ArtIAMAS Seminar Series, Co-organized by UMBC, UMCP, and the Army Research Lab

Building Resilience against Cyberattacks

Aryya Gangopadhyay, UMBC

12-1 PM ET Wednesday, 15 December 15, 2021
Online via webex

In this talk, we will address the issue of building resilient systems in the face of cyberattacks. We will present a defense mechanism for cyberattacks using a three-tier architecture that can be used to secure army assets and tactical information. The top tier represents the front-end where autonomous sensing and inferencing through AI models take place by UAVs, UGVs, etc. We will illustrate how models can be defended against data poisoning attacks. In the middle tier, we focus on building cyber defense against attacks in federated learning environments, where models are trained on a large corpus of decentralized data without transferring raw data over a communication channel. The bottom tier represents back-end servers that train deep learning models with large amounts of data that can subsequently be pushed to the edge for inferencing. We will demonstrate how adaptive models can be developed for detecting and preventing various types of attacks at this level.

Dr. Aryya Gangopadhyay is a Professor in the Information Systems department at the University of Maryland, Baltimore County. Dr. Gangopadhyay has a courtesy appointment as a Professor in Computer Science and Electrical Engineering at UMBC. He is also the Director of the Center for Real-time Sensing and Autonomy (CARDS) at UMBC. His research interests include adversarial machine learning at the edge, cybersecurity, and smart cities. He has graduated 16 Ph.D. students and is currently mentoring several others at UMBC. He has published over 125 peer-reviewed research articles and has received extramural support from ARL, NSF, NIST, the Department of Education, and IBM.

The UMBC Cyber Defense Lab presents

Shadow IT in Higher Education: Survey and Case Study for Cybersecurity

Selma Gomez Orr, Cyrus Jian Bonyadi, Enis Golaszewski, and Alan T. Sherman
UMBC Cyber Defense Lab

Joint work with Peter A. H. Peterson (University of Minnesota Duluth), Richard Forno, Sydney Johns, and Jimmy Rodriguez

12-1:00 pm, Friday, 3 December 2021, online via WebEx

We explore shadow information technology (IT) at institutions of higher education through a two-tiered approach involving a detailed case study and comprehensive survey of IT professionals. In its many forms, shadow IT is the software or hardware present in a computer system or network that lies outside the typical review process of the responsible IT unit. We carry out a case study of an internally built legacy grants management system at the University of Maryland, Baltimore County that exemplifies the vulnerabilities, including cross-site scripting and SQL injection, typical of such unauthorized and ad-hoc software. We also conduct a survey of IT professionals at universities, colleges, and community colleges that reveals new and actionable information regarding the prevalence, usage patterns, types, benefits, and risks of shadow IT at their respective institutions.

Further, we propose a security-based profile of shadow IT, involving a subset of elements from existing shadow IT taxonomies, that categorizes shadow IT from a security perspective. Based on this profile, survey respondents identified the predominant form of shadow IT at their institutions, revealing close similarities to findings from our case study.

Through this work, we are the first to identify possible susceptibility factors associated with the occurrence of shadow IT-related security incidents within academic institutions. Correlations of significance include the presence of certain graduate schools, the level of decentralization of the IT department, the types of shadow IT present, the percentage of security violations related to shadow IT, and the institution’s overall attitude toward shadow IT. The combined elements of our case study, profile, and survey provide the first comprehensive view of shadow IT security at academic institutions, highlighting the tension between its risks and benefits, and suggesting strategies for managing it successfully.

Dr. Selma Gomez Orr (*protected email* ) received her Ph.D. from Harvard University in the field of decision sciences. She also holds Masters degrees in applied mathematics, engineering sciences, and business administration, also from Harvard. She has worked in the private sector in the fields of cybersecurity and data analytics. Most recently, as a CyberCorps Scholarship for Service (SFS) Scholar, Dr. Orr completed a Master’s of Professional Studies in both cybersecurity and data science at UMBC.

Cyrus Jian Bonyadi (*protected email* ) is a computer science Ph.D. student and former SFS scholar studying consensus theory at UMBC under the direction of Alan T. Sherman, Sisi Duan, and Haibin Zhang.

Enis Golaszewski (*protected email* ) is a Ph.D. student at UMBC under Alan T. Sherman where he studies, researches, and teaches cryptographic protocol analysis. A former SFS scholar, Golaszewski helps lead annual research studies that analyze and break software at UMBC.

