Category Archives: School of Computing & Infomation Science

Job Available at the Bangor Daily News in Maine

BDN Maine seeks a PHP developer who will reinvent how the company thinks about and runs its systems and help maintain the highest-traffic news site in Maine. He/she will develop and maintain internal, back-end and customer-facing tools that support BDN products & services.

A qualified candidate would have the following skills:

*General PHP*

– Basic: Scrape and parse any type of input into structured data.
– Better: Examine undocumented code/APIs, identifying patterns in
structure, naming conventions, etc., to unlock hidden features.

*WordPress*

– Basic: Develop and modify plugins. Explore the WordPress API.
– Better: Understand how code impacts performance on a large-scale site
and how to leverage all types of caching.
– Best: Enhance core functionality.

*Systems*

– Basic: Set up new users/forms/file shares/etc. in pretty much any
system.
– Better: Proficient in managing both Linux and Windows servers, has an
eye for architecture.
– Best: Track networking problems, set up new hard drive arrays,
directories, print, DNS and DHCP servers, preferably in the cloud.

The BDN is dedicated to rethinking how “legacy” media operate. If you enjoy
working on multiple projects with different focuses in quick succession
you’ll enjoy working here. We want people who understand how to build tools
people will use and who are interested in changing user habits for the
better.

R&I is a new department that operates as a startup inside the BDN
responsible for product development, technology and leading the company in
making data- and research-based decisions.

We like to move aggressively and quickly at the BDN. We avoid bureaucracy
and encourage transparency. We open source things when we can (read: when
we’re not too embarrassed). The BDN is family-owned (no corporate
overlords). It’s big enough to have resources and impact but not so huge
you can’t ever get anything done.

Send questions or resumes (with code samples) to:

William P. Davis
Director of Research & Innovation
207-990-8250 (o)
207-660-5342 (m)
bangordailynews.com

wdavis@bangordailynews.com

With reporters from Portland to Machias to The County, and everywhere in
between, the BDN is your source for Maine news. Know Maine.

Call for Papers: IOT and SCADA Cybersecurity Education

Call for Papers on
IOT and SCADA Cybersecurity Education
13th International Conference on Security and Management
World Congress in Computer Science,
Computer Engineering and Applied Computing
Las Vegas, Nevada, July 21-24, 2014

George Markowsky
February 16, 2014

1 INVITATION
We invite you to submit a paper in the area of IOT and SCADA
Cybersecurity Education to the Technical Session that we are
organizing at SAM’14. The 13th International Conference on
Security and Management. SAM’14 is part of WORLDCOMP’14:
The 2014 World Congress in Computer Science, Computer
Engineering and Applied Computing. WORLDCOMP’14 will be
held in Las Vegas, Nevada, USA during the period July 21-24,
2014. The exact times and dates of our presentations will be
determined once we get the session organized, but it will
most likely be on July 23 and 24.

2 DESCRIPTION OF TECHNICAL SESSION
By 2020 various estimates put the number of “things” on
the Internet at 26-30 billion. These networked things will
be found in every facet of our lives. This is in addition to
the SCADA systems that are so critical for functioning of
modern civilization. In the excitement of creating these
new systems, it seems clear that not enough attention is
being paid to cybersecurity of the IOT and SCADA systems. In
particular, this aspect of cybersecurity is not addressed in
most cybersecurity programs. This is most unfortunate since
it is widely believed that these new systems are less secure
than the traditional networked systems. It is also clear
that vulnerabilities in the IOT and SCADA systems can be
exploited to produce vulnerabilities in traditional systems.
This session will focus on the state of IOT and SCADA
Cybersecurity Education. Of special interest are determining
which institutions are active in these areas and how people
interested in bringing these topics into their cybersecurity
curriculum should proceed. We invite contributions that look
at all aspects of the cybersecurity of the Internet of
Things and SCADA systems. This includes such devices as
ATMs, home and automobile control systems, and medical
devices as well as the traditional systems such as power
grids, pipelines and water systems.

This session will provide an international platform for the
discussion of IOT and SCADA cybersecurity education since
the estimated 2,000+ participants at WORLDCOMP’14 will be
able to attend any of the sessions that interest them.
Furthermore, all accepted papers will be published in the
SAM’14 proceedings. The SAM’14 proceedings will be
distributed in hard copy to all registrants for SAM’14,
and will be included in electronic form with the other
conference proceedings and distributed to all the
participants. After the conference, the SAM’14 proceedings
will be available online.

3 TYPES OF PAPERS
We are interested in contributions of the following types:

(RRP) REGULAR RESEARCH PAPERS.
These are 7-page IEEE-style papers that will appear in the
proceedings. These papers will be presented in a 20-minute
formal presentation slot.

RRR) REGULAR RESEARCH REPORTS.
These are 7-page IEEE-style papers that will appear in the
proceedings. The presentations for these papers will be in
informal settings during Discussion Sessions. Typically,
those authors with language difficulties prefer this mode of
presentation.

(SRP) SHORT RESEARCH PAPERS.
These are 4-page IEEE-style papers that will appear in the
proceedings. The presentations for these papers will be in
informal settings during discussion sessions.

(PST) POSTERS.
These are 2-page IEEE-style papers that will appear in the
proceedings. The presentations for these papers will be in
informal settings during discussion sessions.

Templates and author instructions are available at
http://www.worldacademyofscience.org/worldcomp13/ws/authors.
The templates and instructions for WORLDCOMP’14 will be
identical to those used in WORLDCOMP’13.

