1

Curriculum Vitae of Dr. Bhavani Thuraisingham

June 2020

2

Table of Contents

Page

Cover Page 1

Table of Contents 2

Biography 3

Curriculum Vitae 4

List of Appendices 13

Appendix A: Awards 14

Appendix B: Research and Education in Cyber Sec./Data Sci. 17

Appendix C: Leadership, Administration and Mentorship 20

Appendix D: List of Publications 25

Appendix E: Discussion of Research Publications 50

Appendix F: Keynote/Featured/Panel Presentations 73

Appendix G: Academic Research Supervision 89

Appendix H: Teaching and Education 91

Appendix I: Research and Education Funding 96

Appendix J: Patents and Technology Transfer 103

Appendix K: Professional Activities 106

Appendix L: Consulting and Training 112

Appendix M: Sample Media Interviews 114

3

Biography of Dr. Bhavani Thuraisingham http://www.utdallas.edu/~bxt043000/ Dr. Bhavani Thuraisingham is the Founders Chair Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) and the Executive Director of UTD’s Cyber Security Research and Education Institute (CSI) since October 2004. She is also a Visiting Senior Research Fellow at Kings College, University of London (2015-2022) and a New America Cyber Security Policy Fellow (2017-2018). Her current research is on integrating cyber security and data science including adversarial machine learning as well as developing novel data science techniques for a variety of applications

including Malware Analysis, Counter-terrorism, Social Media, Geospatial and Multimedia Systems, Political Science and Healthcare. Her interests also include the United Nations “AI for Good” Initiative. She is a Co-Director of Women in Data Science and Women in Cyber Security Centers at UTD.

Over the past 15 years, CSI has grown under her leadership from 1 member (herself) in October 2004 to around 15 in the Erik Jonsson School of Engineering and Computer Science as well as several more in the School of Management, the School of Economics, Policy and Political Sciences and the School of Brain and Behavioral Sciences. The team has generated around $50M in competitive research and $15M in education funding including 100% success rate with NSF CAREER, multiple AFOSR YIPs, multiple IBM Faculty Awards, and DoD MURI, DURIP as well as multiple Large, Medium and Small NSF SatC, NSF SBIR, MRI, the prestigious NSF/VMware partnership and NSF/Amazon partnership awards, and the NSA Lablet Science of Security award (team member), and many more. CSI’s sponsors include NSF, USAF, Army, Navy, NSA, DARPA, IARPA, NIH, NASA, NIST, NGA, DHS, and DOE/Sandia. The team has also established research collaborations with AFRL, ARL, MITRE as well as commercial corporations such as Raytheon, IBM, VMware, Cisco, Nokia, TI, and Intel, some of which through the affiliated IUCRCs. The team has also published multiple papers in every top tier conferences and journals in cyber security and data science/AI (e.g., IEEE S&P, ACM CCS, ACM KDD, IEEE ICDM, AAAI and IJCAI, Usenix Security, ACSAC and NDSS) and has obtained multiple patents.

Prior to joining UTD, Dr. Thuraisingham worked at the MITRE Corporation for 16 years including a three-year stint as a Program Director at the NSF. She initiated the Data and Applications Security program at NSF and was a member of the Cyber Trust theme and also managed the Information Management component of ITR. While at MITRE she led team research efforts for the USAF, Navy, Amy, and NSA in cyber security, was a department head in Data and Information Management and grew the department from 8 to around 28 technical staff in four years and was also a technical advisor to the DoD, the NSA, the CIA, and the IRS in software, cyber security and data science. Prior to that, she worked for the commercial industry for several years including at Honeywell, Inc. where she was a principal designer of the Lock Data Views secure database system for the USAF. She was also involved in designing technologies such as a distributed data dictionary and an expert system for control systems for Honeywell divisions.

She is a Fellow of 8 organizations including the ACM (2018), IEEE (2003), AAAS (2003), NAI (National Academy of Inventors, 2018) and the BCS (British Computer Society, 2005). She is the recipient of over 15 prestigious awards including the IEEE CS 1997 Technical Achievement Award (1st woman), the ACM SIGSAC 2010 Outstanding Contributions Award, 2013 IBM Faculty Award, ACM CODASPY 2017 Innovative and Lasting Research Contributions Award (inaugural), IEEE Computer Society Services Computing 2017 Research Innovation Award (inaugural), Dallas Business Journal 2017 Women in Technology Award, and the IEEE Comsoc Communications and Information Security 2019 Technical Recognition Award. She has published over 120 journal articles, 300 conference papers, 15 books, has delivered over 160 keynote and featured addresses, and is the inventor of six US patents. She received the ACM SACMAT 10-year best paper / Test of Time Awards back to back in 2018 and 2019 and multiple other best paper awards at IEEE conferences. She has chaired/co-chaired top tier conferences including IEEE ICDE 2017 and 2020 (data management), ACM CCS 2017 (cyber security), and IEEE ICDM 2013 and 2018 (data science). She has also given featured addresses at White House OSTP and the United Nations in 2002 on Data Mining for Counter-terrorism and Cyber Security. She has served on numerous editorial boards and currently services on the boards of ACM Transactions on Data Science and IEEE Transactions on Services Computing and was the editor-in-chief of Computer Standards and Interfaces Journal.

Dr. Thuraisingham has worked tirelessly to promote women and minority students and faculty and was the co-chair of the 800 person Women in Cyber Security (WiCyS) Conference in 2016, was a CRA-W distinguished lecturer in 2015, and also delivered a featured address at the Women in Data Science (WiDS) conference in 2018 at Stanford University. Out of the 18 PhD students she has graduated since 2008, 8 are women, 1 is an African American, 1 is from the LGBTQ community and 1 is from the Latino community. She is currently supervising two PhD students (includes one female). She received her PhD from the University of Wales, Swansea, UK, in Computability Theory and the prestigious earned higher doctorate (D. Eng) from the University of Bristol, England, UK (usually ranked top 10 in the UK) for her published research in secure data management (where she also obtained her MS in Mathematical Logic and Foundations of Computing).

4

Curriculum Vitae: Summary

Name: Dr. Bhavani Thuraisingham Work Address: Department of Computer Science The University of Texas at Dallas, Richardson, Texas Title: Louis A. Beecherl, Jr. Distinguished Professor (2010-2019) Founders Chair Professor (2019-Present) Executive Director, Cyber Security Research and Education Institute Phone: 972-883-4738; Fax: 972-883-2349 Email: bhavani.thuraisingham@utdallas.edu; dr.bhavani@yahoo.com URL: http://www.utdallas.edu/~bxt043000/

I. RESEARCH AREAS

Data Science and Cyber Security (including data and applications security and privacy, social media analytics, artificial intelligence applications)’ Data Science for Public Health

II. SUMMARY OF ACCOMPLISHMENTS

39+ years of work experience that includes a unique combination of commercial industry, federally funded research and development center, government program management and visiting and tenured professor in Academia; * Consultant to the DoD, NSA, and CIA for 8 years in the 1990s, * Project and team leader for several research and development projects; * Generated around $50M in research funding and $15M in education funding in 15 years as the founding executive director of the Cyber Security Research and Education Institute at The University of Texas at Dallas; * Published 120+ journal articles, 300+ conference papers, 160+ keynote/Featured addresses, 100+ panel presentations; * Author of 15 books and editor of 12 books; seven US Patents (one pending); Graduated 18 PhD students (8 women, 1 African American, 1 LGBTQ, 1 Hispanic Community) since joining The University of Texas at Dallas with 4 PhD students in the pipeline (includes 3 women); * Founding president of a consulting corporation * Software expert for the US Department of Treasury via MITRE for 18 years; * Expert witness for law firms on patent infringement; * Founder of a university spin-off corporation; * Member of advisory boards of corporations, government agencies, universities, journals and conferences * Experience in technology transfer and product release; * Expertise in building successful teams/center/institute/department from scratch; * Prestigious awards and fellowships from professional organizations such as IEEE and ACM including multiple ACM SACMAT 10 year Test of Time Award; * Advocate for STEM education for women and disadvantaged minorities; *Research interests in data science and cyber security as well as in AI applications, cloud computing/web services and social media.

III. AWARDS, HONORS AND RECOGNITIONS

(i) EXTERNALAWARDS: I am an elected Fellow of prestigious organizations including (i) the ACM (Association for Computing Machinery, 2018), (ii) NAI (National Academy of Inventors, 2018), (iii) IEEE (Institute for Electrical and Electronics Engineers, 2003), (iv) the AAAS (American Association for the Advancement of Science, 2003), (v) the BCS (British Computer Society, 2005), (vi) the SDPS (Society for Design and Process Science – a society that promotes trans-disciplinary research, 2011), (vii) the Society of Information Reuse and Integration (SIRI, 2011), and (viii) EAI (European Alliance for Innovation, 2019). I was also a 2017-2018 Cyber Security Policy Fellow at the New America Foundation.

I am the recipient of several awards including (i) the IEEE Computer Society’s 1997 Technical Achievement Award for “outstanding and innovative contributions to secure data management”, (ii) the 2001 Woman of Color Research Leadership Award from Career Communications Inc. (iii) the 2010 Research Leadership Award for “Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics” presented jointly by the IEEE Intelligent and Transportation Systems Society and the IEEE Systems, Man and Cybernetics Society, (iv) the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control)

5

Outstanding Contributions Award for “seminal research contributions and leadership in data and applications security for over 25 years”, (v) the 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Sustained Professional Excellence in Communications, Electronics, Intelligence and Information Systems and Service to the Association, (vi) the SDPS 2012 Transformative Achievement Gold Medal for interdisciplinary research on integrating computer sciences with social sciences, (vii) a 2013 IBM Faculty Award in Cyber Security, (viii) Society for Information Reuse and Integration’s 2014 Research Leadership Award, (ix) ACM CODASPY (Conference on Data and Applications Security and Privacy) Inaugural Research Award for lasting and pioneering contributions to the field spanning 32 years, (x) IEEE Computer Society Services Computing 2017 Inaugural Research Innovation Award, (xi) Dallas Business Journal Women in Technology Award (one of 25 honorees) in October 2017, (xii) 2018 ACM SACMAT 10 year Test of Time Award, (xiii) IEEE ICDM 2018 Outstanding Service Contributions Award, (xiv) 2019 ACM SACMAT 10 year Test of Time Award, (xv) IEEE Communications Society (Comsoc) Communications and Information Security 2019 Technical Recognition Award, (xvi) IEEE CS (Cyber Security) Cloud (IEEE CS Technical Committee on Smart Computing) Inaugural Technical Excellence Award for research integrating Artificial Intelligence, Cyber Security and the Cloud.

HONORS AND RECOGNITIONS: In addition, (i) I was a 2010 Distinguished Scientist of ACM (now an ACM Fellow), (ii) was an IEEE Distinguished Lecturer between 2002 and 2005, (iii) was a Senior Member of IEEE, 1997 (now an IEEE Fellow), (iv) was featured in Silicon India magazine as one of the seven leading technology innovators of South Asian origin in the USA in 2002, (v) was named one of the 15 Top Cyber Security Professors by Forensics Colleges, December 2013, (vi) was named one of the 5 leading women shaping the future of cyber security in Careersincybersecurity.com in November 2016, (vii) was named one of four women in Cyber Security Academia by SC Magazine in July 2017, (viii) was names top 25 women in cyber security by Cyber Defense Magazine in 2019, (ix) CRA-W Distinguished Lecturer in 2015, and (x) Member CRA-W Career Mentoring Workshop, 2003.

I received the prestigious earned higher doctorate degree of Doctor of Engineering from the University of Bristol, England for my thesis consisting of my published works in secure dependable data management. I have also received the best paper award at multiple conferences.

(ii) INTERNAL AWARDS AND RECOGNITIONS: Founders Chair Professor at University of Texas at Dallas, 2019-Present, Erik Jonsson School of Engineering and Computer Science (ECS) Senior Faculty Research Award 2016 (first computer scientist as well as the first woman to receive this award), Louis A. Beecherl, Jr. Distinguished Professorship at the University of Texas at Dallas, 2010-2019, UTD Faculty Author Recognition for 7 books published while at UTD in 2007, 2009, 2010, 2011, 2013, 2014, 2016, 2019, UTD Invention Disclosure and Tech Transfer Award, 2010; NSF Program Awards (ITR 2003, Cyber Trust 2005); MITRE Program Achievement Awards 1997 (AWACS), 2002 and 2005 (IRS Research Credit); MITRE Director’s Awards 1997 (Data Mining), 1997 (Distributed Objects); MITRE Author of the Month Recognition (1997, 1999); Honeywell Corporate Systems Development Division Employee of the Month Award (April 1987); Control Data Corporation, Arden Hill Programming Division, CDCNET Award for contributing towards the release of the product (September 1985).

IV. EDUCATION

(i) ACADEMIC EDUCATION

Higher Doctorate: Doctor of Engineering (D. Eng) July 2011, Thesis consisting of published work in Secure Dependable Data Management, University of Bristol, England (Top 10 university in the UK).

Ph.D. in Theory of Computation and Computability Theory; University of Wales, Swansea, United Kingdom, July 1979 (at age 24). Thesis: Decision Problems for System Functions

Advisors: Dr. Roger Hindley (Swansea), Dr. John Cleave (Bristol) – received most of the supervision at University of Bristol and submitted thesis at University of Wales, Swansea due to residency requirements

M.S. in Computer Science, University of Minnesota, March 1984 (G.P.A. 4.0/4.0); Specialized in: databases, networks, operating systems. Dissertation: Transport Layer for a Token Ring Network, Advisor: Dr. William Munroe (got this degree while working as a visiting faculty at the university)

6

M.Sc. in Mathematical Logic and Foundations of Computer Science; University of Bristol, United Kingdom, January 1977; Thesis: Construction of a Universal Partial Recursive Functional; Advisors: Dr. John Cleave and Prof. John Shepherdson

B.Sc. in Pure Mathematics, Applied Mathematics, and Physics; University of Ceylon, August 1975 (First Class and First in order of merit – followed the British Education System)

(ii) CERTIFICATIONS AND PROFESSIONAL EDUCATION

• Statistics in R for Public Health, 2020 (in Progress, Imperial College via Coursera)

• Reverse Engineering for Malware (SANS), 2014.

• GCFE (Global Information Assurance Certification (GIAC) Certified Forensics Examiner) SANS Institute, November 2013 (exam) - 2021

• Certificate in Terrorism Studies, St. Andrews University, Scotland, July 2010

• CISSP (Certified Information Systems Security Professional) ISC2, July 2010 (exam) – October 2016

• JAVA Certification, Learning Tree International, (5 courses, exam), July 2000.

• Management Development Program, The MITRE Institute, 1997.

• US Intelligence Community, AFCEA, 1994.

• Cybil Programming Language, Control Data Institute, 1984.

V. SYNOPSIS OF MY RESEARCH

My early research was on theory of computation and, recursion and complexity theory. This research was carried out as visiting professor at the New Mexico Institute of Technology and at the University of Minnesota for three years. It resulted in several journal publications including in the Journal of Computer and Systems Sciences and the Notre Dame Journal of Formal Logic. Then after conducting some research in distributed systems and algorithmic information theory the early to mid-1980s, since 1985, my research has focused on data science and cyber security (used to be data management/AI and computer security). This research was carried out initially at Honeywell, Inc. as well as at the University of Minnesota as adjunct faculty of computer science and I continued with this research at The MITRE Corporation. Significant contributions include the design and development of Lock Data Views Relational Database System, design and development of an integrated data dictionary, design and development of an expert system for process control system, design and development of secure distributed database system, design and development of techniques to handle the inference problem, design of NTML: a Non Monotonic Logic for Secure Data and Knowledge Based Systems, design of a secure object system, the design and development of an object-based real-time data manager and middleware for next generation real-time command and control systems design and the design and development of data mining/analytics systems for social media, geospatial and multimedia systems and malware detection. I also used my background in theory and proved that the inference problem was unsolvable. This work has been quoted by Dr. John Campbell of NSA as a significant development in database security in 1990 http://www.utdallas.edu/~bxt043000/1990_%20A_Year_of_Progress.pdf My main research now at The University of Texas at Dallas is focusing in four major areas: (i) design and development of data science techniques including for stream analytics and detecting novel classes (ii) integrating data science and cyber security including applications in malware detection and adversarial machine learning, (iii) policy-based cloud-centric assured information sharing, (iii) social media analytics and security/privacy. More recently my interests also include Data Science for Public Health. My research has resulted in top tier publications in data science and cyber security conferences and journals (e.g., ACM KDD, IEEE ICDM, ACM TMIS, IEEE TKDE, IEEE TDSC, ACM TOPS), multiple external awards and patents.

VI. WORK EXPERIENCE

ACADEMIA

(i) The University of Texas at Dallas (UTD), Richardson, TX (October 2004 – Present):

Cyber Security Research & Education Institute (CSI) http://csi.utdallas.edu/UTD-Cyber-Security-Summary.pdf; (see also http://csi.utdallas.edu/UTD-Cyber-Security-October-15-2015.pdf )

7

Louis Beecherl Jr. Distinguished Professor: 2010-2019

Founders Chair Professor: 2019-Present

Research Leadership: I joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center. During my 15+ years at UTD, I have established and lead a strong research program in cyber security integrated with data science which has grown from one person in 2004 (myself) to 10 core professors and several affiliated professors conducting research in data security and privacy, data mining for malware detection, adversarial machine learning, software and language security, secure networks, secure systems and forensics, hardware security, cryptography, control systems security, secure software engineering, and security applications. The team has generated over $50 million in research funding from agencies such as NSF, AFOSR, IARPA, DARPA, NGA, NASA, ONR, ARO, ARMY, DHS and NIH as well as multiple corporations and research labs including Raytheon, IBM, VMware, Intel, HP, Sandia, and MITRE. The research projects include 100% success with NSF CAREER grants, multiple AFOSR Young Investigator Program awards, a DoD MURI award on Assured Information Sharing (my one page writeup went into the BAA), multiple MRIs, a large NSF Trustworthy Computing grant on secure data provenance, and multiple NSF medium grants (Trustworthy Computing and NeTS programs) on policy management, in-line reference monitors and data integrity, and multiple AFOSR grants on topics such as assured cloud computing, reactively adaptive malware and mobile system security, and part of the NSA SoS Lablet in Cyber Physical Systems Security. Our team also pioneered the first of a kind international collaboration funded by AFOSR and EOARD on cloud-based assured information sharing between UTD, Kings College – University of London, and University of Insubria – Italy. We have collaborated with the North Texas Regional Computer Forensics Laboratory for student projects as well as with researchers from AFRL Rome, NY on secure cloud and NIST on semantic web for National Vulnerability Database (NVD). The team has graduated over 80 PhD students to date (in 15+ years) and has over 40 students in the pipeline. Student placements include tenure track faculty positions at PhD-granting US institutions (as well as foreign universities), industry positions at IBM TJ Watson Research Center, Amazon, Google Privacy, Microsoft, Raytheon, eBay, Yahoo, and L3 Communications and research scientist positions at US medical schools. The team is known for its interdisciplinary research, collaborating with faculty across multiple schools at UTD, especially in risk and economics-based data security and privacy, policy-based security and data science for healthcare applications and political event detection. The team has published papers in major cyber security and data science conferences including IEEE Security and Privacy (Oakland), ACM CCS, NDSS, USENIX Security, ACSAC, IEEE ICDM, ACM KDD, ACM SIGMOD, PVLDB, EDBT, ACM OOPSLA, CRYPTO, AAAI, IJCAI, and IEEE ICDE. We were among the first group of 18 universities to be designated an NSA/DHS Center of Excellence in Research in 2008 and were re-certified in 2014 and the first university in TX to get the NSA Cyber Operations Certification.

Teaching/Education Leadership: Our team has established UTD’s undergraduate minor as well as the MS track in Information Assurance/Cyber Security as well as another track in Data Science and I was closely involved in developing the curriculum for the tracks. Also, my colleague and I developed the curriculum for a 5 day course in data science for NSA https://cs.utdallas.edu/ut-dallas-cs-hosts-nsa-workshop-on-advanced-data-science-summer-2019/ . We recently got approval from the UT System for an interdisciplinary master’s program to be offered from the School of Economics, Policy and Political Sciences starting Fall 2020 https://www.utdallas.edu/news/students-teaching/new-degree-cybersecurity-public-policy-2020/ . The team members teach courses in several aspects of cyber security and data science including data and applications security, data privacy, secure cloud computing, secure social media, big data analytics, machine learning, reverse engineering for malware, secure programming languages, secure hardware systems, cryptography, secure control systems and critical infrastructure protection, secure cyber physical systems. secure networks, digital forensics, biometrics, and cyber security essentials (CISSP modules). The team has generated over $15M in education funding including a multiple (three) NSF Scholarship for Service (SFS) awards in cyber security and several NSF and NSA Capacity Development grants. Our students from the SFS program have gotten jobs with federal agencies (e.g., NSA, CIA) and Federal Labs (e.g., Sandia, Los Alamos, MITRE, MIT Lincoln Lab). We were designated an NSA/DHS Center of Excellence in Education in 2004 and the first university in Texas and the 14th in the US to obtain the NSA CAE certification in Cyber Operations in 2015. I am a strong believer of integrating research with education and subsequently combined both our research and

8

education programs to form the Cyber Security Research and Education Center in September 2010 which then evolved into the Cyber Security Research and Education Institute (CSI) in April 2013 with a major focus in data science. CSI also includes multiple centers (including NSF-funded Industry University Cooperative Research Center (IUCRC) in Net Centric Information Systems as well as Centers for Engaging Women in Cyber Security and Women in Data Science). We also collaborate on the INSuRE project (experimental research in cyber security) with multiple CAE-R universities in the US.

Professional Activities (Tech Transfer, Outreach): Over the past six years, the team has obtained multiple patents including in data science (e.g., social media analytics) and cyber security. Two of the systems are being transferred to commercial products and one of the members has received SBIR grants (Phase 1 and II). The team also gives keynote addresses, conference tutorials, and serves on editorial boards as well as organized NSF workshops (e.g., Big Data Security and Privacy). Articles on the team’s work have appeared in venues including the Air Force Office of Scientific Research (http://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing/ ), New York Times, New York Daily News, the Dallas Morning News, The Economist, The LA Times, The Boston Globe, D Magazine, MITRE Matters, WomensDay.com, Creditcards.com, DFW Metroplex Technology Magazine, Raytheon Technology Magazine, and local DFW television (e.g., CW33, CBS, ABC, NBC). We organize conferences in cyber security and hosted the NIST Fourth Cyber Security Framework Workshop (Executive Order 13636, Improving Critical Infrastructure Cybersecurity) in September 2013 (http://www.nist.gov/itl/csd/4th-cybersecurity-framework-workshop.cfm). We have also hosted major/flagship conferences (500-1000+ participants) in data science and cyber security including IEEE ICDM (2013), Women in Cyber Security (2016), ACM CCS (2017) and IEEE ICDE. We also organize workshops on Women in Services Computing and participate in Stanford University’s WiDS (Women in Data Science) Conferences.

My Research Contributions: While leading and directing the CSI, I continue to carry out my own research in data security as well as in data science analytics for applications in social media and malware detection. I have graduated 18 PhD students (including 8 women, one African American, one from LGBTQ community and one from the Hispanic community) and my research has appeared in top tier journals and conferences. I currently have two active PhD students (includes 1 woman). I teach courses in data and applications security, secure cloud computing, social media analytics, digital forensics, biometrics, cyber security essentials and will be starting a new course on big data security and privacy in Fall 202. Some of these courses are not in my area (e.g., biometrics, digital forensics) but I took on the challenge of teaching them so that the team members can focus on their research. Together with my colleague, we have developed a highly novel social media analytics system called InXite and worked on commercializing this technology through UTD’s Office of Technology Commercialization. I became an NAI Fellow for my patents and technology transfer work. I have also received several prestigious awards and fellowships including from the ACM and IEEE. https://cs.utdallas.edu/dr-bhavani-thuraisingham-awarded-communications-and-information-security-technical-recognition-award-from-ieee-comsoc/

(ii) Visiting/Adjunct Faculty: I am currently a Visiting Senior Research Fellow at the Department of Informatics Kings College University of London (2015-2018) where I continue to collaborate on research which was initially funded by AFOSR/EOARD http://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing/ . We are exploring the development of a logical framework for policy specification and reasoning for assured information sharing. I was an adjunct professor of computer science and member of the graduate faculty, first at the University of Minnesota (1984-1989) and later at Boston University Metropolitan College (1999-2001) where I taught courses in assembly language programming, programming languages, database security, and advanced database management/data mining. I also co-advised PhD students while at the University of Minnesota. In addition, I worked as visiting professor soon after my PhD, first at the New Mexico Institute of Technology and later at the University of Minnesota between 1980 and 1983.

MITRE, GOVERNMENT, NON-PROFIT

(i) The MITRE Corporation, Bedford, MA (January 1989 – June 2005): My 16 years of experience (full time until October 2004) at MITRE has given me the opportunity to work on research, development and technology transfer projects. I secured research funding from a number of sponsors including the Air

9

Force, Navy, Army, NSA, and CIA as well as consulted for the IRS. I led team research efforts and designed and developed algorithms and prototypes for secure distributed database systems, secure object systems and secure deductive systems. I proved that the inference problem was unsolvable and developed solutions to limited aspects of this problem and this work was commended by NSA https://www.utdallas.edu/~bxt043000/1990_%20A_Year_of_Progress.pdf We also developed distributed object-based, real-time systems and transferred the technology to the AWACS program. Additionally, I developed MITRE’s research initiatives and gave them international visibility in data management and data security. For four years, I managed a department and grew the staff from eight to about 28 (which included finding work for the staff at approx. 200K/staff/yr.). I was a consultant to the NSA in data security for six years and received a commendation letter from the chief of NSA/R23 in 1994 https://www.utdallas.edu/~bxt043000/Bhavani-NSA-Letter.pdf I also managed 15 research projects under the CMS Massive Digital Data Systems Initiative (MDDS) for CIA and NSA focusing on data mining/analytics. In Fall 1999, at the request of the then MITRE President, I worked on a high priority project as a software expert to IRS (a new FFRDC at that time for MITRE) on the software research credit program (examining software research credit filed by Fortune 500 companies) and my work was quoted in the Wall Street Journal in December 2000. My work at MITRE has resulted in prestigious awards including the IEEE CS Technical Achievement Award, the IEEE Fellow Award, research publications and three US patents on database inference control. An article about my work was published by MITRE in 2003 https://www.utdallas.edu/~bxt043000/Press-Releases/Bhavani-MITRE-article-with-Marty-Faga.pdf

(ii) National Science Foundation, Arlington, VA (October 1, 2001 – September 30, 2004)

IPA Position from MITRE: I was an IPA (Intergovernmental Personnel Act) at the National Science Foundation (NSF) in Arlington, VA, from the MITRE Corporation for three years and managed a budget l of approx. $80M (e.g., IDM, ITR, Cyber Trust). At NSF, I was the program director of the IDM (Information and Data Management Program) in 2002 and was also the focal point for Information Management for NSF’s Information Technology Research Initiative (ITR) in 2003. In addition, I established the Data and Applications Security Special Program in 2003 and co-founded the Cyber Trust theme in 2004. I was involved in interagency activities in data mining for counter-terrorism. I also advised the DHHS (health and human services) and reviewed proposals on the billion-dollar States’ Bioterrorism initiative. We also worked on interagency initiatives including the founding of the KDD program with IARPA. While at NSF, I was a member of multiple initiatives including in bioinformatics, geoinformatics, sensor information management, and math/science partnerships. I also gave featured addresses on data mining for counter-terrorism at the White House Office of Science and Technology Policy and the United Nations.

(iii) New America Foundation (2017-2018)

I worked as a non-resident Cyber Security Policy Fellow at the New America Foundation. I focused on Cyber Security workforce development (e.g., NIST NICE initiative) as well as research policy issues for Cyber Security Analytics. I am working on articles including Engaging Rural America and Cyber Security Governance (one of which was published at the IEEE ISI conference). My focus was also on engaging rural America in cyber security and organized a panel at the NIST/NICE conference in 2018.

COMMERCIAL INDUSTRY

(i) Honeywell, Inc., Golden Valley, MN (January 1986 – January 1989): Principal Research Scientist/Engineer, Computer Sciences Center/Corporate Systems Development Division. I conducted research, development, and technology transfer activities in database security, data management, distributed processing and network file systems, and AI applications in process control systems. In addition to reports and proprietary documents, papers were also published in refereed journals and conferences. Work was carried out for the Air Force and NASA as well as for Honeywell’s internal divisions (e.g., Industrial Automation Systems Division, Building Controls Division, and Residential Controls Division). After the successful completion of multiple projects including the Design of Lock Data Views (one of the two high assurance secure database systems developed for the USAF), I joined MITRE.

10

(ii) Control Data Corporation, Arden Hills, MN (November 1983 – January 1986): Senior Programmer/ Analyst, Arden Hills Programming Division. I was involved in the design and development of the CDCNET (Control Data Communications Network) product. Specifically, I was responsible for the design and development of transport, network and session layers as well as several other components of the network. Company proprietary documents were also written. After the successful release of CDCNET Version 1.0, I joined Honeywell.

VII. PUBLICATIONS, KEYNOTE ADDRESSES, PROFESSIONAL ACTIVITIES

My work has resulted in over 120 journal articles including several IEEE and ACM Transactions, the VLDB Journal and the Journal of Computer and Systems Sciences, over 300 refereed conference papers including VLDB, ACM OOPSLA, IEEE ICDE, ACM KDD, and IEEE ICDM, ACSAC, seven US patents (one pending) and several IP disclosures. I am the sole author of 10 books (written for technical managers) in data management, data mining and data security including on data mining for counter-terrorism, database and applications security, and secure cloud computing. I am also a co-author of five highly technical books (mainly PhD thesis of students converted into books) in data analytics and data security. I am also the editor of 12+ books.

I have given over 140 keynote presentations and featured addresses at various technical conferences and have also given invited talks at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism. I have served on panels for the Air Force Scientific Advisory Board and the National Academy of Sciences.

I serve (or have served) on editorial and advisory boards of leading research and industry journals including several IEEE and ACM Transactions, the VLDB Journal, and also served as the Editor-in-Chief of Computer Standards and Interfaces Journal. I have contributed to multiple standards activities including Navy’s Next Generation Interface efforts, Object Management Group’s Real-time Computing and C4I efforts, and Open Geospatial Consortium’s semantic web efforts. I am a member of several professional organizations including the IFIP 11.3 Working Group in Data and Applications Security. I have chaired 20+ conferences and served on 100+ conference program committees. I have been involved with IEEE Computer Society activities for over 15 years first serving on the conferences and tutorials board and currently serve on the awards board. I served on the advisory board of the Computer Science Department of Purdue University (2005), Accuvant Corporation (2011-2015), Computer Science Department at the University of Georgia (2015-2019) and Illinois Institute of Technology (2018). I serve on the advisory board of a new cyber security risk company MaxxSure (since 2018). I also serve on the Academic Advisory Council of the NIST FFRDC for MITRE and U of MD System (since 2014).

VIII TRAINING, TECHNOLOGY TRANSFER AND OUTREACH

Between 1998-2010, I was an instructor at AFCEA’s (Armed Forces Communications and Electronics Association) Professional Development Center (including teaching at several Air Force Bases such as Offut, Eglin, Lackland, Edwards, and Kirkland) and have also given tutorials to several federal agencies via the MITRE Institute (1990-2000) including ESC, DISA, NSA, AIA, SPAWAR, CECOM, SPACECOM, EUROCOM on data management, data mining/analytics and data security. I am currently a software expert for the Department of Treasury via the MITRE Corporation.

I am the inventor of six US patents with one more pending. I am also the founder of “Knowledge and Security Analytics, LLC” (KSA), a spin-off company from UTD that is commercializing some of our technologies. My first three patents on database inference control were sold to Intellectual Ventures by MITRE as three ff the four must have patents. KSA is licensing my patent #4 and developing a data analytics system for many applications including in national security. The fifth patent is on novel class detection and has applications including addressing significant problems such as zero-day attacks. Patent #6 is on detecting man in the middle attacks for smartphones. The technologies I have developed have a huge societal impact including in individual privacy, national security and cyber defense. In addition, the technologies I have developed in secure data management and real-time systems have been transferred to commercial products (e.g., Oracle, Sybase, Informix), government operational programs (e.g., AWACS) and standards (e.g., OMG Real-time systems SIG).

11

I promote Math and Science to high school students, women and underrepresented minorities and the general public (e.g., local libraries) and am a member of the Society of Women Engineers (SWE). I have participated in panels and distinguished lectures at CRA-W and have given featured addresses at conferences sponsored by WITI (Women in Technology International) and SWE. I taught Math for high school students for a year through Personal Tutors Cheshire while living in the UK between 1979 and 1980. I am a strong advocate for safeguarding children and have participated in a National Academy panel on protecting children from inappropriate content on the Internet chaired by the Hon. Dick Thornburgh in 2000 and am continuing with these efforts and participated in 2010 in the EastWest Institute’s 1st Worldwide Security Summit panel on protecting our children in cyberspace. I have appeared on DFW television on multiple occasions expressing my views on cyber security. I have also been a strong proponent of engaging Women in Cyber Security by co-chairing the 2016 WiCyS conference (800+ person event) and establishing a center at UT Dallas. I have been involved in Stanford University’s WiDS (Women in Data Science) https://www.youtube.com/watch?v=xfBie2oVzkA XIII LARGE SCALE SOFTARE DEVELOPMENT

I have around 37 years of large-scale software design and development experience. In particular, my experience includes developing (i) software for commercial products involving mainframe systems, databases and distributed control systems while in the commercial industry, (ii) software for operational systems that involves the integration of heterogenous database systems, real-time object systems (e.g., middleware, databases and applications) and data analytics systems while at MITRE, and (iii) large scale open source and other software systems involving cloud platforms, No-SQL databases, data analytics and web services standards for the Department of Defense and the Intelligence Community while in academia. I have been intimately involved with providing scalable solutions to complex software development efforts for the US Government and have led software design and development efforts that included professional software developers while at MITRE and academia.

Supportive evidence of my extensive software development efforts has been reported by the US Air Force and MITRE (among others). For example, the US Air Force has commended my software design and development effort to integrate large scale systems operating in the cloud across US and Europe (https://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing/) to support information sharing among the coalition organizations. Furthermore, MITRE commends several of my software development efforts including connecting databases in Bedford-MA (Air Force), Fort Monmouth-NJ (Army), and McLean-VA (Navy) (https://www.utdallas.edu/~bxt043000/Press-Releases/Bhavani-MITRE-article-with-Marty-Faga.pdf). I also have strong expertise in Java software development (and has certifications in Java as well as forensics examination of software – e.g., SANS). In addition to such large-scale software development efforts, I have also led teams to design and develop various prototypes such as database inference controllers, data mining tools for malware analysis, expert systems for control systems, and social media systems.

