The UMBC Cyber Defense Lab presents

Thinking Like an Attacker:
Towards a Definition and Non-Technical Assessment of Adversarial Thinking

Prof. Peter A. H. Peterson
Department of Computer Science
University of Minnesota Duluth

12:00–1:00 pm ET,  Friday, 30 April 2021
via WebEx

“Adversarial thinking” (AT), sometimes called the “security mindset” or described as the ability to “think like an attacker,” is widely accepted in the computer security community as an essential ability for successful cybersecurity practice. Supported by intuition and anecdotes, many in the community stress the importance of AT, and multiple projects have produced interventions explicitly intended to strengthen individual AT skills to improve security in general. However, there is no agreed-upon definition of “adversarial thinking” or its components, and accordingly, no test for it. Because of this absence, it is impossible to meaningfully quantify AT in subjects, AT’s importance for cybersecurity practitioners, or the effectiveness of interventions designed to improve AT. Working towards the goal of a characterization of AT in cybersecurity and a non-technical test for AT that anyone can take, I will discuss existing conceptions of AT from the security community, as well as ideas about AT in other fields with adversarial aspects including war, politics, law, critical thinking, and games. I will also describe some of the unique difficulties of creating a non-technical test for AT, compare and contrast this effort to our work on the CATS and Security Misconceptions projects, and describe some potential solutions. I will explore potential uses for such an instrument, including measuring a student’s change in AT over time, measuring the effectiveness of interventions meant to improve AT, comparing AT in different populations (e.g., security professionals vs. software engineers), and identifying individuals from all walks of life with strong AT skills—people who might help meet our world’s pressing need for skilled and insightful security professionals and researchers. Along the way, I will give some sample non-technical adversarial thinking challenges and describe how they might be graded and validated.

 Peter A. H. Peterson is an assistant professor of computer science at the University of Minnesota Duluth, where he teaches and directs the Laboratory for Advanced Research in Systems (LARS), a group dedicated to research in operating systems and security, with a special focus on research and development to make security education more effective and accessible. He is an active member of the Cybersecurity Assessment Tools (CATS) project working to create and validate two concept inventories for cybersecurity, is working on an NSF-funded grant to identify and remediate commonsense misconceptions about cybersecurity, and is also the author of several hands-on security exercises for Deterlab that have been used at many institutions around the world. He earned his Ph.D. from the University of California, Los Angeles for work on “adaptive compression”—systems that make compression decisions dynamically to improve efficiency. He can be reached at *protected email*.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings: May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

The UMBC Cyber Defense Lab presents

MeetingMayhem:  Teaching Adversarial Thinking through a Web-Based Game

Akriti Anand, Richard Baldwin, Sudha, Kosuri, Julie Nau, and Ryan Wunk-Fink
UMBC Cyber Defense Lab

joint work with Alan Sherman, Marc Olano, Linda Oliva, Edward Zieglar, and Enis Golazewski

12:00 noon–1 pm ET, Friday, 9 April 2021
online via WebEx

We present our progress and plans in developing MeetingMayhem, a new web-based educational exercise that helps students learn adversarial thinking in communication networks. The goal of the exercise is to arrange a meeting time and place by sending and receiving messages through an insecure network that is under the control of a malicious adversary.  Players can assume the role of participants or an adversary.  The adversary can disrupt the efforts of the participants by intercepting, modifying, blocking, replaying, and injecting messages.  Through this engaging authentic challenge, students learn the dangers of the network, and in particular, the Dolev-Yao network intruder model. They also learn the value and subtleties of using cryptography (including encryption, digital signatures, and hashing), and protocols to mitigate these dangers.  Our team is developing the exercise in spring 2021 and will evaluate its educational effectiveness.

Akriti Anand (*protected email*) is an MS student in computer science working with Alan Sherman.  She is the lead software engineer and focuses on the web frontend. Richard Baldwin (*protected email*) is a BS student in computer science, a member of Cyberdawgs, and lab manager for the Cyber Defense Lab. Sudha Kosuri (*protected email*) is a MS student in computer science.  She is working on the frontend (using React and Flask) and its integration with the backend. Julie Nau (*protected email*) is a BS student in computer science.  She is working on the backend and on visualizations. Ryan Wunk-Fink (*protected email*) is a PhD student in computer science working with Alan Sherman. He is developing the backend.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public.