IMPORTANT DATES AND SUBMISSION OF PAPERS
If you would like to participate in this technical session,
DO NOT submit your paper through the WORLDCOMP’14 website.
Please send all materials to George Markowsky
(markov@maine.edu). The timeline will be as follows:

FRIDAY, MARCH 28, 2014.
Draft papers due.

FRIDAY, APRIL 18, 2014.
Acceptance of papers announced by this date. The sooner you
can submit your paper, the sooner you can get feedback.

WEDNESDAY, MAY 14, 2014.
Camera ready papers uploaded and registration completed.

Please be sure to mail all materials to markov@maine.edu.
With your submissions be sure to list all the authors and
for each author include the following information:

Complete name and title
Complete mailing address
Complete e-mail address
Complete Phone Information

If there are multiple authors, please indicate who should be
the contact author for the paper.

GENERAL INFORMATION

Registering for SAM’14 grants admission to all of the 22
different conferences that take place during WORDCOMP’14.
Admission includes all of the tutorials and keynote talks.
For more information on SAM’14 and WORLDCOMP’ 14 see:
http://sam.udmercy.edu/sam14/ and
http://www.world-academy-of-science.org/worldcomp14/ws.

Feel free to circulate this call for papers. Note that since
we are a special session we have our own timeline which is
different from that for general submitted papers to
WORLDCOMP’14. For more information, please contact

Prof. George Markowsky
School of Computing and Information Science
University of Maine
Orono, ME 04469-5711
markov@maine.edu
207-581-3940

Linda Markowsky PhD Defense: Towards Making SELinux Smart. Wednesday February 26, 4:10 PM, 115 DPC

Wednesday, February 26, 2014, 4:10 pm, 115 DPC
PhD Defense

TOWARDS MAKING SELINUX SMART: THE SELINUX SENTRY, SMART SENTRY,
AND THE OCTAVE FUZZY LOGIC TOOLKIT

Linda Markowsky
School of Computing and Information Science

ABSTRACT:

Many zero-day and polymorphic cyberattacks effectively evade signature-based defenses. This thesis builds toward a defensive system designed to prevent many such attacks in real time on nearly any host running Linux. The SELinuxSentry and SmartSentry, two proof-of-concept prototypes, were designed and partially implemented. The two prototypes provide platforms at two levels in a layered security strategy on which to test the effectiveness of leveraging existing system messages to create smart, lightweight, non-signature based defenses. A preliminary version of the SmartSentry was shown to resist hostile enumeration.

The Octave Fuzzy Logic Toolkit was developed as the basis for implementing the smart modules of the SELinuxSentry and SmartSentry. Both of these systems use fuzzy-logic-based algorithms to cluster unlabeled data and automatically generate a fuzzy inference system. The fuzzy-logic-based design was chosen over competing algorithms, such as support vector machines, in order to make the behavior of the intelligent modules as transparent as possible to human security administrators. The Octave Fuzzy Logic Toolkit is available as a free, open-source package on both Octave-Forge and Sourceforge and is shared under the GNU General Public License.

 

UMaine Cyber Defense Team Qualifies for the Northeast Collegiate Cyber Defense Competition

On Saturday January 25, 2014, the University of Maine Cyber Defense Team qualified to compete in the 2014 Northeast Collegiate Cyber Defense Competition which will be held March 14-16 at the University of New Hampshire in Durham, NH. The field consisted of 14 teams competing for 9 spots in the Regional Competition. The 9 teams that qualified were (in alphabetical order):

Alfred State University (NY)
Champlain College (VT)
University of Maine
Northeastern University (MA)
Rochester Institute of Technology (NY)
SUNY IT
Syracuse University (NY)
Worcester Polytechnic Institute (MA)
UMass Boston

The University of New Hampshire will also be in the NECCDC because they are
hosting the competition this year.

The competition was very spirited and the schools not making the cut were:

SUNY Buffalo
Pace University (NY)
Stevens Institute of Technology (NJ)
US Military Academy West Point (NY)
UMass Lowell

The UMaine Cyber Defense Team was represented by

Captain Benjamin Grooms (Computer Engineering Major)
Co-Captain Kyle Ossinger (Computer Science Major)
Albano Drazhi (Computer Science Major)
Theodore Farnsworth (Computer Science Major)
Jacob Figg (Mechanical Engineering Major)
John Woodill (Mechanical Engineering Major)

For the NECCDC the above 6 will be joined by Taylor Newton an Electrical Engineering Technology major. It is worth noting that team members come from several different departments and show that cyber defense skills can be found in many different places.

The University of Maine achievement is especially noteworthy because UMaine does not have a formal program in cybersecurity, while 9 of the 14 teams competing (including 4 that did not make the cut) are NSA/Dept. of Homeland Security National Centers of Academic Excellence in Information Assurance.

Much credit goes to the students who volunteered their time and to the assistant coaches: Sean Lyford, John Poulin and Lucas Wood, who helped the team get ready for the Qualifying Round.

The Qualifying Round requires judges not affiliated with the cyber defense team to be present during the 8 hour competition. UMaine is very grateful to William Quintana (Bath Iron Works), Ted Ropple (Bangor Savings Bank), Aubrey Smith (Entrepreneur) and Randy Smith (Jackson Lab – retired) for serving as judges and for their service on a day when the weather was not cooperating.

For more information about the NECCDC go to NECCDC.net