Professors Sherman and Oliva receive NSF award to study cybersecurity education

UMBC Professors Alan T. Sherman (PI, CSEE) and Linda Oliva (CO-PI, Education) recently received more than $260,000 of a $500,000 grant from the National Science Foundation (NSF) to study and improve how cybersecurity is taught at the U.S. Naval Academy and U.S. Military Academy. 

The project, Examining Pedagogy in Cybersecurity (EPIC), is collaborative with the University of Illinois Urbana-Champaign and the University of Minnesota Duluth and is funded through NSF’s Secure and Trustworthy Computing (SaTC) program. Because the academies teach cybersecurity to all first-year students, EPIC offers a large-scale opportunity to investigate how simulation-based teaching and learning affects different student populations.

In the first phase of the research, Sherman and his collaborators—including computer science Ph.D. student Andrew Slack—will study how instructors at the academies structure and teach their cybersecurity courses. In the second phase, they will introduce active simulation-based learning exercises and pedagogies and assess their effectiveness. 

UMBC’s championship-winning Cyberdawgs cyberdefense team will help adapt and improve learning materials. As one quantitative measure of the new pedagogy’s effectiveness, EPIC will assess students’ conceptual understanding using the Cybersecurity Concept Inventory (CCI) developed by Sherman and his team. 

Some material adapted from this UMBC News article

Professors Sherman and Oliva receive NSF award to study cybersecurity education

UMBC Professors Alan T. Sherman (PI, CSEE) and Linda Oliva (CO-PI, Education) recently received more than $260,000 of a $500,000 grant from the National Science Foundation (NSF) to study and improve how cybersecurity is taught at the U.S. Naval Academy and U.S. Military Academy. 

The project, Examining Pedagogy in Cybersecurity (EPIC), is collaborative with the University of Illinois Urbana-Champaign and the University of Minnesota Duluth and is funded through NSF’s Secure and Trustworthy Computing (SaTC) program. Because the academies teach cybersecurity to all first-year students, EPIC offers a large-scale opportunity to investigate how simulation-based teaching and learning affects different student populations.

In the first phase of the research, Sherman and his collaborators—including computer science Ph.D. student Andrew Slack—will study how instructors at the academies structure and teach their cybersecurity courses. In the second phase, they will introduce active simulation-based learning exercises and pedagogies and assess their effectiveness. 

UMBC’s championship-winning Cyberdawgs cyberdefense team will help adapt and improve learning materials. As one quantitative measure of the new pedagogy’s effectiveness, EPIC will assess students’ conceptual understanding using the Cybersecurity Concept Inventory (CCI) developed by Sherman and his team. 

Some material adapted from this UMBC News article

A research team that includes UMBC CSEE faculty Naghmeh Karimi and Roberto Yus won the second place prize in the 2022 INCS-CoE Sandpit Challenge on Digital Trust. The International Cyber Security Center of Excellence (INCS-CoE) is an international collaboration of government, industry, and academic organizations that have partnered to explore pioneering efforts to address cybersecurity challenges created by a growing borderless digital society.  UMBC is a charter member of INCS-CoE.

The INCS-COE Sandpit Challenge invited self-assembled teams to compete for seed research funding prizes to pursue their work further. The UMBC faculty teamed up with researchers from Royal Holloway (UK) and Keio University (Japan). They were awarded second prize for their proposal to deal with challenges associated with developing an International Digital Trust Framework. In particular, their project proposal focused on designing an ontology-based interoperability solution amongst the US, UK, and Japan for mutual recognition of trust, capturing private and public sector use cases with different assurance levels.

A research team that includes UMBC CSEE faculty Naghmeh Karimi and Roberto Yus won the second place prize in the 2022 INCS-CoE Sandpit Challenge on Digital Trust. The International Cyber Security Center of Excellence (INCS-CoE) is an international collaboration of government, industry, and academic organizations that have partnered to explore pioneering efforts to address cybersecurity challenges created by a growing borderless digital society.  UMBC is a charter member of INCS-CoE.