My software development efforts are documented in practical software magazines and journals (e.g., Software Practice and Experience, Journal of Systems and Software and IEEE Transactions on Software Engineering), books (e.g., Design and Implementation of Data Mining Tools for Malware Detection), and multiple software patents. I have also received some of the most prestigious awards given to software professionals and engineers (e.g., IEEE Fellow, NAI Fellow – National Academy of Inventors). Such vast and unique software design and development experience carried out in the commercial industry, MITRE and in academia for the US Government enables me to understand all aspects of software design and development for large scale systems.

IX ADMINISTRATION AND MANAGEMENT

I have been a Principal Investigator of projects funded by the US Government since 1987 for a budget of approx. $20M. (AFRL at Honeywell, SPAWAR, CECOM, NSA, CIA at MITRE, NSF, AFOSR, NGA IARPA, ARO, IBM and Raytheon at UTD – at UTD I also initiated projects with several other agencies and corporations and assigned the team members of our Institute to lead as PI; the total funding for research in my team is around $50M and education is around $15M).

12

I have been an administrator since 1994 and have managed a budget of around $110M. I managed the Massive Data Initiative as well as the Evolvable Systems Initiative at MITRE from 1994-1997 (approx. 10M), Department head at MITRE and grew the department from 8 to 28 and generated work for majority of the staff (each staff costs approx. $200K) from other MITRE divisions and/or the Federal government. I managed a budget of approx. $80M at NSF between 2001-2004 (e.g., IDM program, Information Management for ITR, Data Security component of Cyber Trust). At UTD I am managing the budget for the Institute (which is part of the overhead generated).

While I am not a micromanager, I am a hands-on manager. That is, I ensure that the members of my department/team are empowered, and I listen to their issues and resolve them with the support of my management. I also make every effort to introduce my team to key funding agencies in Washington and that is one of the main reasons that the team members have done very well with several awards. While I am a consensus builder, I am also a decision maker. Negotiation is a skill that I have learnt over the years and use it when working with my team and management. I try my best to develop a win-win situation and that means lot of give and take. To succeed in administration and management I believe that is very important to be disciplined and organized and I achieve this through daily meditation. Since we have members from different countries and belong to different cultures and religions (e.g., US, Western Europe, South America, Middle East, South Asia and East Asia), I also read a lot about the different cultures to better enable me to understand people. Finally, as a woman who has had to balance education and career with marriage and motherhood, I understand the challenges that women are faced with and work especially hard to motivate junior female researchers. I believe that US born females are significantly underrepresented in Computer Science and I am making every effort to address this problem.

X. MEDIA LINKS

Some press releases that were issued by MITRE, UTD and others can be found at the links below. The last link is on the speech the NSF Director (Dr. Maria Cordova) gave to TAMEST in 2015 where she commended my technology transfer work.

https://www.youtube.com/watch?v=xfBie2oVzkA https://www.youtube.com/watch?v=9c2NL3WqRys https://www.youtube.com/watch?v=DKnTSUGhSNk https://www.utdallas.edu/news/faculty/cybersecurity-expert-elected-fellow-of-two-distinguished-technology-organizations/ https://cs.utdallas.edu/thuraisingham-receives-the-codaspy-research-award/ https://cs.utdallas.edu/thuraisingham-2017-research-innovation-award/ https://cs.utdallas.edu/nbc-dfw-thuraisingham-trump-cyber-security-russia-2016/ https://cs.utdallas.edu/wicys-16-ctovision/ http://cs.utdallas.edu/thuraisingham-35yrs-faculty-research-award-2016/ http://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing/ https://www.utdallas.edu/~bxt043000/Press-Releases/Bhavani-MITRE-article-with-Marty-Faga.pdf http://www.nsf.gov/news/speeches/cordova/15/fc151113_TAMEST.jsp

13

LIST OF APPENDICES

The following will be provided in the Appendices to this CV.

• Appendix A: Awards

• Appendix B: Research, Education and Leadership in Data Science

• Appendix C: General Leadership, Administration and Mentoring

• Appendix D: Research Publications

• Appendix E: Discussion of Research Publications

• Appendix F: Keynote/Featured/Panel Presentations

• Appendix G: Academic Research Supervision

• Appendix H: Education and Teaching

• Appendix I: Research and Education Funding

• Appendix J: Patents, Technology Transfer and Commercialization

• Appendix K: Professional Activities

• Appendix L: Consulting and Training

• Appendix M: Sample Media Interviews

14

APPENDIX A: AWARDS

EXTERNAL AWARDS AND RECOGNITION

FELLOW AWARDS

• Recipient of 2018 ACM Fellow for contributions to methods, tools, and systems for security and privacy of data and applications (one of the most prestigious awards for a computer scientist)

• Recipient of the 2018 NAI (National Academy of Inventors) for inventions in data science/ analytics and data security.

• Recipient of IEEE’s 2003 Fellow Award for Contributions to Secure Systems involving databases, distributed systems and the web. As stated by IEEE, “each year, following a rigorous evaluation procedure, the IEEE Fellow Committee recommends a select group of recipients for one of the Institute's most prestigious honors, election to IEEE Fellow”.

• Recipient of AAAS (American Association for the Advancement of Science) 2003 Fellow Award for “Outstanding and Innovative Contributions to Secure Database Systems and Secure Web Information Systems”

• Recipient of British Computer Society (BCS) 2005 Fellow Award for contributions to information technology

• Recipient of 2011 SDPS (Society for Design and Process Science) Fellow Award for Trans-disciplinary research in cyber security and data science.

• Recipient of 2011 Society of Information Reuse and Integration (SIRI) (Subcommittee of IEEE Systems, Man and Cybernetics Society) Fellow Award (first woman) for “outstanding research contributions and leadership in Secure Information Integration.”

• Recipient of 2019 EAI (European Academy of Innovation) Fellow.

RESEARCH/TECHNICAL AWARDS

• Recipient of IEEE Computer Society’s (CS) 1997 Technical Achievement Award (first woman) for contributions to secure distributed database management. As cited by IEEE, “this award is given to individuals who have made outstanding and innovative contributions in the field of computer and information science and engineering within the past 15 years”.

• 2010 ACM SIGSAC Outstanding Contributions Award (first woman) for seminal research contributions and leadership in data and applications security for over 25 years

• Recipient of 2012 SDPS (Society for Design and Process Science) Transformative Achievement Gold Medal (first woman) for Trans-Disciplinary Research in Cyber Security and Data Science.

• Recipient of 2013 IBM Faculty Award for Research and Education in Secure Cloud Computing

• Recipient of the Inaugural 2017 ACM CODASPY (Conference on Data and Applications Security and Privacy) Lasting Research Award for lasting and innovative research contributions to the field spanning 32 years (citation reads: “For contributions sustained over 32 years from multilevel secure database systems (1980s) to the inference problem (1990s) to assured information sharing (2000s) to secure data management on the cloud (2010s).

• Recipient of the Inaugural 2017 IEEE CS Services Computing Research Innovation Award for seminal research contributions to integrating Cyber Security, Data Analytics and the Cloud.

• ACM SACMAT 2018 10 Year Best Paper /Test of Time Award, June 2018

• ACM SACMAT 2019 10 Year Best Paper /Test of Time Award, June 2019

• Recipient of the IEEE Communications Society (Comsoc) Communications and Information Security 2019 Technical Recognition Award (for Data Mining for Network Security Problems).

• Recipient of the IEEE CS (Cyber Security) Cloud (IEEE CS Technical Committee on Smart Computing) Inaugural Technical Excellence Award for research on integrating Artificial Intelligence, Cyber Security and the Cloud (July 2020).

15

LEADERSHIP AWARDS

• Recipient of Career Communication Inc.’s National 2001 Woman of Color Technology Research Leadership Award

• 2010 Research Leadership Award (first woman) for Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics presented jointly by the IEEE Intelligent Transportation Systems Society’s Technical Committee on Intelligence and Security Informatics and the IEEE Systems, Man and Cybernetics Society’s Technical Committee on Homeland Security

• Recipient of Inaugural 2014 SIRI Research Leadership Award (first woman) for leadership in Secure Information Reuse and Integration

SPECIAL RECOGNITION AWARDS

• IEEE Senior Member, 1997 (Fellow since January 2003)

• IEEE Distinguished Lecturer, 2002 – 2005

• Featured in Silicon India’s May 2002 issue as one of the top seven technology innovators (the

only woman) in USA of South Asian origin (others are from Stanford, Berkeley, MIT, NASA,

PARC and HP Labs). The innovation was for data and web security.

• 2010 ACM Distinguished Scientist (Fellow since 2018)

• Earned Higher Doctorate Degree (Doctor of Engineering) at the University of Bristol, England, July 2011(for Secure Dependable Data Management)

• Top 15 Cyber Security Professors named by Forensics Colleges, December 2013 http://www.forensicscolleges.com/blog/profs/15-top-cyber-security-professors

• One of 5 leading women shaping the future of Cyber Security named by Careersincybersecurity.com, November 2016. https://careersincybersecurity.com/cyber-security-leading-women/

• One of four leading women in cyber security named by SC Magazine, July 2017 https://www.scmagazine.com/women-in-it-security-academics-and-voting/article/669039/

• Women in Technology Award, Dallas Business Journal, October 2017 (one of 25 women, DFW)

• Top 25 Women in Cyber Security, Cyber Defense Magazine, 2019 http://cyberdefenseawards.com/top-25-women-in-cybersecurity/

• Named on of Top 1000 Computer and Electronics Scientists in the USA (CS/CE/EE) with high H-Index in 2020 by http://www.guide2research.com/

EDUCATION AWARDS

• 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Service to AFCEA (education through the Professional Development Center) and Sustained Professional Excellence in Communications, Electronics, Intelligence and Information Systems

SERVICE AWARDS

• 2018 IEEE ICDM (International Conference on Data Mining) Service Award for Exceptional Service and Leadership to Community in promoting Data Mining to the Cyber Security Community

BEST PAPER AWARDS

• Secure Query Processing Strategies, (Thuraisingham, Tsai, Keefe) IEEE International Conference on Systems Sciences, Best paper for Software Tracks, January 1988 (Special Issue Invited to IEEE Computer Magazine and published in March 1989)

• Pallabi Parveen, Zackary R. Weger, Bhavani M. Thuraisingham, Kevin W. Hamlen, Latifur Khan: Supervised Learning for Insider Threat Detection Using Stream Mining. IEEE ICTAI 2011: 1032-1039 (Invited Paper published in ICTAI Journal)

16

• Brian Ricks, Patrick Tague, Bhavani Thuraisingham, Large Scale Realistic Data Generation on a Budget, IEEE IRI 2018, Salt Lake City July 2018, Best Student Paper Award.

• Lifting the Smokescreen: Detecting Underlying Anomalies During a DDoS Attack. IEEE ISI 2018: Miami, FL (coauthors: Brian Ricks, Patrick Tague), Best Paper Award.

• Where Did the Political News Event Happen? Primary Focus Location Extraction in Different Languages, IEEE CIC, Los Angeles, December 2019. (coauthor: M. Imani et al) (Best Paper Award)

INTERNAL ORGANIZATIONAL AWARDS

• Founders Chair Professor, 2019-Present

• 2016 Senior Faculty Research Award, Erik Jonsson School of Engineering and Computer Science, May 2016 (first woman and first computer scientist to receive this award)

• UTD Inventor’s Award, April 2011 (patents granted in 2015 and 2016)

• Louis Beecherl Jr. Distinguished Professorship, September 2010-2019

• Author Recognition (for books published), 2006, 2008, 2010, 2011, 2012, 2014, 2015, 2017, 2019

• MITRE Program Achievement Awards; Research Credit for Internal Revenue Service, June 2005 and June 2002; Experimental Research for AWACS Program, June 1997

• NSF Program Awards (ITR 2002, ITR 2003, and Cyber Trust 2004)

• MITRE Author of the Month Awards for books on Data Management in April 1997 and Data Mining in April 1999

• MITRE Director Awards for Research and Development in Data Mining, September 1998; Distributed Object Management, December 1998

• MITRE Patent inventor award (for patents granted in 1994, 1996 and 1997)

• Honeywell Employee of the Month Award, For Research and Development in Database Security and Distributed Data Management, April 1987

• Control Data Corporation CDCNET Award for working towards the release of CDCNET 1.0, September 1985 (design and development of multiple layers as well as fixing numerous errors before the first release in December 1985).

17

Appendix B: Cyber Security and Data Science Research, Education and Leadership

A major theme of my research since 1985 while at Honeywell, MITRE, NSF and UT Dallas has been in Data Science (it started with data management, data mining and analytics and now data science) especially on integrating it with cyber security as well as areas such as social media, geospatial information systems, political science and multimedia systems. Therefore, I will summarize my efforts in data science in this Appendix.

First, Data Science has evolved from data management, statistics, data mining, data analytics, and machine learning and is being integrated with every application including cyber security, healthcare, finance, manufacturing and political science, among others. Massive amounts of data are being collected and analyzed. Therefore, data science includes ensuring that the data is accurate and of high quality as well as applying machine learning and artificial intelligence techniques on the data to obtain useful results to enhance society.

Second, I have worked in data science in general and at the intersection of data science and cyber security in particular for the past 34+ years while at Honeywell, MITRE, NSF and UT Dallas. Over the years around 50% of my work has focused on integrating cyber security and data science while the remaining 50% has focused on applying data science for a variety of areas including (i) integrating massive amounts of heterogeneous data, (ii) developing artificial intelligence tools for process control systems, (iii) geospatial/multimedia data management and mining, (iv) political event coding, (v) machine learning for counter-terrorism, and (vi) social media analytics.

Below is a summary of how my work has evolved over the past 34 years in Data Science in research, education, leadership and technology transfer.

Research, Education and Technology Transfer at Honeywell

My research in data science at Honeywell included designing and developing one of the first two high assurance data management systems for the US Air Force. As part of this research, I developed artificial intelligence techniques to handle what was known as the inference problem where it is possible to combine pieces of unclassified data and infer highly classified data. This work was a major breakthrough for which I would receive several awards later on. The research was also published in several top tier journals such as IEEE Transactions on Knowledge and Data Engineering. We were also the first to explore security for large AI systems and presented this work at the AAAI Conference Workshop on large AI systems in 1988.

While at Honeywell I also worked on a number of data science projects for the US Government as well as the Honeywell’s divisions. For example, I was part of a team that integrated large heterogeneous databases for the Honeywell’s Residential Control Systems Division. In this work we used the IRDS standard data model for the common data model and subsequently transformed the data from the heterogeneous data representations to the common data representation. This was one of the first efforts to carry out such integration and was presented at the AFIP National Computer Conference. Subsequently, I was part of a team that developed a distributed object management system for Honeywell’s Building Control Systems Division. This object management system integrated heterogeneous databases as well as systems using an object model. We also designed and developed artificial intelligence systems for providing advice to process control systems. This research was presented at the AAAI conference workshop in control systems in 1988, the American Control Systems Conference in 1989 and a book chapter published by MIT Press in 1990. The technology was transferred to Honeywell’s Industrial Automation Systems Division. I also led an effort to investigate data models and information models for the Air Force. These information models essentially model the nuggets extracted from the data through analyses. This work was published in the Information Systems Journal. We also developed an Artificial Intelligence System for more intelligent networks and the work was published in IEEE Network. Finally, we were among the first to develop knowledge transformation from representations such as rules and frames and this work was published in AI Expert.

I was also an adjunct professor at the University of Minnesota and taught courses in database security (part of the computer security course) as well as gave tutorials at conferences such as the Computer Security Conference. I also co-advised graduate students that carried out research in applying artificial intelligence techniques for intelligent secure query processing and this work was published in IEEE Computer.

18

Research, Education and Technology Transfer and Technical Advisor at MITRE

While at MITRE for 16 years (out of which I spent 3 yrs. at NSF), I led several team projects on integrating data science and cyber security. These include (i) design and development of secure distributed data management system, (ii) design and development of secure object data management system, (iii) design and deployment of intelligent (deductive) data management system based on logic programming techniques, and (iv) design and development of distributed inference controllers that use artificial intelligence techniques. These efforts were funded by Army, Navy, Air Force and NSA and some of the prototypes were transferred to operational systems (e.g., Army). In addition, I was also involved on designing and developing the next generation distributed object systems for AWACS which was transferred to the AWACS program. The inference controllers and the intelligent data systems work resulted in three US Patents that were then licensed by a company.

By 1993 my work focused mainly in data science (e.g., data mining) and I became the co-director of the database specialty group (in charge of the work in Bedford MA) and coordinated the activities at MITRE by presenting the work to sponsors and organizing conferences at MITRE. In August 1994, I was given the leadership of all of MITRE’s Internal R&D in data management and focused on initiating data mining projects. Subsequent I was given a larger portfolio to manage (around $5M/yr.) which included data management (e.g., data mining) as well as integrating heterogeneous databases and migrating legacy applications which were all of critical importance to MITRE’s sponsors. Around the same time (1995), I was made the department head for Data and Information Management (which would now be considered Data Science) that consisted of four sections that were data science related. These were (i) Data Mining/Analytics, (ii) Multimedia Information Management and Analytics, (iii) Distributed Object Management, and (iv) Distributed Data Management and Heterogeneous Data Integration. I grew the department from 8 in 1995 to 28 in 1999 (at MITRE the dept head usually finds work for all the staff in his/her dept which involved substantial negotiations with other divisions).

In addition to managing the department and providing team leadership on several research projects, I was an advisor in secure data management to the NSA (1991-1997) and data analytics to the CIA (1993-1999). For the NSA, I provided directions for funding and also mentored junior researchers and wrote joint papers. For CIA, I managed 15 research projects for the MDDS program with Academia mainly in data mining/data analytics. This program was called the Massive Digital Data Systems (MDDS) which can be considered to be a Big Data program in the mid-1990s. I gave numerous presentations on behalf of the CIA to many agencies as well as at government conferences (e.g., AIPSG). (My work for the NSA is commended in https://personal.utdallas.edu/~bxt043000/Bhavani-NSA-Letter.pdf )

While at MITRE, I was also actively involved in education activities in data science related topics. I was not only an adjunct faculty at Boston University (Metropolitan College) teaching advanced data management (1990-2001), but was also an instructor at AFCEA (1998-2010) and the MITRE Institute (1990-2000) teaching courses in data management, data mining, knowledge management, and various others aspects of data science. These courses were also taught at numerous AF bases between 1990 and 2010 including Kelly, Lackland, AIA, Eglin, Kirkland, Offutt, Hanscom as well as various government agencies such as US Navy Spawar, NRaD, Army CECOM, DISA, NSA, CIA, Eurocom and Spacecom. These professional courses ranged usually anywhere from 1 – 3 days. Courses were also taught as conference tutorials around the world (for both IEEE and ACM). My work at MITRE is commended in https://personal.utdallas.edu/~bxt043000/Press-Releases/Bhavani-MITRE-article-with-Marty-Faga.pdf )

Program Management at NSF

I was at NSF 2001-2004 and much of my focus was on data mining and information management as well as data and applications security and privacy. During my first year, I was the head the Information and Data Management Program (which is now part of the Data Science/Big Data initiative at NSF) and managed a budget of $10M. During year 1 I also managed the Information Management component of ITR. Since it was just after 9/11, I was very active in Data Mining for Counter-terrorism, writing positions papers, giving talks at White House OSTP as well as the United Nations. I was also involved in various interagency efforts with IARPA and DHHS as well as involved in activities at the National Academies. I also participated in education efforts such as Math/Science partnership program and the NITRD activities in Information Management. During my second year I managed a very large portfolio of initiatives on Information

19

Management for ITR (around $80M) and also started my special initiative in Data and Applications Security and Privacy. This was the first program that explored the privacy violations that could occur through data mining. I also managed the Sensor Information Management component of the Sensor Nets program. During my third year, I was part of NSF’s Cyber Trust (now SatC) initiative focusing on Data and Applications Security and Privacy as well as Information Management for ITR. I also conducted extensive outreach especially visiting EPCOR states such as Arkansas, Oklahoma and Louisiana and giving talks about various NSF programs and participated in the NITRD efforts in cyber security.

Research, Education and Technology Transfer at the University of Texas at Dallas

I joined UT Dallas in October 2004 (soon after NSF) to head the cyber security research and education institute (CSI). Since my own research focused on integrating cyber security and data science, I focused on initiating research projects in this area. Our initial efforts were on Assured Information Sharing in the Cloud and Data Mining for Cyber Security which included grants from AFOSR and NSF. At that time, we expanded by hiring faculty in systems and software security and our research portfolio increased to around $10M by 2009. We had also obtained the NSA/DHS certificates in cyber security education and research. It was then that we started focusing on the education programs including SFS grant as well as capacity building grants in secure cloud computing. We also started the MS track in cyber security and hired additional faculty in areas such as cyber physical systems security and hardware security. We had success rate of 100% for NSF CAREER and multiple AFOSR YIPs. By 2014 our research portfolio increased to over $20M and in 2015 we were the first university in TX to get the NSA certification in cyber operations. Between 2014 and 2019 our research and education funding grew by a great deal and today we have generated around $47M in research and $15M in education (with multiple SFS). We also established an interdisciplinary MS in Cyber Security Policy and Technology.

While developing cyber security at UTD, I also focused on my own research and education efforts in data science. I am part of the data science team and contributed to establishing a MS track in data science and I also co-direct the Women in Data Science initiative at UTD. In addition, my research continued in areas such as data science for cyber security and adversarial machine learning. I also taught courses in this area at AFCEA and Air Force bases between 2005 and 2010 and more recently we taught a five-day course to NSA in Advanced Data Science. https://cs.utdallas.edu/ut-dallas-cs-hosts-nsa-workshop-on-advanced-data-science-summer-2019/ This course has generated a lot of interest among government agencies. I also gave tutorials on this topic at various conferences. We also obtained patents on multiple systems for social media analytics and machine learning-based novel class detection. We also worked with colleagues in other schools at UTD (e.g., political science) and applied data science for a variety of applications. Also, my work for the Air Force on Assured Information Sharing in the Cloud between US, UK and Italy (that integrates data science, cyber security and the cloud) is commended in https://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing/ )

My research at the intersection of data science and cyber security as well as machine learning applications has resulted in numerous top tier publications in conferences such as IEEE ICDM, ACM KDD, IEEE ICDE, IEEE Big Data and WWW and I was also both general chair and program chair for IEEE ICDM (in 2013 and 2018 – one of the top two data science conference) among others. I have also written 15 books related to data science since 1997 and writing the 16th book titled: Secure Data Science. I also received several awards from IEEE and ACM for my work in data science including Fellow of ACM, IEEE, AAAS, NAI as well as technical awards such as IEEE Computer Society’s (CS) 1997 Technical Achievement Award, 2010 ACM SIGSAC Outstanding Contributions Award, Inaugural 2017 ACM CODASPY (Conference on Data and Applications Security and Privacy) Research Award for lasting and innovative research contributions to the field spanning 32 years, Inaugural 2017 IEEE CS Services Computing Research Innovation Award for seminal research contributions to integrating Cyber Security, Data Analytics and the Cloud, ACM SACMAT 2018 and 2019 10 Year Best Paper /Test of Time Awards, June 2018, 2019, IEEE Communications Society (Cosmic) Communications and Information Security 2019 Technical Recognition Award for Data Mining for Network Security, and IEEE CS (Cyber Security) Cloud (IEEE CS Technical Committee on Smart Computing) Inaugural Technical Excellence Award for research integrating Artificial Intelligence, Cyber Security and the Cloud. I have given numerous keynote addresses integrating Data Science/AI, Cyber

Security and the Cloud and have also given media interviews. The most notable was at Stanford University

in March 2018 at WiDS (Women in Data Science) that had worldwide coverage.

https://www.youtube.com/watch?v=xfBie2oVzkA&t=8s

20

Appendix C: General Leadership, Administration and Mentoring

While Appendix B focused on my research, education and leadership in Data Science, Appendix C will focus on my overall leadership, administration, management mentorship and team building efforts throughout my career.

1. RESEARCH AND EDUCATION LEADERSHIP

1987 – 1997: I have held a number of research and education leadership positions over the past 30+ years. I started my project leadership experience at Honeywell where I took on task leadership positions (1987-88) on the Secure Lock Data Views project for the Air Force and the Network Operating System project for NASA. However, it was at MITRE that I began leading multiple team research projects in Secure Data Management for the Air Force, Navy, Army and the NSA. In particular, I led three to four-member team projects designing and developing secure distributed data management systems, secure object data management systems, and inference controllers. This research was commended by the National Security Agency (NSA) in 1990. I also advised NSA between 1990 to 1997 on research directions in database security and based on my recommendations, the chief of NSA/R23 funded a number of efforts. I also mentored junior researchers at the NSA and wrote a number of research papers with them in the 1990s. I was also a reviewer for NSA on the University Research Program between 1991 and 1997.

1993 – 1999: Due to the success of my teams in secure data management, I became the co-director of MITRE’s database specialty group in 1993 (which included data mining and analytics, multimedia information systems) and subsequently promoted to head of the data management initiative across the corporation and to sponsors (data mining was one of the major focus areas of this effort). A number of projects were in my portfolio including in data mining, secure data management, heterogeneous database integration and real-time/multimedia data management. In 1996, I was given additional responsibilities and managed the entire research thrust of evolvable systems which included not only data management/mining but also legacy systems migration and software systems. In June 1995, a department in Data and Information Management was established in the Intelligence Center and I was made the head of that department and given about eight staff to manage. In four years, I grew the department to 28 staff with four sections: Data Analytics/Mining, Distributed/Heterogeneous Data Systems, Multimedia Information Management, and Distributed Object Systems with security cutting across all areas. Between 1993 and 1999, I also initiated and managed a very large project for the Intelligence Community (CMS/CIA/NSA). This initiative was called MDDS (Massive Digital Data Systems). I managed 15 university research projects for the CIA and NSA which focused mainly in areas such as data mining/analytics, heterogenous database integration, and multimedia information systems. I learned much during these years, not only to develop research programs but also to mentor the staff and help them perform at their best.

1999 – 2001: During the Spring of 1999, I was asked by the then CEO of MITRE (Mr. Victor DeMarines) to work on a very high priority project for the Department of Treasury as we had just won the IRS FFRDC. This is because the IRS wanted my expertise in their corporate research credit program. Since this was an unusual project for MITRE, the CEO wanted to make sure that this project was successful. I started working around 75% of my time on this initiative in Fall 1999 and my work was reported in the Wall Street Journal in December 2000. IRS has continued to request my support via MITRE for the past 21 years (minus the 3 years I spent at NSF). While continuing to evaluate the software claimed for research credit for the IRS, I was also asked to provide research leadership in data management to the Air Force Center (based on our success with the Intelligence Community). Therefore, I spent the next two years working mainly on the project for Treasury as well as established several research projects in data management/mining for the Air Force as chief technologist. This experience enabled me to expand my sponsor base to include IRS and ESC (Electronic Systems Command). I also worked on real-world inference problem for projects sponsors by Scotts AFB.

2001 – 2004: During Fall 2001, I joined the NSF as an IPA to manage the Information and Data Management Program for a year. Then during the second year I started my own special program in Data and Applications Security and also managed a budget of around $50M for the Information Management portion of the ITR (this was the largest component of ITR in 2002-3 and I organized I believe around 16 panels for this initiative). During my third year at NSF I was a founding member of the Cyber Trust

21

Theme. While at NSF, I also reviewed proposals for a number of agencies including ARDA, DARPA and NIST and helped establish the States Bioterrorism Effort for DHHS. I also collaborated with multiple directorates at NSF including in Bioinformatics (BIO), Geoinformatics (BEO), Sensors (ENG) and Math/Science Partnerships (DUE). I also participated in interagency efforts on data mining for counter-terrorism and gave presentations at OSTP and the United Nations.

2004 – Present: During Fall 2004, I joined the University of Texas at Dallas and built one of the top Cyber Security Institutes. I grew it from $0 to around $50M in research and over $15M in education funding (including multiple SFS). In addition, I hired several junior faculty to join our team. We have 100% success with NSF CAREER awards and have received multiple AFOSR YIPs as well as DOD MURI and awards from several agencies as well as NSA SoS Lablet. Under my leadership, we received the NSA/DHS certification and recertification in Cyber Security Education and Research (CAE, CAE-R). We became the first university in TX and 14th in the country to get the NSA Cyber Operations certification in 2015. Integrating research into education is a major focus for me. For example, our SFS students are required to carry our research for a semester. While cyber security is my main focus at UTD, around 50% of my research has been in data science related areas since 1985. In particular, mu current research focuses on adversarial machine learning as well as machine learning for cyber security. Therefore, I also participate in the data science program at UTD. I also ensure that we offer a comprehensive set of courses both in cyber security and data science at UTD. For example, together with my colleague Dr. Latifur Khan we formulated the Big Data Analytics course for the department, and this is the course that attracts the greatest number of students (sometimes even as high as 130). More details of our Institute can be found at http://csi.utdallas.edu/.

Several of my students are women and/or from the minority communities. I have also mentored numerous women (both students and professionals) over the years. I have received three major awards for research leadership, one given by the Career Communication on Women of Color Research leadership in 2001, IEEE ISI (Intelligence and Security Informatics) in 2010 and the other by SIRI (Society for Information Ruse and Integration) in 2014. A press release on my leadership work can be found at http://ecs.utdallas.edu/news-events/news/csaward-6-10.html

2. ADMINISTRATION AND BUDGET MANAGEMENT

In addition to conducting my research as well as providing research and education leadership, I have been an administrator since 1994. This included managing MITRE initiatives on Data Management and Evolvable Systems between 1994-1977, managing the MDDS (Massive Digital Data Systems) for the Intelligence Community between 1993-1999, heading a Department at MITRE between 1995-1999, Managing programs at NSF between 2001-2004, and Directing the Cyber Security Research and Education Institute at UT Dallas between 2004-present. I have been responsible for managing budgets, providing technical leadership as well as making hiring/funding decisions for all the above efforts. Some details are provided below

Research Budget as PI: Since 1987, I have been a PI for several research projects at Honeywell, MITRE, and UT Dallas. The budget I managed as a principal investigator is around $20M. This includes around $5M at MITRE, $14M at UT Dallas (although the Institute, around 10 faculty, has brought in around $50M in research and $15M in education over the past 15 yrs.), and approx. $1M at Honeywell. I ensured that the research deliverables were met within the allocated budget.

Budget Managed as an Administrator: I have been responsible for managing budgets (totaling around $120M) as an administrator since 1994. This includes the following:

MITRE: (i) I was the head of MITRE’s internal research initiatives on Data Management (Massive Data and Information System) an Evolvable Information Systems. The budget I managed was around $3M per year for the first two years and around $6M in the third year (total of approx. $12M). My responsibilities included ensuring that the PIs of the individual projects met all the deliverables within the budget. I also presented the initiatives to MITRE Executives (VPs, President) and also key sponsors. In addition, I was also involved in the discussions on collaborations between MITRE and other FFRDCs such as CMU’s SEI and Aerospace Corporation in the late 1990.

22

(ii) I was the technical lead for the MDDS (Massie Digital Data Systems) for the Intelligence Community between 1993-1999. My responsibilities included reviewing proposals submitted by professors, provide recommendations to the program manager for funding, and ensuring that the eight projects funded by the CIA (the other sponsor was the NSA) met the research deliverables within the budget. The annual budget for this program was around $2M for a total of approx. $12M.

(iii) I was the Department Head of Data and Information Management department. I grew the department from 8 members in 1995 to 28 members in 1999. This involved presenting the work to other MITRE divisions as well as sponsors and ensuring that funds were obtained to grow the staff. At that time one staff cost around $180-$200K.

NSF: I was a program director at NSF between 2001 and 2004. The total budget I managed for the 3 years was cloud to $80M+. I was responsible for several initiatives including the following:

(i) 2001-2002: Information and Data Management Program; approx. $10M (ii) 2001-2002: Information Management for Information Technology Research approx. $6M (iii) 2002-2003: Special Competition, Data and Applications Security, approx.: $2M (iv) 2002-2003: Information Management for Information Technology Research: approx. $50M+. This was the largest program in 2003 for ITR. I managed around 16 panels. (v) 2002-2003: Sensor Information Management (with ENG): I managed the information management component of the Sensor program. My budget was around $4M.

(vi) 2003-2004 Data and Applications Security Component of Cyber Trust: approx. $5M (vii) 2003-4 Information Management for ITR: approx.: $3M

UT Dallas: While I managed large budges for research (e.g., several $1M+ projects), I have a small budget for the Institute (which is 10% of the overhead of all the projects in the Institute). This is around 100K/yr. for special initiatives (e.g., travel for faculty to meet sponsors in Washington) and hosting events such as TexSAW (Texas Security Awareness Week).

I am extremely responsible in managing budgets and none of my projects have overrun. One of my major strengths is in working with teams and generating funding for the department I managed as well as for the Institute I am directing.

3. MENTORING PHILOSOPHY

No two people are the same. Therefore, what is good for one is not good for the other. I mentor each individual in my team and/or department so that he/she can achieve his/her full potential. For example, professors are usually evaluated with respect to research, teaching and service to the community. This also includes student supervision. When it comes to research, quality of publications is the standard measure. Computer scientists value publications in top tier conferences. However, more senior researchers like me have grown up publishing in top tier journals. Furthermore, not all areas in computer science value top conference publications. For example, in cyber security, top tier conferences count a great deal while in theory journal papers are given considerable credit (e.g., JACM). Therefore, I believe that one cannot use the same standard to evaluate the entire faculty. We have to look at each faculty and determine his/her contributions to the field. I am able to recognize the strengths of each area due to my diverse technical research background from Theory of Computation to Distributed Systems to Cyber Security to Data Science.

Funding has become a very important criterion to measure success at universities. However, funding is only a means to getting top publications. While research funding, especially NSF CAREERs and DoD YIPs as well as MURIs and center-scale grants do enhance the reputation of a department or a team, there are numerous opportunities to get funding for work other than research. These include education, infrastructure and capacity building grants, STEM grants as well as grants from the industry. Some are very good at getting research funds while others are good are getting education funds. The important thing is to try. If you succeed—great; if not, then it’s not the end of the world as long as you learn from your experience and improve the next time. When I joined the university back in fall 2004, it took me one year to get my first grant for 300K from AFOSR. It took me 3 years to get my first NSF grant. In between I got quite a few proposals rejected and each time I did a postmortem to see what went wrong. I improved every try and since fall 2007 we have been awarded with a steady stream of NSF grants in research, education,

23

infrastructure and capacity building together with several other grants and contracts from multiple agencies. I strongly believe in interdisciplinary research and have introduced members of my team to others working in risk, policy and economics. In addition, I introduce my team members to sponsors in Washington, present our work to them as well as to the industry (e.g., Raytheon, IBM, Lockheed, - - -).

