Cukier, Michel
Director, Advanced Cybersecurity Experience for Students
Center for Risk and Reliability
Maryland Cybersecurity Center
UMIACS
Electrical and Computer Engineering
Computer Science
Education
Ph.D., Computer Science, National Polytechnic Institute of Toulouse, France, 1996
B.S. Physics Engineering, Free University of Brussels, Belgium, 1991
Background
Michel Cukier is a professor of mechanical engineering.
From 1996 to 2001, Cukier was a researcher at the University of Illinois, Urbana-Champaign. He joined the University of Maryland in 2001 as assistant professor. His research covers dependability and security issues. Cukier has published more than 90 papers in journals and refereed conference proceedings in those areas.
He received his doctorate in computer science from the National Polytechnic Institute of Toulouse, France.
Honors and Awards
- The Daily Record's 2023 Higher Education Power List (2023)
- USM Board of Regents Faculty Award for Excellence in Mentoring (2023)
- Member of the State of Maryland Cybersecurity Council (2019)
- SANS Difference Makers Award (2018)
- University of Maryland Corporate Connector of the Year Award (2018)
- Distinguished Papers Session, European Dependable Computing Conference (2017)
- National Science Foundation (NSF) Faculty Early Career Development (CAREER) Award (2003)
- Best Paper Award, Pacific Rim International Symposium on Dependable Computing (2002)
Professional Memberships
- Member, IEEE
- Fault tolerance
- Intrusion tolerance
- Dependability and security evaluation
Current Students
Alex Parisi (PhD, RE)
Paul Watrobski (PhD, RE)
Ciro Pinto-Coelho (PhD, RE)
Jessica Zhu (PhD, RE)
Former Students
John McGahagan (PhD, RE)
Margaret Gratian (PhD, RE)
Yazdan Movahedi (PhD, RE)
Bertrand Sobesto (PhD, RE)
Ed Condon (PhD, RE)
Robin Berthier (PhD, RE)
Danielle Chrun (PhD, RE)
Aria Khoshkhou (PhD, RE)
Jesus Molina (PhD, ECE)
Anil Sharma (MS, RE)
Melody Djam (MS, RE)
Shalom Rosenfeld (MS, ECE)
Hari Sivaramakrishnan (MS, ECE)
Merine Zinsou (MS, RE)
Frank Hemingway (MS, ECE)
Benjamin Klimkowski (MS, CS)
Risk Assessment of User Behavior
Michel Cukier (PI)
Sponsor: Laboratory for Telecommunication Sciences
Abstract: It has been claimed many times that the human is the weakest link in cybersecurity. The goal of this research is to improve the overall security of an organization by better understanding user behavior. More specifically, we will assess how users currently assess risks and how to educate them to better understand some of the risks of their online behavior. We will design and implement various experiments on the user population at the University of Maryland. In addition, we will build upon research conducted on risk perception in the physical world and identify approaches used to modify some perceptions with the goal of translating some of these approaches in cyberspace.
SFS for ACES
Michel Cukier (PI), Lawrence Gordon (Co-PI), Charles Harry (Co-PI), Jandelyn Plane (Co-PI), David Levin (Co-PI)
Sponsor: National Science Foundation
Abstract: National and personal security have become major concerns as we continue to increase our reliance on technological advancements. The growth of innovation must mirror the expansion of trained professionals. The University of Maryland (UMD), a National Security Agency - Center of Academic Excellence in Research (CAE-R), proposes to lead the challenge of educating the next cyber workforce through the creation of the Advanced Cybersecurity Experience for Students (ACES) Program, the first undergraduate honors program in cybersecurity in the United States. The CyberCorps(R): Scholarship for Service (SFS) program at UMD will provide a unique opportunity for 36 ACES students earn their Bachelor's degree with an ACES Minor in cybersecurity, and prepare them to join the cadre of cybersecurity professionals in the government. The ACES program aims to provide a unique, multidisciplinary education for a diverse group of undergraduate students of all majors. The curriculum will allow students to live together, use embedded, state-of-the-art laboratories, and work collaboratively inside and outside the classroom. In addition to fulfilling rigorous, required coursework in topics such as Cyber Policy, Psychology, and Reverse Engineering, ACES strongly emphasizes experiential learning by providing opportunities for individual and group research projects, as well as academic term and summer internships. In local middle and high schools, students will have an opportunity to work in CyberPatriot teams and participate in CyberSTEM summer camps (day and residential) and cybersecurity awareness workshops. The SFS program will enhance the university's goal of training a workforce with a range of talents, backgrounds, and expertise that can meet the cybersecurity needs of the government.