The INCS-COE Sandpit Challenge invited self-assembled teams to compete for seed research funding prizes to pursue their work further. The UMBC faculty teamed up with researchers from Royal Holloway (UK) and Keio University (Japan). They were awarded second prize for their proposal to deal with challenges associated with developing an International Digital Trust Framework. In particular, their project proposal focused on designing an ontology-based interoperability solution amongst the US, UK, and Japan for mutual recognition of trust, capturing private and public sector use cases with different assurance levels.

The UMBC Cyber Defense Lab presents

Model Validation for DARPA DPRIVE

Ian Blumenfeld
UMBC and Two Six Technologies

(joint work with Eric Bond, William Harrison, Chris Hathhorn, Paul Li, Matthew Torrence, and Jared Ziegler)

12–1 pm ET, Friday 6 May 2022, via WebEx

Commodity hardware description languages (HDLs) like VHDL and Verilog present a challenge from a high assurance point of view because they lack formalized semantics: when a team of hardware engineers produces a circuit design in a commodity HDL and claims that it correctly implements a pseudocode algorithm, on what basis can that claim be evaluated? A formalized model of the circuit design may be painstakingly created (e.g., in the logic of a theorem prover), but how are the accuracy and faithfulness of that model then established? The distance between the widely adopted commodity HDLs and formal models of hardware has been a well-recognized and persistent impediment to driving formal methods into hardware development.

This talk presents a technique developed at Two Six Technologies, called model validation, that formally connects hardware design and its formal model via a functional, high-level synthesis language called ReWire. Model validation introduces a “model” program to bridge the gap between the hardware design and algorithm by establishing 1) the equivalence of the algorithm to the model and 2) the equivalence of the model to the circuit design. Equivalence between the algorithm and the ReWire model is verified with a ReWire semantics formalized in Isabelle. Equivalence between the ReWire model and the circuit design is established by producing binary circuits from each (using commodity synthesis tools and the ReWire compiler rwc) and then applying an automated binary equivalence checker.

This talk describes our experience applying model validation as part of the DARPA Data Protection in Virtual Environments (DPRIVE) program. DPRIVE aims to develop a novel hardware accelerator to ease computational challenges preventing widespread use of fully homomorphic encryption (FHE) that began with Gentry’s discovery and was improved upon in the PROCEED program. To this end, DPRIVE’s purpose is to design hardware accelerators to improve upon the existing algorithmic gains to FHE. Model validation through ReWire moves formal methods into the practical world, empowering hardware designers to reason about the correctness, safety, and security properties of their designs. In addition, we expect our pipeline to protect hardware supply chains by allowing for a full formal analysis of RTL implementations before tape out.

Ian Blumenfeld is the Research Director for Mathematics at Two Six Technologies.  In that role, he is a principal investigator on multiple DARPA programs, spanning the areas of formal methods, modern cryptography, and applied category theory.  Prior to his work at Two Six, Ian was a formal verification engineer at Apple, where he verified cryptographic properties of the iPhone secure enclave processor.  Ian has worked in roles in and around the federal research space for more than a decade, including five years as an applied research mathematician at the National Security Agency.  Ian is currently enrolled as a part-time Ph.D. student in the UMBC computer science department, working with Dr. Alan Sherman and Dr. Don Engel. Email: itblumenfeld@umbc.edu

Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL Meeting: May 13, Enka Blanchard (Digitrust Loria, France)

The UMBC Cyber Defense Lab presents

Model Validation for DARPA DPRIVE

Ian Blumenfeld
UMBC and Two Six Technologies

(joint work with Eric Bond, William Harrison, Chris Hathhorn, Paul Li, Matthew Torrence, and Jared Ziegler)

12–1 pm ET, Friday 6 May 2022, via WebEx

Commodity hardware description languages (HDLs) like VHDL and Verilog present a challenge from a high assurance point of view because they lack formalized semantics: when a team of hardware engineers produces a circuit design in a commodity HDL and claims that it correctly implements a pseudocode algorithm, on what basis can that claim be evaluated? A formalized model of the circuit design may be painstakingly created (e.g., in the logic of a theorem prover), but how are the accuracy and faithfulness of that model then established? The distance between the widely adopted commodity HDLs and formal models of hardware has been a well-recognized and persistent impediment to driving formal methods into hardware development.