Education is as important as research. We are here first and foremost to educate our students. Therefore, it is a must for every professor to do his/her best in teaching and keep up with all the developments in the field so that they can be incorporated into the lectures. Not all of us are eloquent speakers. I encourage the non-native English speakers to attend toastmasters club and listen to tapes for the correct pronunciation of the words. Also, I make sure that the faculty teaches courses that they are most comfortable with. As a result, I have often taught courses that others are not comfortable teaching until I find someone who can do an excellent job. For example, I started teaching the digital forensics course since there was no one else to teach it. While I did not get strong evaluations in the beginning I studied and passed the GCFE at SANS and improved my evaluations. After seven years of teaching this course I found an outstanding faculty member who was ready to teach the course. I also encourage my team to write books based on their lectures and research.

We have to supplement our research and teaching with professional activities. This could be a variety of activities from chairing conferences and workshops, joining editorials boards, to giving invited presentations to make our work known to the world. Equally important is participating in internal activities as it is critical that a department/team is represented well at the university. More recently (since 2018) I have participated in university-wide mentoring efforts and participated in panels (e.g., career advancement, how to explain our research to the general public).

I have worked hard to promote computer science and cyber security to women and minorities. Gender and ethnic diversity are important for a thriving department. Therefore, out of my 18 PhD students who have graduated, eight are female and one is an African American, one is LGBTQ and one from the Latino community. Furthermore, I currently supervise two PhD students (incudes on female). Our team is also ethnically diverse. I encourage them to build their own communities and expand their networks and this way they do not have to be dependent on me. Regardless of what they do, they have to strive for excellence and make an impact. My mentoring philosophy can be found at http://www.utdallas.edu/~bhavani.thuraisingham/Motivational-Articles/Bhavani-STEM--Mentoring-Philosophy.pdf

I value our administrative staff a great deal and very particular that the technical staff treat them with respect. I also ensure that they flourish in their careers. For example, I have an administrative staff for the Institute. I make sure that she takes courses to enhance her skills. I also take her to Washington for the SFS Job Fair in Washington DC (using the Institute funds) every year so that she gets to meet people so that she can better understand our needs.

In summary, I strongly believe that one size does not fit all. Each individual is different. Therefore, as a team leader and/or manager, one has to work with each individual and motivate him/her so that he/she can give his/her best performance. Then together we will all succeed as a team.

4. MY MANAGEMENT STYLE

I do not have any favorites in my department, institute or team. Everyone is equal in my eyes. Furthermore, I do not push my research area (i.e. integration of cyber security and data science). I get inputs from those I manage, my managers, as well as the current trends and predictions and determine as a team the areas we should focus on. That is, I try my best to get a consensus. However, in some cases it is not possible for everyone to agree. If there is no majority vote, then I make the tough decisions myself. I value the inputs I receive at all levels, i.e., the managers, those who work for me, and also the administrative staff. It is very important to me that both the technical staff and the administrative staff have career goals and flourish in their careers. I would also like to add that I am not swayed by anyone in my team just because I might be friends with that person. I draw a clear distinction between personal and professional matters. Finally, I strongly believe that we must respect everyone we work with and create a pleasant environment in the workplace.

24

I am not a micro manager, but I am a hands-on manager. I empower those who work for me and encourage them to make decisions. But they have to be accountable for the actions they take, and it is very important for me to be aware of what is going on in the department or institute. I am a good listener and meet with members of my team weekly to hear about any issues that they might have and work to solve these issues with management. My strong qualities are my work ethic, discipline, and understanding and especially motivating people. My weakness is that I can get overly enthusiastic about some things, but over time I have become more realistic and understand that the glass is not always half full, it can be half empty. I am known as a people person. I am very calm and do not (or very rarely) lose my temper (through meditation and relaxation techniques). Over the years, I have learned to be tough while still being compassionate. I expect others to complete their assignments on time unless of course there is a compelling reason. I am very organized as I follow a strict daily routine. I make sure the policies and procedures of the university are followed. However, if the policies are overly restrictive and hinders work progress, I discuss it with my managers to see what could be done.

I did not plan to get into management. It happened back in 1995 when my boss (Mr, Henry Bayard) convinced me that I will make a very good manager, and everyone later said he was right. I have learnt a lot over the years, some from my own mistakes, and I believe have developed a combination of both an easy going and yet a firm management style. I have an open-door policy.

5. BUILDING COALITIONS

I believe I am very strong in building teams, centers, departments and coalitions. I really like to build teams from scratch. When I joined MITRE in January 1989, I was given a one-person project on secure distributed data systems funded by the Navy. Within two years I established multiple projects funded by Air Force, Navy, Army and NSA bringing in funding annually for about five staff years. I really enjoyed managing the massive digital data systems for the Intelligence Community which included managing around fifteen university projects. Around the same time, I managed the data management initiative at MITRE and was commended by the senior management for having turned the initiative around. In 1995, I was given an eight-person department in information and data management. I grew it to 28 people by 1999. This involved discussing the work with sponsors as well as other divisions and centers at MITRE to generate work. This was a huge challenge. But perhaps my biggest challenge was to build the Cyber Security Institute at UTD from scratch. While I was given a tenured full professor position with a decent start-up package, I was not given any funding for the Institute. I worked really hard and built it from a 1 person (myself) to 10 tenure track core faculty and many more affiliated faculty and the team has generated $50M in research and $15M in education in 15 years. I accomplished this together with the team and establishing several multi university projects (e.g., A DoD MURI and what one of my PM calls several mini-MURIs).

Our AFOSR MURI project was on Assured Information Sharing and the one page I submitted went into the BAA. I wanted to establish a truly international coalition and so organized a project with Kings College University of London and the University of Insubria Italy. I worked with our European partners to get funding for them from EOARD (the AFOSR in London). Then, together we collaborated on a Cloud-based Assured Information Sharing project and this research was featured by AFOSR. Our research collaborators in the US include Purdue, UTSA. UMBC, UIUC, MIT, SUNY Binghamton, and U of AZ as well as UCI, UIC, Drexel, U of MI, Austin, TAMU, Vanderbilt, and Berkeley.

My major strength is in working with people, establishing teams, interacting with sponsors and making sure that the team is happy while the sponsor’s needs are met. One of the MITRE CEO’s ingrained into me the culture that the customer comes first. One of the best aspects of my job since I started working at Honeywell is to interact with the federal government in Washington, present our work and obtain funding.

25

Appendix D: LIST OF PUBLICATIONS

(Several of the publications are also listed in DBLP https://dblp.org/pers/t/Thuraisingham:Bhavani_M=.html) D.1 RESEARCH PUBLICATIONS

a. JOURNAL PAPERS

a.1 INTERSECTION OF DATA SCIENCE AND CYBER SECURITY

1. Multilevel Security in Database Management Systems, Computers and Security Journal, June 1987 (North Holland), Vol. 6, No. 3, pp. 252-260, (co-authors: P. Dwyer, G. Gelatis).

2. Security Checking in Relational Database Management Systems Augmented with Inference Engines, Computers and Security Journal, December 1987 (North Holland), Vol. 6, No. 6, pp. 479-492.

3. Multilevel Security Issues in Distributed Database Management Systems, Computers and Security Journal August 1988 (North Holland), Vol. 7, No. 4, (co-author: J. McHugh).

4. Secure Query Processing Strategies, IEEE Computer, March 1989, Vol. 22, No. 3 (invited paper, co-authors: T. F. Keefe and W. T. Tsai).

5. SODA - A Secure Object-Oriented Database System, Computers and Security Journal, Vol. 8, October 1989 (co-authors: W. T. Tsai and T. F. Keefe).

6. Prototyping to Explore MLS/DBMS Design, Computers and Security Journal, May 1989 (Elsevier, formerly North Holland), Vol. 8, No. 3(co-authors: W. T. Tsai and D. Thomsen).

7. A Functional View of Multilevel Databases, Computers and Security Journal (Elsevier), Vol. 8, No. 8, December 1989.

8. Towards the Design of a Secure Data/Knowledge Base Management System, Data and Knowledge Engineering Journal, March 1990, (North Holland), Vol. 5, No. 1.

9. Security in Object-Oriented Database Systems, Journal of Object-Oriented Programming, March/April 1990, Vol. 2, No. 6. (reprinted in book on object-oriented database mgmt syst. by SIG publishers).

10. Design of LDV - A Multilevel Secure Database Management System, IEEE Transactions on Knowledge and Data Engineering, June 1990, Vol. 2, No. 2 (co-author: P. Stachour).

11. SQL Extensions for Security Assertions, Computer Standards and Interfaces Journal, 1990 (North Holland), Vol. 11, No.1, 5-14 (co-author: P. Stachour).

12. AI Applications in Multilevel Database Security, Computer Security Journal, 1990 (Miller Freeman Publishers), Vol. 6, No. 1, (co-authors: W. Tsai, T. Keefe, and D. Thomsen)

13. Multilevel Secure Object-Oriented Data Model - Issues on Noncomposite Objects, Composite Objects, and Versioning, Journal of Object-Oriented Programming, Volume 4, November/December 1991. (Version of the article reprinted by the MITRE Journal, 1992.) (Also, reprinted in book on object-oriented database management systems by SIG publishers.)

14. Multilevel Security Issues in Distributed Database Management Systems – II, Computers and Security Journal (Elsevier), Volume 10, No. 8, December 1991.

15. Multilevel Security Issues in Distributed Database Management - III, Computers and Security (Elsevier), Vol. 11, November 1992 (co-author: H. Rubinovitz).

16. Design and Implementation of a Distributed Query Processor for a Trusted Distributed Database Management Systems, Journal of Systems and Software, April 1993 (North Holland), Vol. 21, No. 1 (co-author: Harvey Rubinovitz).

17. Design and Implementation of a Database Inference Controller, Data and Knowledge Engineering Journal, December 1993 (North Holland), Vol. 11, No. 3, p. 271 – 297, (co-authors: W. Ford, M. Collins, J. O'Keeffe); (Article reprinted by the MITRE Journal, 1994).

18. Integrating Intelligent Database Technology and Trusted Database Technology, Computer Security Journal, 1993 (Miller Freeman Publishers).

19. Simulation of Join Query Processing Algorithms for a Trust Distributed Database Management System, Information and Software Technology Journal (Chapman and Hall), Vol. 35, No. 5, 1993 (co-author: Harvey Rubinovitz) (version of conf. paper published in Simulation Conference, 1991).

20. Towards Developing a Standard Multilevel Relational Data Model for Representing a Multilevel Universe, Computer Standards and Interfaces Journal (North Holland), Vol. 15, No. 1, 1993 (also

26

published by Computer Standards Interface Journal special issue in 1999 as one of the seminal papers to appear in the journal).

21. Multilevel Security for Information Retrieval Systems, Information and Management Journal (North Holland) Vol. 24, 1993.

22. User-Role Based Security for Collaborative Computing Environment, Multimedia Review: The Journal of Multimedia Computing (Penton Media publishers), Summer 1993 (co-authors: S. Demurjian and T.C. Ting).

23. Security Issues for Federated Database Systems, Computers and Security (North Holland), Vol. 13, No. 6, p. 509 – 525, December 1994.

24. Multilevel Security in Information Retrieval Systems - II, Information and Management Journal (North Holland), Vol. 28, No. 1, 1995.

25. Security Constraint Processing in a Multilevel Secure Distributed Database Management System, IEEE Transactions on Knowledge and Data Engineering, April 1995 (co-author: W. Ford).

26. Towards the Design of a Multilevel Secure Object-Oriented Database Management System, Journal of Object-Oriented Programming, June 1995.

27. MOMT: A Multilevel Object Modeling Technique for designing Secure Database Applications, Journal of Object-Oriented Programming, 1996 (co-authors: D. Marks and P. Sell).

28. Adaptable Object Request Brokers for Information Survivability for Real-time Command and Control Systems, Distributed Computer Systems, 1999, p. 242 – 245 (co-author: J. Maurer).

29. Secure Distributed Database Systems, Information Security Journal (Elsevier Science special issue in Database Security), 2001.

30. Selective and Authentic Third-Party Publication of XML Documents, IEEE Transactions on Knowledge and Data Engineering, Vol. 16, No. 10, p. 1263 – 1278, 2004 (co-author: E. Bertino et al). (version also published as MIT Working Paper, 2002)

31. Secure Sensor Information Management & Mining, IEEE Signal Processing, May 2004. 32. Security and Privacy for Sensor Databases, Sensor Letters, Inaugural Issue (American Scientific),

Vol. 2, No.1, March 2004. 33. Security and Privacy for Multimedia Database Management Systems, Multimedia Tools (Kluwer),

Vol. 33, No. 1, October 2007 (keynote at IEEE Multimedia Software Engineering and Distributed Multimedia 2003).

34. Privacy-preserving Data Mining: Developments and Directions, Journal of Database Management, (special issue in Database Technologies for National Security), p. 75 – 87, March 2005.

35. Privacy Constraint Processing in a Privacy-Enhanced Database Management System, Data and Knowledge Engineering Journal, Vol. 55, No. 2, p. 159 - 188 (North Holland), 2005.

36. Security Standards for the Semantic Web, Computer Standards and Interface Journal (North Holland), Vol. 27, p. 257 – 268, March 2005 (version of COMPSAC Conference workshop paper, 2003).

37. Access Control for Web Data: Models and Policy Languages, Invited Paper - Annales des Telecommunications, p. 245, Vol. 61, No. 3-4, March/April 2006 (co-authors: B. Carminati, E. Ferrari).

38. Directions for Security and Privacy for Semantic E-Business Applications, Invited Paper, Communications of ACM, December 2005.

39. A New Intrusion Detection System using Support Vector Machines and Hierarchical Clustering, VLDB Journal, Vol. 16, No. 1, January 2007 (co-authors: M. Awad et al).

40. A Framework for a Video Analysis Tool for Suspicious Event Detection, Multimedia Tools, Vol. 35 No. 1, October 2007 (co-author: G. Lavee et al).

41. Standards for Secure Data Sharing Across Organizations, Computer Standards and Interface Journal, Vol. 29, No. 1, January 2007 (co-author: D. Harris et al).

42. Secure Knowledge Management: Confidentiality, Trust and Privacy, IEEE Transactions on Systems, Man and Cybernetics, May 2006 (co-authors: E. Bertino et al) (based on keynote presented at SKM 2004).

43. PP-trust-X: A System for Privacy Preserving Trust Negotiation, ACM Transactions on Information and Systems Security, Vol. 10, No. 3, Article 12, July 2007 (co-author: E. Bertino et al).

44. Administering the Semantic Web: Confidentiality, Privacy and Trust Management, International Journal of Information Security and Privacy, January 2007 (co-author: N. Tsybulnik, A. Ashraful).

27

45. Secure Grid Computing, International Journal of Computer Science and Network Security, August 2006 (co-author: J. Zhu).

46. Security for ERP Systems, Information Systems Security Journal, May 2007 (co-author: W. She). 47. Secure Data Warehousing, Data Warehousing Journal, IDEA Press, 2007 (co-authors: Srinivasan, M.

Kantarcioglu). 48. E-Mail Worm Detection Using Data Mining. Mohammad M. Masud, Latifur Khan, Bhavani M.

Thuraisingham: IJISP 1(4):47-61 (2007)

49. Email Worm Detection Using Data Mining, International Journal of Information Security and Privacy, Vol. 1, Issue 4, Page: 47-61, 2007 (co-authors: M. Masud, L. Khan et al).

50. Design and Implementation of a Framework for Assured Information Sharing Across Organizational Boundaries, International Journal of Information Security and Privacy, 2008. (co-authors: Y. Harsha Kumar et al).

51. A Scalable Multi-Level Feature Extraction Technique to Detect Malicious Executables, Information Systems Frontiers, (Springer Netherlands), Vol. 10, No. 1, Page 33-45, March 2008 (co-authors: M. Masud, L. Khan).

52. The Applicability of the Perturbation Based Privacy Preserving Data Mining for Real-World Data, " Data and Knowledge Engineering (DKE), Vol. 65, No. 1, p.5-21, 2008 Leading Journal (co-authors: L. Liu, M. Kantarcioglu).

53. A Risk Management Approach to RBAC, Risk and Decision Analysis Journal, 2008 (co-authors: E. Celikel, M. Kantarcioglu, E. Bertino).

54. Exploiting an Antivirus Interface, Computer Standards & Interfaces, Vol. 31, No. 6, p. 1182-1189, November 2009 (co-authors: K. Hamlen, V. Mohan, M. Masud, L. Khan).

55. Privacy Preservation in Wireless Sensor Networks: A State-of-the-art Survey, Ad-Hoc Networks Journal, Vol. 7, No. 8, November 2009 (co-authors: L. Na et al).

56. Design and Implementation of a Secure Social Network System, Computer Systems Science and Engineering, Vol. 24, No. 2, March 2009 (co-authors: R. Layfield et al).

57. Delegation Model for Web Services, Journal of Web Services Research 2009 (co-authors: W. She, I. Yen).

58. Relationalization of Provenance Data in Complex RDF Reification Nodes, Special Issue of Electronic Commerce Research Journal on Trust and Privacy Aspects of Electronic Commerce, 2009 (co-authors: S. Sriram et al).

59. Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints Accepted and to appear in IEEE Transactions on Knowledge and Data Engineering, 2010 (co-authors: M. Masud, L. Khan, J. Han).

60. Semantic Web, Data Mining and Security, IEEE Intelligent Systems Special Issue on AI and Security Informatics, 2010 (co-authors: M. Kantarcioglu and L. Khan).

61. Privacy-Preserved Social Network Integration and Analysis for Security Informatics, IEEE Intelligent Systems Special Issue on AI and Security Informatics, 2010 (coauthor: C. Yang)

62. Secure Data Objects Replication in Data Grid, IEEE Transactions on Dependable and Secure Computing, January 2010 (co-authors: Manghui Tu, Peng Li, I-Ling Yen, Bhavani Thuraisingham, and Latifur Khan).

63. Security Issues for Cloud Computing, Journal of Information Security and Privacy, Vol. 4, No. 2, 2010, p. 36 – 48 (coauthors: K. Hamlen, L. Khan, M. Kantarcioglu).

64. Policy Management for Assured Information Sharing, Journal of Information Security and Privacy, September 2010 (co-authors: M. Awad et al).

65. Privacy-Preserved Social Network Integration and Analysis for Security Informatics IEEE Intelligent Systems Special Issue, Vol. 25, No. 5, p. 88 – 90, 2010 (co-author: C. Yang).

66. Geospatial Resource Description Framework (GRDF) and security constructs, Computer Standards & Interfaces, Vol. 33, No. 1, p. 35-41, 2011 (co-authors: Ashraful Alam, Latifur Khan).

67. Semantic Web-based Social Network Access Control, Computers and Security, Vol. 30, No. 2 – 3, 2011 (special issue for SACMAT conference) (co-authors: B. Carminati et al).

68. Adaptive Information Coding for Secure and Reliable Wireless Telesugery Communications, Journal of Mobile Networks and Applications (MONET), Springer online (http://www.springerlink.com/content/r71p755326k68814/), July 2011.

28

69. Cyberphysical Systems Security Applied to Telesurgical Robotics, Computer Standards & Interfaces, Vol. 34, No. 1, p. 225-229, January 2012 (co-author: Gregory S. Lee).

70. Data Security Services, Solutions and Standards for Outsourcing, Computer Standards and Interfaces Journal, Volume 35, No 1, 2013, p. 1-5 (co-author: K. Hamlen).

71. Security-aware Service Composition with Fine-grained Access and Information Flow Control, IEEE Transactions on Services Computing, Volume 6, No. 3, July – Sept. 2013 (co-authors: W. She et al.).

72. Effective Software Fault Localization using an RBF Neural Network, IEEE Transactions on Reliability, Volume 61, No. 1, p. 149 – 169, 2012 (co-authors: W. E. Wong, V. Debroy, R. Golden, X. Xu).

73. Secure Semantic Computing, International Journal of Semantic Computing, Volume 5, No. 2, pg. 121 – 131, 2011 (co-author: K. Hamlen).

74. Cloud-based Malware Detection for Evolving Data Streams, ACM Transactions on Management Information Systems, Volume 2, No. 3, Article 16, 2011 (co-authors: M. Masud et al.).

75. Bin-Carver: Automatic Recovery of Binary Executable Files, Journal of Digital Investigation (special issue of the digital forensics research workshop), Volume 9, Supplement, S108 – S117, 2012 (co-authors: Zhiqiang Lin et al.).

76. Preventing Private Information Inference Attacks on Social Networks, IEEE Transactions on Knowledge and Data Engineering, Volume 25, No. 8, p. 1849 – 1862, 2013 (co-authors: R. Heatherly, M. Kantarcioglu).

77. Design and Implementation of a Data Mining System for Malware Detection, Journal of Design and Process Engineering, Volume 16, No. 2, p. 33 – 49, 2012 (co-authors: T. Al-Khateeb, M. Masud, K. Hamlen and L. Khan).

78. Evolving Insider Threat Detection Stream Mining Perspective, International Journal on Artificial Intelligence Tools, Volume 22, No. 5, 2013 (co-authors: Parveen Pallabi et al.)

79. A roadmap for privacy-enhanced secure data provenance, Journal of Intelligent Information Systems, 43(3): 481-501 (2014) (co-authors: Elisa Bertino, Gabriel Ghinita, Murat Kantarcioglu, Dang Nguyen, Jae Park, Ravi S. Sandhu, Salmin Sultana, Bhavani M. Thuraisingham, S. Xu).

80. Role-Based Integrated Access Control and Data Provenance for SOA Based Net-Centric Systems, IEEE Transactions on Services Computing, Accepted 2015 (co-authors, I-Yen, et al.)

81. Online Anomaly Detection for Multi-source VMware Using a Distributed Streaming Framework, Software: Practice and Experience, published online January 2016 (coauthor: M. Solaimani et al)

82. Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future Generation Comp. Syst. 80: 421-429 (2018) (coauthors: Meikang Qiu, et al).

83. BiMorphing: A Bi-Directional Bursting Defense Against Website Fingerprinting Attacks, Accepted for publication in IEEE Transactions on Dependable and Secure Computing, 2019. (coauthor: L. Khan et al).

84. GraphBoot: Quantifying Uncertainty in Node Feature Learning on Large Networks," Accepted IEEE Transactions on Knowledge and Data Engineering, 2019 (coauthor: M. Kantarcioglu et al)

a.2 DATA SCIENCE (DATA MANAGEMENT, DATA MINING, ANALYTICS, AND AI/ML)

85. AI Applications in Distributed System Design Issues, 1988, IEEE Network, Vol. 2, No. 6, (co-author: J. Larson).

86. From Rules to Frames and Frames to Rules, October 1989, AI Expert (Miller Freeman Publishers) Volume 2, No. 10. (Reviewed by Editorial Board).

87. A New View of Information Modeling: A Bridge Between Data and Information, Information Systems Management Journal (Auerbach), Vol. 9, No., Spring 1992 (co-author: V. Venkataraman; also, reprinted in Handbook of Data Management 1993, Editor: von Halle and Kull).

88. On Developing Multimedia Database Management Systems Using the Object-Oriented Approach, Multimedia Review: Journal of Multimedia Computing, Vol. 3, No.2, 1992.

89. Information Demands Drive Data Base Interoperability, SIGNAL Magazine: AFCEA Journal, December 1995.

29

90. Web Information Management and Its Application to Electronic Commerce, International Journal on Artificial Intelligence Tools (World Scientific), Vol. 8, No. 2, June 1999.

91. A Primer for Understanding Data Mining, IEEE ITPro, Vol., 2, No. 1, January/February 2000. 92. Emerging Standards for Data Mining, Computer Standards and Interface Journal (North Holland),

Vol. 23, No. 3, 2001 (co-author: C. Clifton). 93. Foundations of Data Mining: Position Paper, Communications of Institute for Information and

Computing Machinery (Taiwan Journal), May 2002. (PAKDD 2002 workshop paper published as special issue in journal).

94. Collaborative Commerce and Knowledge Management, Knowledge Management Journal (Wiley Interscience), 2002.

95. Managing and Mining Multimedia Databases, International Journal of Artificial Intelligence Tools (World Scientific), Vol. 13, No. 3, 2004 (keynote at ICTAI99).

96. Predicting WWW Surfing Using Multiple Evidence Combination, VLDB Journal, May 2008 (co-author: M. Awad et al).

97. A Framework for Automated Image Annotation, International Journal of Computer Systems Science and Engineering, Vo1. 22, No. 1 – 2, 2007, (co-author: L Wang et al).

98. A Scalable Clustering Method Based on Density, WSEAS Transactions on Computing Research, 2008 (co-authors: L. Khan and S. Bereg).

99. Emergency Response Applications: Dynamic Plume Modeling and Real-Time Routing, IEEE Internet Computing, Vol. 12, No. 1, p. 38-44, January - February 2008, (co-authors: P. K. Chitumalla, D. Harris, L. Khan).

100. R2D: A Bridge Between the Semantic Web and Relational Visualization Tools, Semantic Computing Journal, 2009. (co-authors: S. Sriram et al).

101. Necessary and Sufficient Conditions for Transaction-consistent Global Checkpoints in a Distributed Database System, Information Sciences, Vol. 179, No. 20, p. 3659 – 3672, September 2009, (co-authors: J. Wu, D. Manivannan).

102. Update Enabled Triplification of Relational Data into Virtual RDF Stores International Journal of Semantic Computing, World Scientific, Vol. 4, No. 4 December 2010, p. 423 – 451 (selected from Proc. of Fourth IEEE International Conference on Semantic Computing [IEEE ICSC 2010], September 22-24, 2010, Carnegie Mellon University, Pittsburgh, PA, USA). (co-authors: S. Ramanujam, V. Khadilkar, L. Khan, S. Seida, M. Kantarcioglu).

103. Heuristics-Based Query Processing for Large RDF Graphs Using Cloud Computing, IEEE Transactions on Knowledge and Data Engineering, Vol. 23, No. 9, p. 1312-1327, 2011 (co-authors: Mohammad Farhan Husain, James P. McGlothlin, Mohammad M. Masud, Latifur R. Khan).

104. Enhanced Geographically Typed Semantic Schema Matching, Journal of Web Semantics, Vol. 9, No. 1, p. 52-70, 2011 (co-authors: Jeffrey Partyka, Pallabi Parveen, Latifur Khan, Shashi Shekhar).

105. Tweelocal: Identifying Social Cliques for Intelligence Location Mining, The Human Journal ASE Press, Volume 1, 2013 (co-authors: S. Abrol, L. Khan)

106. Deep Residual-based Enhanced JPEG Compression in the Internet of Things, Accepted IEEE Transactions on the Foundations on Industrial Informatics, 2020 (coauthors: M. Qiu at al)

107. SACOOS: A Semi-Supervised Framework for Emerging Class Detection and Concept Drift Adaption over Data Streams, Accepted IEEE TKDE, 2020 (Coauthor: L Khan et al) a.3 DISTRIBUTED PROCESSING AND REAL-TIME SYSTEMS

108. Recovery Point Selection on a Reverse Binary Tree Task Model, August 1989, IEEE Transactions on Software Engineering, Vol. 15, No.8, (co-authors: W. T. Tsai and S. K Chen).

109. Real-time Transaction Processing, Computer Systems: Science and Practice (Chapman and Hall), 1999 (co-authors: L. DiPippo, V. Wolfe et al).

110. Real-time CORBA, IEEE Transactions on Parallel and Distributed Systems, Vol. 11, No. 10, October 2000 (co-author: V. Wolfe et al).

111. Scheduling and Priority Mapping for Static Real-Time Middleware, Real-time Systems Journal (Kluwer), Vol. 20, p. 155 -182, 2001 (co-author: V. Wolfe, L. DiPippo et al).

30

a.4 COMPUTABILITY/COMPLEXITY THEORY

112. Representation of One-One Degrees by Decision Problems, 1982, Journal of Computer and Systems Sciences (Academic Press), Vol. 24, p. 373-377.

113. Some Elementary Closure Properties of N-Cylinders, 1983, Notre Dame Journal of Formal Logic, Vol. 24, No. 2, p. 242-253.

114. The Concept of N-Cylinder and its Relationship to Simple Sets, 1983, Notre Dame Journal of Formal Logic, Vol. 24, No. 3, p. 328-336.

115. Cylindrical Decision Problems, 1983, Notre Dame Journal of Formal Logic, Vol. 24, No. 2, p. 188-198.

116. System Functions and their Decision Problems, 1984, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 30, No. 7 - 8, p. 119-128. (now Journal of Mathematical Logic)

117. The Concept of N-Cylinder and its Application , 1986, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 32, No. 13 - 16, p. 211-219.

118. Reducibility Relationships Between Decision Problems for System Functions, 1987, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 33, No. 4, p. 305-312.

119. Representation of One-One Degrees by N-Cylindrical Decision Problems, 1988, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 34, No. 6.

120. System Function Languages, Mathematical Logic Quarterly, Vol. 39, No. 1, 1993. 121. A Construction of Cartesian Authentication Codes from Orthogonal Spaces over a Finite Field of

Odd Characteristic, Discrete Mathematics, Algorithms and Applications, Vol. 1, No. 1, March 2009 (co-authors: Z. Li et al).

122. A Better Approximation for Minimum Average Routing Path Clustering Problem in 2-D Underwater Sensor Networks, Discrete Mathematics, Algorithms and Applications, Vol. 1, No. 2, June 2009 (co-authors: W. Wang et al).

123. PTAS for the minimum weighted dominating set in growth bounded graphs, Journal of Global Optimization, Vol. 23, No. 4 p.443-450, 2012 (co-authors: Zhong Wang, Wei Wang, Joon-Mo Kim, Weili Wu).

124. An individual-based model of information diffusion combining friends' influence, J. Comb. Optim. 28(3): 529-539 (2014) (co-authors: Lidan Fan, Zaixin Lu, Weili Wu, Yuanjun Bi, Ailian Wang)

a.5 NATIONAL SECURITY AND COUNTER-TERRORISM (POLITICAL SCIENCE RELATED)

125. After the ‘War on Terror’ – How to Maintain Long-range Terrorist Deterrence, Journal of Policing, Intelligence and Counter Terrorism, Vol. 9, No. 1, p. 19 – 31, 2014. (co-author: Jan Kallberg). DOI: 10.1080/18335330.2013.877376

126. Cyber Operations – Bridging from Concept to Cyber Superiority, Joint Forces Quarterly, 1st quarter, Issue 68, 2013 (Q1 in their field – below 10 % acceptance rate) (co-author: J. Kallberg). (Also, appeared in ARSTRAT IO Newsletter, Volume 14, No. 4, January 2013.)

127. Reducing the Potential Perpetrator Perceived Opportunity by Injecting Fear of Failure, Terrorism and Political Violence (Special issue) 2014 (co-author: J. Kallberg).

128. State Actors’ Offensive Cyber Operations - Breaking Intellectual Ceiling Reverses the Security Paradigm, IEEE IT-Professional, Volume 15, No. 3, p. 32 – 35, May – June 2013 (co-author: J. Kallberg)

129. INSuRE: Collaborating Centers of Academic Excellence Engage Students in Cybersecurity Research. IEEE Security & Privacy 15(4): 72-78 (2017) (coauthors: A. Sherman et al)

b. CONFERENCE PAPERS

b.1 INTERSECTION OF DATA SCIENCE AND CYBER SECURITY

1. Secure Query Processing Using AI Techniques, January 1988, Proceedings of the IEEE Hawaii International Conference on Systems Sciences, p. 561-570, (co-authors: W. T. Tsai and T. F. Keefe) - Best Paper Award for Software Tracks (enhanced version in IEEE Computer 1989).

2. Foundations of Multilevel Databases, May 1988, Proceedings 1st RADC Database Security Invitational Workshop, Menlo Park, CA, (Proceedings published by Springer Verlag, 1992, Ed: T. Lunt – Book Chapter).

31

3. Security for Large Systems, AAAI Conference Workshop on Large AI Systems, St Paul, MN, August 1988 (coauthor: Teresa Lunt)

4. Design of an Update Processor for MLS/DBMS, October 1988, Invited paper, Proceedings of the 11th National Computer Security Conference, Baltimore, MD; addendum to Proceedings (co-authors: P. Stachour and P. Dwyer).

5. Query Processing in LDV: A Secure Database System, December 1988, Proceedings of the 4th IEEE Aerospace Computer Security Conference, Orlando, FL (co-authors: P. Dwyer, E. Onuegbe and P. Stachour).

6. A Multilevel Security Model for Object-Oriented Systems, October 1988, Proceedings of the 11th National Computer Security Conference, Baltimore, MD, (co-authors: W. T. Tsai and T. F. Keefe).

7. Prototyping as a Research Tool for MLS/DBMS, October 1988, Proceedings of the IFIP WG 11.3 Conference on Database Security, Kingston, Ontario, Canada, (also published as book chapter by North Holland, 1989: Database Security II: Status and Prospects) (co-authors: W. Tsai and D. Thomsen).

8. Security Checking with Prolog-Extensions, May 1989, Proceedings of the 2nd RADC Database Security Invitational Workshop, Franconia, NH.

9. Mandatory Security in Object-Oriented Database Systems, October 1989, Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (ACM OOPSLA) Conference, New Orleans, LA.

10. A Multilevel Secure Object-Oriented Data Model, October 1989, Proceedings of the 12th National Computer Security Conference, Baltimore, MD.

11. Secure Query Processing in Intelligent Database Management Systems, December 1989, Proceedings of the 5th IEEE Computer Security Applications Conference Tucson, AZ.

12. Novel Approaches to Handle the Inference Problem, June 1990, Proceedings of the 3rd RADC Database Security Workshop, New York.

13. The Inference Problem in Multilevel Secure Database Management Systems, June 1990, Proceedings of the 3rd RADC Database Security Workshop, New York (co-authors: W. Ford, M. Collins, J. O'Keeffe).

14. Trusted Distributed Database Management Systems, June 1990, Proceedings of the 3rd RADC Database Security Workshop, New York, (co-author: H. Rubinovitz).

15. Recursion Theoretic Properties of the Inference Problem in Database Security, June 1990, presented at the 3rd IEEE Foundations of Computer Security Workshop, Franconia, NH (public release was not obtained in time for proceedings; printed as MITRE Paper M291 May 1990).

16. Mathematical Formalisms for Multilevel Object-Oriented Systems, paper presented at the Workshop on Object-Oriented Database Security, April 1990, Karlsruhe, West Germany.

17. Neural Network Applications in Intrusion Detection, paper distributed and presented at the 7th Intrusion Detection Workshop, May 1991, Menlo Park, CA (co-author: W. Ford).

18. Secure Interoperability of Trusted Database Management Systems, Technical paper presented at the ACM Workshop on Data Management Security and Privacy Standards, December 1991, San Antonio, TX, (Held in conjunction with the 7th IEEE Computer Security Applications Conference).

19. Object-oriented Approach to Interconnecting Trusted Database Management Systems, technical paper presented at the ACM Workshop on Data Management Security and Privacy Standards, December 1992, San Antonio, TX (Held in conjunction with the 8th IEEE Computer Security Applications Conference) (co-author: H. Rubinovitz).

