamentals of cellular network operation and explores the evolution of 2G GSM, 3G UMTS and 4G cellular security architectures. Then, the talk will turn to an analysis and discussion of the threats posed to cellular networks and supporting mitigation techniques. Although the talk will include older GSM and UMTS technologies, it will be focused heavily on LTE as the current-state of industry.

Joshua Franklin is a Security Engineer at the National Institute of Standards and Technology (NIST) focusing on cellular security, electronic voting, and public safety. Prior to NIST, Joshua worked at the U.S. Election Assistance Commission gathering extensive experience with voting technologies. After graduating from Kennesaw State University with a Bachelors of Science in Information Systems, he received a Masters of Science in Information Security and Assurance from George Mason University.

Host: Dr. Ben Shariati ()

The UMBC CSEE Seminar Series Presents

Preventive Neuromonitoring of Critically-ill Infants
Using Advanced Signal Processing Techniques

Rathinaswamy B. Govindan

Division of Fetal and Transitional Medicine
Fetal Medicine Institute
Children’s National Health System, Washington, DC

1:00-2:00pm, Friday, 11 November 2016, ITE 229, UMBC

Several early life complications (caused by, e.g., maternal illness, premature birth, complications during birth) carry a significant risk of irreversible brain injury. Current monitoring methods, designed to prevent brain injury, inadequately monitor sick infants. A multimodal monitor is envisaged and devised for preventive neuromonitoring of critically-ill infants. One of the components of this monitor characterizes cerebral pressure autoregulation – an intrinsic mechanism by which the brain buffers changes in the blood pressure and maintains a steady cerebral blood flow. Cerebral pressure autoregulation is characterized by studying the association between cerebral blood flow (measured using invasive or imaging techniques) and continuous blood pressure. This talk will focus on monitoring cerebral autoregulation at bedside using surrogate markers of cerebral blood flow and intra-arterial blood pressure from indwelling line. The challenges involved in monitoring cerebral autoregulation and alternative non-invasive methods to characterize cerebral pressure autoregulation will also be discussed. These concepts will be demonstrated using physiological signals collected from sick infants monitored in intensive care units.

About the Speaker. Dr. Govindan is director of the Advanced Physiological Signals Processing Lab in the Division of Fetal and Transitional Medicine at Children’s National Medical Center. His duties include: quality control of physiological signals acquired at bedside, developing signal processing routines for offline, and real-time analyses of the signals. His research interests consist of quantifying intactness of the cerebral autoregulation and integrity of the autonomic nervous system of the critically ill infants. These experiments are conducted using sophisticated computers, and custom developed robust signal processing routines at the lab.

Prior to joining Children’s National Health System, Dr. Govindan was an Assistant Professor (Tenure-track) in the Department of Obstetrics and Gynecology, and an Adjunct Assistant Professor in the Division of Biomedical Informatics at the University of Arkansas for Medical Sciences. During this period, his research interests comprised of predicting labor using maternal uterine contraction, and characterizing the autonomic nervous system and functional brain development of human fetus using magnetoencephalography.

Hosts: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

Other UMBC CSEE Seminar Series: The UMBC Cyber Defense Lab (CDL) meets biweekly Fridays 11:15am-12:30pm in ITE 229, for research talks about cybersecurity.

Dissertation Defense Announcement

Cross-Layer Techniques for Boosting Base-Station Anonymity in Wireless Sensor Networks

Sami Alsemairi

9:30 Wednesday, 9 November 2016, ITE 346

Wireless Sensor Networks (WSNs) provide an effective solution for surveillance and data gathering applications in hostile environments where human presence is infeasible, risky or very costly. Examples of these applications include military reconnaissance, guarding boarders against human trafficking, security surveillance, etc. A WSN is typically composed of a large number of sensor nodes that probe their surrounding and transmit measurements over multi-hop paths to an in-situ Base-Station (BS). The BS not only acts as a sink of all collected sensor data but also provides network management and serves as a gateway to remote commend centers. Such an important role makes the BS a target of adversary attacks that opt to achieve Denial-of-Service (DoS) and nullify the WSN utility to the application. Even if the WSN applies conventional security mechanisms such as authentication and data encryption, the adversary may apply traffic analysis techniques to locate the BS and target it with attacks. This motivates a significant need for boosting BS anonymity to conceal its location.

