Clark School Home UMD

ECE News Story

Dumitras Receives NSF Award to Study Software Update Vulnerabilities

Dumitras Receives NSF Award to Study Software Update Vulnerabilities

Assistant Professor Tudor Dumitras
Assistant Professor Tudor Dumitras

Tudor Dumitras (ECEUMIACSMaryland Cybersecurity Center ) has received a National Science Foundation (NSF) award to study how well software updating mechanisms work. 

The two-year award for approximately $175,000 is part of the NSF’s Secure and Trustworthy Cyberspace (SaTC) program. The funding also falls under the NSF CISE Research Initiation Initiative (CRII), given to talented young faculty who are in their first two years of a tenure-track academic position.

“Tudor was one of four new faculty to join the Maryland Cybersecurity Center almost two years ago. All of them are performing exceedingly well, and this particular award is representative of that,” says Jonathan Katz, director of MC2.

The research funded by the SaTC grant will look at the “timeliness” of organizations protecting their cyber infrastructure with security patches.

In order to prevent cyber attacks, security updates should be installed as soon as the software vendor releases them, Dumitras says. But often there are times when—for a variety of reasons—updates are not applied in a timely manner, giving cybercriminals the opportunity to exploit a system.

“This is important because software updates often include patches to vulnerabilities that if left unpatched, would allow hackers to access those systems,” he says.

For example, Dumitras says, popular applications like Web browsers, media players or document editors and readers often have vulnerabilities that may allow criminals to steal sensitive information like passwords, credit card numbers or medical records, or to control those hosts remotely for sending spam or for launching other cyber attacks.

Dumitras, working with second-year electrical and computer engineering doctoral student Ziyun Zhu, will use the SaTC funding to conduct research that examines how quickly software updates are deployed on millions of hosts around the world, as well as what causes updating delays.

The team will then build mathematical models to quantify the trade-offs between reliability and security when updating software.

“We’re trying to see if patch deployment is more like physical laws, which we know can be described using elegant mathematical equations,” Dumitras says. “Or, if it’s more like the weather, which is governed by interactions that are too complex to be modeled accurately.”

Dumitras and Zhu are working to come up with mathematical models for patch deployment so they can predict what the window of vulnerability will be for future exploits. Their work may also highlight opportunities for improving software-update mechanisms. 

Dumitras plans to disseminate the results from the SaTC project through workshops, by releasing data sets with augmented information about software vulnerabilities, and by collaborating with industry partners to evaluate the proposed techniques in real-world settings.

To read more about the SaTC project, go here

To see a video overview of cybersecurity work by Dumitras, go here.

—Story by Melissa Brachfeld

May 15, 2015

Prev   Next
 “This is important because software updates often include patches to vulnerabilities that if left unpatched, would allow hackers to access those systems."

Current Headlines

University of Maryland School of Engineering Announces Unprecedented Investment from A. James & Alice B. Clark Foundation

Inaugural Energy Innovation Seed Grants awarded

Light may unlock a new quantum dance for electrons in graphene

UMD Researchers Focus Energy on Current Collector Improvements

NASA Selects Hartzell for Mission to Asteroid Bennu

Clark School Researchers Recognized Among "World's Most Influential Scientific Minds"

University of Maryland, Navy Control Robot From 6,000 Feet Above Ground

Alumnus Profile: Yashwanth (Yash) Hemaraj

News Resources

Return to Newsroom

Search News

Archived News

Events Resources

Events Calendar

Additional Resources

UM Newsdesk

Faculty Experts