20. Fuzzy Logic and Multilevel Databases, presented at the 1st Boston Area Fuzzy Logic Workshop, February 1993.

21. Towards a Global Multilevel Data Model in a Secure Heterogeneous Database System, Presented at the TIMS/ORSA Conference, October 1993 (abstract in proceedings).

22. Security and Integrity Constraint Processing in a Multilevel Secure Distributed Environment, Information Security for the 90s, AFCEA Conference, May 1993, Ft. Monmouth, NJ (co-authors: A. Abreu, H. Rubinovitz, M. Collins).

23. Transaction Management for Real-time Command and Control Systems, Paper distributed and presented at ATMA, September 1996, Goa, India (co-author: P. Krupp, et al).

32

24. RT-OMT: An Object-Oriented Design and Analysis Methodology for Real-time Database Systems Applications, Proceedings of the OOPSLA Conference Workshop on Object-Oriented Real-time Systems Analysis, October 1994, Portland, OR (co-author: A. Schafer).

25. Adaptable Real-time Command and Control Systems, Work in Progress Session, RTSS, 1998, Madrid, Spain (co-author: S. Wohlever et al) (paper in workshop report proceedings).

26. Technologies and Security Issues for the Semantic Web, Data and Knowledge Engineering Workshop, May 2002, Sonoma, CA.

27. Geospatial RDF and Secure GRDF, presented at the Geospatial Semantic Web workshop at Semantic Web Symposium, Athens, GA, November 2006 (co-author: A. Ashraful).

28. Building Trustworthy Geospatial Semantic Web, Geospatial Technologies in Homeland Security Conference, November 2006, College Station, TX.

29. Geospatial Data Mining for Crime Analysis, Next Generation Data Mining Conference, October 2007, Baltimore, MD (co-author: S. Shekhar et al).

30. Data Mining, Security and Privacy, Position Paper, NSF Workshop, September 2007, Arlington, VA. 31. Geospatial Data Mining for Crime Analysis, Next Generation Data Mining Conference, October

2007, Baltimore, MD (co-author: S. Shekhar et al). 32. Multilevel Security for Multimedia Database Systems, September 1990, Proceedings of the 4th IFIP

WG 11.3 Conference on Database Security, Halifax, England, (also published as book chapter by North Holland, 1991, p. 99 - 116).

33. Secure Query Processing in Distributed Database Management Systems - Design and Performance Study, December 1990, Proceedings of the 6th IEEE Computer Security Applications Conference, Tucson, AZ, (co-author: A. Kamon).

34. A Note on Security Constraint Processing in a Multilevel Secure Database Management System, April 1991, Proceedings of the 4th RADC Database Security Workshop, Little Compton, RI (co-author: W. Ford, M. Collins).

35. Trusted Distributed Database Management Systems R & D - A Progress Report, April 1991, Proceedings of the 4th RADC Database Security Workshop, Little Compton, RI, (co-authors: H. Rubinovitz).

36. Handling Security Constraints During Multilevel Database Design, April 1991, Proceedings of the 4th RADC Database Security Workshop, Little Compton, RI.

37. Implementation and Simulation of Secure Distributed Query Processing Algorithms, Proceedings of the 1991 Computer Simulation Conference, Baltimore, MD, (co-author: H. Rubinovitz).

38. A Nonmonotonic Typed Multilevel Logic for Multilevel Secure Data/Knowledge Base Management System - II, June 1991, Proceedings of the 4th IEEE Computer Security Foundations Workshop, Franconia, NH.

39. Issues on the Design and Implementation of an Intelligent Database Inference Controller, Proceedings of the 1991 IEEE International Conference on Systems, Man, and Cybernetics, Charlottesville, VA (co-author: W. Ford).

40. The Use of Conceptual Structures to Handle the Inference Problem, Proceedings of the 5th IFIP WG 11.3 Conference on Database Security, Shepherdstown, VA., November 1991 (Also published by North Holland, 1992)

41. Security Constraint Processing During the Update Operation in a Multilevel Secure Database System, Proceedings of the 7th IEEE Computer Security Applications Conference, San Antonio, TX, December 1991 (co-authors: M. Collins, W. Ford).

42. Design and Simulation of Secure Distributed Concurrency Control Algorithms, Proceedings of the 1992 Computer Simulation Conference, Nevada, July 1992. (co-author: H. Rubinovitz).

43. A Nonmonotonic Typed Multilevel Logic for Multilevel Database Management Systems - II, June 1992, Proceedings of the 5th IEEE Computer Security Foundations Workshop, Franconia, NH.

44. Knowledge-based Inference Control in a Multilevel Secure Database Management System, Proceedings of the 15th National Computer Security Conference, Baltimore, MD, October 1992.

45. A Note on the Security Impact on Real-time Database Management Systems, Proceedings of the 5th RADC Database Security Workshop, New York, October 1992.

46. Secure Computing with the ACTOR Paradigm, Presented at the ACM/SIGSAC New Computer Security Paradigms Workshop, Little Compton, RI, September 1992. (Proceedings published by ACM Press, 1993)

33

47. An Object-Oriented Approach to Modeling Multilevel Database Applications, Proceedings of the ACM Conference Workshop on Object-Oriented Programming Language, Systems, and Applications, Vancouver, B.C., October 1992 (co-author: P. Sell).

48. Towards the Design and Implementation of a Multilevel Secure Deductive Database Management System, Proceedings of the 26th Hawaii International Conference on Systems Sciences, January 1993.

49. Parallel Processing and Trusted Database Management Systems - Applying One Technology to the Other, Proceedings of the 1993 ACM Conference in Computer Science, Indianapolis, Indiana (co-author: W. Ford).

50. Security and Integrity Constraint Processing in a Multilevel Secure Distributed Environment, MILCOM 93, October 1993 (classified session) (co-authors: A. Abreu, H. Rubinovitz, M. Collins).

51. Towards a Multilevel Secure Database Management System for Real-time Applications, Proceedings of the First IEEE Workshop in Real-time Computing, May 1993 (co-author: S. Son).

52. Design and Implementation of a Distributed Database Inference Controller, Proceedings of the 17th IEEE COMPSAC Conference, November 1993. (co-authors: H. Rubinovitz, D. Foti, A. Abreu).

53. Security and Integrity in Distributed Database System, Database Colloquium 93, San Diego, CA, August 1993 (co-authors: D. Small, D. Goldsmith) (proceedings available in electronic media).

54. Applying OMT for Multilevel Database Applications, Proceedings of the 7th IFIP Working Conference on Database Security, Huntsville, Alabama, September 1993. (co-author: P. Sell) (also published as book chapter by North Holland, 1994).

55. Object-oriented Approach to Interconnecting Trusted Database Management Systems, September 1993, ACM OOPSLA-93 Conference Workshop on Object Persistence in Heterogeneous Database Environments, Washington D.C. (co-author: H. Rubinovitz).

56. Security Constraint Processing in a Distributed Database Environment, Proceedings of the 1994 ACM Computer Science Conference, Phoenix, AZ, March 1994. (co-author: H. Rubinovitz).

57. Hypersemantic Data Modeling for Inference Analysis, Proceedings of the 8th IFIP Working Conference in Database Security, Hildesheim, Germany, August 1994. (co-authors: D. Marks, L. Binns) (also published as book chapter by North Holland 1995).

58. A Fine-grained Access Control Model for Object-oriented DBMS, Proceedings of the 8th IFIP Working Conference in Database Security, Hildesheim, Germany, August 1994 (co-authors: A. Rosenthal et al) (also as book chapter by North Holland, 1995).

59. An Adaptive Policy for Improved Timeliness in Secure Database Systems, Proceedings of the 9th IFIP Working Conference in Database Security, New York, August 1995. (co-authors: S. Son and R. David, also as book chapter by North Holland 1996).

60. Design and Implementation of a Database Inference Controller Utilizing a Deductive Object-Oriented Data Model, Proceedings of the 13th DOD Database Colloquium, San Diego, CA, August 1996. (co-authors: M. Collins, D. Marks, B. Newman).

61. Survivability Issues for Evolvable Real-time Command and Control Systems, Proceedings of the Information Survivability Workshop, February 1997 (co-authors: P. Krupp, J. Maurer).

62. Adaptable Object Request Brokers for Information Survivability of Command and Control Systems, Proceedings of the Information Survivability Workshop, October 1998 (co-author: J. Maurer et al).

63. Data Mining, Data Warehousing and Security, Proceedings of the IFIP Conference Book, Chapman and Hall, 1997 (version of keynote address at conference, 1996; editor: P. Samarati and R. Sandhu) (also presented at CODATA Conference, Paris, June 1999).

64. Adaptable Object Request Brokers for Information Survivability of Evolvable Real Time Command and Control Systems, proceedings IEEE FTDCS Conference, Cape Town, South Africa, December 1999 (co-author: J. Maurer).

65. Directions for Web and E-Commerce Security, Proceedings WET ICE June 2001, Boston, MA (co-authors: C. Clifton, E. Bertino et al).

66. Data and Applications Security: Developments and Directions Proceedings IEEE COMPSAC, 2002, Oxford, UK.

67. Building Secure Survivable Semantic Webs, Proceedings IEEE ICTAI 2002, Washington DC. 68. Security Issues for the Semantic Web, Proceedings IEEE COMPSAC 2003, Dallas, TX. 69. Dependable Computing for National Security: A Position Paper, Proceedings of the 6th International

Symposium on Autonomous Decentralized Systems, April 2003, Pisa, Italy (ISADS).

34

55. Data and Applications Security: Past, Present and Future, Proceedings of IFIP Conference Book (Kluwer), 2004 (version of keynote address at conference, Colorado, 2003; editor: I. Ray)

56. Security and Privacy for Web Databases and Services, Proceedings of the EDBT Conference, March 2003, Crete, Greece (co-author: E. Ferrari) (based on keynote address at EDBT).

57. Using RDF for Policy Specification and Enforcement, Proceedings of the DEXA Workshop on Web Semantics, Zaragoza, Spain, August 2004 (co-author: B. Carminati et al).

58. On the Complexity of the Privacy Problem in Databases, Proceedings Foundations of Data Mining, Workshop, England, 2004 (Proceedings by lecture notes, Springer).

59. Towards Access Control for Visual Web Model Management, Proceedings IEEE E-Commerce Workshop, Hong Kong, May 2005 (co-author: G. Song et al).

60. Trust Management in a Distributed Environment, Proceedings of the 29th Annual International Computer Software and Applications Conference (COMPSAC), Edinburgh, Scotland, July 2005.

61. Secure Model Management Operations for the Web, Proceedings IFIP Data and Applications Security Conference, Connecticut, August 2005 (co-authors: G. Song et al).

62. Multilevel Secure Teleconferencing over Public Switched Telephone Network, IFIP Data and Applications Security Conference, Connecticut, 2005 (co-author: I. Youn et al).

63. Dependable Real-time Data Mining, Proceedings ISORC 2005, Seattle (co-author: L. Khan et al). 64. A Framework for a Video Analysis Tool for Suspicious Event Detection, ACM SIGKDD Multimedia

Data Mining Workshop, Chicago, IL 2005 (co-author: G. Lavee et al). 65. Message Correlation in Automated Communication Surveillance through Singular Value

Decomposition, Proceedings ACM MM Workshop, Chicago, IL, 2005 (co-author: R. Layfield, et al). 66. Privacy Preserving Data Mining, Proceedings IEEE ICDM Workshop on Privacy preserving Data

Mining, Houston, TX, 2005. 67. Dependable and Secure TMO Scheme, Proceedings of the 9th IEEE ISORC, Gyeongju, South Korea,

April 2006 (co-author: J. Kim). 68. Access control, confidentiality and privacy for video surveillance databases. SACMAT 2006: 1-10,

Bhavani M. Thuraisingham, Gal Lavee, Elisa Bertino, Jianping Fan, Latifur Khan 69. Design of a Secure CAMIN Application Systems based on Secure and Dependable TMO, Proceedings

ISORC, May 2007, Santorini, Greece, (co-author: J. Kim). 70. Security for Web Services, Proceedings ACM Workshop in Secure Web Services, May 2006 (co-

author: C. Farkas et al) (California) 71. Detection and Resolution of Anomalies in Firewall Policy Rules, Proceedings IFIP Data and

Applications Security Conference, Sophia Antipolis, France, 2006 (co-author: M. Abedin et al). 72. A Knowledge Based Approach to Detect New Malicious Executables, Proceedings Second SKM

Workshop, Brooklyn, NY, September 2006 (co-author: L. Khan et al; enhanced version appeared in Information Systems Frontiers).

73. Access Control for Geospatial Web Services, Proceedings ACM CCS Conference Workshop, and November 2006. Fairfax, VA (co-author: A. Ashraful et al).

74. Geospatial RDF, ISWC Conference on Geospatial Semantic Web, Athens, GA, Nov. 2006 (co-author: A. Ashraful).

75. Face Recognition Using Multiple Classifiers, IEEE ICTAI Conference Proceedings, November 2006 Washington DC, (co-author: P. Parveen).

76. The Applicability of the Perturbation Model-based Privacy-preserving Data Mining, Proceedings IEEE ICDM Conference Workshop on Privacy Preserving Data Mining, Hong Kong, December 2006. (enhanced version appeared in DKE 2008) (co-author: L. Liu).

77. Design and Simulation of Trust Management Techniques for a Coalition Data Sharing Environment, Proceedings FTDCS, 2007, Sedona, Arizona (co-author: S. Iyer).

78. Fingerprint Matching Algorithm, Proceedings ARES, Vienna, Austria, April 2007. 79. Extended RBAC - Based Design and Implementation for a Secure Data Warehouse, Proceedings

ARES, April 2007, Vienna Austria, (enhanced version appeared in International Journal of Business Intelligence and Data Mining, Vol. 2, No. 4, p. 367 – 382, 2007) (co-author: S. Iyer).

80. Managing Risks in RBAC Employed Distributed Environments, Proceedings of the 2nd International Symposium on Information Security (IS 2007) (co-authors: Ebru Celikel, Murat Kantarcioglu, and Elisa Bertino).

35

81. Risk Management and Security, Proceedings Decision and Risk Analysis Conference, Richardson, TX, May 2007.

82. Geospatial Data Mining for National Security, Proceedings ISI, New Brunswick, NJ, May 2007 (co-author: Chuanjun et al).

83. Confidentiality, Privacy and Trust Policy Enforcement for the Semantic Web, Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), Bologna, Italy, June 2007.

84. A Hybrid Model to Detect Malicious Executables, Proceedings ICC 2007, Glasgow, Scotland (co-authors: M. Masud, L. Khan).

85. Enforcing Honesty in Assured Information Sharing within a Distributed System, Proceedings IFIP Data and Applications Security, Redondo Beach, CA, July 2007 (co-authors: R. Layfield et al).

86. SCRUB-tcpdump: A Multilevel Packet Anonymizer Demonstrating Privacy and Analysis Tradeoffs, Proceedings SecureComm, Nice, France, September 2007 (co-authors: W. Yurcik, et al).

87. Secure Peer-to-Peer Networks for Trusted Collaboration, Proceedings of the 2nd IEEE International Workshop on Trusted Collaboration (TrustCol), White Plains, NY November 2007.

88. Centralized Security Labels in Decentralized P2P Networks, Computer Security Applications Conference, Miami Beach, FL, December 2007 (ACSAC) (co-authors: N. Tsybulnik and K. Hamlen)

89. Delegation-Based Security Model for Web Services, IEEE International Symposium on High Assurance Systems Engineering (HASE), p. 82-91, Dallas, TX, November 2007 (co-authors: Wei She, I. Yen).

90. Building Secure Applications for Peer to Peer Systems, Proceedings TRUST workshop, New York, November 2007.

91. Detecting Remote Exploits Using Data Mining, Proceedings IFIP Digital Forensics Conference, Kyoto, Japan, January 2008 (co-author: M. Masud et al).

92. Geospatial Resource Description Framework (GRDF) and Security Constructs, Proceedings ICDE Conference Workshop in Secure Semantic Web, April 2008, Cancun, Mexico (co-author: A. Alam et al).

93. Measuring Anonymization Privacy/Analysis Tradeoffs Inherent to Sharing Network Data, Network Operations and Management Symposium (NOMS) 2008, p. 991-994, Salvador, Brazil (co-authors: W. Yurick et al).

94. The SCRUB Security Data Sharing Infrastructure, Network Operations and Management Symposium (NOMS) 2008: 630-644, Salvador, Brazil (co-authors: Y. Yurick et al) (also software available as Opensource).

95. Making Quantitative Measurements of Privacy/Analysis Tradeoffs Inherent to Packet Trace Anonymization, Financial Cryptography and Data Security, 2008, p. 323-324, Cozumel, Mexico (co-authors: W. Yurick et al).

96. Privacy/Analysis Tradeoffs in Sharing Anonymized Packet Traces: Single-Field Case, International Conference on Availability, Reliability and Security (ARES) 2008, p. 237-244, Barcelona, Spain (co-authors: W. Yurick et al).

97. ROWLBAC - Representing Role Based Access Control in OWL, Proceedings ACM SACMAT June 2008, Colorado, (co-authors: T. Finin, L Kagal et al).

98. Accountability for Grid, DOE Conference on Cyber Security, Knoxville, TN, (co-author: E. Bertino) 99. Role Based Access Control and OWL, Proceedings of the Fourth OWL: Experiences and Directions

Workshop, April 2008, Washington, DC (co-author: T. Finin et al). 100. Data Mining for Cyber Security Applications, The 3rd International Workshop on

Trustworthiness, Reliability and Service in Ubiquitous and Sensor Networks (TRUST), EUC 2008, Shanghai, China, (co-authors: L. Khan, K. Hamlen et al).

101. Trustworthy Semantic Web Technologies for Secure Knowledge Management, TSP 2008, Shanghai, China (co-author: P. Parikh).

102. Secure, Highly Available, and High-Performance Peer-to-Peer Storage Systems, IEEE High Assurance Systems Engineering Symposium (HASE) 2008, Nanjing, China (co-author: Y. Ye et al).

103. Role Based Access Control and OWL. OWLED (Spring) 2008, Tim Finin, Anupam Joshi, Lalana Kagal, Jianwei Niu, Ravi S. Sandhu, William H. Winsborough, Bhavani M. Thuraisingham

36

104. Enhancing Security Modeling for Web Services Using Delegation and Pass-On, The IEEE International Conference on Web Services (ICWS) 2008, Beijing, China (co-author: She, Wei; Yen, I-Ling).

105. Flow-based Identification of Botnet Traffic by Mining Multiple Log Files, In proceedings of the International Conference on Distributed Frameworks & Applications (DFMA), Penang, Malaysia, Oct. 2008, (co-authors: M. Masud, T. Al-khateeb, L. Khan, K. Hamlen).

106. Incentive and Trust Issues in Assured Information Sharing, Invited Paper, CollaborateCom, Orlando, FL, November 2008 (co-authors: R. Layfield and M. Kantarcioglu).

107. Privacy Preserving Decision Tree Mining from Perturbed Data, HICSS 2009, Hawaii: 1-10, Nominated for best paper award (co-authors: Li Liu and Murat Kantarcioglu).

108. Effective and Efficient Implementation of an Information Flow Control Protocol for Service Composition, Proceedings of the Service Oriented Computing and Applications Workshop, Taipei, Taiwan, Jan. 2009 (co-authors: W. She, I. Yen, E. Bertino).

109. The SCIFC Model for Information Flow Control in Web Service Composition The IEEE International Conference on Web Services (ICWS) 2009, Los Angeles, CA (co-authors: W. She, I. Yen, E. Bertino).

110. Secure Semantic Service Oriented Grid for Cyber Physical System and Applications, Proceedings DHS/CPS Workshop on Cyber Physical Systems Security, Newark, NJ, July 2009 (co-authors: I. Yen et al).

111. Design and Implementation of a Secure Social Network System, IEEE ISI Conference Workshop on Social Computing, 2009, Dallas TX (co-authors: R. Layfield et al).

112. Assured Information Sharing Life Cycle, IEEE ISI Conference workshop on Social Computing, 2009 (co-author: T. Finin et al), Dallas, TX.

113. A Semantic Web Based Framework for Social Network Access Control, SACMAT 2009: Italy, 177-186, (co-authors: E. Ferrari, B. Carminati, , R. Heatherly, M. Kantarcioglu).

114. Inferring Private Information Using Social Network Data, World Wide Web (WWW) Conference 2009, p. 1145-1146, Madrid, Spain (co-authors: J. Lindamood et al).

115. Policy-Driven Service Composition with Information Flow Control, The IEEE International Conference on Web Services (ICWS) 2010, Miami, FL (coauthors: W. She, I. Yen and E. Bertino)

116. Scalable and Efficient Reasoning for Enforcing Role-based Access Control, IFIP 11.3, Rome, Italy 2010 (co-authors: T. Cadenhead, M. Kantarcioglu, and B. Thuraisingham).

117. A Token-based Access Control System for RDF Data in the Clouds, IEEE CloudCom 2010, Indianapolis, IN (co-authors: M. Farhan Husain, K. Hamlen et al).

118. Secure Data Storage and Retrieval in the Cloud, CollaborateCom 2010, Chicago, IL (co-authors: V. Khadilkar et al)

119. An Evaluation of Privacy, Risks and Utility with Provenance, Proceedings, Secure Knowledge Management (SKM) Workshop, November 2010, New Brunswick, NJ (co-authors: T. Cadenhead)

120. Identity Management for Cloud, Proceedings Cyber Security and Information Intelligence Research Workshop, Oak Ridge National Laboratory, Oak Ridge, TN, October 2011.

121. Rule-Based Run-Time Information Flow Control in Service Cloud, Proceedings of IEEE International Conference on Web Services (ICWS 2011), July 2011, Washington DC (co-authors: Wei She, I-Ling Yen, San-Yih Huang).

122. A Language for Provenance Access Control, Proceedings of 1st ACM Conference on Data and Application Security and Privacy (CODASPY) 2011, San Antonio, TX (co-authors: T. Cadenhead, V. Khadilkar, M. Kantarcioglu).

123. Differentiating Code from Data in x86 Binaries, Proceedings of ECML/PKDD 2011 (Vol. 3) p. 522 - 536, Athens, Greece (co-authors: R. Wartell, Y. Zhou, K. Hamlen, M. Kantarcioglu).

124. Transforming Provenance Using Redaction, Proceedings of SACMAT 2011, Innsbruck, Austria (co-authors: T. Cadenhead, V. Khadilkar, M. Kantarcioglu).

125. Secure Data Processing in a Hybrid Cloud, Computing Research Repository (CoRR) abs/1105.1982, 2011 (co-authors: V. Khadilkar, M. Kantarcioglu, S. Mehrotra).

126. On Secure and Resilient Telesurgery over Unreliable Networks, The First International Workshop on Cyber-Physical Networking Systems, p. 725 – 730, Shanghai, China, April 2011, (co-authors: M. E. Tozal, Y. Wang, E. Al-Shaer, K. Sarac, B. Chu).

37

127. Towards Privacy Preserving Access Control in the Cloud, Proceedings of CollaborateCom, p. 172-180 October 2011, Orlando, FL (co-authors: Mohamed Nabeel, Elisa Bertino, Murat Kantarcioglu).

128. On-line anomaly detection based on relative entropy, Proceedings of the IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT), 2011, p. 33 – 36 (co-authors: M. Masud, et al.).

129. Insider Threat Detection Using Stream Mining and Graph Mining, SocialCom/PASSAT 2011, p. 1102-1110, Boston, MA, October 2011 (co-authors: Pallabi Parveen, Jonathan Evans, Kevin W. Hamlen, Latifur Khan).

130. Supervised Learning for Insider Threat Detection Using Stream Mining, International Conference on Tools with Artificial Intelligence ICTAI 2011, p.1032-1039, Boca Raton, Florida, Nov. 2011 (co-

authors: Pallabi Parveen, Zackary R. Weger, Kevin W. Hamlen, Latifur Khan). 131. Cloud-Centric Assured Information Sharing., Proceedings of the Pacific Asia Workshop on

Intelligence and Security Informatics (PAISI 2012), p. 1-26, Kuala Lumpur, Malaysia, May 2012 (co-authors: Vaibhav Khadilkar, Jyothsna Rachapalli, Tyrone Cadenhead, Murat Kantarcioglu, Kevin W. Hamlen, Latifur Khan, Mohammad Farhan Husain).

132. A Cloud-based RDF Policy Engine for Assured Information Sharing, Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT 2012), p. 113-116, Newark, NJ, June 2012 (co-author: T. Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu) (refereed demonstration paper).

133. Unsupervised Incremental Sequence Learning for Insider Threat Detection, Proceedings of IEEE Intelligence and Security Informatics (ISI 2012), Washington, DC, June 2012 (co-author: P. Pallabi).

134. Towards Cyber Operations - The New Role of Academic Cyber Security Research and Education, Proceedings of IEEE Intelligence and Security Informatics (ISI 2012), Washington DC, June 2012 (co-author: J. Kallberg).

135. Cloud Guided Stream Classification using Class-Based Ensemble, Proceedings of IEEE International Conference on Cloud Computing (CLOUD 2012), Honolulu, HI, June 2012 (co-authors: Tahseen M. Al-Khateeb, Mohammad M. Masud, Latifur Khan).

136. Risk-Aware Workload Distribution in Hybrid Clouds, Proceedings of IEEE International Conference on Cloud Computing (CLOUD 2012), Honolulu, HI, (co-authors: Kerim Yasin Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra)

137. Randomizing Smartphone Malware Profiles against Statistical Mining Techniques, Proceedings of DBSec 2012, p. 239 - 254, Paris, France, July 2012 (co-authors: Abhijith Shastry, Murat Kantarcioglu, Yan Zhou).

138. Adversarial Support Vector Machine Learning, Proceedings of ACM SIGKDD Conference Knowledge Discovery and Data Mining (KDD 2012), Beijing, China, August 2012 (co-authors: Yan Zhou, Murat Kantarcioglu, Bowei Xi).

139. REDACT: A Framework for Sanitizing RDF data, Proceedings of WWW 2013, Rio De Janeiro (co-authors: J. Rachapalli, et al.)

140. Redaction-based RDF Access Control Language, Proceedings of ACM SACMAT, 2014 (co-authors: J. Rachapalli, M. Kantarcioglu)

141. Towards fine grained RDF access control. Jyothsna Rachapalli, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M. Thuraisingham: SACMAT 2014: 165-176

142. RDF-X: a language for sanitizing RDF graphs, Proceedings of WWW (Companion Volume) 2014, p. 363-364 (co-authors: J. Rachapalli, et al.)

143. Statistical Technique for Online Anomaly Detection Using Spark Over Heterogeneous Data from Multi-source VMware Performance Data, In Proceedings of 2014 IEEE International Conference on Big Data, Oct. 2014, Washington, DC (co-authors: Mohiuddin Solaimani, Mohammed Iftekhar, Latifur Khan, and Bhavani Thuraisingham)

144. Societal Cyberwar Theory Applied: The Disruptive Power of State Actor Aggression for Public Sector Information Security, Proceedings of European Intelligence and Security Informatics Conference (EISIC), 2013, p. 212 -215 (co-authors: J. Kallberg, et al.).

145. Database Security: Developments and Directions, Visionary Paper, IEEE Big Data Conference (co-located with IEEE Services Computing), New York, City, June 2015

38

146. Spark-based anomaly detection over multi-source VMware performance data in real-time. Mohiuddin Solaimani, Mohammed Iftekhar, Latifur Khan, Bhavani M. Thuraisingham, Joey Burton Ingram: CICS 2014: 66-73

147. Honeypot Based Unauthorized Data Access Detection in MapReduce Systems, IEEE International Conference on Intelligence and Security (ISI 2015), Baltimore, MD (co-authors: Huseyin Ulusoy, Murat Kantarcioglu, and Latifur Khan).

148. Proactive Attribute-based Secure Data Schema for Mobile Cloud in Financial Industry, IEEE Big Data Security 2015, New York, NY (coauthors: Meikang Qiu et al).

149. Design and Implementation of a Semantic-web based Inference Controller, IEEE International Conference on Information Reuse and Integration (IEEE IRI), August 2015 (coauthor: T. Cadenhead)

150. Stream-based Social Media Analytics for Multipurpose Applications, IEEE International Conference on Information Reuse and Integration (IEEE IRI), August 2015 (co-authors: S. Abrol et al).

151. P2V: Effective Website Fingerprinting Using Vector Space Representations 2015 IEEE Symposium Series on Computational Intelligence, Cape Town, South Africa. P. 59-66. (co-authors: Al Naami, Khaled, L. Khan, et al).

152. Data Driven Approach to the Science of Cyber Security, 2016 IEEE IRI, Pittsburgh, July 2016. (coauthors: M. Kantarcioglu, E. Bertino, T. Finin et al)

153. Adaptive Encrypted Traffic Fingerprinting with Bi-Directional Dependence, Proceedings IEEE ACSAC Conference, Los Angeles, CA, December 2016 (co-authors: L. Khan et al)

154. A Framework for Secure Data Collection and Management for Internet of Things in the ICSS '16:

Proceedings of the 2nd Annual Industrial Control System Security Workshop, (coauthors: M./ Fernandez, M. Kantarcioglu)

155. Towards A Framework for Developing Cyber Privacy Metrics: A Vision Paper (BIGDATA2017-4033) Bhavani Thuraisingham and Murat Kantarcioglu (The University of Texas at Dallas, US), Elisa Bertino and Chris Clifton (Purdue University, US), IEEE BigData Congress, June 2017.

156. Hacking Social Network Data Mining, IEEE ISI, July 2017 (coauthors: Yasmeen Alufaisan et al) 157. Malware Collection and Analysis: A Position Paper, Proceedings IEEE IRI, August 2017 158. Securing Data Analytics on SGX with Randomization, ESORICS 2017, Co-authors. Z. Lin, M.

Kantarcioglu, L. Khan et al), 2017. 159. From Myths to Norms: Demystifying Data Mining Models with Instance-based Transparency, Proc.

IEEE CollaborateCom, 2017 (coauthors: Y. Alufaisan, Y. Zhou, M. Kantarcioglu) 160. Unsupervised deep embedding for novel class detection over data stream IEEE BigData 2017: 1830-

1839 (Coauthor: L. Khan et al) 161. Towards a Privacy Aware Data Management Framework, ACM SACMAT, 2018 (coauthors: M.

Kantarcioglu et al) 162. A Category-Based Model for ABAC, CODASPY Conference Workshop in ABAC, March 2018

(coauthor: M. Fernandez) 163. Integrating Cyber Security and Data Science for Social Media, IEEE ParSocial, Vancouver, BC, May

2018. (coauthors: M. Kantarcioglu, L. Khan). 164. Large Scale Realistic Data Generation on a Budget, IEEE IRI 2018, Salt Lake City July 2018,

(Coauthors: Brian Ricks, Patrick Tague) 165. Privacy Preserving Synthetic Data Release Using Deep Learning. ECML/PKDD (1) 2018:, Dublin,

Ireland (Coauthors: Nazmiye Ceren Abay, Yan Zhou, Murat Kantarcioglu, Latanya Sweeney) 166. Lifting the Smokescreen: Detecting Underlying Anomalies During a DDoS Attack. ISI 2018: Miami,

FL (coauthors: Brian Ricks, Patrick Tague) – Best Paper Award. 167. Automated Threat Report Classification over Multi-Source Data. CIC 2018: 236-245 (authors:

Gbadebo Ayoade, Swarup Chandra, Latifur Khan, Kevin W. Hamlen) 168. Attacklets: Modeling High Dimensionality in Real World Cyberattacks. ISI 2018: 55-57 (coauthors:

Cuneyt Gurcan Akcora, Jonathan Z. Bakdash, Yulia R. Gel, Murat Kantarcioglu, Laura R. Marusich,) 169. GCI: A Transfer Learning Approach for Detecting Cheats of Computer Game, IEEE Big Data,

Seattle, December 2018 (coauthor: L Khan et al) 170. Graph-Based Data Collection Policies for the Internet of Things, ACSAC Conference workshop on

ICSS, Puerto Rico (authors: Maribel Fernandez, Jenjira Jaimunk) 171. Specification and analysis of ABAC policies via the category-based metamodel, ACM CODASPY

2019, Dallas, TX. (coauthor: M. Fernandez et al)

39

172. Multistream Classification for Cyber Threat Data with Heterogeneous Feature Space, WWW 2019, San Francisco, May 2019 (coauthor: L. Khan et al).

173. Specification and Analysis of ABAC Policies via the Category-based Metamodel. CODASPY March 2019 (coauthors: Maribel Fernández, Ian Mackie)

174. An OpenRBAC Semantic Model for Access Control in Vehicular Networks. SACMAT 2019: June

2019 (coauthors: Sultan Alsarra, I-Ling Yen, Yongtao Huang, Farokh B. Bastani) 175. Cyber Security and Data Governance Roles and Responsibilities at the C-Level and the Board IEEE

ISI 2019 Shenzhen, China, July 2019 176. Privacy-Preserving Architecture for Cloud-IoT Platforms (coauthors: Maribel Fernandez, Jenjira

Jaimunk), Milan, Italy, July 2019

177. Mimicking Human Behavior in Shared-Resource Computer Networks (coauthors: Brian Ricks, Patrick Tague), IEEE IRI 2019, Los Angeles, CA, August 2019.

178. ChainNet: Learning on Blockchain Graphs with Topological Features, IEEE ICDM, Beijing, China (coauthor: M. Kantarcioglu et al)

179. Admin-CBAC: An Administration Model for Category-Based Access Control. CODASPY 2020: 73-84 (coauthors: Clara Bertolissi, Maribel Fernández,

180. A Data Access Model for Privacy-Preserving IoT Architectures, ACM SACMAT, June 2020 (Co-Authors: Maribel Fernandez et al).

181. Multigenerational Database Inference Controllers, IEEE Big Data Security. Baltimore, MD, 2020. (Invited Paper)

182. Artificial Intelligence and Data Science Governance, IEEE IRI, 2020 (Invited Paper) 183. Can AI be for Good in the Midst of Cyber Security Attacks and Privacy Violations, Proceedings ACM

CODASPY 2020 (Invited Paper) 184. The Role of Cyber Security and Artificial Intelligence for Social Media, IEEE IPDPS, 2020 (Invited

Paper) 185. Contact Tracing or Cloud Driven – Your Papers Please, IEEE ICDIS 2020, South Padre Island TX

(proceedings only - due to COVID-19) (Coauthor: Tom Hill) 186. Cloud Governance and Compliance, IEEE CSCloud 2020 (Invited Paper) 187. Security and Privacy for the Internet of Transportation, IEEE Cloud (Invited Paper) 188. Cyber Security meets Big Data: Towards a Secure HASE Theorem, IEEE ICKG, Nanjing, China,

August 2020 (Invited Paper) 189. Blockchain Analytics, Smart block 2020. Zengzhou, China, October 2020 (invited paper) 190. Data Science, Security and Privacy in Midst of the COVID-19 Pandemic, IEEE ISI 2020 (Invited

Paper)

b.2 DATA SCIENCE (DATA MANAGEMENT, DATA MINING, ANALYTICS, AND AI/ML)

191. Design of a Distributed Data Dictionary System, June 1987, Proceedings of the National Computer Conference, Chicago, IL, pp. 583-590, (co-authors: H. Lu and K. Mikkilineni).