In this dissertation, we address the challenges of BS anonymity and develop a library of techniques to counter the threat of traffic analysis. The focus of our work is on the link and network layers. We first exploit packet combining as a means to vary the traffic density throughout the network. We call this technique combining the data payload of multiple packets (CoDa), where a node groups the payload of multiple incoming data packets into a single packet that is forwarded toward the BS. CoDa cuts on the number of transmissions that constitute evidences for implicating the BS as a destination of all traffic and thus degrades the adversary’s ability in conducting effective traffic analysis.

Next we develop a novel technique for increasing BS anonymity by establishing a sleep/active schedule among the nodes that are far away from the BS, and increasing the traffic density in selected parts of the network in order to give the impression that the BS is located in the vicinity of the sleeping nodes. We call this technique Adaptive Sampling Rate for increased Anonymity (ASRA). Moreover, we develop three novel techniques based on a hierarchical routing topology. The first, which we call Hierarchical Anonymity-aware Routing Topology (HART), forms clusters and an inter-cluster-head routing topology so that a high traffic volume can be observed in areas away from the BS. The second is a novel cross-layer technique that forms a mesh topology. We call this technique cluster mesh topology to boost BS’s anonymity (CMBA). CMBA opts to establish a routing topology such that the traffic pattern does not implicate any particular node as a sink.

The third technique creates multiple mesh-based routing topologies among the cluster-heads (CHs). By applying the closed space-filling curves such as the Moore curve, for forming a mesh, the CHs are offered a number of choices for disseminating aggregated data to the BS through inter-CH paths. Then, the BS forwards the aggregated data as well so that it appears as one of the CH. We call this technique boosting the BS anonymity through multiple mesh-based routing topologies (BAMT). We validate the effectiveness of all anonymity-boosting techniques through simulation and highlight the trade-off between anonymity and overhead.

Committee: Drs. Mohamed Younis (Chair), Charles Nicholas, Chintan Patel, Richard Forno and Waleed Youssef

The UMBC CSEE Seminar Series Presents

Practical Engineering of Plaintext
Private Information Retrieval Systems

Dr. Russell Fink

Chief Engineer, Cyber Operations Branch,
Johns Hopkins University / Applied Physics Laboratory

1-2pm Friday, 4 November 2016, ITE 229

Cloud computing has come a long way in the last decade, with many advances in supported platforms, security, and cost effectiveness. As organizations are increasingly turning to the cloud to outsource their big data storage and processing needs, both problems and opportunities arise for understanding and analyzing large repositories of data.

One problem in particular is querying large data in a safe and secure way – querying a large data set can compromise search privacy, revealing the interests, motivations, and true identity of the data querier to the data owner, hindering legitimate uses including data analytics, security, and law enforcement. Alice, wishing to search Bob’s queue of plaintext data, may turn to Private Information Retrieval (PIR) techniques to maintain her privacy without sacrificing bandwidth or deploying a trusted device in Bob’s spaces.

We have prototyped a PIR system based on the homomorphic Paillier cryptosystem and Bethencourt/Song search method, and discovered important engineering techniques along the way that are useful for deploying a scalable system. In this talk, I will introduce and motivate the PIR problem and describe the Paillier homomorphic retrieval system and Bethencourt’s technique. I will give an overview of our specific advances, notably, a novel technique for private regular expression pattern searching over plaintext, including an algorithm for resisting a privacy attack against the resulting search automaton.