Dr. Alan T. Sherman (*protected email*) is a professor of computer science, director of CDL, and associate director of UMBC’s Cybersecurity Center. His main research interest is high-integrity voting systems. Sherman earned the Ph.D. degree in computer science at MIT in 1987 studying under Ronald L. Rivest.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: Feb 4, Filipo Sharevski

The UMBC Cyber Defense Lab presents

Thinking Like an Attacker:
Towards a Definition and Non-Technical Assessment of Adversarial Thinking

Prof. Peter A. H. Peterson
Department of Computer Science
University of Minnesota Duluth

12:00–1:00 pm ET,  Friday, 30 April 2021
via WebEx

“Adversarial thinking” (AT), sometimes called the “security mindset” or described as the ability to “think like an attacker,” is widely accepted in the computer security community as an essential ability for successful cybersecurity practice. Supported by intuition and anecdotes, many in the community stress the importance of AT, and multiple projects have produced interventions explicitly intended to strengthen individual AT skills to improve security in general. However, there is no agreed-upon definition of “adversarial thinking” or its components, and accordingly, no test for it. Because of this absence, it is impossible to meaningfully quantify AT in subjects, AT’s importance for cybersecurity practitioners, or the effectiveness of interventions designed to improve AT. Working towards the goal of a characterization of AT in cybersecurity and a non-technical test for AT that anyone can take, I will discuss existing conceptions of AT from the security community, as well as ideas about AT in other fields with adversarial aspects including war, politics, law, critical thinking, and games. I will also describe some of the unique difficulties of creating a non-technical test for AT, compare and contrast this effort to our work on the CATS and Security Misconceptions projects, and describe some potential solutions. I will explore potential uses for such an instrument, including measuring a student’s change in AT over time, measuring the effectiveness of interventions meant to improve AT, comparing AT in different populations (e.g., security professionals vs. software engineers), and identifying individuals from all walks of life with strong AT skills—people who might help meet our world’s pressing need for skilled and insightful security professionals and researchers. Along the way, I will give some sample non-technical adversarial thinking challenges and describe how they might be graded and validated.

 Peter A. H. Peterson is an assistant professor of computer science at the University of Minnesota Duluth, where he teaches and directs the Laboratory for Advanced Research in Systems (LARS), a group dedicated to research in operating systems and security, with a special focus on research and development to make security education more effective and accessible. He is an active member of the Cybersecurity Assessment Tools (CATS) project working to create and validate two concept inventories for cybersecurity, is working on an NSF-funded grant to identify and remediate commonsense misconceptions about cybersecurity, and is also the author of several hands-on security exercises for Deterlab that have been used at many institutions around the world. He earned his Ph.D. from the University of California, Los Angeles for work on “adaptive compression”—systems that make compression decisions dynamically to improve efficiency. He can be reached at *protected email*.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings: May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

The UMBC Cyber Defense Lab presents

MeetingMayhem:  Teaching Adversarial Thinking through a Web-Based Game

Akriti Anand, Richard Baldwin, Sudha, Kosuri, Julie Nau, and Ryan Wunk-Fink
UMBC Cyber Defense Lab

joint work with Alan Sherman, Marc Olano, Linda Oliva, Edward Zieglar, and Enis Golazewski

12:00 noon–1 pm ET, Friday, 9 April 2021
online via WebEx

We present our progress and plans in developing MeetingMayhem, a new web-based educational exercise that helps students learn adversarial thinking in communication networks. The goal of the exercise is to arrange a meeting time and place by sending and receiving messages through an insecure network that is under the control of a malicious adversary.  Players can assume the role of participants or an adversary.  The adversary can disrupt the efforts of the participants by intercepting, modifying, blocking, replaying, and injecting messages.  Through this engaging authentic challenge, students learn the dangers of the network, and in particular, the Dolev-Yao network intruder model. They also learn the value and subtleties of using cryptography (including encryption, digital signatures, and hashing), and protocols to mitigate these dangers.  Our team is developing the exercise in spring 2021 and will evaluate its educational effectiveness.

