School News

Codebreaker Challenge

Ends: January 11th, 2020 12:00am

NSA's 7th annual Codebreaker Challenge is now live. It is a hands-on software reverse engineering challenge where students work to complete mission-focused objectives to push their school to the top of the competition leader board. The task for this year's fictional challenge is to develop new exploitations to spy on messages in the terrorists communication application, TerrorTime, in order to thwart attacks before they can happen. Students are given seven tasks of increasing difficulty that culminate in developing the capability to "Spoof TerrorTime messages, Masquerade as TerrorTime users without knowledge of their credentials, and decrypt TerrorTime chat messages". Feedback from previous challenges indicated students learned a great deal from participating, so with your help, we encourage as much student participation as possible!


Past News and Events

November CAE Forum

Wednesday November 13th

Topic: A Security Analysis of Facebook's Political Ad Library

Time: 1:10-1:50PM
Online advertising plays an increasingly important role in political elections. As part of the 2016 U.S. national elections, there were a number of controversies regarding an ad-driven propaganda campaign to influence elections and privacy violations. In response to these controversies, Facebook, Google, and Twitter have all created policies and implemented products to make transparent and archive U.S. political advertisements that have run on their platforms. We present a security review of Facebook's Ad Library and political ad disclosure efforts. Laura Edelson is a Ph.D. candidate and Research Assistant at NYU. Laura has returned to academia after a successful career as a software engineer in the financial and data analysis sectors because she came to question the impact that big data and machine learning, and her work, in particular, had on society at large. She worked as a software engineer in the financial and data analysis sectors for 15 years at Palantir, Factset, and NYFIX.

Topic: Secure Cloud Assisted Smart Cars

Time: 2:00-2:40PM
Smart cars are among the essential components and major drivers of future cities and connected world. The interaction among connected entities in this vehicular internet of things domain, which also involves smart traffic infrastructure, restaurant beacons, emergency vehicles, etc., will offer many real-time service applications and provide safer and more pleasant driving experience to consumers. Security and privacy are big concerns that deter the adoption of smart cars, which if not properly addressed will have grave implications with risk to human life and limb. In this talk, Gupta will first highlight the access control needs in smart cars ecosystem and present an access controloriented architecture. Furthermore, he will discuss the proposed dynamic groups and attribute-based access control model for smart cars ecosystem, which considers both system wide attributes-based security policies and individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. In the end, Gupta will briefly discuss a proof of concept implementation in AWS IoT cloud platform

November CAE Tech Talk

Thursday November 14th

Topic: Wireless and Mobile Softwarization

Time: 1:10-1:50PM
The wireless revolution delivered beyond the pioneers dreams, forever changing how we access information, interact with each other, and our physical world. Yet, a confluence of factors indicates that a security and privacy storm is brewing. Limited resources and lack of strong security models, led to a variety of weaknesses in wireless and mobile systems. These risks are amplified by the accelerated pervasiveness and ad hoc integration of wireless communications in a variety of systems such as air traffic, biomedical devices, electricity grid, in addition to bring-your-own-device policies, and a multitude of smart and wirelessly connected IoT devices deployed in homes and business. At the same time hardware and in particular wireless softwarization is removing natural barriers such as attacks physical co-location, or cost. In this talk, we will reflect on some of the wireless and mobile security and privacy emerging challenges and trends, from side-channel attacks to cross-layer attacks, as well as defense approaches and their limitations. The talk points are illustrated using our recent research, spanning a variety of application areas, such as demonstrating mobile apps tracking without requiring any permissions, Apple AWDL design and implementation vulnerabilities permitting tracking and man-in-the-middle attacks, covert channels for exfiltrating sensitive personal and business data through wireless and mobile devices, and air traffic attacks on the Instrument Landing Systems (ILS), or Automatic Dependent Surveillance Broadcast (ADS-B) system.

Topic: Building Secure Software Systems Using Security

Time: 2:00-2:40PM
Patterns combine experience and good practices to develop basic models that can be used to build new systems and to evaluate existing systems. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system requirements, design, and evaluation. We consider the structure and purpose of security patterns, show a variety of security patterns, and illustrate their use in the construction of secure systems. These patterns include among others Authentication, Authorization/Access Control, Firewalls, Secure Broker, Web Services Security, and Cloud Security. We have built a catalog of over 100 security patterns. The use of patterns can provide a holistic view of security, which is a fundamental principle to build secure systems. Patterns can be applied throughout the software lifecycle and provide a good communication tool for the builders of the system. The patterns are shown using UML models and examples are taken from my two books on security patterns as well as from my recent publications.

CyberMaryland Conference 2019

Thurs Dec 5th, 8 AM - Fri Dec 6th, 4 PM.
Hyatt Regency Baltimore Inner Harbor,
300 Light St, Baltimore, MD, 21202

The CyberMaryland Conference is an annual two-day event presented by the Federal Business Council (FBC) in conjunction with academia, government and private industry organizations. This year's theme, Cyber Threats, Nevermore: Unifying the Cyber Community in Maryland and Beyond pays homage to a historic Maryland icon - famous poet and cryptographer Edgar Allan Poe. Additionally, the conference provides an opportunity for Maryland to demonstrate its natural leadership in Cybersecurity.
  • Calling all cyber competitors, mentors, trainers and teachers. The Cyber Maryland Challenge seeks teams willing to test a range of skills in a battle of real world cyber challenges. Your team will climb a ladder of challenges demonstrating an ability to work together, understand both simple and complex vulnerabilities, defensive operations and gamified offensive operations. Game on!
For more information visit the conference webpage

Cyber Warrior Program

Wednesday, October 16th, 2019.
Computer Science Building. Room 207B.
14000 Jericho Park Road. Bowie, MD 20715.

A cybersecurity training program that began at Baltimore's historically black universities is expanding to more universities around the state. The Cyber Warrior Diversity Program began in 2017 at Morgan State University and Coppin State University. Baltimore-based tech training company Digit All City worked with the universities as well as Northrop Grumman to establish a program that provided students with certifications that are required for clearances for cybersecurity work by the U.S. Department of Defense and other government agencies. Along with providing training, the effort seeks to prepare students to work at roles within Maryland's federal agencies and government-focused firms. Wilson said the program is among a number of efforts by the university, including a cybersecurity lab in Baltimore and an effort to connect students with internships at tech companies in Silicon Valley.

Cyberday

Wednesday, October 16th, 2019. 9:30am - 3:00pm.
Recital Hall, Fine and Performing Arts Center.

In recognition of Cybersecurity Awareness Month (October) the Center for Cybersecurity & Emerging Technologies at Bowie State University is hosting a Professional Development and Networking event. Join us to get pertinent information and knowledge from experienced leaders in cybersecurity. Speak with experts about their careers and learn how the changing threat landscape is creating a need for cyber professionals. For more informations contact: Dr. Yan (301-860-3966) or Dr. Shumba(301-860-4446)