192. Knowledge-Based User Interface Design Issues for Heterogeneous Networks, September 1988, Proceedings of the Australian Computer Conference, Sydney, Australia.

193. Knowledge-Based Support for the Development of Database-centered Applications, February 1989, Proceedings of the 5th IEEE International Conference on Data Engineering, Los Angeles, CA, (co-authors: R. Bell and H. Atchan).

194. XIMKON: An Expert Simulation and Control Program, AAAI Conference Workshop on AI in Process Engineering, St Paul, MN (co-authors: F. Konar, 1988).

195. XIMKON- An Expert Simulation and Control Program, June 1989, Proceedings of the American Control Conference (enhanced version of AAAI Workshop 1988 paper) Pittsburgh, PA (co-authors: F. Konar and P. Felix).

196. Expert Network Simulation and Control, March 1989, Proceedings of the 7th Applications of Artificial Intelligence Conference, Orlando, FL.

197. Applying OMT for Designing Medical Database Applications, September 1993, Proceedings of the OOPSLA Conference Workshop on Information Modeling, Washington D.C.

40

198. Extending an Object-Oriented Data Model for Representing Multimedia Database Applications, Proceedings of the OOPSLA 94 Conference Workshop on Precise Behavioral Specification in Object Oriented Information Modeling, Portland, OR. October 1994, (co-author: K. Nwosu).

199. Object-Oriented Approach for the Interoperability of Persistent Database Systems, Proceedings of the OOPSLA 94 Conference Workshop on Persistence in Heterogeneous Database Systems, Portland, OR. October 1994, (co-author: R. Nemec).

200. Consistent Data Access in a Distributed Database Management System for Command and Control Applications, Proceedings of the High Performing Computing Symposium, April 1994. San Diego, CA (co-authors: D. Small, D. Goldsmith).

201. Distributed Database Technology for Mobile Computing and Communications Systems, Proceedings of the IEEE Technology Dual Use and Applications Conference, Utica, NY, May 1994.

202. Applying OMT for Designing Multimedia Information Systems Applications, Proceedings of the IEEE Technology Dual Use and Applications Conference, Utica, NY, May 1994. (co-author: K. Nwosu)

203. Distributed Multimedia Database Systems, Proceedings of the AIPASG Symposium, March 1994, (Abstract in Proceedings; co-author: B. Lavender).

204. Object-Oriented Approach to Federated Data Management, Proceedings of the ISMM International Conference on Intelligent Information Management Systems, Washington D.C., June 1994, (co-author: N. Idris).

205. On Dynamic Reallocation of Parallel Retrievable Objects, Proceedings of the Distributed Multimedia Systems Applications Conference, Honolulu, HI, August 1994, (co-author: P. Bobbie).

206. Maintaining Integrity in a Distributed Heterogeneous Database Systems, Proceedings of the DOD Database Colloquium 94, San Diego, CA, August 1994, (co-author: D. Goldsmith).

207. Distributed Database Management for C3I Systems, Proceedings of the MILCOM 94 Conference, Ft. Monmouth, NJ, October 1994, (co-authors: A. Grasso, M. Collins; classified session).

208. Application of Object-Oriented Technology for Integrating Heterogeneous Database Systems, Proceedings of the ACM Computer Science Conference, Nashville TN, March 1995.

209. Data Allocation and Spatio Temporal Implication for Video on Demand Systems, Proceedings of the IEEE Phoenix Conference on Computers and Communications, Scottsdale, AZ March 1995, (co-author: K. Nwosu).

210. Intelligence Community Initiative in Massive Digital Data Systems, Proceedings of the AIPASG Symposium, March 1995, (co-authors: R. Kluttz, et al); an update published in AIPASG Symposium, March 1996, (co-author: H. Curran et al) Tysons Corner, VA

211. Massive Data and Information Systems Initiative at MITRE, Proceedings of the AIPASG Symposium March Tysons Corner, VA, 1995 (also versions given at MITRE conferences).

212. Applying OMT to design Medical Information Systems Applications, Proceedings of the Intelligent Information Systems Management Conference, Washington D.C. June 1995.

213. Object oriented Technology for Integrating Distributed Heterogeneous Database System, Proceedings of the 1995 DOD Database Colloquium, San Diego, CA (co-authors: M. Ceruti et al).

214. Data Mining and Data Visualization, A Position Paper, Databases Issues for Data Visualization Workshop, Atlanta, GA, Oct. 1996 (Springer Verlag, 1996) (co-author: G. Grinstein).

215. Interactive Data Mining and its Impact on the World Wide Web, Proceedings Compugraphics and Visualization Techniques, Paris, France December 1996.

216. Data Mining in Text, AIPASG, 1997, McLean, VA, (co-author: C. Clifton et al). 217. Text Mining and Visualization, Proceedings of the KDD Workshop on Data Mining and

Visualization, Newport Beach, CA, August 1997 (also in IEEE Visualization workshop, October 1997: Role of Visualization in Texas Mining).

218. Understanding Data Mining and Applying it to C3I Environments, Proceedings IEEE COMPSAC 2000, Taipei, Taiwan, (co-author: M. Ceruti).

219. Data Management for Global Command and Control Systems, AFCEA Database Colloquium 2000, San Diego, (co-author: J. Putman et al).

220. Data Mining for E-commerce, Proceedings SPIE, 2000, Orlando, FL, (co-author: A. Grasso et al). 221. Neural Networks and Data Mining, AFCEA 2001, San Diego, CA, (co-author: C. Clifton). 222. Data Management for the 21st Century, Proceedings IEEE Systems, Man & Cybernetics, July 2002,

Hammamet, Tunisia (co-author: M. Ceruti).

41

223. Data Quality, Kluwer 2002 (based on keynote address at IFIP Integrity, November 2001, Brussels, Belgium, (co-author: E. Hughes).

224. Reasoning with Semantics-aware Access Control Policies for Geospatial Web Services, Proceedings of ACM SWS, November 2006, Fairfax, VA, (co-authors: A. Alam et al).

225. Geospatial Data Qualities as Web Services Performance Metrics, Proceedings ACM International Workshop on Advances in Geographic Information Systems (GIS), November 2007, Seattle WA (co-author: G. Subbiah et al).

226. DAGIS: A Geospatial Semantic Web Services Discovery and Selection Framework, GeoS 2007, Mexico City, Mexico, November 2007, (co-author: A. Alam et al).

227. Ontology Alignment Using Multiple Contexts. International Semantic Web Conference (Posters & Demos) 2008 (co-authors: J. Partyka et al), Germany.

228. Content-based Ontology Matching for GIS Datasets, ACM International Workshop on Advances in Geographic Information Systems (GIS) 2008, Irvine, CA (co-authors: J. Partyka et al).

229. A Practical Approach to Classify Evolving Data Streams: Training with Limited Amount of Labeled Data, ICDM 2008 (co-authors: M. Masud et al), Pisa, Italy

230. A Multi-Partition Multi-Chunk Ensemble Technique to Classify Concept-Drifting Data Streams, PAKDD 2009, Bangkok, Thailand (co-author: M. Masud et al).

231. Simulating Bioterrorism Thru Epidemiology Approximation, IEEE International Conference on Intelligence and Security Informatics 2008, (co-authors: Ryan Layfield, Murat Kantarcioglu), Taipei, Taiwan.

232. An Effective Evidence Theory Based K-Nearest Neighbor (KNN) Classification, Web Intelligence 2008:797-801, Sydney, Australia (co-authors: Lei Wang, Latifur Khan).

233. Inferring Private Information Using Social Network Data, World Wide Web (WWW) Conference 2009: 1145-1146, Madrid, Spain (co-authors: J. Lindamood et al).

234. A Relational Wrapper for RDF Reification, Third IFIP WG 11.11 International Conference on (IFIPTM), West Lafayette, USA, June 15-19, 2009, (co-authors: S. Ramanujam, A. Gupta, L. Khan, and S. Seida).

235. “Relationalizing RDF Stores for Tools Reusability” ACM 18th International World Wide Web Conference (WWW 2009—Poster Session), Madrid, Spain, April 2009 (co-authors: S. Ramanujam, A. Gupta, L. Khan, and S. Seida).

236. On the Mitigation of Bioterrorism through Game Theory, ISI 2009, Dallas, TX (co-authors: Ryan Layfield and Murat Kantarcioglu).

237. Social Network Classification Incorporating Link Type, ISI 2009, Dallas TX (co-authors: Raymond Heatherly and Murat Kantarcioglu).

238. Design of a Temporal Geosocial Semantic Web for Military Stabilization and Reconstruction Operations, Proceedings SIGKDD Conference Workshop on Intelligence and Security Informatics, 2009 (co-authors: L. Khan et al).

239. R2D: Extracting Relational Structure from RDF Stores, IEEE WIC/ACM Conference on Web Intelligence, September 2009 (co-authors: Sunitha Ramanujam, Anubha Gupta, Latifur Khan, and Steven Seida).

240. Integrating Novel Class Detection with Classification for Concept-Drifting Data Streams, PKDD, September 2009 (co-authors: M. Masud et al).

241. Difference in Fitts’ Law Task Performance, EuroHaptics 2008: 295-300, Madrid, Spain (co-author: G. Lee).

242. Semantic Schema Matching Without Shared Instances, Proceedings IEEE Semantic Computing Conference, 2009, short paper (co-authors: J. Partyka et al)).

243. R2D: A Bridge between the Semantic Web and Relational Visualization Tools, Proceedings IEEE International Conference on Semantic Computing, 2009, long regular paper (co-authors: S. Ramanujam et al).

244. Semantic Web for Content Based Video Retrieval, Proceedings IEEE International Conference on Semantic Computing, Berkeley, CA, 2009 (short paper – co-author: B. Prabhakaran et al).

245. Geographically-typed Semantic Schema Matching, GIS 2009: 456-459 (co-authors: Jeffrey Partyka, Latifur Khan).

246. Storage and Retrieval of Large RDF Graph Using Hadoop and MapReduce. CloudCom 2009, Beijing, China (co-authors: M. Husain, P. Doshi, and L. Khan).

42

247. Bi-directional Translation of Relational Data into Virtual RDF Stores, Proceedings IEEE Semantic Computing Conference, September 2010, p. 268 - 276 (coauthors: L. Khan et al).

248. Classification and Novel Class Detection of Data Streams in a Dynamic Feature Space, Proceedings European Conference on Machine Learning (ECML), Barcelona, Spain, 2010 (co-authors: L. Khan et al).

249. Data Intensive Query Processing for Large RDF Graphs Using Cloud Computing Tools, IEEE Cloud Computing, Miami, July 2010 (co-authors: M. Farhan Husain et al).

250. An Analysis of User Influence Ranking Algorithms on Dark Web Forums, Proceedings of ACM SIGKDD Workshop on Intelligence and Security Informatics (ISI-KDD 2010), (co-authors: Christopher Yang, Xuning Tang).

251. Ranking Ontologies Using Verified Entities to Facilitate Federated Queries, Web Intelligence 2010, p. 332 – 337, Toronto, Canada (co-authors: Neda Alipanah, Piyush Srivastava, Pallabi Parveen).

252. Efficient Processing of Large RDF Streams Using Memory Management Algorithms, The International Semantic Web Conference (ISWC) 2010, Shanghai, November 2010 (co-authors: V. Khadilkar et al).

253. Geospatial Schema Matching with High-Quality Cluster Assurance and Location Mining from Social Network, Proceedings of the International Conference on Data Mining (ICDMW) Workshops December 2010, p. 517 (co-authors: Latifur Khan, Jeffrey Partyka, Satyen Abrol).

254. Ontology-driven Query Expansion Methods to Facilitate Federated Queries, Proceedings of IEEE International Conference on Service-oriented Computing and Applications (SOCA) 2010, p. 1-8, (co-authors: Neda Alipanah, Pallabi Parveen, Sheetal Menezes, Latifur Khan, Steven Seida).

255. Classification and Novel Class Detection in Data Streams with Active Mining, Proceedings of 14th Pacific-Asia Conference on Knowledge Discovery and Data Mining, 2010, p. 311 – 314, Hyderabad, India. (co-authors: M. Masud, J. Gao, L. Khan, J. Han).

256. Addressing Concept-Evolution in Concept-Drifting Data Streams, IEEE International Conference on Data Mining (ICDM) Conference, December 2010, p. 929 – 934, Sydney, Australia,. (co-authors: M. Mehedy, L. Khan, J. Han, C. Agrawal et al).

257. RDFKB: A Semantic Web Knowledge Base, Proceedings of the 22nd International Joint Conference on Artificial Intelligence (IJCAI 2011), p. 2830 - 2831, July 2011, Barcelona, Catalonia, Spain (co-authors: James P. McGlothlin, Latifur Khan).

258. Scalable Complex Query Processing Over Large Semantic Web Data Using Cloud, Proceedings of the IEEE International Conference on Cloud Computing (CLOUD 2011), p. 187 – 194, July 2011, Washington DC (co-authors: Mohammad Farhan Husain, James McGlothlin, Latifur Khan).

259. Ontology-Driven Query Expansion using Map/Reduce Framework to Facilitate Federated Queries, Proceedings of the IEEE International Conference on Web Services (ICWS 2011), p. 712 – 713, July 2011, Washington, DC (co-authors: Neda Alipanah, Pallabi Parveen, Latifur Khan). Identification of Related Information of Interest Across Free Text Documents, Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI 2011), Beijing, China, p. 107 – 112, (co-authors: James R. Johnson, Anita Miller, Latifur Khan, Murat Kantarcioglu).

260. Extraction of Expanded Entity Phrases, Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI 2011), p. 101 – 106, Beijing China (co-authors: James R. Johnson, Anita Miller, Latifur Khan, Murat Kantarcioglu).

261. RETRO: A Framework for Semantics Preserving SQL-to-SPARQL Translation, Proceedings of International Semantic Web Conference Workshop, October 2011, Bonn, Germany (co-authors: J. Rachapalli, V. Khadilkar, Murat Kantarcioglu).

262. Insider Threat Detection using Stream Mining and Graph Mining, Proceedings of the 3rd IEEE Conference on Privacy, Security, Risk and Trust (PASSAT),October 9-12, 2011, MIT, Boston, USA. (co-authors: Pallabi Parveen, Jonathan Evans, Bhavani Thuraisingham, Kevin W. Hamlen, Latifur Khan)

263. Supervised Learning for Insider Threat Detection Using Stream Mining, Proceedings of the 23rd IEEE International Conference on Tools with Artificial Intelligence, Nov. 7-9, 2011, Boca Raton, Florida, USA (co-authors: Pallabi Parveen, Zackary Weger, Kevin Hamlen, Latifur Khan) (Best Paper Award).

264. Detecting Recurring and Novel Classes in Concept-Drifting Data Stream, Proceedings of IEEE International Conference on Data Mining (ICDM 2011), p. 1176-1181; Vancouver, Canada,

43

December 2011 (co-authors: Mohammad M. Masud, Tahseen Al-Khateeb, Latifur Khan, Charu C. Aggarwal, Jing Gao, Jiawei Han).

265. Stormrider: Harnessing ``Storm' for Social Networks, Proceedings of World Wide Web Conference 2012, Lyon, France (co-authors: Vaibhav Khadilkar, Murat Kantarcioglu) (Refereed poster paper).

266. Extracting Semantic Information Structures from Free Text Law Enforcement Data, Proceedings of IEEE ISI 2012, Washington DC (co-authors: A. Miller, J. Johnson, L. Khan).

267. Design and Implementation of SNODSOC for Social Network Analysis, Proceedings of IEEE ISI 2012 Workshop in Social Computing, Washington, DC (co-authors: S. Abrol et al.).

268. Measuring Relatedness and Augmentation of Information of Interest within Free Text Law Enforcement Documents, Proceedings of European International Conference on Intelligence and Security Informatics (EISIC 2012), Odense, Denmark, August 2012 (co-authors: James Johnson, Anita Miller, Latifur Khan).

269. Tweecalization: Efficient and intelligent location mining in twitter using semi-supervised learning, Proceedings of CollaborateCom 2012, p. 514-523 (co-authors: Satyen Abrol, Latifur Khan).

270. Tweeque: Spatio-temporal analysis of social networks of location mining using graph partitioning, Proceedings of ASE International Conference on Social Informatics, Alexandria, VA, December 2012 (co-authors: S. Abrol, L. Khan).

271. Least Cost Rumor Blocking in Social Networks, Proceedings of IEEE ICDCS, 2013 (co-authors: Lidan Fan, Zaixin Lu, Weili Wu, Yuanjun Bi, Huan Ma).

272. Behavioral sequence prediction for evolving data stream, Proceedings of IRI 2013: 482-488 (co-authors: Sheikh M. Qumruzzaman, Latifur Khan)

273. MapReduce Guided Scalable Compressed Dictionary Construction for Repetitive Sequences, Proceedings of CollaborateCom, 2013 (co-authors: Pallabi Parveen, Latifur Khan).

274. Calculating Edit Distance for Large Sets of String Pairs using MapReduce, Conference on Cyber Security and Big Data, Stanford, CA, May 2014 (co-authors: Shagun Jhaver and Latifur Khan)

275. Evolving Big Data Stream Classification with MapReduce, IEEE Cloud Computing, Anchorage Alaska, June 2014 (co-authors: Ashanul Haque, Brandon Parker, Latifur Khan)

276. Evolving Stream Classification using Change Detection, CollaborateCom (invited paper), Miami, October 2014 (co-authors: Ahmad Mustafa, Ahsanul Haque, Latifur Khan, Michael Baron).

277. Emergency-Driven Assured Information Sharing in Secure Online Social Networks: A Position Paper, Invited Paper, Proceedings of the IEEE Social Media Systems Workshop, Chicago, IL, May 2016, (co-authors: Murat Kantarcioglu, Latifur Khan, Barbara Carminati, Elena Ferrari, Leila Bahri).

278. Efficient Handling of Concept Drift and Concept Evolution over Stream Data, IEEE ICDE, Helsinki 2016 (coauthors: Ahsanul Haque et al).

279. Spark-Based Political Event Coding, Bigdata Service 2016: 14-23, (co-authors: Mohiuddin Solaimani, Rajeevardhan Gopalan, Latifur Khan, Patrick T. Brandt)

280. Near Real-time Atrocity Event Coding, Proceedings IEEE ISI, 2016 (Mohiuddin Solaimani, Sayeed Salam, Latifur Khan, Patrick Brandt, Bhavani Thuraisingham and Ahmad Mustafa)

281. Online Classification of Nonstationary Streaming Data with Dynamic Pitman-Yor Diffusion Trees, Proceedings IEEE IRI, San Diego, CA, August 2017 (coauthor: J. Sah et al)

282. Focus location extraction from political news reports with bias correction. BigData 2017: 1956-1964 (coauthor: L. Khan et al)

283. Privacy Preserving Synthetic Data Release Using Deep Learning. ECML-PKDD, 2018, Dublin, Ireland (coauthors: M. Kantarcioglu et al)

284. Lifting the Smokescreen: Detecting Underlying Anomalies During a DDoS Attack, IEEE ISI, 2018 (coauthors: B. Ricks et al_

285. Attacklets: Modeling High Dimensionality in Real World Cyberattacks, IEEE ISI, 2018 (coauthors: M. Kantarcioglu et al)

286. Automated Threat Report Classification Over Multi-Source Data, IEEE CIC, 2018 (coauthors: L. Khan et al)

287. Towards Self-Adaptive Metric Learning on the Fly, WWW 2019, San Francisco, May 2019 (coauthor: L. Khan et al)

288. Where Did the Political News Event Happen? Primary Focus Location Extraction in Different Languages, IEEE CIC, Los Angeles, December 2019. (coauthor: M. Imani et al) (Best Paper Award)

44

b.3 REAL-TIME SYSTEMS AND DISTRIBUTED PROCESSING

289. Implementing a Real-Time System on Local Area Network, October 1987, presented at the 12th IEEE Local Computer Network Conference, Minneapolis, MN, Proceedings, pp. 142 (co-authors: W. T. Tsai, K. W. Hwang, abstract in proceedings, paper distributed at conference).

290. MCNIU- A High Performance FDDI Local Area Network for Space Station Application, October 1987, Proceedings of the Fiber Optic Communication Local Area Network Conference (FOC/LAN), Anaheim, CA, pp. 69-73, (co-authors: P. Gonia, D. Myers and T. Chan).

291. RT-OMT: A Real-time Object Modeling Technique for Designing Real-time Database Applications: A Position Paper, Proceedings of the 2nd IEEE Realtime Systems Applications Workshop, July 1994, Maryland, (co-author: A. Schafer).

292. On Realtime Extensions to the Common Object Request Broker Architecture, Proceedings of the OOPSLA 94 Conference Workshop on CORBA, Portland, OR. September 1994, (co-authors: P. Krupp, A. Schafer, V. Wolfe)

293. An Integrated Architecture for Constraint Processing in Real-time Database Management Systems, Proceedings of the 1995 High Performance Computing Symposium, Phoenix, AZ, April 1995.

294. Evolvable Real-time C3 Systems, Proceedings of the 1st IEEE Complex Systems Conference, November 1995, Florida, (co-authors: E. Bensley et al).

295. Real-time Extensions to Remote Procedure Call, Proceedings of the IEEE High Performance Computing Conference, December 1995, India, (co-authors: V. Wolfe et al).

296. Object-oriented Implementation of an Infrastructure and Data Manager for Real-time Command and Control Systems, Proceedings of the IEEE Workshop on Object-Oriented Real-time Dependable Systems (WORDS 1996), Laguna Beach, CA, February 1996, (co-author: E. Bensley et al).

297. Design and Implementation of an Active Real-time Database Management System, Proceedings of the Intelligent Information Systems Management Conference, June 1996, Washington DC, (co-authors: G. Gengo).

298. Towards Priority Ceilings in Object-based Semantic Real-time Concurrency Control, Proceedings of the 1st Real-time Database Workshop, March 1996, Newport Beach, CA (co-authors: V. Wolfe).

299. Evolvable Real-time C3 Systems - II, Proceedings of the 2nd IEEE Complex Systems Conference, October 1996, Montreal, Canada (co-authors: E. Bensley et al).

300. Active Real-time Data Management for Command and Control Applications, Proceedings DART Workshop, CIKM Conference, Maryland, November 1996, (co-author: E. Hughes et al).

301. Object Technology for the Integration of the Infrastructure, Data Manager, and Tracker for Command and Control Applications, Proceedings of the IEEE Workshop on Object-Oriented Real-time Dependable Systems (WORDS), Newport Beach, CA, February 1997 (co-authors: M. Gates)

302. Data Manager for Evolvable Real-time Command and Control, Proceedings VLDB 1997, Athens, Greece (co-author: R. Ginis et al).

303. Object-oriented Data Management and Distribution for Real-time Command and Control Systems, Proceedings International Workshop on Real Time Databases 1997, Burlington, VT (co-author: R. Ginis, E. Hughes, et al).

304. Schedule and Priority Mapping for Static and Real-time Middleware, Proceedings RT Middleware workshop, San Francisco, CA 1997, (also published in Springer book: Real Time Systems, Vol. 20, No. 2, March 2001) (co-authors: V. Wolfe et al).

305. Concurrency Control in Real-time Object-oriented Systems, Proceedings IEEE ISORC, Kyoto, April 1998, (co-authors: M. Squadrito, et al).

306. Distributed Adaptable Object-based Architecture for Evolvable Command and Control Systems, Web Proceedings of the DARPA/OMG Workshop on Compositional Software Architecture, January 1998 (co-author: P. Krupp et al), Monterey, CA.

307. Adaptable Real-time Distributed Object Management for Command and Control Systems, Proceedings of the IEEE ISADS Conference, March 1999, Tokyo, Japan (co-author: J. Maurer et al).

308. CORBA-based Real-time Trader Service for Adaptable Command and Control Systems, Proceedings of the IEEE ISORC Conference, May 1999, St. Malo, France (co-author: S. Wohlever et al).

309. Dependable Objects for Databases, Middleware, and Methodologies, Proceedings IEEE WORDS 99F, Monterey, CA. (co-author: Dr. Marion Ceruti).

45

310. Towards a Real-time Agent Architecture: A White Paper, Proceedings IEEE WORDS 99F, Monterey, CA, (co-author: L. DiPippo).

311. Benchmarking Distributed Real-time Objects, Proceedings IEEE ISORC 2000, Newport Beach, CA (co-author: John Maurer et al).

312. Real-time Data Mining of Multimedia Data Objects, Proceedings IEEE ISORC, ISORC, 2001, Magdeburg, Germany (co-author: M. Ceruti et al).

313. Dependable Semantic Web, Proceedings IEEE WORDS 2002, San Diego, CA (keynote address published as paper, also version appeared in IEEE ICTAI 2002, Washington DC) (co-authors: E. Hughes et al)

314. Dependable Infrastructures and Data Managers for Sensor Networks, Proceedings IEEE WORDS 2003F, Capri Island, Italy

315. QOS Aware Dependable Distributed Steam Processing, ISORC 2008: 69-75 , (co-authors: V. Kalogeraki, D. Gunopulos, R. Sandhu), Orlando, FL.

316. Real-time Knowledge Discovery and Dissemination for Intelligence Analysis, Proceedings HICCS 2009, Hawaii (co-author: J. Han et al) Nominated for best paper award.

317. Dynamic Service and Data Migration in the Clouds, Proceedings IEEE International Computer Software and Applications Conference (COMPSAC) Workshop, July 2009, Seattle, WA (co-authors: W. Hao, I. Yen).

c. BOOKS AUTHORED

Series 1: Data Science (Data Management, Data Mining, Data Security for Technical Managers)

1. Data Management Systems Evolution and Interoperation, CRC Press, May 1997. 2. Data Mining, Technologies, Techniques Tools and Trends, CRC Press December 1998/January 1999 3. Web Data Management and Electronic Commerce, CRC Press, June 2000. 4. Managing and Mining Multimedia Databases, CRC Press, June 2001. 5. XML, Databases and Semantic Web, CRC Press, March 2002. 6. Web Data Mining and Counter-terrorism, CRC Press, June 2003. 7. Database and Applications Security: Integrating Data Management and Information Security, CRC

Press/Auerbach, June 2005. 8. Building Trustworthy Semantic Webs, CRC Press/Auerbach, 2007. 9. Secure Semantic Service Oriented Systems, CRC Press, November 2010.

10. Developing and Securing the Cloud, CRC Press, November 2013.

Series 2: Research from PhD Thesis of Students in Data Science and Cyber Security converted into books)

11. Design and Implementation of Data Mining Tools, CRC Press, June 2009 (co-authors: L. Khan, M. Awad, L. Wang).

12. Data Mining Tools for Malware Detection, CRC Press, December 2011 (co-authors: L. Khan, M. Masud).

13. Secure Data Provenance and Inference Control with Semantic Web, CRC Press, 2015 (co-authors: T. Cadenhead, M. Kantarcioglu, V. Khadilkar).

14. Analyzing and Securing Social Networks, CRC Press, April 2016 (co-authors: S. Abrol, R. Heatherly, M. Kantarcioglu, L. Khan).

15. Stream Data Mining and Big Data Analytics for Insider Threat Detection, CRC Press, December 2017/January 2018 (co-authors: P. Pallabi, M. Masud, L. Khan).

16. Secure Data Science: Integrating Cyber Security and Data Science, Contract Signed 2018, to be Published Late 2020, CRC Press (coauthors: M. Kantarcioglu, L. Khan).

d. BOOK CHAPTERS (not including reprints from conference proceedings)

1. Expert System to Design Control Systems, May 1990, Artificial Intelligence in Process Engineering, Academic Press, ed: M. Mavronopoulos (co-authors: F. Konar and P. Felix).

2. Distributed Database Management Systems: Developments and Challenges, Local Area Network Handbook 1993 (Auerbach Publishers, invited paper, ed: J. Sloane and A. Drinan).

46

3. Object-Oriented Approach to the Interoperability of Heterogeneous Database Management Systems, Local Area Network Handbook, 1994 (Aurebach Publishers, invited paper, ed: J. Sloane).

4. Distributed Object Management System Approach to Integrating Heterogeneous Database Systems, Local Area Network Handbook, 1995 (Auerbach Publishers, invited paper, ed: R. Maybry).

5. Internet Database Management, Database Management, 1996 (Auerbach Publishers, ed: R. Mabry). 6. Secure database management, Handbook of Database Management, McGraw Hill 1996 (Ed: P.

Fortier, co-author: S. Son et al). 7. Multimedia database management, Handbook of Database Management, McGraw Hill, 1996 (Ed: P.

Fortier, co-author: S. Dao). 8. Secure Database Systems, Advances on Data Management, 2000 (Editor: O. Diaz and M. Piattini;

co-author: E. Ferrari - Artech House). 9. KM for Heterogeneous information exchange, Kluwer Book (co-author: A Gupta et al), 2002. 10. Managing Cyber Threats: Issues and Challenges, Kluwer (editor: V. Kumar et al), 2004. 11. Data Mining for Counter-terrorism, AAAI Press (editor: H. Kargupta et al), 2004 (MGDM

Conference, 2002). 12. Secure Semantic Grids, Web and Information Systems Security, co-author: L. Khan (editors: E.

Ferrari et al) Idea Group. 13. Assured Information Sharing Across Organization Boundaries, Data Mining for Counter-terrorism,

Springer, 2006 (editor: H. Chen). 14. Secure Semantic Web Services, Springer, (editor: M. Gertz), 2008

Assured Information Sharing: Technologies, Challenges and Directions, Intelligence and Security Informatics 2008: 1-15.

15. Secure Semantic Web Services, Handbook of Database Security, Springer, 2008, p. 231 - 245 (Editor: S. Jajodia and M Gertz)

16. Policy Management for the Semantic Web, Handbooks in Information System, Volume 4, Ch. 6, p.

159 – 191, 2009, Elsevier (Editors: H. Raghav Rao, Shambhu Upadhyaya) 17. Privacy Issues in Online Social Networks, Privacy-Aware Knowledge Discovery: November

Applications and New Techniques, Data Mining and Knowledge Discovery Series, Chapman and Hall/CRC (co-authors: B. Carminati et al.) (Editor: F. Bonchi, E. Ferrari).

18. From cyber terrorism to state actors’ covert cyber operations. Strategic Intelligence Management (Editors: Akhgar and Yates) Chapter 19, p. 229 – 233, Elsevier, March 2013(co-author: J. Kallberg).

19. A Generalized Approach for Social Network Integration and Analysis with Privacy Preservation, Studies in Big Data, Vol. 1, 2014, p. 259 – 280, Springer, 2014 (co-author: C. Yang) (Editor: W. Chu)

20. Big Data Security and Privacy, Invited Paper in preparation for submission to the Big Data Security and Privacy edited by T. Y. Lin (co-authors: E. Bertino and M. Kantarcioglu)

e. TECHNICAL ARTICLES IN MAGAZINES

1. Decision Problems for System Functions, March 1980, Recursive Function Theory Letters. 2. Recent Developments in Database Security, September 1989, Tutorial Proceedings of the IEEE

COMPSAC Conference, Orlando, FL. 3. An Object-Oriented Approach for Designing Secure Systems, Fall 1989, IEEE CIPHER (co-author: F.

Chase). 4. Computing Transitive Closures of Multilevel Relations, September 1990, ACM SIGMOD Record,

Vol. 19, No. 3. 5. Inference Problem in Database Security, IEEE CIPHER, Winter 1991. 6. Recursion Theoretic Properties of the Inference Problem, IEEE CIPHER, Winter 1991. 7. A Note on the Recursive Enumerability of the Inference Problem in Multilevel Secure Database

Management Systems, Recursive Function Theory Letters, 1992 8. Current Status of R&D in Trusted Database Management Systems, ACM SIGMOD Record, Vol. 21,

#3, September 1992. 9. Concurrency Control in Trusted Database Management Systems, ACM SIGMOD Record, December

1993 (co-author: H. Ko). 10. Engineering Real-time Complex Systems, IEEE Complex Systems, 1994/1995, (co-authors: P. Krupp,

A. Kanevsky).

47

11. Data Management Research at the MITRE Corporation, ACM SIGMOD Record, September 1995 (co-authors: Rosenthal, et al).

12. Improving Timeliness in Real Time Secure Database Systems, ACM SIGMOD Record. 1996 (co-author : S. Son et al).

13. Data Mining, National Security, Privacy and Civil Liberties, ACM SIGKDD, December 2002. 14. Semantic Web, Encyclopedia of Human Computer Interaction, Berkshire Publishers, (Editor: W.

Bainbridge), 2004. 15. Security, Encyclopedia of Human Computer Interaction, Berkshire Publishers, Editor: W. Bainbridge,

2004. 16. Homeland Security, Data Mining Link Analysis for National Security, Essays in the Encyclopedia of

Data Warehousing and Mining, Editor: J. Wang, 2005. 17. Security and Privacy for Geospatial Data Management, Encyclopedia of Geospatial Data

Management, Springer, 2007 (co-authors: L. Khan et al). 18. Managing and Mining Multimedia Data, Animations and Annotations, Proceedings Wiley

Encyclopedia, 2007 (co-authors: B. Prabhakaran, L. Khan). 19. Multilevel Secure Data Management, Encyclopedia on Database Security, (Editor: E. Ferrari), 2007. 20. Mandatory Security, Encyclopedia of Information Security, (Editor: E. Ferrari). 21. Privacy and Security Challenges in GIS, Encyclopedia of GIS (Springer)2008: 898-902 (co-authors

Latifur Khan, Ganesh Subbiah, Ashraful Alam, Murat Kantarcioglu). 22. Geospatial Semantic Web, Definition. Encyclopedia of GIS 2008: 398 (co-authors: Latifur Khan,

Ganesh Subbiah, Ashraful Alam, Murat Kantarcioglu). 23. Data Mining for Security Applications and Its Privacy Implications, Lecture Notes in Computer

Science, Springer Verlag, (Based on keynote address at SIGKDD workshop 2008). 24. Challenges and Future Directions of Software Technology: Secure Software Development.

COMPSAC 2010, (co-author: Kevin W. Hamlen) 25. Toward Trusted Sharing of Network Packet Traces Using Anonymization: Single-Field

Privacy/Analysis Tradeoffs, Computing Research Repository (CoRR), abs/0710.3979: (2007) (co-authors: William Yurcik, Clay Woolam, Greg Hellings, Latifur Khan).

26. Secure Semantic Sensor Web and Pervasive Computing, International Conference on Sensor Networks, Ubiquitous and Trustworthy Computing (SUTC/UMC) 2010 p. 5-10 (co-author: Kevin W. Hamlen)

27. The Insure Project: CAE-Rs Collaborate to Engage Students in Cybersecurity Research. Alan T. Sherman, Melissa Dark, A. Chan, R. Chong, T. Morris, Linda Oliva, John Springer, Bhavani M. Thuraisingham, C. Vatcher, Rakesh M. Verma, S. Wetzel: CoRR abs/1703.08859 (2017) (appeared in IEEE Security and Privacy, 2017).