Akriti Anand (*protected email*) is an MS student in computer science working with Alan Sherman.  She is the lead software engineer and focuses on the web frontend. Richard Baldwin (*protected email*) is a BS student in computer science, a member of Cyberdawgs, and lab manager for the Cyber Defense Lab. Sudha Kosuri (*protected email*) is a MS student in computer science.  She is working on the frontend (using React and Flask) and its integration with the backend. Julie Nau (*protected email*) is a BS student in computer science.  She is working on the backend and on visualizations. Ryan Wunk-Fink (*protected email*) is a PhD student in computer science working with Alan Sherman. He is developing the backend.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

 Upcoming CDL Meetings: April 23, Peter Peterson (Univ. of Minnesota Duluth), Adversarial thinking; May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

The UMBC Cyber Defense Lab presents

Transparent Dishonesty: Front-Running Attacks on Blockchain

Professor Jeremy Clark
Concordia Institute for Information Systems Engineering
Concordia University, Montreal, Canada

12–1 pm ET Friday, March 26, 2021
online via WebEx

We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. I will discuss our “systemization of knowledge” paper which draws from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

Jeremy Clark is an associate professor at the Concordia Institute for Information Systems Engineering. At Concordia, he holds the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies. He earned his Ph.D. from the University of Waterloo, where his gold medal dissertation was on designing and deploying secure voting systems including Scantegrity—the first cryptographically verifiable system used in a public sector election. He wrote one of the earliest academic papers on Bitcoin, completed several research projects in the area, and contributed to the first textbook. Beyond research, he has worked with several municipalities on voting technology and testified to both the Canadian Senate and House finance committees on Bitcoin. email: *protected email*

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings: April 9, (UMBC), MeetingMayhem: A network adversarial thinking game; April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking;
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer.

The UMBC Cyber Defense Lab presents

Moving Target Mobile IPv6 Defense

Prof. Vahid Heydari
Computer Science, Rowan University

12:00–1 pm ET, Friday, 26 February 26, 2021

remotely via WebEx  

Remote cyberattacks can be started from an unlimited distance through the Internet. These attacks include particular actions that allow attackers to compromise systems remotely. Address-based Distributed Denial-of-Service (DDoS) attacks and remote exploits are two main categories of these attacks. A remote exploit takes advantage of a bug or vulnerability to view or steal data or gain unauthorized access to a vulnerable system. Current security solutions in IPv6 such as IPsec, firewall, and Intrusion Detection and Prevention System (IDPS) can prevent remote attacks against known vulnerability exploits. However, zero-day exploits can defeat the best firewalls and IDPSs due to using undisclosed and uncorrected computer application vulnerability. Therefore, a new solution is needed to prevent these attacks. This talk discusses a Moving Target Mobile IPv6 Defense (MTM6D) that randomly and dynamically changes the IP addresses to prevent remote attacks in the reconnaissance step. The talk briefly covers the wide range of applications of MTM6D including critical infrastructure networks, virtual private networks, web servers, Internet-controlled robots, and anti-censorship.

 Vahid Heydari received the M.S. degree in Cybersecurity and the Ph.D. degree in Electrical and Computer Engineering from the University of Alabama in Huntsville. He is currently an Associate Professor of Computer Science and the Director of the Center for Cybersecurity Education and Research at Rowan University, Glassboro, NJ. He is also a co-founder of a cybersecurity startup ObtegoCyber. His research interests include moving target defenses, mobile ad-hoc, sensor, and vehicular network security. He is a member of ACM, IEEE Computer Society and Communications Society. 

Host: Alan T. Sherman, *protected email*, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings:

Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
Mar 26, Jeremy Clark (Concordia)
April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

The 2021 SFS Research Study: Vulnerabilities in UMBC’s Incident Management System

Cyrus Bonyadi and Enis Golaszewski
CSEE Department, UMBC

12:00noon–1pm Friday, 29 January 2021

remotely via WebEx 

 January 11–15, 2020, UMBC scholars in the CyberCorps: Scholarship for Service (SFS) and the DoD Cybersecurity Scholarship (CySP) programs collaboratively analyzed the security of UMBC’s Incident Management System (IMS). Students found numerous serious issues, including race conditions, code-injection, and cross-site scripting attacks, improper API implementation, and denial-of-service attacks. We present findings, recommendations, and details of these vulnerabilities.