This talk presents a technique developed at Two Six Technologies, called model validation, that formally connects hardware design and its formal model via a functional, high-level synthesis language called ReWire. Model validation introduces a “model” program to bridge the gap between the hardware design and algorithm by establishing 1) the equivalence of the algorithm to the model and 2) the equivalence of the model to the circuit design. Equivalence between the algorithm and the ReWire model is verified with a ReWire semantics formalized in Isabelle. Equivalence between the ReWire model and the circuit design is established by producing binary circuits from each (using commodity synthesis tools and the ReWire compiler rwc) and then applying an automated binary equivalence checker.

This talk describes our experience applying model validation as part of the DARPA Data Protection in Virtual Environments (DPRIVE) program. DPRIVE aims to develop a novel hardware accelerator to ease computational challenges preventing widespread use of fully homomorphic encryption (FHE) that began with Gentry’s discovery and was improved upon in the PROCEED program. To this end, DPRIVE’s purpose is to design hardware accelerators to improve upon the existing algorithmic gains to FHE. Model validation through ReWire moves formal methods into the practical world, empowering hardware designers to reason about the correctness, safety, and security properties of their designs. In addition, we expect our pipeline to protect hardware supply chains by allowing for a full formal analysis of RTL implementations before tape out.

Ian Blumenfeld is the Research Director for Mathematics at Two Six Technologies.  In that role, he is a principal investigator on multiple DARPA programs, spanning the areas of formal methods, modern cryptography, and applied category theory.  Prior to his work at Two Six, Ian was a formal verification engineer at Apple, where he verified cryptographic properties of the iPhone secure enclave processor.  Ian has worked in roles in and around the federal research space for more than a decade, including five years as an applied research mathematician at the National Security Agency.  Ian is currently enrolled as a part-time Ph.D. student in the UMBC computer science department, working with Dr. Alan Sherman and Dr. Don Engel. Email: *protected email*

Host: Alan T. Sherman, *protected email*. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL Meeting: May 13, Enka Blanchard (Digitrust Loria, France)

The UMBC Cyber Defense Lab presents

Voting Technology

Ted Selker

Research Professor
UMBC CSEE Department

12–1 ET Friday, 4 March 2022 via WebEx

Traditionally most votes are lost in registration, voting ballot design problems, and polling place operations, causing long lines and possibly mail-in ballot fraud. This talk will describe voting-process problems and technological problems, and some possible solutions for voting improvement. Voting disenfranchisement is much higher for people with perceptual, physical, and cognitive disabilities. More than 14% of registered voters are in danger of increased errors due to dyslexia, and more than 6.5% due to short-term memory problems. We will describe and demonstrate technologies we are making that help disabled people and improve voting universally as well.

Dr. Ted Selker is an entrepreneur inventor who also mentors innovation. Ted spent five years as director of Considerate Systems research at Carnegie Mellon University Silicon Valley and in developing the campus’s research mission. Prior to that, Ted spent ten years as an associate professor at the MIT Media Laboratory, where he created the Context Aware Computing group, co-directed the Caltech/MIT Voting Technology Project, and directed the Industrial Design Intelligence future for product design project. Prior to that, his successes at targeted product creation and enhancement at IBM earned him the role of IBM Fellow. Ted’s work birthed successful products ranging from notebook computers to operating systems. It accumulated numerous awards, patents, and papers and has often been featured in the press. Ted is co-recipient of the Computer Science Policy Leader Award for Scientific American 50, the American Association for People with Disabilities Thomas Paine Award for his work on voting technology, and the Telluride Tech Fest Award.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL Meetings: March 18, Nilanjan Banerjee (UMBC); April 1, Kirellos Elsaad (UMBC); April 15, Edward Zieglar (NSA); April 29, Ian Blumenfeld (UMBC); May 13, Enka Blanchard (Digitrust Loria, France)