28. What Happens when the Machine Learning Techniques are Attacked? IEEE Computer Society Trends, October 2019 https://www.computer.org/publications/tech-news/trends/what-happens-when-the-machine-learning-techniques-are-attacked/

D.2 EDITED WORKS

a. JOURNAL SPECIAL ISSUES EDITED

1. Special issue in Security and Standards, Computer Standards and Interface Journal, 1995 (co-editor: J. Williams, editorial introduction).

2. Special issue in Secure Database Systems Technology, IEEE Transactions on Knowledge and Data Engineering, February 1996 (co-editor: T. Ting, editorial introduction).

3. Special issue in Multimedia Database Management, Multimedia Tools and Applications Journal, 1997, (co-editors: K. Nwosu, B. Berra – also version published as book by Kluwer).

4. Special issue in Multimedia Databases, IEEE Multimedia (co-editors: Nwosu, Berra, editorial introduction), 1997

5. Special Issue in Data and Applications Security, Data and Knowledge Engineering Journal, November 2002 (co-editor: R. van der Riet).

6. Special Issue in Data and Applications Security, Journal of Computer Security, 2003 (co-editor R. van der Riet).

7. Special Issue in Data and Applications Security, Journal of Intelligent Information Systems, 2004.

48

8. Privacy-preserving Data Management, VLDB Journal, September 2006 (co-editor: E. Ferrari). 9. Data and Applications Security, International Journal of Information Security (co-editor: E. Ferrari). 10. Editorial for Computer Standards and Interface Journal as Editor-in-Chief, November 2006. 11. Foreword for book on Security Standards for Web Services (Editor: Eduardo Fernandez-Medina). 12. Special Issue ACM Transactions on Information and System Security (TISSEC) 2010. 13. Information and Communications Security, Privacy and Trust: Standards and Regulations. Computer

Standards & Interfaces, Elsevier, Vol. 32, No. 5-6, 2010 (co-editor: Stefanos Gritzalis). 14. Special Issue Computer Standards and Interface Journal on Secure Semantic Web, 2012 (co-editor:

Barbara Carminati) 15. Special Issue on Data Security, IEEE Transactions on Dependable and Secure Computing, 2012 (co-

editor: E. Ferrari). 16. Guest editorial: Information reuse, integration, and reusable systems. Information Systems Frontiers,

16(5): 749-752 (2014) (editors: Chengcui Zhang, Elisa Bertino, Bhavani M. Thuraisingham, James B. D. Joshi

17. Special Issue on Services in the Cloud, IEEE Transactions on Services Computing, Vol. 8, No. 2: 172-174 (2015) (co-editors: L. Moser et al)

18. Special Issue on Emerging Web Services, IEEE Transactions on Services Computing, Vol. 8, No. 3, 2015 (co-editors: L. Moser et al)

19. Special Issue IEEE Internet Computing, 2020 (in progress – coeditor: E. Ferrari) 20. Special Issue, IEEE Transactions on Industrial Informatics, 2020 (in progress – co-editors: M.

Usman et al)

b. BOOKS EDITED

1. Database Security VI: Status and Prospects, 1993, Book by North Holland (co-editor: C. Landwehr). (Enhanced version of Proceedings of 6th IFIP 11.3 Working Conference in Database Security, 1992).

2. Security for Object-Oriented Systems, Book by Springer Verlag, 1994 (co-editor: R. Sandhu, T.C. Ting, Enhanced version of ACM OOPSLA Workshop Proceedings on Secure Object Systems).

3 Multimedia Database Management Systems, Kluwer Publications, 1996 (co-editors: B. Berra, K. Nwosu).

4. Data Management Handbook Supplement, Auerbach Publications, 1996 (Guest Editor). 5. Directions in Multimedia Database Management, Kluwer, 1997 (co-editors: B. Berra, K. Nwosu). 6. Data Management Handbook, 1998 (Consulting Editor). 7. Knowledge Management, MIT Press, 2001 (co-editors: M. Maybury et al). 8. Data and Applications Security, Kluwer 2001; enhanced version of Proceedings of IFIP Database

Security Conference, 2000 (co-editors: R. van der Riet et al). 9. Heterogeneous Information Exchange, Kluwer 2002, editorial introduction, 2002 (co-editors: H.

Bestegoff et al). 10. Web Information Management Security, Artech House, 2005 (co-editor: E. Ferrari). 11. System Integrity and Control, Springer, 2006 (co-editor S. Wang et al). 12. Security and Privacy for Communication Networks, Springer, 2016, (co-editors: XiaoFeng Wang,

Vinod Yegneswaran) Enhanced version of proceedings SecureComm 2015.

c. CONFERENCE AND WORKSHOP PROCEEDINGS EDITED

1. 3rd RADC Database Security Workshop, Published as MITRE Technical Report, MTP 385, May 1991.

2. 6th IFIP 11.3 Working Conference in Database Security, August 1992. 3. OOPSLA-93 Conference Workshop on Integrating Object-oriented technology and Security

Technology, September 1993 (co-editors: R. Sandhu and T.C. Ting). 4. Massive Digital Data Systems Workshop, March 1994, published by the Community Management

Staff, Intelligence Community (co-authors: B. Lavender et al). 5. OOPSLA 94, 95, and 96 Conference Workshop on Object-Oriented Technology for Medical

Information Systems, October 1994, 95, 96 (co-editor: M. Ibrahim et al).

49

6. ACM Multimedia Conference Workshop on Multimedia Database Management Systems, October 1994, November 1995 (co-editors: B. Berra, K. Nwosu).

7. WORDS 1999 by IEEE CS Press, August 1999 (also edited preliminary conference proceedings in January 1999).

8. 14th IFIP 11.3 Working Conference in Database Security, August 2000. (co-editor: R. van der Riet et al).

9. ISI Conference, Springer, 2006 (co-editor: H. Chen et al). 10. SACMAT 2007, 12th ACM Symposium on Access Control Models and Technologies, Sophia

Antipolis, France, June 20-22, 2007 (co-editor: V. Lotz) 11. NSF Data and Applications Security Workshop, February 2009 12. Proceedings ISI Conference, IEEE, 2009 (co-editor: H. Chen et al). 13. 2013 IEEE 13th International Conference on Data Mining, Hui Xiong, George Karypis, Bhavani M.

Thuraisingham, Diane J. Cook, Xindong Wu: Dallas, TX, USA, December 7-10, 2013 14. 13th IEEE International Conference on Data Mining Workshops, ICDM Workshops Wei Ding,

Takashi Washio, Hui Xiong, George Karypis, Bhavani M. Thuraisingham, Diane J. Cook, Xindong Wu, TX, USA, December 7-10, 2013 ICDM Workshops 2013

15. IEEE 13th International Conference on Information Reuse & Integration, Chengcui Zhang, James Joshi, Elisa Bertino, Bhavani M. Thuraisingham: IRI 2012, Las Vegas, NV, USA, August 8-10, 2012

16. NSF Big Data Security and Privacy Workshop, September 2014 17. Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics,

IWSPA@CODASPY 2017, Scottsdale, Arizona, USA, March 24, 2017. (Co-Editor: R. Varma). 18. Proceedings of the 2017 ACM CCS (co-editors: L D. Evans et al) 19. Proceedings of the 2018 IEEE ICDM (co-editors: Dacheng et al) 20. Proceedings of the 2019 ACM CODASPY (co-editor: G. Ahn et al). 21. Proceedings of the 2020 ACM CODASPY (co-editor: Vassil Roussev et al). 22. Proceedings of the 2020 IEEE ICDE (co-editor: E. Ferrari et al)

Additional publications such as technical reports, as well as more news releases, TV interviews, etc. can be found on the web sites of UT Dallas. Several MITRE Reports were also published, many of them not approved for public release.

50

APPENDIX E: DISCUSSION OF RESEARCH PUBLICATIONS

1980-Present

1. SYNOPSIS OF MY RESEARCH

My research combines theory and practice and has been focusing mainly on the integration of data science and cyber security. In addition, my work has also focused on developing novel data science techniques as well as on artificial intelligence applications. During the past 39 years, I have utilized my PhD research in theory of computation and complexity theory with my systems expertise in industry to develop prototypes based on fundamental principles. Much of my research during this time was on the design and development of secure data management systems based on fundamental principles as well as on developing data analytics/machine learning (considered as data science) tools to solve problems mainly in cyber security and national security as well as in political science, social media, process control systems, and multimedia and geospatial information systems. This area has now come to be known as Data Science. A synopsis of my research follows.

After I finished my PhD, starting in 1980, I continued with my research in computability theory and published four papers on my thesis work. They are: (i) Cylindrical Decision Problems for System Functions in the Notre Dame Journal of Formal Logic in 1983; (ii)System Functions and their Decision Problems, in Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik. (Mathematical Logic Quarterly) in 1984; (iii) The Concept of N-Cylinder and its Application in Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik in 1986; and (iv) Reducibility Relationships Between Decision Problems for System Functions in Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik in 1987. Until my research, there was no generalized framework to study different classes of decision problems. In other words, recursion theoretic properties were studied for individual problems such as the halting problem, the derivability problem and the confluence problem. With my framework, we were able to study the individual problems for the generalized classes. This was a major breakthrough at that time. I developed counter-examples for properties that could not be proved. This was achieved by the concept of N-Cylinder which I defined. N-Cylinder was an extension of Paul Young’s semi-cylinder. By using the N-Cylinder, I was able to show that the general confluence problem was neither recursive nor a cylinder while John Cleave (my advisor at the University of Bristol) was unable to prove this result back in the early 1970s with the use of Young’s semi-cylinder.

Between 1980 and 1983, while at the New Mexico Tech and then University of Minnesota, I continued to work on this topic and produced five more journal papers: Representation of One-One Degrees by Decision Problems in the Journal of Computer and Systems Sciences in 1982; Some Elementary Closure Properties of N-Cylinders in the Notre Dame Journal of Formal Logic in 1983; The Concept of N-Cylinder and its Relationship to Simple Sets in the Notre Dame Journal of Formal Logic in 1983; Representation of One-One Degrees by N-Cylindrical Decision Problems in Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik in 1988; and System Function Languages in Mathematical Logic Quarterly in 1993. Furthermore, there were some questions that John Cleave posed in his work in the early 1970s which I solved in the early 1980s. Particularly interesting was the following question: could every one-one degree be represented by a particular decision problem? Cleave had shown that every m-degree could be represented by a decision problem in the early 1970s which was a weaker result. Cleave believed that the answer to this question would be a major breakthrough as this would show the existence of decision problems that are simple. In fact, this was the first problem I worked on after my PhD. It was published in the prestigious Journal of Computer and Systems Sciences. This work would later (1989) help me prove that the inference problem was unsolvable, a significant development in database security. While at the University of Minnesota I worked with Marion Pour-El on Algorithmic Information Theory and together we tried to find an analogy to Godel’s Incompleteness Theorem.

Between December 1983 and January 1986, I worked at Control Data Corporation as I wanted to get real world industrial experience working in a product development environment in computer networks and distributed systems to get a feel for how systems really work. During this time, I started research in secure dependable distributed systems that would complement my work at Control Data Corporation. I collaborated with Prof. Wei-Tek Tsai and his student at the University of Minnesota and together we

51

addressed the challenging problem of fault tolerance in a binary tree task model. Prior work had focused on a tree with a single child. We felt that a binary tree model would be more realistic as tasks usually spawn multiple tasks. After several years of work, we published our research in IEEE Transactions on Software Engineering.

Due to my increasing interest in integrating data management and secure systems in Fall 1985, I joined Honeywell in January 1986 as I felt having a research-oriented job would strengthen my research in secure data management systems. I started working in the challenging area of secure data management and was part of a team designing one of the two prominent high assurance secure database systems. I was a key contributor to this design which was published in IEEE Transactions on Knowledge and Data Engineering in 1990 entitled “Design of LDV, A Multilevel Secure Database Management System”. Our team made significant contributions to building secure database systems based on a type enforcement mechanism to produce high assurance systems. Some of our concepts on data classification methods were used by Oracle and others in emerging commercial products at that time. During this time, I became interested in the inference and aggregation problem and was one of three pioneers on this topic (the others being Thomas Hinke at TRW and Mathew Morgenstern at SRI). The problem is as follows: how can you prevent a user from combining unclassified pieces of data and deducing classified data? The first paper I wrote on this topic “Security Checking in Relational Database Systems Augmented with Inference Engines” was published in the Computers and Security Journal. While I was at Honeywell, I collaborated with Professor Tsai and his student at the University of Minnesota and developed novel query rewriting techniques for secure query processing which addressed some aspects of the inference problem. This paper, published in the Proceedings of the IEEE Conference on Systems Sciences in January 1988, received the best paper award and we were subsequently invited to publish an enhanced version of the paper “Secure Query Processing Strategies” in the popular IEEE Computer Magazine in March 1989. My continued collaboration with them resulted in the first ever paper on secure object database systems published in the Proceedings of the 1988 National Computer Security Conference. The system was subsequently called SODA and an enhanced version was later published in Computers and Security Journal in 1989.

While my research (around 50%) at Honeywell was on data management security, I also conducted research in data analytics and artificial intelligence systems for Honeywell’s divisions (50% of my time). In particular, I developed technologies for integrating heterogeneous data dictionaries. This was a breakthrough at that time as many of the approaches only worked with homogeneous databases and dictionaries. This work was published in the Proceedings of the National Computer Conference in 1987 and transferred to Honeywell’s Residential Control Division. I was also the lead in designing a network operating system that included a distributed file system for NASA in 1987 and this work was published in a networking conference. Later in 1988, I teamed with researchers in control systems and developed an expert control system called XIMKON. This work was presented in the AAAI workshop on control systems and published as a book chapter. A version was also published in the American Control Systems Conference in 1989. The research was transferred to Honeywell's Industrial Automation Division and this gave me a lot of experience with technology transfer.

In January 1989, I joined MITRE and started working on three topics between 1989 and 1992. One is secure distributed database systems, the second is the inference problem and the third is secure object systems. In the area of distributed database systems, we developed designs of secure query processing and secure transaction processing and implemented the designs. The paper “Design and Implementation of a Distributed Query Processor” was published in the Journal of Systems and Software. The significant impact we had with this system is that it was the first such system to connect databases in Bedford, MA, McLean, VA and Fort Monmouth, NJ in 1991and the demonstration was a huge success with the Air Force, Navy, the Army and the NSA.

With respect to the inference problem, I used the techniques I had developed during my PhD and during the early 1980s and proved that the inference problem was unsolvable in 1989. This work was presented at the IEEE Computer Security Foundations Workshop which was a highly prestigious venue in 1990. Soon after, at the 1990 National Computer Security Conference in Washington DC, Dr. John Campbell of the NSA wrote in the Proceedings that 1990 was a great year for secure database research and stated something to the effect “Bhavani Thuraisingham proving that the inference problem was unsolvable was the most significant result in 1990”. Then in the early 1990s, together with the team, I designed and

52

developed the first database inference controller and distributed database inference controller. Two papers were published, one in Data and Knowledge Engineering on “Design and Implementation of a Database Inference Controller” and another in the IEEE Transactions on Knowledge and Data Engineering on “Security Constraint Processing in a Multilevel Secure Distributed Database System”. Both these papers have several citations. Following this, I wanted to develop logic for secure databases so that systems based on logical principles could be developed. Subsequently I developed a logic called NTML (Nonmonotonic Typed Multilevel Logic). It had to be nonmonotonic as one could have different information in different security worlds. The papers from this work were published in the IEEE Computer Security Foundations Workshop in 1991 and 1992, and this had a significant impact on the foundations work in secure databases that was to be carried out later. As a third approach to handling the inference problem, I used the concepts in semantic nets and conceptual graphs and developed methods for secure applications design. A paper titled “On the Use of Conceptual Structures for Handling the Inference Problem” published in IFIP Data Security Conference in 1991 is widely quoted and Dr. Thomas Hinke and his team based their research on my work. At that time, the database security community was divided about the approach to designing inference controllers. Many felt that it had to be done during database design time. However, I was perhaps one of a handful of researchers who was far thinking. I believed that a time would come where we would have the technologies to address the limitations, we had in 1990. Therefore, I felt that we needed an integrated approach to study the inference problem during query, update and database design. Some researchers from the University of Texas at that time agreed with me and published in the Proceedings of the 1991 Computer Security Applications Conference something to the effect that “Thuraisingham’s approach was correct”. Now, almost 30 years later, it is my approach that the semantic web community is pursuing, including Dr. Tim Finin and his team at the University of Maryland, Baltimore County and Sir Tim Berners Lee and his team at MIT. We are also developing inference controllers during query processing with semantic web technologies since 2005. My research on the inference problem has resulted in three US patents. These patents are widely cited in numerous other patents.

As stated earlier, the third area of focus between 1989 and 1992 was secure objects. After working on the first secure object system with the team at the University of Minnesota, I felt that we had to look at existing object models and examine security issues. My paper on SORION (which incorporated security into ORION) was published in the highly prestigious conference ACM OOPSLA. This paper is titled “Mandatory Security in Object Database System” and is widely cited. Prof. Elisa Bertino from Purdue has stated that this paper is a “must read” for anyone wanting to work in object security. This was followed by the design and implementation of a system using ObjectStore data manager and we presented the results to Ontos Corporation which was developing the first commercial secure object database system with funding from the Air Force.

Around 1992, while continuing to work in secure databases, I then started to get into a new area and that is real-time data management. This was because the Air Force had a critical need to modernize the old systems such as AWACS (Airborne Warning and Control System). Because of my strong expertise in data management, I was invited to join the team. The contributions we made here are long-lasting. We published papers in the main conferences and workshops in object real-time systems and they are widely cited. While working with the team to design and develop a main memory data manager based on objects and adapt the priority ceiling concurrency control protocol for the data manager, I was the first to introduce real-time features for Object Request Brokers. I first presented this work at the Navy’s Next Generation Standards meeting in Newport, Rhode Island in June 1994. Then, with the team, we wrote a position paper and presented it at OOPSLA 1994 workshop. I then put some of my ideas into building the infrastructure for AWACS. In August 1995, I was invited to participate in a panel at Object World in San Francisco. At the end of my talk I said, “It’s time for OMG (Object Management Group) to start a special interest group on this topic”. I was contacted by some people who attended OMG, and I gave some technical presentations to them and helped co-found the group. This was a huge breakthrough as those who were going to operationalize the prototypes, we had developed would now have standards to work with for the middleware. During this time, I also wanted to combine my work in security and real-time to build dependable systems. I presented some ideas at a Navy meeting in December 1992, and got Prof. Sang Son from the University of Virginia interested in this topic and we collaborated on a few papers.

53

Then I combined all my ideas together in a design of a dependable system and this paper was published in IEEE Transactions on Knowledge and Data Engineering in 1999 which spawned a new area of research.

Around Fall 1993, I started my research in data mining and analytics (in addition to cyber security, data management and AI) when I got involved with the Massive Digital Data Systems initiative for the Intelligence community I introduced data mining to The MITRE Corporation in September 1994 when I began my efforts leading MITRE’s research program in data management. During 1995 I was given the role of managing a department in information and data management. This was also when I expanded the data mining research at MITRE. My colleague Dr. Chris Clifton (who is now at Purdue and who was in my department) worked with me and we put together three programs in data, text and image mining. One of the projects was jointly carried out with Prof. Jeff Ullman of Stanford University. I engineered this collaboration between MITRE and Stanford which gave MITRE tremendous visibility among the major players in data mining. The two teams published a paper on Query Flocks at ACM SIGMOD which is widely cited. Although I was invited to join as a co-author, I declined as I only put my name on a paper if I have made technical contributions to that paper. At the same time, I had the MITRE team write an article on data management research at MITRE and it was published in the highly visible ACM SIGMOD Record. This article instantly put MITRE on the map as a player in data management and data mining.

In my position, by the late 1990s, I had to interact with people at many levels. These included researchers, government sponsors, and management at MITRE among others. In addition, I had my own research to do. Therefore, I felt that I had to write some books that would educate the high-level managers and government sponsors about the key concepts. Subsequently I started writing a few books on data management and data mining. That has now evolved into 15 books on data management, data mining and data security. Around the late 1990s, being at MITRE I felt that I was getting more and more removed from what industry was doing. By that time, my six years in industry at Control Data and Honeywell in the 1980s seemed so long ago. Therefore, when the IRS (Internal Revenue Service) consulting opportunity for examining software research credit arose at MITRE, I took the position without any hesitation. This gave me insights (and continues to give me insights) into what the Fortune 500 companies do and what they ought to do with respect to software. Therefore, now I have an excellent understanding of what industry is doing which is helping me a lot with my own research and technology transfer activities.

In January 2001, I felt I was ready for the big move to Washington to see what it is like to be inside the government. My plan was to go there for one year to manage the data management program, but I ended up staying for three years. I started the data and applications security program and co-founded the cyber trust theme. I started my own research in secure semantic web and data privacy and worked with the University of Milan team on XML Security. Our joint research papers were published in two prestigious journals: IEEE Transactions on Knowledge and Data Engineering on Third Party Publication of Data and in ACM Transactions on Information and Systems Security on Privacy for Trust Management. While at NSF, I also began to get a clear picture and understand the government’s needs. With this knowledge, I then joined The University of Texas at Dallas.

My task at the university was to establish a cyber security research center. While I had some start-up funds for my own research, I did not have funds to start the center. Therefore, I decided to focus on data security and data analytics since I was most familiar with these topics as they were my main areas of research. In the area of Data and Applications Security, I have focused on (a) Assured information sharing: My team in the CS department collaborates with the School of Management and Economics and Policy Sciences to develop an interdisciplinary approach for incentive-based information sharing. (b) In addition, we have also explored research issues in secure and private social networks. (c) We also developed novel privacy- preserving data mining and data integration techniques. (d) Policy management-based on semantic web technologies. (e) Data mining tools for various applications. Notable among these tools are those based on novel class detection for stream mining. In the area of Information Management, our focus has been on developing technologies for national security in multiple areas: (a) We have designed ontology alignment algorithms critical for homeland security applications, (b) developed geospatial data management and mining techniques and (c) developed data mining techniques for social media.

After 9/11, there was a huge demand for assured information sharing. Therefore, I started a project with the Air Force in 2005 on this topic. Our papers were published in several journals including the Journal of Information Security and Privacy. More importantly, I wrote the one-page paper that went into the DoD

54

MURI BAA (Department of Defense Multidisciplinary University Research Initiative Broad Agency Announcement). This resulted in a very large research project on this topic. While my team’s focus is on incentive-based information sharing, which is an interdisciplinary project between economists, management scientists, social scientists and computer scientists, my work also continued to be in policy management for semantic web and I expanded it to social networks. Our paper published in ACM SACMAT in 2009 was one of the early papers on security for social networks based on semantic web and an enhanced version of this paper has appeared in the Computers and Security Journal. This work also received the 2019 10-year Test of Time Award. One aspect of my research I am especially pleased about is the extensions of my 1990s work on the inference problem. Together with my student and colleague, we developed the first of its kind inference controller with semantic web technologies and our book on this topic was published in 2014.

In addition to policy management, information sharing and the inference problem, my research also focused on ontology alignment and data mining for various applications. In the area of ontology alignment, we used geospatial data as the applications domain. Our papers were published in the prestigious conference ACM GIS three years in a row (2007 - 2009) and a paper was published in the highly prestigious Journal of Web Semantics. In the area of data mining applications, we have made tremendous progress in developing novel techniques as well as tools. Several papers have been published including in prestigious conferences such as IEEE ICDM, ACM KDD, and ECML/PKDD as well as in ACM Transactions on Management Information Systems and IEEE Transactions on Knowledge and Data Engineering. A patent on stream mining as well as another on social network mining have been granted. A small part of my time was spent on investigating issues on dependable systems and we have a paper published in IEEE Transactions on Reliability on this topic.

Next, one of the major areas for our government sponsors is secure cloud computing. We had a fairly large project on this topic (2008-2015) and have built a secure cloud infrastructure and demonstrated the assured information sharing concept. We were one of the first to get into this area and have developed secure query processing for cloud. Papers on this topic have appeared in prestigious conferences and journals such as IEEE Cloud Computing and IEEE Transactions on Knowledge and Data Engineering. We have also developed secure storage for grids and this paper was published in IEEE Transactions on Dependable and Secure Computing. We also examined virtual machines and hypervisors such as XEN being developed at the University of Cambridge, examined security issues and brought it into our cloud infrastructure. Due to the excellent work we have done in this area, the US Air Force issued a press release on our research on their web site which has given us a lot of visibility (see http://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing) Several other articles have appeared about our work, including some internal press releases, and some comments from external organizations and agencies.

Last but not least, my recent research is on integrating data science and cyber security which is secure data science. I have consolidated my prior research on data mining for cyber security and focusing on applying big data analytics techniques to cyber security problems. In addition, I am also focusing on adversarial machine learning which considers the attacker’s behavior. I am also investigating topics such as SI Governance, AI for Good and Fairness and Bias in AI. I gave an interview as well as a featured address at the Women in Data Science (WiDS) Conference at Stanford in March 2018. I give talks on this topic to motivate women to pursue careers in cyber security and data science. Here are some of the links.

https://www.youtube.com/watch?v=xfBie2oVzkA&t=850s; https://www.youtube.com/watch?v=DKnTSUGhSNk; https://www.youtube.com/watch?v=9c2NL3WqRys.

I am very pleased with the way my research has progressed over the past 39 years. Coming from industry and government has helped me to understand real world problems and address these problems in my research. However, I have a very strong fundamental background with a B.Sc. in Mathematics and Physics from the University of Ceylon (1st class), M.Sc. in Mathematical Logic from the University of Bristol, and a PhD in Computability Theory from the University of Wales, Swansea. Therefore, I believe that to build systems that can last and be evolvable and adaptable, we need to build them with sound theoretical principles. While continuing my research at the university will be my main priority, the university spin-off company we have started will give us an opportunity to transfer our technologies into products and spur

55

job creation which is one of the challenges we are faced with today. I would also like to point out some statistics of my work as of March 2020. In Google Scholar, my publications have a total citation is around 13,000 and My H-Index is 58 and i10-Index is 230. My research has resulted in numerous awards and fellowships from IEEE and ACM, among others. More importantly it earned me the higher doctorate degree of Doctor of Engineering at the University of Bristol (ranked #23 among the world universities by the US News and World Report in 2010) for my thesis consisting of my published work on secure dependable data management. A presentation of my research in data security since 1985 Fall to 2018 Spring can be found at https://www.youtube.com/channel/UCdkdO2DUNqpqGLmeJjiXujA .

While continuing with my research in data security and analytics, since 2010 I have become more interested in cyber operations, national security and policy-related issues. I have recently published papers on cyber war and cyber operations and will be collaborating with policy specialists and publish more papers on cyber security policy together with topics such as AI Governance.

2. DISCUSSION OF MY SAMPLE PUBLICATIONS

This section consists of some of my papers that have made an impact in secure dependable data management. Much of my research over the past 35 years has been in data and applications security: Integrating data science and cyber security. I have also contributed to computability theory and data analytics. The specific sub-areas to be discussed in this Appendix are the following: (i) Multilevel Secure Data Management Systems; (ii) (ii) Semantic Web, Web Services and Security; (iii) Data Mining for Malware Detection, (iv) Data Privacy, (v) Secure Data Provenance, (vi) Secure Cloud Computing, (vii) Analyzing and Securing Social Media, (viii) Stream Data Mining (ix) Secure Data Science, (x) Data and Information management, (xi) Dependable Systems, (xii) Network Security, Biometrics and Forensics. In addition, I also discuss (xiii) my early work in computability and complexity theory, and (xiv) my recent focus on cyber operations, national security and policy. Finally, I discuss my most recent work on AI for Good, Fairness and Bias in AI as well as in AI Governance (xv).

Below I give a brief discussion about each area and then give more details in Parts I through Part XV.

INTEGRATING CYBER SECURITY AN DATA SCIENCE

(i) Multilevel Secure Data Management Systems: My research in secure dependable data management began in 1985. My initial focus was in multilevel secure database systems. In particular, I examined multilevel security for relational database systems, distributed database systems and object database systems. In addition, during this time I also conducted research on the inference problem. My research in this area has resulted in several papers and three US patents. The research was also transferred to operational programs and commercial products.

(ii) Semantic Web, Web Services and Security: In 2000, I started my research in security for semantic web and web services. First, I examined security for XML (eXtensible Markup Language) and then designed and developed inference controllers based on RDF (Resource Description Framework). In addition, I examined access control and information flow models for web services.

(iii) Data Mining (Data Science) for Malware Detection: My recent research has included designing and applying data mining techniques for malware detection. In particular, I have developed data mining tools for buffer overflow management and intrusion detection. I have also developed stream mining techniques for detecting novel classes. This research also resulted in a US patent.

(iv) Data Privacy: In the area of data privacy I published a seminal paper in 2002 in ACM SIGKDD. Since then I have been working with students and colleagues on privacy-preserving data integration as well as on access control, trust and privacy. In particular, we have developed techniques for privacy preserving association rule mining as well as privacy-preserving decision trees as well as access control models that address data privacy.

(v) Secure Data Provenance: Data provenance is about determining where the data came from and who created the data. Data provenance has played a major role in detecting misuse of the data. I have carried out data provenance research since the later 2000s. In some of the work we have examined the application of XML-based representation for data provenance and investigated access control techniques. In some other work, we have used semantic web technologies for representing and reasoning about provenance data. This work is discussed below.

56

(vi) Secure Cloud Computing: I have conducted research on secure cloud computing since the late 2000s and have published on multiple subtopics in cloud computing with students and colleagues. The US Air Force issued a press release on my research. Below I discuss the various papers I have published on this topic. I am continuing this research at Kings College - University of London by developing a logical framework for information sharing in the cloud.

(vii) Analyzing and Securing Social Media: I have also conducted research on analyzing social networks as well as securing social networks. In the area of social network analysis, together with my colleague and students, we have developed data mining tools especially for mining twitter data. In the area of securing social networks, we have developed access control models for social networks. In addition, we have investigated privacy issues. Finally, a small part of my time has been spent on complexity issues related to graph analysis. Below I will discuss my papers on this topic.

(viii) Stream Mining and Security Applications: Data is emanating from multiple sources in the form of streams. Data streams are used to represent financial data, sensor data and network data. We have developed stream mining tools since the mid-2000s. For example, we have carried out fundamental research such as novel data mining techniques and also investigated scalability issues. In addition, we have applied stream mining techniques for insider threat detection. We discuss this work below.

(ix) Secure Data Science/Machine Learning: All of the research discussed in the previous paragraphs fall into the category of secure data science. However, more recently my focus has been on adversarial machine learning, trustworthy analytics, big data for security and securing big data.

OTHER AREAS

(x) Data Analytics and Information Management: While much of my research is on integrating data science and cyber security, a part of my research is in data and information management as well as developing novel data science techniques for a variety of applications. In particular, together with colleagues and students, we have designed data analytics techniques for multimedia and geospatial applications. We have also designed techniques for web page prediction and semantic web applications. Finally, we have designed several tools for text processing.

(xi) Secure Dependable Systems: In the early 1990s, I started my research in real-time data management systems and later integrated this research with my work in secure data management. Integrating security and real-time systems was a new concept at that time. This research was transferred to Air Force programs such as AWACS (Airborne Warning and Control System).

(xii) Network Security, Biometrics, and Forensics: Some of my papers are on a variety of cyber security-related topics including network security, biometrics and digital forensics. While this is not my major research area, when students are interested in such topics, I supervise master’s thesis in these areas. However, I have also applied data mining for problems in network security.

(xiii) Computability and Complexity Theory: My early work focused on computability theory. In particular, I studied what is called system functions which generalize Turing machines and Thue systems and investigated the decision problems for such functions. I applied some of my early research to multilevel secure database systems in the 1990s. More recently together with a colleague and a student, I have carried out on the complexity of some problems in sensor networks. In addition, we have also explored rumor blocking in social networks (see Part VIII). While computability theory is not my major area of focus at present, I am still interested in exploring some interesting research areas such as the complexity of the inference and privacy problems.

(xiv) Cyber Operations, National Security, and Policy: More recently I have been studying policy-related issues for cyber security and national security as well as investigating related issues in cyber operations. I have been writing papers over the last five years on a wide range of topics with post-docs including terrorist financing, carrying out cyber war and terrorist deterrence. I am hoping to write more papers on cyber security policy as I gain more knowledge on the topic.

(xv) Artificial Intelligence for Good, Fairness and Bias in AI: Very recently I have been working in Ai for Good as well as on Fair AI and Bias in AI. Topics also include AI Governance.

57

PART I: MULTILEVEL SECURE DATA MANAGEMENT (1985 – 1997)

INTRODUCTION TO PART I

I began my research on multilevel secure data management systems in 1985 and this research continued until the mid-1990s. I describe eleven of my papers on this topic.

Secure Relational Data Management: My early research in the mid-to-late 1980s was on the design and development of a prominent system called Lock Data Views (LDV). Paper #1 (IEEE Transactions on Knowledge and Data Engineering) in this section describes the design of this system. LDV was one of the first two high assurance secure data management systems developed and was designed to meet the A1 assurance level with respect to the Orange book (that is, the Trusted Computer Systems Evaluation criteria). It’s unique in that it is designed to operate on a Lock operating system which is an A1 system and has three pipelines designed to enforce non-interference properties. The security policy was based on the Bell and LaPadula model as well as the non-interference model. Additional policies based on content and context were introduced for the first time in a multilevel environment. In addition, a multilevel relational data model was developed. We also handled the notion of polyinstantiation where multiple users can have different views of the same entity and developed a theory of multilevel relational data model. Utilizing this data model, we then developed designs of three major modules: the query processor, the update processor and the metadata manager. This paper has been widely cited and some of the ideas were adopted in the four commercial secure relational data management systems that were being developed in the late 1980s and early 1990s by Oracle, Sybase, Informix and Ingres. This was a team effort with colleagues.

Secure Query Processing: Paper #2 (IEEE Computer) describes secure query processing strategies. Essentially, I enhanced the query strategies developed by Lock Data Views and introduced ideas from the field of logic and databases. I developed query strategies based on the re-writing principles. Various types of policies were considered in the design. This paper was first submitted to the Hawaii International Conference on Systems Sciences in 1988 and won the best paper award. I was then invited to submit the journal version of the paper to IEEE Computer which has the largest audience in computer science. Then, together with my colleague at the University of Minnesota and a student, this paper was enhanced and published in IEEE Computer.

