MARYLAND CYBERSECURITY CENTER

Transcription

1 MARYLAND CYBERSECURITY CENTER cyber.umd.edu

2 INNOVATIVE INTERDISCIPLINARY RESEARCH

3 The Maryland Cybersecurity Center (MC2) brings together experts in computer science and engineering with colleagues in public policy, business, the social and behavioral sciences, and information science to establish broad-based cybersecurity initiatives. Research focuses on cryptography, privacy and anonymity, programming-language security and secure software development, wireless and network security, empirical security, attack behavioral analysis, usable security, and more.

4 CRYPTOGRAPHY Researchers work on both theoretical and applied aspects of cryptography. Specific areas of interest include privacy-preserving computation, cryptographic techniques for cloud security (e.g., searchable encryption, oblivious RAM, fully homomorphic encryption, verifiable outsourcing of computation, and authenticated data structures), mechanisms for protecting against side-channel and fault attacks, formal notions of privacy, authentication and keyexchange protocols, anonymity/pseudonymity, post-quantum cryptography, and cryptographic foundations. DANA DACHMAN-SOLED Electrical and Computer Engineering Side-channel and fault attacks, post-quantum cryptography, cryptographic foundations, complexity theory JONATHAN KATZ Professor, Computer Science and Director, MC2 Privacy-preserving computation, cloud security, privacy/anonymity, post-quantum cryptography, cryptographic foundations, science of cybersecurity, cybersecurity education CHARALAMPOS (BABIS) PAPAMANTHOU Electrical and Computer Engineering Cloud security, searchable encryption, system security ELAINE SHI Computer Science Privacy-preserving computation, cloud security, privacy/anonymity, system security, machine learning PROGRAMMING-LANGUAGE AND SOFTWARE SECURITY Researchers are working on techniques to help software programmers design and develop software that is more reliable and secure. They have developed dynamic software-updating approaches that avoid shutdown-and-restart when updating software to encourage faster application of security patches. They have also designed novel programming languages that ensure important security properties are met, as well as software tools that can analyze existing software to identify (and even fix) potential flaws. In collaboration with researchers in cryptography, they have developed tools and compilers for privacy-preserving and verifiable computation. They are also interested in understanding and teaching best practices for secure software development. RAJEEV BARUA Associate Professor, Electrical and Computer Engineering Reverse engineering, binary rewriting, security-policy enforcement JEFF FOSTER Associate Professor, Computer Science Web security, security/privacy for mobile devices MICHAEL HICKS Professor, Computer Science Privacy-preserving computation, quantifying information flow, web and mobile security, cybersecurity education ATIF MEMON Associate Professor, Computer Science Software testing and verification, security for mobile devices, cybersecurity education BILL PUGH Professor Emeritus, Computer Science Static analysis, web security, secure software development DAVID VAN HORN Computer Science Program verification, model checking, security for mobile devices

5

6 EMPIRICAL SECURITY Researchers collect and analyze real-world data and use techniques from machine learning and statistical data analysis to characterize threats, develop vulnerabilitydetection tools, propose new security metrics, and predict incident trends. MICHEL CUKIER Associate Professor, Reliability Engineering and Associate Director for Education, MC2 Intrusion detection, honeypots, behavioral aspects of security, cybersecurity education TUDOR DUMITRAS Electrical and Computer Engineering Machine learning, data analytics, system security, security metrics, distributed systems, science of cybersecurity FORENSICS Work in this area develops security tools and forensic technologies, particularly for multimedia files such as digital images, video, and audio. Researchers are working to ensure that content and devices are used by authorized users for authorized purposes, as well as developing techniques for gathering forensic evidence regarding the date, time, location, etc., at which multimedia files were created. MIN WU Multimedia data and device forensics, content protection, anti-collusion fingerprinting and traitor tracing, steganography NETWORK AND SYSTEMS SECURITY Researchers study the security of network protocols, develop protocols for secure and/or anonymous communication, analyze real-world network attacks, and explore methods for improving privacy and accountability in the Internet. BILL ARBAUGH Associate Professor Emeritus, Computer Science Wireless security, operating-system security, virus/malware detection and prevention JOHN BARAS Wireless security, secure group communication, physical-layer security, trust management, security metrics, malware detection, security of cyberphysical systems BOBBY BHATTACHARJEE Professor, Computer Science Privacy/anonymity, censorship resistance, security of network protocols MEHDI KALANTARI KHANDANI Assistant Research Scientist, Electrical and Computer Engineering Distributed denial of service (DDoS) attacks DAVE LEVIN Assistant Research Scientist, UMIACS Network-security economics, game theory, privacy/anonymity, censorship resistance, privacy-preserving advertising MICHELLE MAZUREK Computer Science Access control, operating system security, social networks, usable security MARK SHAYMAN IP geolocation NEIL SPRING Associate Professor, Computer Science Network instrumentation, topology discovery for censorship resistance, privacy/anonymity