Russell A. (“Russ”) Fink is the Chief Engineer of the Cyber Operations Branch, Asymmetric Operations Sector, of the Johns Hopkins University Applied Physics Laboratory. He holds a Bachelor’s degree in computer science from the University of Maryland, College Park; a Master’s degree in computer systems management from the University of Maryland, University College; and a Ph.D. from the University of Maryland, Baltimore County for his work on electronic voting and trustworthy computing. His research interests include systems security engineering, trusted computing, machine learning, and privacy preserving cryptographic applications.

Organizers: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

Statistics and Big Data at Google

Dr. Tim Hesterberg, Google

5:00-6:00pm Thursday, 3 November 2016, UC 310, UMBC

Google lives on data. Search, Ads, YouTube, Maps…they all live on data. Join Senior Quantitative Analyst (and Lady Statistician) Tim Hesterberg, as he shares stories about how we use data, how we’re experimenting to make improvements (yes, this includes your searches), and how we adapt statistical ideas to do things that have never been done before. This will be a general-audience, non-technical talk. No statistics background is needed!

Dr. Hesterberg previously worked at Insightful (S-PLUS), Franklin & Marshall College, and Pacific Gas & Electric Co. He received his Ph.D. in Statistics from Stanford University, under Brad Efron. Hesterberg is author of the “Resample” package for R and primary author of the “S+Resample” package for bootstrapping, permutation tests, jackknife, and other resampling procedures, is co-author of Chihara and Hesterberg “Mathematical Statistics with Resampling and R” (2011), and is lead author of “Bootstrap Methods and Permutation Tests” (2010), W. H. Freeman, ISBN 0-7167-5726-5, and numerous technical articles on resampling.

RSVP at http://goo.gl/MnqsMd

The UMBC Cyber Defense Lab presents

Regulatory Compliance Software Engineering:
Understanding Ambiguity in Privacy and Security Requirements

Aaron Massey

Department of Information Systems
University of Maryland, Baltimore County

11:15am-12:30pm Friday, 4 November  2016, ITE 229

Software engineers building software systems in regulated environments must ensure that software requirements accurately represent obligations described in laws and regulations. Ambiguities in legal texts can make the difference between compliance and non-compliance. Ensuring alignment and compatibility is challenging because policy analysts who write laws and regulations approach ambiguity differently than the software engineers who implement software in regulated environments. Although software regulation continues to increase in visibility, prevalence, and importance–particularly for security and privacy, few software processes address challenge of identifying, classifying, and understanding regulatory ambiguity. Herein, we develop an ambiguity taxonomy based on software engineering, legal, and linguistic approaches to ambiguity. We also present two case studies of policy analysts and technologists identifying and classifying ambiguities in a portion of the Health Insurance Portability and Accountability Act (HIPAA) using this taxonomy. Results of this work suggest that the taxonomy developed can serve as a guide for identifying and classifying ambiguity but participants were not able to consistently agree on a rationale defending their ambiguity classification. These results suggest a strategy for addressing ambiguities in regulatory text—software engineers are likely to be successful at identifying elements of a legal text that then require supplemental expertise to resolve. The contributions of this work include the ambiguity taxonomy developed as well as mechanism for reporting identified ambiguities in a legal text which we call Ambiguity Intensity Maps.

 Aaron Massey is an Assistant Professor of Software Engineering at UMBC and the Co-Director of ThePrivacyPlace.org.  His research interests include computer security, privacy, software engineering, and regulatory compliance in software systems.  Aaron is a recipient of the Walter H. Wilkinson Graduate Research Ethics Fellowship and a recipient of a Google Policy Fellowship.  Before coming to UMBC, he was a Postdoctoral Fellow at Georgia Tech’s School of Interactive Computing.  Aaron earned a PhD and MS in Computer Science from North Carolina State University and a BS in Computer Engineering from Purdue University.  He is a member of the ACM, IEEE, IAPP, and the USACM Public Policy Council.

