Clark School Home UMD

ECE News Story

Dumitras Receives NSF Award to Study Software Update Vulnerabilities

Dumitras Receives NSF Award to Study Software Update Vulnerabilities

Assistant Professor Tudor Dumitras
Assistant Professor Tudor Dumitras

Tudor Dumitras (ECEUMIACSMaryland Cybersecurity Center ) has received a National Science Foundation (NSF) award to study how well software updating mechanisms work. 

The two-year award for approximately $175,000 is part of the NSF’s Secure and Trustworthy Cyberspace (SaTC) program. The funding also falls under the NSF CISE Research Initiation Initiative (CRII), given to talented young faculty who are in their first two years of a tenure-track academic position.

“Tudor was one of four new faculty to join the Maryland Cybersecurity Center almost two years ago. All of them are performing exceedingly well, and this particular award is representative of that,” says Jonathan Katz, director of MC2.

The research funded by the SaTC grant will look at the “timeliness” of organizations protecting their cyber infrastructure with security patches.

In order to prevent cyber attacks, security updates should be installed as soon as the software vendor releases them, Dumitras says. But often there are times when—for a variety of reasons—updates are not applied in a timely manner, giving cybercriminals the opportunity to exploit a system.

“This is important because software updates often include patches to vulnerabilities that if left unpatched, would allow hackers to access those systems,” he says.

For example, Dumitras says, popular applications like Web browsers, media players or document editors and readers often have vulnerabilities that may allow criminals to steal sensitive information like passwords, credit card numbers or medical records, or to control those hosts remotely for sending spam or for launching other cyber attacks.

Dumitras, working with second-year electrical and computer engineering doctoral student Ziyun Zhu, will use the SaTC funding to conduct research that examines how quickly software updates are deployed on millions of hosts around the world, as well as what causes updating delays.

The team will then build mathematical models to quantify the trade-offs between reliability and security when updating software.

“We’re trying to see if patch deployment is more like physical laws, which we know can be described using elegant mathematical equations,” Dumitras says. “Or, if it’s more like the weather, which is governed by interactions that are too complex to be modeled accurately.”

Dumitras and Zhu are working to come up with mathematical models for patch deployment so they can predict what the window of vulnerability will be for future exploits. Their work may also highlight opportunities for improving software-update mechanisms. 

Dumitras plans to disseminate the results from the SaTC project through workshops, by releasing data sets with augmented information about software vulnerabilities, and by collaborating with industry partners to evaluate the proposed techniques in real-world settings.

To read more about the SaTC project, go here

To see a video overview of cybersecurity work by Dumitras, go here.

—Story by Melissa Brachfeld

May 15, 2015

Prev   Next
 “This is important because software updates often include patches to vulnerabilities that if left unpatched, would allow hackers to access those systems."

Current Headlines

Biofilm treatment device receives TEDCO MII funding; paper published in IEEE TBME

UMD Researchers Conduct Field Tests to Evaluate the Atmosphere’s Effect on Lasers

Alumnus Profile: Robert Cobb

MC2 Faculty, Students Have Five Papers Accepted to ACM Conference on Computer and Communications Security

Bhattacharyya awarded NIH Grant to Explore Real-time Neural Decoding for Calcium Imaging

With Engineering Projects, UMD Students Seek to Boost Education Access, Public Health, and Sustainability

Shoukry, Krishnaprasad receive NSF grant for resilient-by-cognition cyber-physical systems

UMD to Lead Milestone NSF High School Engineering Pilot Course

News Resources

Return to Newsroom

Search News

Archived News

Events Resources

Events Calendar

Additional Resources

UM Newsdesk

Faculty Experts