Secure Distributed Data Management: The third and fourth papers describe aspects of secure distributed database systems. In Paper #3 (Computers and Security Journal) I was the first to explore multilevel security for distributed database systems. I designed a multilevel data model, query processing strategies and transaction management strategies. This paper resulted in several research directions including the algorithms I designed for both query and transaction management. One such algorithm and implementation carried out together with a colleague at MITRE, is reported in Paper #4 (Journal of Systems and Software). In particular, we developed a system that enforced multilevel security for query processing in a distributed environment. We demonstrated the system by connecting secure data management systems in Bedford, MA, McLean, VA and Fort Monmouth, NJ in 1991. Such an integration was novel at that time and the research was transferred to Army’s maneuver control systems.

Secure Object Data Management: The next two papers (Paper #5 and #6) describe my work in multilevel secure object database systems. Paper #5 (ACM OOPSLA) describes a widely cited secure model for object database systems. This paper describes several security properties for the object model. Then these policies were incorporated into the design of the system and published in Paper #6 (Journal of Object-Oriented Programming). Subsequently together with a colleague at MITRE, we developed proof of concept demonstrations of the design using the Object Store data management system in 1992. This research had an impact on several secure object data management systems’ research and development efforts by others. In addition, we also transferred the research to a system developed by Ontos Corporation.

Foundations of the Inference Problem: The next four papers describe my work on the inference problem. I have been commended for this work from researchers as well as government sponsors. In Paper #7 (Computer Security Foundations Workshop), I was the first to prove that the inference problem was unsolvable and presented it at the 3rd IEEE Computer Security Foundations Workshop. The paper did not appear in the proceedings as the paper was not publicly released in time for the workshop. This research was also quoted by Dr. John Campbell of the National Security Agency as the most significant research in

58

secure data management system in 1990. His quote appeared in the Proceedings of the 1990 National Computer Security Conference.

Inference Controllers: Once I proved that the inference problem was unsolvable, then I designed a database inference controller that handled policies during query, update and databases operations. Together with colleagues at MITRE, my design was implemented and published in Paper #8 (Data and Knowledge Engineering Journal). This was the first inference controller to be developed and a patent was obtained. Our integrated inference controller processed some policies during database query, some policies during database updates and some policies during database design and this concept was novel at that time. Then in Paper #9 (IEEE Transactions on Knowledge and Data Engineering), I designed algorithms for extending the inference controller design to a distributed environment and that resulted in the first distributed inference controller. Together with a colleague, this design was implemented. In this system users could pose queries from multiple sites, but the system would examine the policies across all the sites and only give out information that the user was authorized to know. The inference controllers were distributed and communicated with each other to process queries and updates.

Designing Secure Applications: In Paper #10 (IFIP Data Security Conference), I looked at the inference from a different angle. Here I tried to handle the problem when the application was designed. I used conceptual structures (e.g., semantic nets and conceptual graphs) to model the applications. Policies were taken into consideration during the modeling phase. Then the reasoners used by semantic nets and conceptual graphs were applied to reason about the application and detect potential security violations. This was a novel idea at that time and spawned many avenues for subsequent research. Also, as a back end to this reasoner, I designed an expert system for inference control. The implementation of this system was carried out with a colleague at MITRE and a US patent was obtained on the system.

Logic for Secure Databases: Finally, in Paper #11 (Computer Security Foundations Workshop) I applied the theory of logic and databases to multilevel databases. Since first order logic did not handle non-monotonic reasoning and since non-monotonic logics at that time did not reason across security levels, I developed a logic called NTML (Non-monotonic Typed Multilevel Logic) and subsequently designed a multilevel logic database system. The significance of this work is that the logical reasoner can be used to process queries and control unauthorized inferences. A US patent was obtained on this system.

SAMPLE PAPERS FOR PART I

1. Design of LDV - A Multilevel Secure Relational Database Management System, June 1990, IEEE Transactions on Knowledge and Data Engineering, Vol. 2, No. 2, June 1990, (co-author: P. Stachour).

2. Secure Query Processing Strategies, IEEE Computer, March 1989, Vol. 22, No. 3, (invited paper - coauthors: T. F. Keefe and W. T. Tsai).

3. Multilevel Security Issues in Distributed Database Management Systems – II, Computers and Security Journal (Elsevier), Volume 10, #8, December 1991.

4. Design and Implementation of a Query Processor for a Trusted Distributed Database Management Systems, April 1993, Journal of Systems and Software (North Holland), Vol. 21, #1 (co-author: Harvey Rubinovitz).

5. Mandatory Security in Object-Oriented Database Systems, October 1989, Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (ACM OOPSLA) Conference, New Orleans, LA.

6. Towards the Design of a Multilevel Secure Object-Oriented Database Management System, Journal of Object-Oriented Programming, Vol. 8, No. 3, p. 42 – 49, June 1995.

7. Recursion Theoretic Properties of the Inference Problem in Database Security, June 1990, presented at the 3rd IEEE Workshop on Foundations of Computer Security, Franconia, NH (public release was not obtained in time for proceedings; printed as MITRE Paper M291, May 1990).

8. Design and Implementation of a Database Inference Controller, December 1993, Data and Knowledge Engineering Journal (North Holland), Vol. 11, No. 3, p. 271 - 297 (co-authors: W. Ford, M. Collins, J. O'Keeffe); (Article reprinted by the MITRE Journal, 1994).

59

9. Security Constraint Processing in a Multilevel Secure Distributed Database Management System, IEEE Transactions on Knowledge and Data Engineering, April 1995 (coauthor: W. Ford).

10. The Use of Conceptual Structures to Handle the Inference Problem, November 1991, Proceedings of the 5th IFIP WG 11.3 Conference on Database Security, p. 333-362, Shepherdstown, VA. (Also, published by North Holland, 1992, Database Security V: Status and Prospects, p. 333 - 362).

11. A Nonmonotonic Typed Multilevel Logic for Multilevel Database Management Systems, June 1991, Proceedings of the 4th IEEE Computer Security Foundations Workshop, Franconia, NH.

PART II: XML, SEMANTIC WEB, AND WEB SERVICES SECURITY (2001 – PRESENT)

INTRODUCTION TO PART III

I began my research on XML Security in December 1998 when I visited the University of Milan research group to exchange ideas. I initiated a research project with this group led by Prof. Bertino on securing XML documents. Two students worked on the project, one on access control and authentic publication of XML documents and the other on privacy and trust for XML documents. Subsequently when I joined NSF in October 2001, I continued with my research on securing the secure semantic web by exploring all layers of the semantic web technology stack. That same month I participated in an NSF-EU workshop at Sophia Antipolis and gave a presentation on securing semantic web technologies. This was the first such presentation on the topic. My papers on this topic are described next.

XML Security: Paper #1 (IEEE Transactions on Knowledge and Data Engineering) describes my research with the University of Milan group on XML security. We developed an approach for controlling access to XML documents as well as to securely publish XML documents at the third-party site. We focused on authenticity and completeness of the query responses. This approach has been recommended for secure data outsourcing.

Semantic Web and RDF Security: Paper #2 (Computer Standards and Interface Journal) describes the various security standards for semantic web. It describes XML security, RDF security and security for ontologies. Then I started focusing on securing RDF. My work on RDF security was novel at that time and I collaborated with professors at the University of Insubria and together we developed security architecture for RDF documents. This research was published in Paper #3 (DEXA conference workshop). Paper #4 (IFIPTM) continues with RDF security. In this paper, together with students I jointly supervised with another professor at The University of Texas at Dallas, instead of explicitly coming up with access control for RDF documents, we use the Reification principle already in RDF to control access to various parts of the document. For example, we can make reification statements of an RDF document such as “John has access to the RDF document”. This way we can use the reasoning capabilities in RDF. We have also integrated RBAC and RDF and presented the results at ACM SACMAT 2008 which received the ACM SACMAT Test of Time Award in 2018 (Paper #5).

Secure Semantic Geospatial Data Management: I also expanded into the geospatial domain and started focusing on developing a secure geospatial semantic web with students and a professor at The University of Texas at Dallas. One major obstacle back in 2005 was that there were no standards for geospatial semantic web. Therefore, we designed and developed GRDF (geospatial RDF) and Secure GRDF. This was a significant contribution. We presented this research in the IEEE International Conference on Data Engineering workshop and we were then invited to submit a paper to the special issue of Computer Standards and Interface Journal. Our results are published in Paper #6 (Computer Standards and Interface Journal).

Secure Web Services: Paper #7 (IEEE International Conference on Web Services) describes my research in secure web services which was carried out with a colleague and a student. We noted that much of the work on secure web services was in access control. Therefore, we focused on other aspects and developed new security models for web services. In particular, we have developed delegation-based models for web services as well as information flow models. We have combined both these models into a unique model. We have also designed and implemented a system that utilizes the models. We were the first to introduce such an integrated model into secure web services.

60

Semantic Web-based Inference Control: Papers #8 and 9 (IFIP Data and Applications Security, IEEE IRI) makes a significant contribution to the inference problem. Back in the early 1990s, I designed an inference controller. That database was a relational database and policies were specified as rules in datalog. However, now with semantic web, one can use Jena for the RDF engine and Pellet as the reasoner. Furthermore, both data and policies can be uniformly represented in RDF. Together with a student and a professor at The University of Texas at Dallas, we designed and developed a semantic web-based inference controller.

Assured Information Sharing: While continuing to conduct research on securing XML, RDF and ontologies, I also focused on application areas to apply secure semantic web technologies. One application where I have contributed significantly is in assured information sharing. For example, in Paper #10, (International Journal of Information Security and Privacy) I utilized semantic web technologies for Assured Information Sharing applications. Together with a student and a professor at The University of Texas at Dallas, we were the first to design and develop an assured information sharing system using XACML-based policies enforced across organizations. This research focused on sharing information while at the same time ensuring that appropriate policies are enforced. We have also conducted research on RDF-based policy specification and information sharing in the cloud. This work will be discussed under secure cloud computing.

SAMPLE PAPERS FOR PART II 1. Selective and Authentic Third-Party Publication of XML Documents, IEEE Transactions on

Knowledge and Data Engineering, Vol. 16, No. 10, 2004 (co-author: E. Bertino et al). 2. Using RDF for Policy Specification and Enforcement, Proceedings of the IEEE DEXA Workshop

on Web Semantics, Spain, August 2004 (co-authors: B. Carminati, E. Ferrari). 3. Security Standards for Semantic Web, Computer Standards and Interface Journal, March 2005,

Vol. 27 (North Holland). 4. A Relational Wrapper for RDF Reification, Third IFIP WG 11.11 International Conference on

Trust Management (IFIPTM), West Lafayette, USA, June 15-19, 2009, (co-authors: S. Ramanujam, A. Gupta, L. Khan, and S. Seida).

5. ROWLBAC - Representing Role Based Access Control in OWL, Proceedings ACM SACMAT June 2008, Colorado, (co-authors: T. Finin, L Kagal et al).

6. Geospatial Resource Description Framework (GRDF) and Security Constructs, Computer Standards and Interfaces Journal, 2010 (special issue from IEEE ICDE conference workshop) (co-authors: A. Alam et al).

7. The SCIFC Model for Information Flow Control in Web Service Composition IEEE ICWS 2009 (co-authors: W. She, I. Yen, E. Bertino).

8. Scalable and Efficient Reasoning for Enforcing Role-Based Access Control, Proceedings of IFIP 11.3, Rome, Italy, June 2010 (co-authors: T. Cadenhead, M. Kantarcioglu, and B. Thuraisingham)

9. Bhavani Thuraisingham, Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav Khadilkar: Design and Implementation of a Semantic Web-Based Inference Controller: A Summary. IRI 2015: 451-456

10. Design and Implementation of a Framework for Assured Information Sharing Across Organizational Boundaries, International Journal of Information Security and Privacy, Vol. 2, No. 4, 2008. (co-authors: Y. Harsha Kumar et al).

PART III: DATA MINING/ANALYTICS FOR MALWARE DETECTION (2004 – PRESENT)

INTRODUCTION TO PART III

I gave several keynote presentations on Data Mining, Security, Privacy and Civil Liberties starting in 1996 and wrote a position paper while at NSF that resulted in significant emphasis on privacy research. However, I also continued with data mining for security applications research both for national security and cyber security. When I joined The University of Texas at Dallas, I collaborated with a professor and students and together we designed and developed a number of data mining algorithms for malware detection. We have also developed a data mining toolkit based on our algorithm.

Data Mining for Intrusion Detection: Our initial focus was on applying data mining for intrusion detection. We applied various data mining techniques based on Support Vector Machines (SVM) as well

61

as developed a novel technique called dynamical growing self-organizing tree (DGSOT) and compared the results to the work of others. This research was published in Paper #1 that appeared in the prestigious Very Large Database Journal. We also included this paper as part of a book that we published in 2009 on the Design and Implementation of Data Mining Tools.

Data Mining for Malware Detection: We then started a focused research program on data mining applications in cyber security funded by the Air Force. This work is discussed in Papers #2 through #8. In Paper #2 (ICC), we developed a hybrid model that examined both byte code and assembly code for detecting malicious code. This was a novel approach at that time. Then in Paper #3 (Information Systems Frontiers), we developed scalable solutions to feature extraction for detecting buffer overflow as well as malicious executables. Other papers in this category discuss tools for botnet detection.

Active Defense: While the results in Papers #1 through #8 focus on defensive detection mechanisms, the challenge we face now is that the malicious code will change its patterns, thereby making it very difficult to detect. Therefore, we have developed a breakthrough approach to be able to detect the malicious code before the virus is detected. Our results are published in Paper #9 (Computer Standards Journal).

Novel Applications and Scalability Issues: In Paper #10, we demonstrate that statistical mining techniques are prone to attacks that lead to random smartphone malware behavior. We show that with randomized profiles, statistical mining techniques can be easily foiled. In Paper #11, we address the challenges of determining and detecting unauthorized access to data stored in MapReduce based cloud environments. To this end, we introduce alarm raising honeypots distributed over the data that are not accessed by the authorized MapReduce jobs, but only by the attackers and/or unauthorized users. Finally, in Paper #12, we describe a novel, generic real-time distributed anomaly detection framework for multi-source stream data. As a case study, we investigate anomaly detection for a multi-source VMware-based cloud data center, which maintains a large number of virtual machines (VMs). This framework continuously monitors VMware performance stream data related to CPU statistics (e.g., load and usage. A semi-supervised clustering technique is used to build a model from benign training data. During testing, if a data instance deviates significantly from the model, then it is flagged as an anomaly.

SAMPLE PAPERS FOR PART III 1. A New Intrusion Detection System using Support Vector Machines and Hierarchical Clustering,

VLDB Journal, Vol. 16, 2007 (co-author: M. Awad et al). 2. A Hybrid Model to Detect Malicious Executables, Proceedings ICC 2007 (co-authors: M. Masud,

L. Khan). 3. Feature Based Techniques for Auto-Detection of Novel Email Worms, PAKDD 2007: 205-216,

(co-authors: Mohammad M. Masud, Latifur Khan). 4. E-Mail Worm Detection Using Data Mining. IJISP 1(4):47-61, 2007 (co-authors: Mohammad M.

Masud, Latifur Khan) 5. Detecting Remote Exploits Using Data Mining, IFIP Int. Conf. Digital Forensics 2008: 177-189,

(co-authors: Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham, Xinran Wang, Peng Liu, Sencun Zhu) Flow-based identification of botnet traffic by mining multiple log files, First International Conference on Distributed Framework and Applications, 2008 (co-authors: Mohammad M Masud, Tahseen Al-Khateeb, Latifur Khan, Bhavani Thuraisingham, Kevin W Hamlen.

6. A Scalable Multi-Level Feature Extraction Technique to Detect Malicious Executables, Information Systems Frontiers, Vol. 10, No. 1, p.33-45, March 2008 (co-authors: M. Masud, L. Khan).

7. Peer to peer botnet detection for cyber-security: a data mining approach Proceedings of the 4th annual workshop on Cyber security and information intelligence research 2008 (co-authors: Mohammad M Masud, Jing Gao, Latifur Khan, Jiawei Han, Bhavani Thuraisingham)

8. Exploiting an Antivirus Interface, Computer Standards and Interface Journal, Vol. 31, No.6, p. 1182-1189,(2009) (co-authors: K. Hameln, V. Mohan, M. Masud, L. Khan).

9. Randomizing Smartphone Malware Profiles Against Statistical Mining Techniques, DBSec 2012: 239-254 (co-authors: Abhijith Shastry, Murat Kantarcioglu, Yan Zhou)

10. Honeypot based unauthorized data access detection in MapReduce systems, ISI 2015: 126-131 (co-authors: Huseyin Ulusoy, Murat Kantarcioglu, Latifur Khan)

62

11. Online Anomaly Detection for Multi-source VMware Using a Distributed Streaming Framework, Software: Practice and Experience, DOI: 10.1002/spe.2390, 2016 (co-author: M. Solaimani et al)

PART IV: DATA PRIVACY (1998 – 2015)

INTRODUCTION TO PART IV

In the area of data privacy, I published a seminal paper in 2002 in ACM SIGKDD. Since then I have been working with students and colleagues on privacy-preserving data integration as well as on access control, trust and privacy. In particular, we have developed techniques for privacy-preserving association rule mining as well as privacy-preserving decision trees. We have also developed access control models that address data privacy.

General Issues: My interest in data privacy began in 1996 when I started working in data mining for security applications. I discussed the problems that could occur due to data mining in my book published in 1998 on Data Mining: Technologies, Tools, Techniques and Trends. However, it was not until 2001 and after 9/11 that interest in data privacy research began. I wrote a seminal paper on this topic for SIGKDD that was published in 2002 and listed as Paper #1.

Privacy-preserving Data Mining and Integration: I then carried out a survey of privacy-preserving data mining published in 2005 and listed as Paper #2. Some specific techniques for privacy-preservation are discussed in Papers #3, #4 and #5. For example, Papers #3 and #4 describe my work with my colleague and student on enhanced privacy-preserving techniques based on the perturbation methods as well as on privacy-preserving decision tree. In Paper #5 we discuss the privacy violations that result due to data integration and describe a technique to handle that problem.

Privacy with Access Control and Trust: Privacy together with access control and/or trust management are discussed in Papers #6, #7 and #8. Paper #6 discussed access control as well as privacy for video surveillance. Paper #7 describes privacy problems that could occur due to the specification of trust policies. In particular, we developed a security model, privacy-enhanced trust management algorithms and a proof of concept prototype of the algorithms. Paper #8 describes privacy preserving access control in the cloud. An overview of the papers is provided below.

SAMPLE PAPERS FOR PART IV 1. Data Mining, National Security, Privacy and Civil Liberties, SIGKDD Explorations 4(2): 1-5

(2002) 2. Privacy-Preserving Data Mining: Development and Directions, Journal of Database Management

16(1): 75-87 (2005) 3. The applicability of the perturbation based privacy preserving data mining for real-world

data, Data Knowl. Eng. 65(1): 5-21 (2008) (co-authors: Li Liu, Murat Kantarcioglu) 4. Privacy Preserving Decision Tree Mining from Perturbed Data, HICSS 2009: 1-10, (co-authors:

Li Liu, Murat Kantarcioglu) A Generalized Approach for Social Network Integration and Analysis with Privacy Preservation, Studies in Big Data, Vol. 1, 2014, p. 259 – 280, Springer, 2014 (co-author: C. Yang) (Editor: Wesley Chu)

5. Access control, confidentiality and privacy for video surveillance databases, SACMAT 2006: 1-10, (co-authors: , Gal Lavee, Elisa Bertino, Jianping Fan, Latifur Khan)

6. PP-trust-X: A system for privacy preserving trust negotiations. ACM Trans. Inf. Syst. Secur. 10(3) (2007) (co-authors: Anna Cinzia Squicciarini, Elisa Bertino, Elena Ferrari, Federica Paci)

7. Towards privacy preserving access control in the cloud, CollaborateCom 2011: 172-180 (co-authors: Mohamed Nabeel, Elisa Bertino, Murat Kantarcioglu, Bhavani M. Thuraisingham)

PART V: SECURE DATA PROVENANCE (2008 – 2016)

INTRODUCTION TO PART V

Data provenance is about determining where the data came from and who created the data. Data provenance has played a major role in detecting misuse of the data. I have carried out data provenance research since the late 2000s. In some of the work we have examined the application of XML-based

63

representation for data provenance and investigated access control techniques. In some other work, we have used semantic web technologies for representing and reasoning about provenance data.

General Aspects of Data provenance: We are conducting research on developing a framework consisting of theoretical foundations, models, mechanisms and architectures that allow applications to benefit from privacy-enhanced and secure use of data provenance in a modular fashion. In particular, we are developing a provenance life cycle that consists of collecting provenance data, securing provenance data and manipulating provenance data. We also address the use of provenance data in detecting malicious activities. We described a roadmap in Paper #1.

Semantic Web for Representing and Reasoning about Data Provenance: Much of our research is on integrating semantic web technologies with data provenance. For example, in Paper #2 we discuss data provenance for service-oriented systems. Paper #3 introduces the representation of provenance data in RDF. We provide some details on access control for provenance data as well as a language as well as framework in Papers #4, #5, and #6. Paper #7 describes a semantic web-based inference controller. In particular we discuss the design and implementation of a prototype inference controller that operates over a provenance graph and protects important provenance information from unauthorized users. Papers #4 through #7 have been included in our book on Secure Data Provenance and Inference Control with Semantic Web published in 2014. Finally, in Paper #8 we propose a tagging mechanism to track the flow of sensitive or valuable information in a provenance graph and automate the process of document classification. SAMPLE PAPERS FOR PART V

1. A roadmap for privacy-enhanced secure data provenance, J. Intell. Inf. Syst. 43(3): 481-501 (2014) (co-authors: Elisa Bertino, Gabriel Ghinita, Murat Kantarcioglu, Dang Nguyen, Jae Park, Ravi S. Sandhu, Salmin Sultana, Shouhuai Xu)

2. Role-based integrated access control and data provenance for SOA based net-centric systems, SOSE 2011: 225-234 (co-authors: Wei She, I-Ling Yen, Farokh B. Bastani, Bao N. Tran)

3. Relationalization of provenance data in complex RDF reification nodes, Electronic Commerce Research 10(3-4): 389-421 (2010) (co-authors: Sunitha Ramanujam, Anubha Gupta, Latifur Khan, Steven Seida)

4. Transforming provenance using redaction. SACMAT 2011: 93-102 (co-authors: Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu)

5. A Framework for Policies over Provenance, TaPP 2011 (co-authors: Tyrone Cadenhead, Murat Kantarcioglu)

6. A language for provenance access control, CODASPY 2011: 133-144 (co-authors: Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu)

7. Design and Implementation of a Semantic Web-Based Inference Controller: A Summary, IRI 2015: 451-456 (co-authors: Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav Khadilkar)

8. Tag-based Information Flow Analysis for Document Classification in Prove-nance, TaPP 2012 (co-authors: Jyothsna Rachapalli, Murat Kantarcioglu)

PART VI: SECURE CLOUD COMPUTING (2008 – 2018)

INTRODUCTION TO PART VI

I have been conducting research on secure cloud computing since the late 2000s and have published on multiple subtopics in cloud computing. The US Air Force issued a press release on my research. Below I discuss the various papers I have published on this topic. I am continuing this research at Kings College - University of London.

Secure Cloud Computing Issues: In Paper #1 (International Journal of Information Security and Privacy) I have described for secure cloud computing which consists of a virtual machine layer, storage layer and data layer. This is followed by a discussion on the techniques designed for the various layers of the framework. Paper #2 is on services-based computing for the cloud and describes information flow control techniques.

64

Secure Cloud Query Processing: Much of my work on secure cloud has been on secure query processing. This work is discussed in Papers #3, #4, #5, and #6. In particular, we discuss strategies for secure query processing in the cloud with relational data as well as semantic web data. In addition, we also discuss assured information sharing in a cloud where the members store the data and policies in the cloud and use our query processing systems to share the data.

Secure Cloud Data Storage and Related Issues: I have also conducted research on some other aspects of secure cloud. For example, in Paper #7 we discuss how data can be partitioned in secure hybrid cloud. Finally, in Paper #8 we discuss how mobile computing, cloud computing and security can be integrated with financial applications as an example. SAMPLE PAPERS FOR PART VI

1. Security Issues for Cloud Computing, IJISP 4(2): 36-48 (2010) (co-authors: Kevin W. Hamlen, Murat Kantarcioglu, Latifur Khan)

2. Rule-Based Run-Time Information Flow Control in Service Cloud, ICWS 2011: 524-531 (co-authors: Wei She, I-Ling Yen, San-Yih Huang)

3. Secure data storage and retrieval in the cloud, CollaborateCom 2010: 1-8 (co-authors: Vaibhav Khadilkar, Anuj Gupta, Murat Kantarcioglu, Latifur Khan)

4. Scalable Complex Query Processing over Large Semantic Web Data Using Cloud, IEEE CLOUD 2011: 187-194 (co-authors: Mohammad Farhan Husain, James P. McGlothlin,

Latifur Khan) 5. A Token-Based Access Control System for RDF Data in the Clouds, CloudCom 2010: 104-

111 (co-authors: Arindam Khaled, Mohammad Farhan Husain, Latifur Khan, Kevin W. Hamlen)

6. Design and Implementation of a Cloud-Based Assured Information Sharing System, MMM-ACNS 2012: 36-50 (co-authors: Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav Khadilkar)

7. Risk-Aware Workload Distribution in Hybrid Clouds, IEEE CLOUD 2012: 229-236 (co-authors: Kerim Yasin Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra)

8. Proactive Attribute-based Secure Data Schema for Mobile Cloud in Financial Industry, HPCC/CSS/ICESS 2015: 1332-1337 (co-authors: Keke Gai, Meikang Qiu, Lixin Tao

PART VII: ANALYZING AND SECURING SOCIAL MEDIA (2007 – Present)

INTRODUCTION TO PART VII

I have been conducting research on analyzing social networks as well as securing social networks. In the area of social network analysis, together with my colleague and students, we have developed data mining tools especially for mining twitter data. In the area of securing social networks, we have developed access control models for social networks. In addition, we have also investigated privacy issues. Finally, a small part of my time has been spent on complexity issues related to graph analysis. Below I will discuss my papers on this topic.

Analyzing Social Networks: Our focus here is mainly on extracting demographics such as location for social networks. We have a patent on this research. Because of privacy and security reasons, most of the people on social networking sites like Twitter are unwilling to specify their locations in the profiles. We have developed novel algorithms for extracting location (Papers #1, # 2, #3). For example, we have developed a completely novel approach, Tweeque which is a spatio-temporal mining algorithm that predicts the current location of the user purely on the basis of his social network. The algorithm goes beyond the previous approaches by linking geospatial proximity to friendship and understanding the social phenomenon of migration. The algorithm then performs graph partitioning for identifying social groups allowing us to implicitly consider time as a factor for prediction of a user's most current city location. We have also carried out research on social media for bioterrorism applications (Papers #4, #5, and #6)

65

Security and Privacy for Social Networks: Another significant contribution I have made is applying secure semantic web technologies for the security and privacy of social networks. Together with a colleague and student at The University of Texas at Dallas, as well as with colleagues at the University of Insubria, we developed both an access control model and privacy model for social networks, represented the policies in RDF and OWL and then used RDF and OWL data managers and reasoners to reason about the policies. This work was published in Paper #7. In addition, we have also investigated the privacy violations that could occur through mining social networks. This work is discussed in Paper #8.

Complexity Issues in Social Networks: In addition to security and privacy for social networks as well as social network analysis, we have also explored some complexity issues in social networks. In particular, we have developed algorithms for rumor blocking. This work is discussed in Papers #9 and #10. For example, we have developed a new model which attaches importance to an individual’s interest including friends’ influence.

SAMPLE PAPERS FOR PART VII

1. Tweecalization: Efficient and intelligent location mining in twitter using semi-supervised learning, CollaborateCom 2012: 514-523 (co-authors: Satyen Abrol, Latifur Khan)

2. Tweeque: Spatio-Temporal Analysis of Social Networks for Location Mining Using Graph Partitioning, Social Informatics 2012: 145-148 (co-authors: Satyen Abrol, Latifur Khan)

3. Real-Time Stream Data Analytics for Multi-purpose Social Media Applications, IRI 2015: 25-30 (co-authors: Satyen Abrol, Gunasekar Rajasekar, Latifur Khan, Vaibhav Khadilkar, Siddarth Nagarajan Nathan McDaniel, Gautam Ganesh)

4. Enforcing Honesty in Assured Information Sharing Within a Distributed System, DBSec 2007: 113-128 (co-authors: Ryan Layfield, Murat Kantarcioglu)

5. On the mitigation of bioterrorism through game theory, ISI 2009: 1-6 (co-authors: Ryan Layfield, Murat Kantarcioglu)

6. Simulating bioterrorism through epidemiology approximation, ISI 2008: 82-87 (co-authors: Ryan Layfield, Murat Kantarcioglu)

7. A semantic web based framework for social network access control, SACMAT 2009: 177-186 (co-authors: Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu)

8. Preventing Private Information Inference Attacks on Social Networks, IEEE Trans. Knowl. Data Eng. 25(8): 1849-1862 (2013) (co-authors: Raymond Heatherly, Murat Kantarcioglu)

9. Least Cost Rumor Blocking in Social Networks, ICDCS 2013: 540-549 (co-authors: Lidan Fan, Zaixin Lu, Weili Wu, Huan Ma, Yuanjun Bi)

10. An individual-based model of information diffusion combining friends' influence, J. Comb. Optim. 28(3): 529-539 (2014) (co-authors: Lidan Fan, Zaixin Lu, Weili Wu, Yuanjun Bi, Ailian Wang)

PART VIII: STREAM DATA ANALYTICS AND APPLICATIONS (2008 – PRESENT)

INTRODUCTION TO PART VIII

Data is emanating from multiple sources in the form of streams. Data streams are used to represent financial data, sensor data and network data. We have developed stream mining tools since the mid-2000s. For example, we have carried out fundamental research such as novel data mining techniques as well as investigated scalability issues. In addition, we have also applied stream mining techniques for insider threat detection. We discuss this work below.

Stream Mining and Novel Class Detection: I began my research in stream data mining when we received a grant from NASA together with researchers at the University of Illinois at Urbana Champaign to develop data mining tools for fault detection. We have developed novel stream mining techniques for classifying data streams. Our approach is based on examining multiple and hierarchical chunks of data. Also, with previous approaches, new faults cannot be detected. Therefore, we have come up with a breakthrough technique where novel classes can be detected with high accuracy. The results are published in Papers #1, #2, #3, and #4. We also have a patent on stream mining.

Evolving Data Streams and Scalability Issues: Stream mining is extremely computationally intensive, therefore Papers #5, #6, #7 and #8 focus on scalability issues so that we can apply them for cyber security.

66

For example, the concepts and features tend to evolve throughout the stream. Traditional data mining techniques are not sufficient to address these challenges. We have designed techniques such as a multi-tiered ensemble-based method to address the challenges to label instances in an evolving Big Data Stream. To address the scalability issues in case of classifying big data streams, we develop approaches to build these large number of AdaBoost ensembles using MapReduce-based parallelism. We compare each of these approaches from different aspects of design.

Stream Mining for Insider Threat Detection: We apply our stream mining techniques for insider threat applications. This work is discussed in Papers #9, #10, #11, #12, #13. We argue that evidence of malicious insider activity is often buried within large data streams, such as system logs accumulated over months or years. Ensemble-based stream mining leverages multiple classification models to achieve highly accurate anomaly detection in such streams even when the stream is unbounded, evolving, and unlabeled. This makes the approach effective for identifying insider threats who attempt to conceal their activities by varying their behaviors over time. We apply ensemble-based stream mining, unsupervised learning, and graph-based anomaly detection to the problem of insider threat detection, demonstrating that the ensemble-based approach is significantly more effective than traditional single-model methods. SAMPLE PAPERS FOR PART VIII

1. A Practical Approach to Classify Evolving Data Streams: Training with Limited Amount of Labeled Data, ICDM 2008 (co-authors: M. Masud, J. Gao, L. Kahn, J. Han).

2. Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints, IEEE Trans. Knowl. Data Eng. 23(6): 859-874 (2011) (co-authors: Mohammad M. Masud, Jing Gao, Latifur Khan, Jiawei Han)

3. Cloud-based malware detection for evolving data streams, ACM Trans. Management Inf. Syst. 2(3): 16 (2011) (co-authors: Mohammad M. Masud, Tahseen Al-Khateeb, Kevin W. Hamlen, Jing Gao, Latifur Khan, Jiawei Han)

4. Stream Classification with Recurring and Novel Class Detection Using Class-Based Ensemble, ICDM 2012: 31-40 (co-authors: Tahseen Al-Khateeb, Mohammad M. Masud, Latifur Khan, Charu C. Aggarwal, Jiawei Han)

5. Behavioral sequence prediction for evolving data stream, IRI 2013: 482-488 (co-authors: Sheikh M. Qumruzzaman, Latifur Khan)

6. MapReduce-guided scalable compressed dictionary construction for evolving repetitive sequence streams, CollaborateCom 2013: 345-352 (co-authors: Pallabi Parveen, Pratik Desai, Latifur Khan)

7. Cloud Guided Stream Classification Using Class-Based Ensemble, IEEE CLOUD 2012: 694-701 (co-authors: Tahseen Al-Khateeb, Mohammad M. Masud, Latifur Khan)

8. Evolving Big Data Stream Classification with MapReduce, IEEE CLOUD 2014: 570-577 (co-authors: Ahsanul Haque, Brandon Parker, Latifur Khan)

9. Stream Mining Using Statistical Relational Learning, ICDM 2014: 743-748 (co-authors: Swarup Chandra, Justin Sahs, Latifur Khan, Charu C. Aggarwal)

10. Insider Threat Detection Using Stream Mining and Graph Mining, SocialCom/PASSAT 2011: 1102-1110 (co-authors: Pallabi Parveen, Jonathan Evans, Kevin W. Hamlen, Latifur Khan)

11. Supervised Learning for Insider Threat Detection Using Stream Mining, ICTAI 2011: 1032-1039 (co-authors: Pallabi Parveen, Zackary R. Weger, Kevin W. Hamlen, Latifur Khan)

12. Unsupervised Ensemble Based Learning for Insider Threat Detection, SocialCom/PASSAT 2012: 718-727 (co-authors: Pallabi Parveen, Nate McDaniel, Varun S. Hariharan, Latifur Khan)

13. Evolving Insider Threat Detection Stream Mining Perspective, International Journal on Artificial Intelligence Tools 22(5) (2013) (co-authors: Pallabi Parveen, Nathan McDaniel, Zackary R. Weger, Jonathan Evans, Kevin W. Hamlen, Latifur Khan)

67

PART IX: SECURE DATA SCIENCE / MACHINE LEARNING (2010 – PRESENT)

INTRODUCTION TO PART IX

While much of my research discussed in parts I – IX has been on combining cyber security and data management/analytics, with the advent of big data and adversarial machine learning my current research is on what I call secure data science. It integrates cyber security and data science with could computing for securing large data sets as well as to detect malware This research is evolving and together with the team I have made some research contributions and published papers in top tier venues (papers 1 – 5).