Host: Alan T. Sherman,

The UMBC CSEE Seminar Series Presents

Learning to Predict the Future from Unlabeled Data

Hamed Pirsiavash, CSEE Department, UMBC

1-2pm Friday, 28 October 2016, ITE 229

Anticipating actions and objects before they start or appear is a difficult problem in computer vision with several real-world applications. This task is challenging partly because it requires leveraging extensive knowledge of the world that is difficult to write down. We believe that a promising resource for efficiently learning this knowledge is through readily available unlabeled video. I will talk about our framework that capitalizes on temporal structure in unlabeled video to learn to anticipate human actions and objects. The key idea behind our approach is that we can train deep networks to predict the visual representation of images in the future. I will also talk about our recent work on a Generative Adversarial learNing (GAN) architecture that generates a novel video given the first frame.

Hamed Pirsiavash is an assistant professor at the University of Maryland, Baltimore County (UMBC) since August 2015. Prior to that, he was a postdoctoral research associate at MIT working with Antonio Torralba. He earned his PhD at the University of California Irvine under the supervision of Deva Ramanan (now at CMU). He performs research in the intersection of computer vision and machine learning.

Organizers: Professors Tulay Adali () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

2016 ADVANCE Distinguished Lecture Series

Against the Odds: How I Became a Computer Scientist

Dr. Claudia Pearce (UMBC MS ’89, PhD ’94)
National Security Agency

4:30-5:30 Tuesday, 11 October 2016
Library and Gallery, Albin O. Kuhn

Dr. Claudia Pearce, UMBC Alumna and Senior Computer Science Authority at NSA, shares a personal story of perseverance in her educational, research, and career journey as a computer scientist.

UMBC-ADVANCE is pleased to announce that alumna Dr. Claudia Pearce M.S., ’89 and Ph.D., ’94 and 2014 UMBC Alumna of the Year in COEIT is our 2016 ADVANCE Distinguished Speaker. Dr. Pearce is currently Senior Computer Science Authority at NSA, a member of UMBC’s COEIT advisory board, and involved in collaborative research with our CSEE faculty.

The event will take place on Tuesday, October 11th and we are proud to incorporate this event into UMBC’s 50th Anniversary celebrations. As part of this event, Dr. Pearce will deliver a campus-wide talk on her career trajectory at 4:30pm in the Library Gallery followed by a reception.

Claudia Pearce, UMBC Alumna (’89 M.S. in Computer Science and ’94 Ph.D. in Computer Science) and 2014 COEIT Alumna of the Year awardee, is currently the Senior Computer Science Authority at the NSA. In her time at the NSA, Pearce has created development programs for computer science and information technology new-hires to NSA, a short-course series on high-end topics in CS and IT, a summer intern program and organized a distinguished lecture series. In addition, she has created a computer science grants program with the National Science Foundation, for computer science education and outreach. She has also served on the Advisory Board of the Anita Borg Institute for Women in Technology and UMBC’s College of Engineering and Information Technology Advisory Board.

Prior to becoming the NSA’s Senior Computer Science Authority, Pearce served as the Chief of Knowledge Discovery Sciences, where she directed a research team that created Knowledge Discovery applications.

From 2000-2003, Pearce was part of the Senior Technical Development Program. While involved with this program, Pearce collaborated with organizations such as the Johns Hopkins Applied Physics Lab and Magnify Research, Inc., on topics such as “applications of data mining techniques to natural language processing.” As a Senior Computer Scientist from 1985-2000, Pearce conducted research in the area of databases and information retrieval systems.

Pearce received a B.S. in Mathematics from the University of Florida in 1973, graduating with High Honors and a Phi Beta Kappa distinction. She received an M.S. in Industrial and Systems Engineering from the University of Florida in 1974. In 1989 she received an M.S. in Computer Science from UMBC.  She also received a Ph.D. in Computer Science from UMBC in 1994.