ArtIAMAS Seminar Series, Co-organized by UMBC, UMCP, and the Army Research Lab

Building Resilience against Cyberattacks

Aryya Gangopadhyay, UMBC

12-1 PM ET Wednesday, 15 December 15, 2021
Online via webex

In this talk, we will address the issue of building resilient systems in the face of cyberattacks. We will present a defense mechanism for cyberattacks using a three-tier architecture that can be used to secure army assets and tactical information. The top tier represents the front-end where autonomous sensing and inferencing through AI models take place by UAVs, UGVs, etc. We will illustrate how models can be defended against data poisoning attacks. In the middle tier, we focus on building cyber defense against attacks in federated learning environments, where models are trained on a large corpus of decentralized data without transferring raw data over a communication channel. The bottom tier represents back-end servers that train deep learning models with large amounts of data that can subsequently be pushed to the edge for inferencing. We will demonstrate how adaptive models can be developed for detecting and preventing various types of attacks at this level.

Dr. Aryya Gangopadhyay is a Professor in the Information Systems department at the University of Maryland, Baltimore County. Dr. Gangopadhyay has a courtesy appointment as a Professor in Computer Science and Electrical Engineering at UMBC. He is also the Director of the Center for Real-time Sensing and Autonomy (CARDS) at UMBC. His research interests include adversarial machine learning at the edge, cybersecurity, and smart cities. He has graduated 16 Ph.D. students and is currently mentoring several others at UMBC. He has published over 125 peer-reviewed research articles and has received extramural support from ARL, NSF, NIST, the Department of Education, and IBM.

The UMBC Cyber Defense Lab presents

Shadow IT in Higher Education: Survey and Case Study for Cybersecurity

Selma Gomez Orr, Cyrus Jian Bonyadi, Enis Golaszewski, and Alan T. Sherman
UMBC Cyber Defense Lab

Joint work with Peter A. H. Peterson (University of Minnesota Duluth), Richard Forno, Sydney Johns, and Jimmy Rodriguez

12-1:00 pm, Friday, 3 December 2021, online via WebEx

We explore shadow information technology (IT) at institutions of higher education through a two-tiered approach involving a detailed case study and comprehensive survey of IT professionals. In its many forms, shadow IT is the software or hardware present in a computer system or network that lies outside the typical review process of the responsible IT unit. We carry out a case study of an internally built legacy grants management system at the University of Maryland, Baltimore County that exemplifies the vulnerabilities, including cross-site scripting and SQL injection, typical of such unauthorized and ad-hoc software. We also conduct a survey of IT professionals at universities, colleges, and community colleges that reveals new and actionable information regarding the prevalence, usage patterns, types, benefits, and risks of shadow IT at their respective institutions.

Further, we propose a security-based profile of shadow IT, involving a subset of elements from existing shadow IT taxonomies, that categorizes shadow IT from a security perspective. Based on this profile, survey respondents identified the predominant form of shadow IT at their institutions, revealing close similarities to findings from our case study.

Through this work, we are the first to identify possible susceptibility factors associated with the occurrence of shadow IT-related security incidents within academic institutions. Correlations of significance include the presence of certain graduate schools, the level of decentralization of the IT department, the types of shadow IT present, the percentage of security violations related to shadow IT, and the institution’s overall attitude toward shadow IT. The combined elements of our case study, profile, and survey provide the first comprehensive view of shadow IT security at academic institutions, highlighting the tension between its risks and benefits, and suggesting strategies for managing it successfully.