 Upcoming CDL Meetings: April 23, Peter Peterson (Univ. of Minnesota Duluth), Adversarial thinking; May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

The UMBC Cyber Defense Lab presents

Transparent Dishonesty: Front-Running Attacks on Blockchain

Professor Jeremy Clark
Concordia Institute for Information Systems Engineering
Concordia University, Montreal, Canada

12–1 pm ET Friday, March 26, 2021
online via WebEx

We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. I will discuss our “systemization of knowledge” paper which draws from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

Jeremy Clark is an associate professor at the Concordia Institute for Information Systems Engineering. At Concordia, he holds the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies. He earned his Ph.D. from the University of Waterloo, where his gold medal dissertation was on designing and deploying secure voting systems including Scantegrity—the first cryptographically verifiable system used in a public sector election. He wrote one of the earliest academic papers on Bitcoin, completed several research projects in the area, and contributed to the first textbook. Beyond research, he has worked with several municipalities on voting technology and testified to both the Canadian Senate and House finance committees on Bitcoin. email: *protected email*

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings: April 9, (UMBC), MeetingMayhem: A network adversarial thinking game; April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking;
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer.

The UMBC Cyber Defense Lab presents

Moving Target Mobile IPv6 Defense

Prof. Vahid Heydari
Computer Science, Rowan University

12:00–1 pm ET, Friday, 26 February 26, 2021

remotely via WebEx  

Remote cyberattacks can be started from an unlimited distance through the Internet. These attacks include particular actions that allow attackers to compromise systems remotely. Address-based Distributed Denial-of-Service (DDoS) attacks and remote exploits are two main categories of these attacks. A remote exploit takes advantage of a bug or vulnerability to view or steal data or gain unauthorized access to a vulnerable system. Current security solutions in IPv6 such as IPsec, firewall, and Intrusion Detection and Prevention System (IDPS) can prevent remote attacks against known vulnerability exploits. However, zero-day exploits can defeat the best firewalls and IDPSs due to using undisclosed and uncorrected computer application vulnerability. Therefore, a new solution is needed to prevent these attacks. This talk discusses a Moving Target Mobile IPv6 Defense (MTM6D) that randomly and dynamically changes the IP addresses to prevent remote attacks in the reconnaissance step. The talk briefly covers the wide range of applications of MTM6D including critical infrastructure networks, virtual private networks, web servers, Internet-controlled robots, and anti-censorship.

 Vahid Heydari received the M.S. degree in Cybersecurity and the Ph.D. degree in Electrical and Computer Engineering from the University of Alabama in Huntsville. He is currently an Associate Professor of Computer Science and the Director of the Center for Cybersecurity Education and Research at Rowan University, Glassboro, NJ. He is also a co-founder of a cybersecurity startup ObtegoCyber. His research interests include moving target defenses, mobile ad-hoc, sensor, and vehicular network security. He is a member of ACM, IEEE Computer Society and Communications Society. 

Host: Alan T. Sherman, *protected email*, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings:

Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
Mar 26, Jeremy Clark (Concordia)
April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

Three CSEE faculty receive MIPS research awards

This post is adapted from a UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations written by Adriana Fraser.

Six UMBC faculty members have just received grants from the Maryland Industrial Partnerships (MIPS) program to develop new technologies with potential to grow the state’s economy. This is UMBC’s largest number of winning proposals within a single proposal round since MIPS began in 1987. The program connects University System of Maryland (USM) faculty and students with Maryland businesses. UMBC’s latest MIPS grantees include computer science and electrical engineering faculty Tim Oates, Chein-I Chang, and Anupam Joshi; Soobum Lee, mechanical engineering; Dipanjan Pan, chemical, biochemical, and environmental engineering; and Vikram Vakharia, marine biotechnology. Among their industry partners are UMBC alumni entrepreneurs who are building businesses in Maryland.

Joshi, professor and chair of computer science and electrical engineering, received a MIPS grant for a cybersecurity collaboration with the startup CyDeploy. They are developing a platform that automates the quality assurance process for cybersecurity updates made to IT and “internet of things” (IoT) devices like Amazon Alexa, Google Home, and health and medical devices. CyDeploy CEO Tina Williams-Koroma ’02, computer science, presented Joshi with the idea to develop a “cybersecurity-driven change management system.” The technology is based on and leverages the use of artificial intelligence and machine learning to create a cloud-based replica of a company’s systems. 

Williams-Koroma and Joshi’s group at UMBC developed a conceptual prototype. It shows the infrastructure and technology that would make the system feasible, combining off-the-shelf tools with novel research. “Increasingly, the government is now beginning to mandate security requirements around IoT devices. The longer-term vision that CyDeploy has is capturing the state of these systems, virtually recreating them and then running the security changes against virtual versions to see how the changes would affect those systems,” Joshi adds. 

Williams-Koroma, who is also an adjunct instructor at UMBC, projects that the initial development of the platform will be complete in late spring 2021. They anticipate launching a free pilot version for businesses to test their IT systems. IoT pilots will come in a later phase.

Read more about these awards in the UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations.