Pearce is currently involved in research at UMBC. She helped to organize a workshop sponsored by the NSF and the Department of Defense, titled “Beyond Watson: Predictive Analytics and Big Data.” The research that inspired the Beyond Watson workshop ties into questions that are relevant to information retrieval systems. Questions such as “how do you find the right documents out of very large collections of text?” and “what are the kinds of languages, tools, techniques, infrastructure [needed]…to build our own Watson?” Pearce notes that she’s “always been interested in databases, and in particular text and natural language databases, and this notion of answering questions.” Furthermore, information retrieval systems was the topic of her Ph.D. dissertation.

Claudia lives with her husband Jonathan Cohen in Glenwood, MD. She is “an avid snow skier, quilt maker and trumpet player.”

Credibility, Privacy and Policing on Online Social Media

Prof. Ponnurangam Kumaraguru (“PK”)
Indraprastha Institute of Information Technology, Delhi, India

1:00-2:00pm Friday, 14 October 2016, ITE 229, UMBC

With increase in usage of the Internet, there has been an exponential increase in the use of online social media on the Internet. Websites like Facebook, Google+, YouTube, Orkut, Twitter and Flickr have changed the way the Internet is being used. There is a dire need to investigate, measure, and understand privacy and security on online social media from various perspectives (computational, cultural, psychological). Real world scalable systems need to be built to detect and defend security and privacy issues on online social media. I will describe briefly some cool projects that we work on: TweetCred, OSM & Policing, OCEAN, and Call Me MayBe. Many of our research work is made available for public use through tools or online services. Our work derives techniques from Computational Social Science, Data Science, Statistics, Network Science, and Human Computer Interaction. In particular, in this talk, I will focus on the following:

• TweetCred, a tool to extract intelligence from Twitter which can be useful to security analysts. TweetCred is backed by award-winning research publications in international and national venues.
• How police in India are using online social media, how we can use computer science understanding to help police engage more with citizens and increase the safety in society.
• OCEAN: Open source Collation of eGovernment data and Networks, how publicly available information on Government services can be used to profile citizens in India. This work obtained the Best Poster Award at Security and Privacy Symposium at IIT Kanpur, 2013 and it has gained a lot of traction in Indian media.
• Given an identity in one online social media, we are interested in finding the digital foot print of the user in other social media services, this is also called digital identity stitching problem. This work is also backed by award-winning research publication.

Ponnurangam Kumaraguru (“PK”) is an Associate Professor, at the Indraprastha Institute of Information Technology (IIIT), Delhi, India from Aug 2009. He is currently the Hemant Bharat Ram Faculty Research Fellow, and the Founding Head of Cybersecurity Education and Research Centre. PK is an ACM Distinguished Speaker. He received his Ph.D. from the School of Computer Science at Carnegie Mellon University. He is primarily excited about and works with a bunch of smart students and collaborators around the world on the issues related to Privacy and Security in Online Social Media, Computational Social Science, and Data Science for Social Good. In the past seven years of his faculty life, he has managed projects close to a $800,000 USDs. PK has received research funds from multiple departments of the Government of India, National Science Foundation, Adobe, RSA, and International Development Research Centre. PK is part of multiple government initiatives / projects in the area of Cybersecurity in India. Technology that PK and his students have developed at IIIT Delhi is currently being used by 40+ different State and Central Government agencies in India. PK has spent his summer sabbaticals at IBM India Research Labs, Adobe Research Labs – India, and Universidade Federal de Minas Gerais. He is currently visiting Max Planck Institute for Software Systems for Summer 2016. PK regularly serves as a PC member at prestigious conferences like WWW, ICWSM, CSCW, AsiaCCS and he also serves as a reviewer for International Journal of Information Security and ACM’s Transactions on Internet Technology. PK’s Ph.D. thesis work on anti-phishing research at CMU has contributed in creating an award winning start-up Wombat Security Technologies, which recently raised Series C funding and also acquired a company. PK founded and manages the PreCog research group at IIIT-Delhi.

Host: Anupam Joshi,