7

8

9 HARDWARE SECURITY Researchers study several aspects of hardware security, including security in an era of growing parallelism and concurrency, novel hardware architectures to improve system security, hardware-specific attack vectors and defenses, and the use of hardware-security primitives (e.g., tamper-resistant processors or physically unclonable functions) to bootstrap security in larger systems. SHUVRA BHATTACHARYYA Signal-processing systems and architectures, security of embedded software, hardware/software co-design for system security, wireless sensor networks GANG QU Associate Professor, Electrical and Computer Engineering Trusted integrated-circuit and system design, hardware-security primitives, hardware-level Trojan-horse detection and prevention, hardware/ software co-design for system security, wirelessnetwork security, security of cyberphysical systems ANKUR SRIVASTAVA Associate Professor, Electrical and Computer Engineering Novel and architectures, hardware-security primitives INFORMATION-THEORETIC SECURITY Researchers employ tools and techniques from information theory, coding theory, and combinatorics to design new protocols for secure key distribution and private communication/computation based on correlated measurements. ALEXANDER BARG Coding theory, combinatorics, anti-collusion fingerprinting ARMAND MAKOWSKI Wireless security, key pre-distribution schemes PRAKASH NARAYAN Network information theory, coding theory, information-theoretic key distribution, signal processing SENNUR ULUKUS Wireless security, physical-layer security UZI VISHKIN Parallel algorithms and architectures for computer security, security under concurrency, hardware/ software co-design for system security

10 BEHAVIORAL ASPECTS OF CYBERSECURITY Researchers are analyzing how people use online social networks such as Twitter and Facebook to understand notions of trust, users expectations of privacy, the dynamics of human-computer interaction, and the usability of cybersecurity solutions. Researchers also seek to understand attackers motivations for carrying out cyberattacks, and to develop criminological theories accounting for their behavior. MARSHINI CHETTY College of Information Studies Usable security, user behavior VANESSA FRIAS-MARTINEZ College of Information Studies Privacy of mobile traces, behavioral fingerprinting JENNIFER GOLBECK Associate Professor, College of Information Studies Social networks, trust, usable security DAVID MAIMON Criminology and Criminal Justice Behavioral and social aspects of cyber-criminals, user behavior KATIE SHILTON College of Information Studies Policies and ethics for the design of information technologies and systems, usable security V.S. SUBRAHMANIAN Professor, Computer Science Assessment of cyber risk, intrusion detection, user behavior, cybersecurity policy, science of cybersecurity JESSICA VITAK College of Information Studies Social networks, users perception of privacy

11 ECONOMIC ASPECTS OF CYBERSECURITY Since organizations do not have infinite security resources, business executives must often make security decisions based on cost. Researchers have developed quantitative methods and models to inform these decisions. Researchers also study supply-chain management and techniques to improve endto-end supply-chain security. SANDOR BOYSON Research Professor, Robert H. Smith School of Business Supply-chain security and risk management, logistics, management practices LAWRENCE A. GORDON Professor, Robert H. Smith School of Business Cybersecurity economics, cybersecurity risk management CYBERSECURITY POLICY Researchers in the Center for International Security Studies at Maryland (CISSM) study cybersecurity policy and regulation, especially in regard to securing critical infrastructure. JACQUES GANSLER Professor, School of Public Policy National security, globalization, supply-chain management WILLIAM LUCYSHYN Visiting Senior Research Scholar, Center for Public Policy and Private Enterprise Supply-chain management, economics of cybersecurity WILLIAM NOLTE Research Professor, Center for Public Policy and Private Enterprise Cybersecurity education, cybersecurity policy MARTIN LOEB Professor, Robert H. Smith School of Business Accounting and information assurance, cybersecurity economics, cybersecurity regulation

12 CONTACT INFORMATION Please select the appropriate contact below for your inquiry. RESEARCH INQUIRIES: EDUCATION PROGRAM INQUIRIES: CORPORATE PARTNERSHIP INQUIRIES: MEDIA INQUIRIES: GENERAL INQUIRIES: MC2 Director Jonathan Katz, MC2 Associate Director for Education Michel Cukier, MC2 Director Jonathan Katz, or Tom Ventsias, MC2 Coordinator Carolyn Flowers, or The Maryland Cybersecurity Center is supported by the College of Computer, Mathematical, and Natural Sciences and the A. James Clark School of Engineering. It is one of 16 centers and laboratories in the University of Maryland Institute for Advanced Computer Studies (UMIACS). cyber.umd.edu