Dr. Selma Gomez Orr (*protected email* ) received her Ph.D. from Harvard University in the field of decision sciences. She also holds Masters degrees in applied mathematics, engineering sciences, and business administration, also from Harvard. She has worked in the private sector in the fields of cybersecurity and data analytics. Most recently, as a CyberCorps Scholarship for Service (SFS) Scholar, Dr. Orr completed a Master’s of Professional Studies in both cybersecurity and data science at UMBC.

Cyrus Jian Bonyadi (*protected email* ) is a computer science Ph.D. student and former SFS scholar studying consensus theory at UMBC under the direction of Alan T. Sherman, Sisi Duan, and Haibin Zhang.

Enis Golaszewski (*protected email* ) is a Ph.D. student at UMBC under Alan T. Sherman where he studies, researches, and teaches cryptographic protocol analysis. A former SFS scholar, Golaszewski helps lead annual research studies that analyze and break software at UMBC.

Dr. Alan T. Sherman (*protected email*) is a professor of computer science, director of CDL, and associate director of UMBC’s Cybersecurity Center. His main research interest is high-integrity voting systems. Sherman earned the Ph.D. degree in computer science at MIT in 1987 studying under Ronald L. Rivest.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: Feb 4, Filipo Sharevski

UMBC redesignated a National Center of Academic Excellence in Cyber Defense

UMBC has been redesignated as a National Center of Academic Excellence in Cyber Defense (CAE-CD) through the academic year 2028.

The CAE-CD designation indicates that UMBC is helping reduce threats to our national infrastructure by promoting higher education and research in cyber defense and providing the nation with a pipeline of qualified cybersecurity professionals. UMBC is also designated as a Center of Academic Excellence in Cyber Research (CAE-R), which signifies that UMBC increases the understanding of robust cyber defense technology, policy, and practices that will enable our Nation to prevent and respond to a catastrophic event.

The National Centers of Academic Excellence in Cybersecurity (NCAE-C) program is managed by the National Cryptologic School at the National Security Agency. Federal Partners include the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Institute of Standards and Technology (NIST)/National Initiative on Cybersecurity Education (NICE), the National Science Foundation (NSF), the Department of Defense Office of the Chief Information Officer (DoD-CIO), and US Cyber Command (CYBERCOM).

The NCAE-C program’s mission is to create and manage a collaborative cybersecurity educational program with community colleges, colleges, and universities that

• Establishes standards for cybersecurity curriculum and academic excellence,
• Includes competency development among students and faculty,
• Values community outreach and leadership in professional development, 
• Integrates cybersecurity practice within the institution across academic disciplines,
• Actively engages in solutions to challenges facing cybersecurity education.

UMBC offers courses, a track, and concentrations focused on cybersecurity in its Computer Science and Information Systems programs at the undergraduate and graduate levels. In addition, UMBC has several major cybersecurity-oriented scholarship programs to prepare the next generation of cybersecurity professionals in an increasingly digital age, focusing on increasing the participation of women and other underrepresented groups in this fast-growing field. These include the UMBC Cyber Scholars program, CyberCorps: Scholarships For Service (SFS) program, and DOD Cyber Scholarship Program (CySP). Applications for SFS cybersecurity scholarships to begin in Fall 2022 are due via Scholarship Retriever by 12noon November 15, 2021.

UMBC also has professional cybersecurity programs that include certificate programs as well as a Master’s of Professional Studies (MPS) degree at its campuses in Catonsville (UMBC main campus) and Rockville (UMBC at the Universities at Shady Grove). UMBC Training Centers offers cybersecurity courses for both individuals and organizations.

Cybersecurity research at UMBC occurs in many of its laboratories and in the UMBC Center for Cybersecurity (UCYBR), which recently merged with UMBC’s original cybersecurity center, the UMBC Center for Information Security and Assurance (CISA).