Collaborative Proposal: SaTC: Frontiers: Enabling a Secure and Trustworthy Software Supply Chain
Michel Cukier (PI)
Sponsor: National Science Foundation
Abstract: The modern world relies on software in almost every human endeavor, and a typical software product includes 80% open source components. Attackers find and exploit accidentally-injected security vulnerabilities and, increasingly, aggressively implant vulnerabilities or malicious code directly into the software supply chain -- the open source software and its build and deployment pipelines. This Frontiers project establishes the Secure Software Supply Chain Center (S3C2), a large-scale, multi-institution effort designed to aid the software industry re-establish trust in the software supply chain through the development of scientific principles, synergistic tools, metrics, and models in the context of human behavior among software supply chain stakeholders. The project?s novelties include the contributions to a diverse workforce that is trained in secure software supply chain methods through research and outreach initiatives, including summer research experiences for undergraduates (REU), summer camps, and the development of course modules for undergraduates, graduate students, and practitioners. The project?s broader significance and importance are the ways in which S3C2 will facilitate rapid innovation with increased confidence in software supply chain security.
S3C2 focuses on interconnected research thrusts for two supply chain attack vectors: (1) upstream dependencies and (2) the build process in the context of a continuous integration/continuous deployment (CI/CD) pipeline. Thrust One focuses on developing tools and techniques to aid practitioners with the risk of upstream dependencies. It enhances the utility of the Software Bill of Materials (SBoM) by identifying exploitability of vulnerabilities and changes to attack surfaces and isolates risky code as a stop-gap before patching is possible. Thrust Two focuses on developing tools and techniques to aid practitioners with the risk of build processes. It enables strong guarantees for build integrity through analysis of CI/CD configuration and techniques that help developers achieve reproducible builds.
Summer Cyber and Telecommunications Research
Michel Cukier (PI)
Sponsor: Laboratory for Telecommunication Sciences
Abstract: The LASR Internship program offers ACES students a summer research internship experience at the Laboratory for Telecommunication Sciences.
CyberSTEM Outreach Research
Michel Cukier (PI), Jandelyn Plane (Co-PI)
Sponsor: Laboratory for Telecommunication Sciences
Abstract: The subject of intense research at the University of Maryland’s Maryland Center for Women in Computing [MCWIC] and Maryland Cybersecurity Center [MC2] is to understand how best to validate, catalyze, and achieve the creation of a pipeline from STEM education to STEM careers. Two entities - the MCWIC and MC2 - have partnered to conduct foundational studies to inform, define, and create the best solutions to closing the STEM-articulate, graduate gap, with a specific emphasis on significantly reversing national trends in gender-diversity and underrepresented population in computer science.