UMBC’s Incident Management System (IMS) is a web application under development by UMBC’s DoIT to supplement their RequestTracker (RT). IMS allows DoIT security staff to supplement the information in RT by linking IMS incidents to RT tickets. IMS incidents store additional information and files regarding existing and potential security campaigns. Using the information in IMS and RT, DoIT generates executive reports, which can influence decisions related to budget, training, and other security concerns. Our study is helping to improve the architecture and implementation of IMS.

Participants comprised BS, MS, MPS, and Ph.D. students studying computer science, computer engineering, information systems, and cybersecurity, including SFS scholars who transferred from Montgomery College (MC) and Prince George’s Community College (PGCC) to complete their four-year degrees at UMBC.

About the Speakers. Cyrus Jian Bonyadi is a Ph.D. Student at UMBC working on distributed computing consensus theory. He is an alumnus of the varsity CyberDawgs team. email: *protected email* Enis Golaszewski is a Ph.D. Student at UMBC working on protocol analysis. He is a leading member of the Protocol Analysis Lab under Dr. Sherman. email: *protected email*, 

Host: Alan T. Sherman, *protected email*. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm.  All meetings are open to the public. Upcoming CDL Meetings:

• Feb 12, Richard Carback (xxnetwork), Startup lessons learned
• Feb 26, Vahid Heydari (Rowan University)
• Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
• Mar 26, Jeremy Clark (Concordia)
• April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
• April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
• May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

The UMBC Center for Cybersecurity (UCYBR) Presents

“Economics of Law” –
Insights into Cybersecurity Policy

Dr. Tim Brennan
Professor Emeritus, UMBC

Tuesday 8 December 2020 from 12-1 pm

Webex, Meeting #: 120 246 4425

Cybersecurity raises questions about who owns data and how best to discourage security breaches.  This talk will offer some unexpected and perhaps controversial perspectives from economics on relevant questions, including: Who presumptively should own data?  What is the purpose of liability law?  Should those who violate data security always be liable, or only if they fail to take appropriate measures to prevent leaks?  Could “the market” solve the problem, e.g., by people choosing where to shop on the basis of data security?  Would regulation be a better means than liability to promote cybersecurity?  Don’t expect answers to these questions; my hope is to stimulate and hopefully inform the discussion.  If time allows, I’ll review some major actions by the Federal Trade Commission, who is the lead national agency policing privacy-related conduct. 

Dr. Tim Brennan is professor emeritus of public policy and economics at UMBC, retiring in July 2020 after thirty years on the UMBC faculty.  He has also been FCC Chief Economist, held the T.D. MacDonald Chair in the Canadian government’s Competition Bureau, and served on the staff of the White House Council of Economic Advisers.  Before UMBC, he was an associate professor of telecommunications and public policy at George Washington University and a staff economist at the US Department of Justice Antitrust Division.  He has over 130 articles and book chapters and books on competition policy, economic regulation, telecommunications and energy policy, intellectual property, and economic methods.  His MA in math and Ph..D. in economics are from the University of Wisconsin.

Cybersecurity and Local Government: Findings from a Nationwide Survey

Donald Norris & Laura Mateczun

11:00-12:00 EST, Thursday, Nov 19, 2020

register to get the webinar link

This talk will discuss data and results from the first nationwide survey of cybersecurity among local or grassroots governments in the United States, examines how these governments manage this important function. As we have shown elsewhere, cybersecurity among local governments is increasingly important because these governments are under constant or nearly constant cyberattack. Due to the frequency of cyberattacks, as well as the probability that at least some attacks will succeed and cause damage to local government information systems, these governments have a great responsibility to protect their information assets. This, in turn, requires these governments to manage cybersecurity effectively, something our data show is largely absent at the American grassroots. That is, on average, local governments fail to manage cybersecurity well. After discussing our findings, we conclude and make recommendations for ways of improving local government cybersecurity management.

Donald F. Norris is Professor Emeritus, School of Public Policy, University of Maryland, Baltimore County. His principal field of study is public management, specifically information technology in governmental organizations, including electronic government and cybersecurity. He has published extensively in refereed journals in these areas. He received a B.S. in history from the University of Memphis and an M.A. and a Ph. D. in political science from the University of Virginia.

Laura Mateczun is a graduate of the University of Maryland Francis King Carey School of Law, and a member of the Maryland Bar. She is currently a Ph.D. student at the University of Maryland, Baltimore County School of Public Policy studying public management. Her research interests involve local government cybersecurity, criminal justice, and the importance of equity in