The UMBC Cyber Defense Lab presents

Startup Lessons Learned

Richard Carback (Ph.D. UMBC CS 2010)
xx network

12:00–1:00pm ET, Friday,12 February 12 2021
WebEx: https://umbc.webex.com/meet/sherman

This talk will explore the technology and lessons learned by UMBC alumnus Richard Carback from his experience co-founding and closing the security startup Lexumo, which provided the only automated service that continuously monitors IoT software platforms for the latest public vulnerabilities. In addition to covering some of the hard problems and Lexumo’s technical approach for monitoring all the world’s open-source software to assist companies in managing their vulnerabilities, Dr. Carback will discuss the mistakes and complexities of getting funded, delivering a product, and finding customers.

Dr. Richard Carback is a UMBC Alumnus (CS Ph.D., 2010) who is an entrepreneur who currently runs a private consultancy for computer security, computer forensics, cryptography, and smart contracts. He is a privacy-preserving systems expert with a background in elections and anonymity networks. While the group leader for the embedded systems security group at Charles Stark Draper Laboratories, he spun out an IoT vulnerability startup called Lexumo that provided the only automated service that continuously monitored IoT software platforms for the latest public vulnerabilities. At UMBC, he worked with Alan Sherman on secure elections and was the primary researcher behind Takoma Park’s deployment of the Scantegrity voting system, the first usage of voter-verifiable end-to-end election technology in a municipal election. email: *protected email*

Host: Alan T. Sherman, *protected email*. Support for this event was provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings:

• Feb 26, Vahid Heydari (Rowan University)
• Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
• Mar 26, Jeremy Clark (Concordia)
• April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
• April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
• May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

Two UMBC alumnae featured in The CyberWire podcast

The CyberWire produced a special podcast, In the clear: what it’s like working as a woman in the cleared community, that features three women working on cybersecurity atNorthrop Grumman. Two are UMBC alumnae, software engineering manager Lauren and cyber software engineer Priyanka.

Lauren received a BS in Computer Science in 2015 and an M.S. in Computer Science in 2017. As an undergraduate student, she worked part-time as an IT Security Analyst tracking, locating, and performing forensics on infected computers located on campus. She joined Northrop Grumman in 2015 and continued her studies as a part-time graduate student, doing research on investigating different ways of characterizing cybersecurity exploit kits and the malware they produce.

Priyanka received a BS in Computer Science in 2018 and an MS in Computer Science in 2019. Her MS research was on multilingual text alignment for cybersecurity. She has been a lecture in the UMBC Computer Science program and the UMD Advanced Cybersecurity Experience for Students (ACES) program. She is currently working on a Computer Science Ph.D. at UMBC focused on how AI can help protect cybersecurity systems from data poisoning attacks.

Listen to the 47 minute podcast here.

The 2021 SFS Research Study: Vulnerabilities in UMBC’s Incident Management System

Cyrus Bonyadi and Enis Golaszewski
CSEE Department, UMBC

12:00noon–1pm Friday, 29 January 2021

remotely via WebEx 

 January 11–15, 2020, UMBC scholars in the CyberCorps: Scholarship for Service (SFS) and the DoD Cybersecurity Scholarship (CySP) programs collaboratively analyzed the security of UMBC’s Incident Management System (IMS). Students found numerous serious issues, including race conditions, code-injection, and cross-site scripting attacks, improper API implementation, and denial-of-service attacks. We present findings, recommendations, and details of these vulnerabilities.

UMBC’s Incident Management System (IMS) is a web application under development by UMBC’s DoIT to supplement their RequestTracker (RT). IMS allows DoIT security staff to supplement the information in RT by linking IMS incidents to RT tickets. IMS incidents store additional information and files regarding existing and potential security campaigns. Using the information in IMS and RT, DoIT generates executive reports, which can influence decisions related to budget, training, and other security concerns. Our study is helping to improve the architecture and implementation of IMS.

Participants comprised BS, MS, MPS, and Ph.D. students studying computer science, computer engineering, information systems, and cybersecurity, including SFS scholars who transferred from Montgomery College (MC) and Prince George’s Community College (PGCC) to complete their four-year degrees at UMBC.

About the Speakers. Cyrus Jian Bonyadi is a Ph.D. Student at UMBC working on distributed computing consensus theory. He is an alumnus of the varsity CyberDawgs team. email: *protected email* Enis Golaszewski is a Ph.D. Student at UMBC working on protocol analysis. He is a leading member of the Protocol Analysis Lab under Dr. Sherman. email: *protected email*, 

Host: Alan T. Sherman, *protected email*. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm.  All meetings are open to the public. Upcoming CDL Meetings:

• Feb 12, Richard Carback (xxnetwork), Startup lessons learned
• Feb 26, Vahid Heydari (Rowan University)
• Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
• Mar 26, Jeremy Clark (Concordia)
• April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
• April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
• May 7, Farid Javani (UMBC), Anonymization by oblivious transfer