Fall 2023
ENME 392: Statistical Methods for Product and Processes Development
HACS 200: Applied Cybersecurity Foundations II
HACS 100: Foundations in Cybersecurity I
Spring 2023
ENME 392: Statistical Methods for Product and Processes Development
Fall 2022
ENME 392: Statistical Methods for Product and Processes Development
HACS 200: Applied Cybersecurity Foundations II
HACS 100: Foundations in Cybersecurity I
Spring 2022
ENME 392: Statistical Methods for Product and Processes Development
Fall 2021
ENME 442/ENRE 684: Information Security
HACS 200: Applied Cybersecurity Foundations II
HACS 100: Foundations in Cybersecurity I
Spring 2021
ENME 392: Statistical Methods for Product and Processes Development
Fall 2020
ENME 442/ENRE 684: Information Security
HACS 200: Applied Cybersecurity Foundations II
HACS 100: Foundations in Cybersecurity I
Spring 2020
ENME 392: Statistical Methods for Product and Processes Development
Fall 2019
ENME 442/ENRE 684: Information Security
HACS 200: Applied Cybersecurity Foundations II
Spring 2019
ENME 392: Statistical Methods for Product and Processes Development
Fall 2018
ENME 442/ENRE 684: Information Security
HACS 200: Applied Cybersecurity Foundations II
Spring 2018
ENME 392: Statistical Methods for Product and Processes Development
Fall 2017
ENME 442/ENRE 684: Information Security
Spring 2017
ENME 442/ENRE 684: Information Security
2019
Vulnerability Prediction Capability: A Comparison between Vulnerability Discovery Models and Neural Network Models
Y. Mohavedi, M. Cukier, and I. Gashi
Computers & Security, August 2019
(Impact Factor: 2.650)
Perspective: Risk and the Five Hard Problems of Cybersecurity
N. M. Scala, A. C. Reilly, P. L. Goethals, and M. Cukier
Risk Analysis, March 2019
(Impact Factor: 2.898)
Cluster-based vulnerability assessment of operating systems and web browsers
Y. Movahedi, M. Cukier, A. Andongabo, and I. Gashi
Computing, vol. 101, no. 2, February 2019, pp. 139-160.
(Impact Factor: 1.654)
Identifying infected users via network traffic
M. Gratian, D. Bhansali, M. Cukier, and J. Dykstra
Computers & Security, vol. 80, January 2019, pp 306-316.
A Comprehensive Evaluation of HTTP Header Features for Detecting Malicious Websites
J. McGahagan, D. Bhansali, M. Gratian and M. Cukier
in Proc. 15th European Dependable Computing Conference (EDCC), 2019.
(54% acceptance rate)
"Help, I've Been Hacked!": Insights from a Corpus of User-Reported Cyber Victimization Cases on Twitter
M. Gratian, D. Bhansali, M. Cukier, and J. Dykstra
in Proc. Human Factors and Ergonomics Society's 2019 International Annual Meeting, Seattle, USA, Oct. 28 – Nov. 1, 2019.
(64% acceptance rate)
2018
Process Mining and Hierarchical Clustering to Help Intrusion Alert Visualization
S. Carlisto de Alvarenga, S. Barbon Junior, R. Sanches Miani, M. Cukier, and B. Bogaz Zarpelão
Computers & Security, vol. 73, March 2018, pp 474-491.
(Impact Factor: 2.650)
Correlating Human Traits and Cyber Security Behavior Intentions
M. Gratian, S. Bandi, M. Cukier, J. Dykstra, and A. Ginther
Computers & Security, vol. 73, March 2018, pp 345–358.
(Impact Factor: 2.650)
2017
Illegal Roaming and File Manipulation on Target Computers
A. Testa, D. Maimon, B. Sobesto, and M. Cukier
Criminology & Public Policy, vol. 16, issue 3, August 2017, pp 689–726
(Impact Factor: 2.216)
Discovering Attackers Past Behavior to Generate Online Hyper-Alerts
CT. Kawakani, S. Barbon, RS. Miani, M. Cukier, and BB. Zarpelão
iSys-Revista Brasileira de Sistemas de Informação, vol.10, issue 1, 2017, pp 122-147.
AVAMAT: AntiVirus and Malware Analysis Tool
P. Shahegh, T. Dietz, M. Cukier, A. Algaith, A. Brozik, and I. Gashi
in Proc. 16th IEEE International Symposium on Network Computing and Applications, Boston, USA, 30 Oct - 1 Nov 2017.
(26% acceptance rate)
Cluster-based Vulnerability Assessment Applied to Operating Systems
Y. Movahedi, M. Cukier, A. Andongabo, and I. Gashi
in Proc. 13th European Dependable Computing Conference (EDCC), 2017.
(26% acceptance rate)
Application of Routine Activity Theory to Cyber Intrusion Location and Time
K Bock, S Shannon, Y Movahedi, and M Cukier
in Proc. 13th European Dependable Computing Conference (EDCC), 2017.
(26% acceptance rate)