Adversarial Machine Learning: Many learning tasks such as spam filtering and credit card fraud detection face an active adversary that tries to avoid detection. For learning problems that deal with an active adversary, it is important to model the adversary's attack strategy and develop robust learning models to mitigate the attack. These are the two objectives of this paper. We consider two attack models: a free-range attack model that permits arbitrary data corruption and a restrained attack model that anticipates more realistic attacks that a reasonable adversary would devise under penalties. We then develop optimal SVM learning strategies against the two attack models. The learning algorithms minimize the hinge loss while assuming the adversary is modifying data to maximize the loss. Experiments are performed on both artificial and real data sets. (Papers 1, 2).

Trustworthy Analytics: Protection of data privacy and prevention of unwarranted information disclosure is an enduring challenge in cloud computing when data analytics is performed on an untrusted third-party resource. Recent advances in trusted processor technology, such as Intel SGX, have rejuvenated the efforts of performing data analytics on a shared platform where data security and trustworthiness of computations are ensured by the hardware. However, a powerful adversary may still be able to infer private information in this setting from side channels such as cache access, CPU usage and other timing channels, thereby threatening data and user privacy. Our research addresses this challenge. (Paper 3)

Big Data Analytics for Security: Novel class detection is an important part of data stream mining. A novel class is a newly emerged class that has not previously been modeled by the classifier over the input stream and has applications in cyber security. Our research is on deep embedding for novel class detection - a novel approach that combines feature learning using denoising autoencoding with novel class detection. A denoising autoencoder is a neural network with hidden layers aiming to reconstruct the input vector from a corrupted version (Paper 4)

Security and Privacy for Big Data: Smart industrial control systems fall into the category of Internet of Things (IoT). However, in many cases, the data transmitted by such IoT devices includes sensitive information and users are faced with an all-or-nothing choice: either they adopt the proposed services and release their private data, or refrain from using services which could be beneficial but pose significant privacy risks. We have developed a general framework, whereby users can not only specify how their data is managed, but also restrict data collection from their connected devices. More precisely, we propose to use data collection policies to govern the transmission of data from IoT devices, coupled with policies to ensure that once the data has been transmitted, it is stored and shared in a secure way. To achieve this goal, we have designed a framework for secure data collection, storage and management, with logical foundations that enable verification of policy properties (Papers 5 and 6).

SAMPLE PAPERS FOR PART IX

1. Yan Zhou, Murat Kantarcioglu, Bhavani M. Thuraisingham, Bowei Xi: Adversarial support vector machine learning. KDD 2012: 1059-1067

2. Yan Zhou, Murat Kantarcioglu, Bhavani M. Thuraisingham: Sparse Bayesian Adversarial Learning Using Relevance Vector Machine Ensembles. ICDM 2012.

3. Swarup Chandra, Vishal Karande, Zhiqiang Lin, Latifur Khan, Murat Kantarcioglu, Bhavani M. Thuraisingham: ecuring Data Analytics on SGX with Randomization. ESORICS (1) 2017: 352-369

4. Ahmad M. Mustafa, Gbadebo Ayoade, Khaled Al-Naami, Latifur Khan, Kevin W. Hamlen, Bhavani M. Thuraisingham, Frederico Araujo: Unsupervised deep embedding for novel class detection over data stream. BigData 2017: 1830-1839

68

5. Maribel Fernandez, Murat Kantarcioglu. Bhavani Thuraisingham, A Framework for Secure Data Collection and Management for Internet of Things, ACSAC Conference Workshop on Industrial Control Systems Security, 2016.

6. Bhavani M. Thuraisingham, Murat Kantarcioglu, Elisa Bertino, Jonathan Z. Bakdash, Maribel Fernández: Towards a Privacy-Aware Quantified Self Data Management Framework. SACMAT 2018 PART X: DATA ANALYTICS AND INFORMATION MANAGEMENT (1986 – Present)

INTRODUCTION TO PART X

While much of my research is on cyber security and data analytics for security applications, a small part of my research is in advancing data and information management so that the results can be applied to cyber security as well as other applications. I started this research at Honeywell and continued with this work at MITRE. I published papers on distributed data management and artificial intelligence applications (Papers #1 and #2). More recently, together with colleagues and students we have designed data analytics techniques for multimedia and geospatial applications. We have also designed techniques for web page prediction and semantic web applications. Finally, we have designed a number of tools for text processing. I discuss my research below.

Distributed Data Management/Artificial Intelligence Applications: This research was carried out for Honeywell’s Residential Control Division and Industrial Automation Control Division. In particular, we designed a distributed data dictionary system. We also designed an expert system for process control applications. This research is discussed in Papers #1 and #2.

Multimedia and Geospatial Applications: Our work in multimedia and geospatial applications is discussed in Papers # 3, #4, #5, and #6. For example, we have developed a video surveillance tool for detecting suspicious events. We have developed a geospatial system for emergency response management. We have also conducted schema matching for geospatial systems.

Web Information Management and Semantic Web Applications: In the area of web information management discussed in Papers #7 and #8, we have developed a tool for predicting web pages to be visited. We have also developed efficient query techniques based on ontology matching.

Text Analytics: We have developed a number of tools for text analytics. A representative sample is provided in Papers #9 and #10. For example, techniques for extracting entity phrases as well as matching related information across free text have been developed.

SAMPLE PAPERS FOR PART X

1. Design of a Distributed Data Dictionary System, June 1987, Proceedings of the National Computer Conference, Chicago, IL, pp. 583-590, (co-authors: H. Lu and K. Mikkilineni).

2. Expert System to Design Control Systems, May 1990, Artificial Intelligence in Process Engineering, Academic Press, ed: M. Mavronopoulos (co-authors: F. Konar and P. Felix).

3. A framework for a video analysis tool for suspicious event detection, Multimedia Tools Appl. 35(1): 109-123 (2007) (co-authors: Gal Lavee, Latifur Khan)

4. Emergency Response Applications: Dynamic Plume Modeling and Real-Time Routing, IEEE Internet Computing 12(1): 38-44 (2008) (co-authors: Pavan Kumar Chitumalla, Douglas Harris, Latifur Khan)

5. DAGIS: A Geospatial Semantic Web Services Discovery and Selection Framework, GeoS 2007: 268-277 (co-authors: Ashraful Alam, Ganesh Subbiah, Latifur Khan)

6. Enhanced geographically typed semantic schema matching, J. Web Sem. 9(1): 52-70 (2011) (co-authors: Jeffrey Partyka, Pallabi Parveen, Latifur Khan, Shashi Shekhar)

7. Predicting WWW surfing using multiple evidence combination, VLDB J. 17(3): 401-417 (2008) (co-authors: Mamoun Awad, Latifur Khan)

8. Ontology-Driven Query Expansion Using Map/Reduce Framework to Facilitate Federated Queries, ICWS 2011: 712-713 (co-authors: Neda Alipanah, Pallabi Parveen, Latifur Khan)

9. Extraction of expanded entity phrases, ISI 2011: 107-112 (co-authors: James R. (Bob) Johnson, Anita Miller, Latifur Khan, Murat Kantarcioglu)

69

10. Expanded Semantic Graph Representation for Matching Related Information of Interest across Free Text Documents, ICSC 2012: 60-66 (co-authors: James R. (Bob) Johnson, Anita Miller, Latifur Khan)

PART XI: DEPENDABLE AND SECURE SYSTEMS (1993 – 2007)

INTRODUCTION TO PART XI

I began my research on dependable data management systems around 1985 and continued with this research until the late 2000s. I describe eight of my papers on this topic.

Fault Tolerant Systems: Between December 1983 and January 1986, I worked at Control Data Corporation as I wanted to get real world industrial experience working in a product development environment in computer networks and distributed systems to get a feel for how systems really work. During this time, I started research in secure dependable distributed systems that would complement my work at Control Data Corporation. I collaborated with Prof. W. Tsai and his student at the University of Minnesota and together we addressed the challenging problem of fault tolerance in a binary tree task model. Prior work had focused on a tree with a single child. We felt that binary tree model would be more realistic as tasks usually spawn multiple tasks. After several years of work, we published our research in IEEE Transactions on Software Engineering. This work is discussed in Paper #1 (IEEE Transactions on Software Engineering).

Evolvable Real-time Systems: My research in the early to mid-1990s was on building an object-oriented data manager and infrastructure for next generation command and control systems. At that time, the legacy systems were hardcoded and running on mainframes. The goal was to develop flexible systems that could accommodate changes. There were no commercial systems available at that time. Data was arriving at a very rapid speed. This data had to be captured, stored, analyzed and decisions had to be made. Together with my colleagues at MITRE, we were the first to develop an object-based, real-time infrastructure and data manager. The infrastructure consisted of several services including inter-process communication, memory management and scheduling. The real-time data manager was a main memory data manager and we designed a real-time priority ceiling protocol for transaction processing. The results are documented in Paper #2 (IEEE WORDS 1996). Then we integrated the infrastructure and data manager with the multi-sensor fusion applications and carried out an integrated design and implementation. This integration work is discussed in Paper #3 (IEEE WORDS 1997). The research was demonstrated to the Air Force and the technology was transferred to the AWACS program and subsequently Boeing and Lockheed took many of the ideas to implement into the operational systems.

Real-time Transaction Processing: One of the challenges in designing a real-time data manager is to design transaction processing algorithms that meet timing constraints. There were a number of algorithms developed that had to meet the requirements of AWACS. After examining and evaluating several algorithms, we felt that the priority ceiling algorithm would be most suited. However, the priority ceiling algorithm had to be adapted to meet the different criteria. I presented the initial design to the team in March 1995. Then I collaborated with a professor at the University of Rhode Island and co-supervised students who carried out the detailed design and implementation of the algorithm in 1996 - 1997. This algorithm is presented in Paper #4 (Real-time Systems Journal).

Adaptive Real-time Systems: In this paper, we introduced some novel ideas into the infrastructure design. While in the earlier papers we considered only non-adaptive protocols, in our research in the late 1990s we designed and implemented flexible systems that could handle adaptive protocols. This meant the system can select the protocol such as TCP/IP or UDP or in the case of the data manager, the type of transaction algorithm to be used. This was the first effort that considered adaptive approaches. We documented the results in Paper #5 (IEEE ISADS).

Secure Real-time Object Management: One significant impact of our research is the transfer of the technology to standards effort. In 1994 with some inputs from colleagues, I developed concepts on integrating real-time and security into object request brokers. This work was presented at the ACM OOPSLA conference workshop in real-time object systems on real-time object request brokers. This paper is widely cited. I was then invited to give talks at several panels on this topic. The Object Management Group was interested and invited me to help establish a special interest group in 1996. Together with the MITRE team, we continued to enhance the research and collaborated with the University of Rhode Island

70

and the Navy and subsequently contributed substantially towards the research of real-time object request brokers. The research was published as a team paper in Paper #6 (IEEE Transactions on Parallel and Distributed Systems).

Secure Real-time Systems: In Paper #7 (IEEE Transactions on Knowledge and Data Engineering) I examined the integration of security into the infrastructure. I was the first to introduce security with real-time processing back in 1992. Therefore, I expanded my earlier research and developed a solution for an infrastructure and data manager that incorporated both security and real-time processing with some inputs from my colleague at MITRE. I continued with this research when I joined the UT Dallas in 2004 and one of my students was very interested in following up on the ideas, I presented in Paper #4. Together with my student, we designed and developed a system called Real-time TMO (Time-Triggered Message-Triggered Object) which incorporated security into the TMO system. TMO was designed at the University of California Irvine and is a real-time object system. By incorporating security into the system, I believe that we developed the first real-time and secure system based on objects. This research was published in Paper #8 (IEEE ISORC). This research has spawned many new research directions including the Cyber Physical Systems that are very popular today. SAMPLE PAPERS FOR PART XII

1. Recovery Point Selection on a Reverse Binary Tree Task Model, August 1989, IEEE Transactions on Software Engineering, Vol. 15, No.8, (co-authors: W. T. Tsai and S. K Chen).

2. Object-oriented Implementation of an Infrastructure and Data Manager for Real-time Command and Control Systems, Proceedings of the IEEE Workshop on Object-Oriented Real-time Systems, Laguna Beach, CA, February 1996 (co-authors: E. Bensley, P. Krupp, R.A. Sigel, M. Squadrito, T. Wheeler).

3. Object Technology for the Integration of Infrastructure, Data Manager, and Tracker for Command and Control Applications, Proceedings of the IEEE Workshop on Object-Oriented Real-time Systems (WORDS), Newport Beach, CA, February 1997 (co-authors: M. Gates, P. Krupp, J. Maurer, M. Squadrito, T. Wheeler).

4. Adaptable Real-time Distributed Object Management for Command and Control Systems, Proceedings of the IEEE ISADS Conference, March 1999, Tokyo, Japan (co-authors: J. Maurer, R. Ginis, R. Freedman, M. Squadrito, S. Wohlever).

5. Information Survivability for Real-time Command and Control Systems, IEEE Transactions on Knowledge and Data Engineering, January 1999 (co-author: J. Maurer).

6. Real-time CORBA, IEEE Transactions on Parallel and Distributed Systems, October 2000 (co-authors: V. Fay-Wolfe, L. DiPippo, G. Cooper, R. Johnston, P. Kortmann).

7. Scheduling and Priority Mapping for Static Real-time Middleware, Real-time Systems Journal (Kluwer), Vol. 20, No. 2, p. 155-182, 2001 (co-author: V. Wolfe, L. DiPippo et al).

8. Dependable and Secure TMO Scheme, Proceedings ISORC, 2006 (co-author: J. Kim). PART XII: NETWORK SECURITY, BIOMETRICS AND FORENSICS (2004 – 2016)

INTRODUCTION TO PART XII

This part discusses some of my papers in various cyber security related topics including network security, biometrics and digital forensics. While this is not my major research area, when students are interested in such topics, I supervise master’s thesis in these areas.

Network Security and Related Issues: I started my industry career in narrowing at Control Data Corporation and have designed and developed commercial products and operational systems between 1983 and1989. I started my research o applying data mining for network security problems in the mid to late 1990s and developed prototype tools. Subsequently after I joined academia, together with colleagues and students, I have investigated network security issues including secure telecommunications and secure peer-to-peer networks. Papers #1, #2, #3 and #4 discuss this research. For example, Paper #1 discusses solutions based on encryption methods used for user and telephone authentication and message encryption, and trusted authentication centers and certificate authorities. We provide an initial estimate of signaling delays of our protocols incurred due to the enforcement of the security requirements. In our

71

work on Secure Peer-to-peer networking, we discuss how the Chord protocol can be applied for trust and reputation management as well as explore ways of hosting secure data management systems on peer-to-peer networks. Paper #5 discusses packet level anonymization techniques. In addition, numerous tools on applying data mining for network security problems such as malicious code detection and insider threat detection were developed and three books as well as several research papers on this topic were published (some of them have been discussed in Part III and Part VIII).

Biometrics, Secure Robotics and Forensics: Together with students I have also developed techniques for fingerprint detection and face recognition. This work is discussed in Papers #5 and #6. Papers # 7 and #8 discuss our research in secure cyber physical systems. In particular, we discuss secure robotics for tele-surgery. Finally, some research in digital forensics is presented in Paper #9. In particular, we describe Bin-Carver, a first-of-its kind system to automatically recover executable files with deleted or corrupted metadata. The key idea is to explore the road map information defined in executable file headers and the explicit control flow paths present in the binary code. SAMPLE PAPERS FOR PART XII

1. Multilevel Secure Teleconferencing over Public Switched Telephone Network, DBSec 2005: 99-113 (co-authors: Inja Youn, Csilla Farkas)

2. Centralized Security Labels in Decentralized P2P Networks, ACSAC 2007: 315-324 (co-authors: Nathalie Tsybulnik, Kevin W. Hamlen)

3. Secure peer-to-peer networks for trusted collaboration, CollaborateCom 2007: 58-63 (co-authors: Kevin W. Hamlen)

4. SCRUB-tcpdump: A multi-level packet anonymizer demonstrating privacy/analysis tradeoffs, SecureComm 2007: 49-56 (co-authors: William Yurcik, Clay Woolam, Greg Hellings, Latifur Khan)

5. Face Recognition Using Multiple Classifiers, ICTAI 2006: 179-186 (co-authors: Pallabi Parveen) 6. Fingerprint Matching Algorithm Based on Tree Comparison using Ratios of Relational

Distances, ARES 2007 (co-authors: Abinandhan Chandrasekaran) 7. Cyberphysical systems security applied to telesurgical robotics, Computer Standards &

Interfaces 34(1): 225-229 (2012) (co-authors: Gregory S. Lee) 8. Adaptive Information Coding for Secure and Reliable Wireless Telesurgery Communications,

MONET 18(5): 697-711 (2013) (co-authors: Mehmet Engin Tozal, Yongge Wang, Ehab Al-Shaer, Kamil Saraç, Bei-tseng Chu)

9. Bin-Carver: Automatic Recovery of Binary Executable Files, ACM Digital Forensics Research Workshop, 2012 (co-authors: Scott Hand, Zhiqiang Lin, Guofei Gu)

PART XIII: COMPUTABILITY AND COMPLEXITY THEORY (1980 – 2015)

INTRODUCTION TO PART XIII

This part describes the work I carried out during the beginning of my career computability theory. In particular, I studied what is called system functions which generalize Turing machines and Thue systems and investigated the decision problems for such functions (Papers #1 through #7). I applied some of my early research to multilevel secure database systems in the 1990s (as discussed in Part 1). More recently together with a colleague and a student, I have carried out on the complexity of some problems in sensor networks (Papers #8, #9). In addition, we have also explored rumor blocking in social networks (see Part VIII). While computability theory is not my major area of focus at present, I am still interested in exploring some interesting research areas such as the complexity of the inference and privacy problems.

SAMPLE PAPERS FOR PART XIII 1. Representation of One-One Degrees by Decision Problems, 1982, Journal of Computer and

Systems Sciences (Academic Press), Vol. 24, p. 373-377. 2. The Concept of N-Cylinder and its Relationship to Simple Sets, 1983, Notre Dame Journal of

Formal Logic, Vol. 24, No. 3, p. 328-336. 3. Cylindrical Decision Problems, 1983, Notre Dame Journal of Formal Logic, Vol. 24, No. 2, pp.

188-198.

72

4. System Functions and their Decision Problems, 1984, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 30, No. 7 - 8, p. 119-128. (now Journal of Mathematical Logic)

5. The Concept of N-Cylinder and its Application , 1986, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 32, No. 13 - 16, p. 211-219.

6. Reducibility Relationships Between Decision Problems for System Functions, 1987, Zeitschrift fur Mathematische Logik und Grundlagen der Mathematik, Vol. 33, No. 4, p. 305-312.

7. System Function Languages, Mathematical Logic Quarterly, Vol. 39, No. 1, 1993. 8. A Better Approximation for Minimum Average Routing Path Clustering Problem in 2-D

Underwater Sensor Networks, Discrete Mathematics, Algorithms and Applications, Vol. 1, No. 2, June 2009 (co-authors: W. Wang et al).

9. PTAS for the minimum weighted dominating set in growth bounded graphs, Journal of Global Optimization, Vol. 23, No. 4 p.443-450, 2012 (co-authors: Zhong Wang, Wei Wang, Joon-Mo Kim, Weili Wu).

PART XIV: TOPICS IN CYBER OPERATIONS, NATIONAL SECURITY AND POLICY (2010 – Present)

INTRODUCTION TO PART XIV

More recently I have been studying policy related issues for cyber security and national security as well as investigated related issues in cyber operations. I have been writing papers over the last five years on a wide range of topics with post-docs including terrorist financing (Paper #1), carrying out cyber war and terrorist deterrence (Paper #2, #3, #4, #5). I am hoping to write more papers on cyber security policy as I gain more knowledge on the topic. SAMPLE PAPERS FOR PART XIV

1. Al Qaeda Terrorist Financing, Intelligence and Security Informatics. Chapter 7, Elsevier, Pages 125-154, 2012 (co-authors Irina Sakharova)

2. Towards cyber operations - The new role of academic cyber security research and education, IEEE Intelligence and Security Informatics ISI 2012, Washington D.C., 11-14 June 2012 – Proceedings and papers published by IEEE Press. (co-author: Kallberg, Jan)

3. State Actors’ Offensive Cyber operations - The disruptive power of resourceful systematic cyber-attacks, IEEE IT-Professional. (May 2013) (co-author: Kallberg, Jan)

4. Cyber Operations – Bridging from Concept to Cyber Superiority, Joint Forces Quarterly 68. January 2013. (co-author: Kallberg, Jan)

5. The continued War on Terrorism - How to maintain long-range terrorist deterrence, Journal of Policing, Intelligence and Counter Terrorism. (Spring 2014). (co-author: Kallberg, Jan)

PART XV: AI FOR GOOD, AI GOVERNANCE, FAIR AI, BIAS IN AI (2019 – Present)

INTRODUCTION TO PART XIV

My most recent research is in topics such as AI for Good, AI Governance, Fair AI and Bias in AI. I have three papers accepted on these topics and hope to carry out a more in-depth exploration. SAMPLE PAPERS FOR PART V

1. Can AI be for Good in the Midst of Cyber Attacks and Privacy Violations, ACM CODASPY 2020

2. The Role of AI and Cyber Security in Social Media, IEEE Parsocial, May 2020 3. Artificial Intelligence Governance, IEEE Big Data Security, 2020/

73

APPENDIX F: PRESENTATIONS (including Keynotes and Panels)

1. KEYNOTE/FEATURED ADDRESS (at major international conferences/workshops)

1. Interoperability of Heterogeneous Database Systems: Developments and Challenges, Keynote address given at the Plenary session at the AFCEA Database Colloquium, San Diego, CA, August 29, 1994 (followed keynote presentation by General Edmonds, Director DISA - abstract published in proceedings).

2. The Role of Standards in the Interoperability of Heterogeneous Database Systems, Featured Address, DOE Office Information Technology Conference, August 1994 (abstract and presentation published in Proceedings) (co-author: M. Zemankova).

3. Real-time Processing and CORBA Featured presentation at the Department of the Navy NRaD's Distributed Systems Technology Conference, March 1995 (San Diego).

4. Application of Object Technology in Data Management, keynote address given at the Plenary session at the AFCEA Database Colloquium, San Diego, CA, August 28, 1995 (following keynote presentation by Ms Diane McCoy, Deputy Director, DISA - abstract published in proceedings).

5. Application of Object Technology in Data Management, Featured address, FEDOOTS, Washington DC, October 1995 (abstract, charts in proceedings).

6. Implementing Real-time Object-Oriented Applications, featured address at Object World East, Hynes Convention Center, Boston, MA, May 1996.

7. Data Warehousing, Data Mining, and Security, keynote address given at the 10th IFIP 11.3 Database Security Conference, Como, Italy, July 1996. (Paper in Chapman and Hall book 1997).

8. Implementing Real-time Object-Oriented Applications, Featured address, Object World West, San Jose, CA, August 1996 (briefing in proceedings).

9. Data Mining and Data Warehousing: Developments and Challenge, keynote address given at AFCEA DOD Database Colloquium, San Diego, CA, August 27, 1996 (abstract in proceedings).

10. Data Mining and Data Warehousing: Developments and Challenges, featured address at IEEE Engineering Solutions: From Desktop to Internet Conference and Exposition, Hynes Convention Center, Boston, September 1996 (charts in proceedings).

11. Data Mining Developments and Challenges, featured address at the Data Warehousing and Year 2000 Symposium, November 1996, Orlando, FL

12. Data Mining Developments and Challenges, keynote address at ACM SAC Conference, February 1997, San Jose, CA.

13. Implementing Real-time Object-Oriented Applications, Featured address at the Object World East March 1997 Boston, MA

14. Data Mining Developments and Challenges, June 1997, featured address at the Data Management Symposium, Atlantic City, NJ (charts in proceedings).

15. Implementing Real-time Object-Oriented Applications, Featured Address, Object World West July 1997 (charts in proceedings), San Francisco, CA

16. Data Management Systems Evolution and Interoperation, Keynote address at DoD Database Colloquium, September 1997, San Diego, CA (based on book by CRC Press, 1997).

17. Web Database Management, Keynote address at DoD Database Colloquium, September 1998 (abstract in proceedings), San Diego, CA.

18. Data Warehousing, Data Mining, and Security, keynote address at PAKDD Data Mining Conference, Melbourne, Australia, April 1998.

19. Multimedia Data Management and Mining, keynote address at SAS Institute Conference, September 1999 (preceded keynote by Dr. Jim Goodnight) Carey, North Carolina.

20. Evolvable Interoperable Real-time Command and Control Systems, Keynote address at DoD Database Colloquium, September 1999 (following keynote address by Dr. Marv Langston), (abstract in proceedings), San Diego, CA.

21. Data Mining Developments and Challenges, also keynote address at IEEE Artificial Neural Networks, 1999, St Louis, MO.

22. Multimedia Data Management and Mining, keynote address at IEEE ICTAI, 1999, Chicago, IL. 23. Data Management for the 21st Century, Keynote address, AFCEA Database Colloquium, 2000

(abstract in proceedings, enhanced paper presented at another conference), San Diego, CA.

74

24. XML security (with E. Bertino et al), keynote address at NSF PI Conference, Fort Worth, TX, April 2001.

25. Data Management for Biotechnology Applications, Keynote address, AFCEA Database Colloquium, August 2001 (abstract in proceedings), San Diego, CA.

26. Secure Semantic Web, keynote address at IEEE SRDS Conference Workshop on Data Warehouse and Security, October 2001, New Orleans, LA.

27. Secure Semantic Web, NSF/EU Workshop on Semantic Web, Featured address, Sophia Antipolis, France, October 2001.

28. Research Directions in Data Management, Keynote address, NSF EPSCOR Conference, University of Arkansas November 2001, Little Rock.

29. Data Quality: Developments and Directions, IFIP 11.5 Conference, Brussels, Belgium, November 2001 (paper in Kluwer Book).

30. Semantic Web and Dependable Computing, Keynote address, WORDS January 2002, San Diego, CA (paper in proceedings).

31. Multimedia Data Management and Mining, Keynote address, IASTED AI Conference, February 2002 (presentation in proceedings) Innsbruck, Austria.

32. Data Mining for National Security and Counter-terrorism, featured address at the White House, Office of Science and Technology Policy, February 2002. Washington, DC.

33. Web Data Mining and Applications in Counter-terrorism, keynote address at SIAM Data Mining Conference Workshop on Web Mining, April 2002, Washington, DC.

34. Sensor Web and Sensor Data Management, keynote address at ISE, San Diego, July 2002. (Received SCSC award for this keynote, abstract in proceedings).

35. Data Mining for National Security and Counter-terrorism, luncheon featured address at IEEE COMPSAC Conference, Oxford University, August 2002.

36. Data Mining for National Security and Counter-terrorism, featured address at United Nations, September 2002, New York.

37. Federated Databases for Bioinformatics, 4th Annual Bioinformatics Conference, Featured address, September 2002, Boston, MA.

38. Web Data Mining and Applications in Counter-terrorism, keynote address at IEEE ICTAI 2002. Washington DC/Crystal City, VA, November 2002.

39. Security for Multimedia Database Management, Keynote address, IEEE Multimedia Software Engineering, Conference, December 2002, Newport Beach, CA.

40. Secure Semantic Web, XML Security and Privacy, keynote address at Conference on Applied Informatics, Innsbruck, Austria, February 2003.

41. Secure Semantic Web, XML Security and Privacy, featured address at Knowledge Management Conference, Washington DC, March 2003.

42. Secure Semantic Web, XML Security and Privacy keynote address at ICCS Las Vegas, April 2003. 43. Security for Multimedia Database Management, Keynote address, Distributed Multimedia

Conference, Miami, Florida, September 2003. 44. Dependable Sensor Information Management featured address IEEE WORDS, Capri Island, Italy,

October 2003. 45. Data Mining and Cyber Security, keynote address at Quality Software Conference, Dallas, Texas,

November 2003 (abstract in proceedings). 46. Data Mining for Security Applications, Plano Security Symposium, April 2005, Plano, TX. 47. Data Mining and Cyber Security, keynote address, at 3rd Applied Technology Conference, University

of Arkansas, Little Rock, February 2004. 48. Security and Privacy for Web Databases and Services, keynote address, EDBT Conference, Crete,

Greece, March 2004 (complete paper in EDBT Proceedings Springer, co-author: E. Ferrari). 49. Access Control in Databases: Developments and Directions, keynote address at ACM SACMAT,

New York, June 2004. 50. Secure Knowledge Management, Keynote address, NSF Workshop on Secure Knowledge

Management, SUNY Buffalo, September 2004. 51. Data Mining for Security Applications, keynote address, International Conference on Machine

Learning, Louisville, Kentucky, December 2004.

75

52. Sensor Information Management, featured address, MITRE Community Workshop, Tyson’s Corner, October 2005.

53. Voice Over IP Security, IASTED Conference on Communications, Keynote address, Phoenix, AZ, November 2005.

54. Data Mining for Counter-terrorism Applications, featured address, SAS Data Mining Conference, Las Vegas, October 2005.

55. Data Mining for Malicious Code Detection, keynote address, ASTRNET Workshop, Kings College, London, April 2006.

56. Data Mining for National Security Applications, keynote address, Pacific Asia Data Mining Conference Workshop, Singapore, April 2006 (proceedings abstract).

57. Data Mining for Surveillance Applications, featured address, Pacific Asia Data Mining Conference, Singapore, April 2006 (proceedings abstract).

58. Geospatial Semantic Web, Featured Address at the OGC Technology Conference, Washington DC, October 2006

59. Identity Management and RFID Technologies, keynote address, Identity Solutions Conference, Jonesboro, Arkansas, February 2007.

60. Data Mining for Cyber Security Applications, Keynote address, ARES Conference, Vienna, Austria, April 2007.

61. CPT for the Semantic Web, IEEE Policy, Bologna, Keynote address, Italy, June 2007. (proceedings paper).

62. Multimedia Systems Security, ACM Multimedia Systems Security Workshop, Dallas, TX, Keynote address, September 2007 (proceedings abstract).

63. Privacy Preserving Data Mining, Keynote address, ICDM Workshop, Omaha, Nebraska, October 2007.

64. Information Security, Privacy and Governance for Assured Information Sharing, featured address, ISIG 1st International Conference on Global Information Governance, Pisa, Italy, March 2008.

65. Data Mining for Cyber Security Applications, Invited Plenary Talk, Cyber Security Symposium, Arizona State U, Tempe, AZ, April 2008.

66. Secure Collaboration, Featured Presentation, 12th CISSE Cyber Security Colloquium, Dallas, TX, June 2008.

67. Data Analytics for Security Applications, Featured Address, Intelligence and Security Informatics, Taipei, Taiwan, June 2008.

68. Confidentiality, Privacy and Trust for Data Mining, Keynote address, ACM KDD Workshop on Privacy and Data Mining, Las Vegas, NV, August 2008 (proceedings published by Springer Verlag).

69. Data Mining for Malicious Code Detection and Security Applications, Keynote address, TRUST, Shanghai, China, December 2008.

70. Building Trustworthy Semantic Webs, Keynote address, TSP, Shanghai, China, December 2008. 71. Assured Information Sharing, ASIA-CCS, Keynote address, Sydney, Australia, March 2009. 72. Assured Information Sharing for Trustworthy, Untrustworthy and Semi-Trustworthy Partners,

Keynote address, DoE Cyber Security Conference, Knoxville, TN April 2009. 73. Geosocial Semantic Web for Military Stabilization and Reconstruction, Keynote address, Pacific Asia

Intelligence and Security Informatics, Bangkok, Thailand, April 2009. 74. Data Security and Integrity: Developments and Directions, Keynote address, SIGKDD workshop on

Intelligence and Security Informatics, Paris, France, June 2009. 75. Security Engineering: Developments and Directions, Keynote address, IEEE International

Conference on Secure Software Integration and Reliability Improvement (SSIRI), Shanghai, China, July 2009.

76. Trustworthy Semantic Webs, Keynote address, IEEE Conference on Information Reuse and Integration, Las Vegas, NV, August 2009.

77. Data Mining for Security Applications, Keynote address, WI/IAT Conference, Milan, Italy September 2009.

78. Building a Geospatial Semantic Web, Keynote address, 4th International Conference on Frontier of Computer Science and Technology, Shanghai, China, December 2009.

76

79. Assured Information Sharing: Opportunities and Challenges for Indo-US Collaboration, Featured address, presented at the Indo-US Summit on Infrastructure Security, Bangalore, India, January 2010 (sponsored by NSF and IUSSTF).

80. Secure Semantic Sensor Web and Pervasive Computing, keynote address, Keynote address, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC), Newport Beach, CA, June 2010 (presented by Prof. Latifur Khan).

81. Assured Information Sharing: Detecting Malicious Code, keynote address at the PAKDD PAISI, Hyderabad, India, June 2010.

82. Assured Cloud Computing, keynote address, IEEE COMPSAC Conference Workshop on Security and Privacy, Seoul, South Korea, July 2010.

83. Building Trustworthy Semantic Web, Keynote address, IEEE Semantic Computing Conference, Pittsburgh, September 2010 (Mini keynote: special session with Profs. Tom Mitchell and Manuela M. Veloso).

84. Cloud Computing, Keynote address (via Skpe) NIT Warangal, India. Technozion 2010, Video Keynote given from Dallas TX, September 2010.

85. Secure Cloud Data Management, Keynote address, CloudCom Security Workshop, November 2010, Indianapolis, IN.

86. Data Mining for Malware Detection, Featured address, SDPS Annual Conference, Jeju Island, S. Korea, June 2011.

87. Data Mining for Malware Detection, Keynote address, European Intelligence and Security Informatics, September 2011, Athens, Greece.

88. Data Mining for Malware Detection, Luncheon Keynote address, DFW MetroCon, October 2011, Arlington, TX.

89. Assured Cloud-based Information Sharing, Keynote address, IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC), December 2011, Sydney, Australia.

90. Assured Cloud Computing, Featured address, Cyber Security Conference, Cyber security conference at Arizona State University, April 2012

91. Assured Cloud-based Information Sharing, Keynote address PAISI (Pacific Asia Intelligence and Security Informatics) May 2012, Kuala Lumpur, Malaysia. (presented by Prof. Latifur Khan)

92. Data Mining for Malware Detection, Special featured address at SDPS Conference, Berlin, Germany, June 2012.

93. Assured Cloud-based Information Sharing, Keynote address, International Symposium on Foundation of Open Source Intelligence and Security Informatics (FOSINT 2012), August 2012, Istanbul Turkey.

94. Assured Cloud-based Information Sharing, Featured address, AFOSR-EOARD Conference (Intl. Conference on Mathematical Models, Models and Architectures for Computer Network Security), October 2012, St. Petersburg, Russia (presented by Latifur Khan).

95. Data Mining for Security Applications, Featured Address, Secure World, Dallas/Plano, TX, October 2012.

96. Assured Cloud-based Social Networking, Keynote address, Chinese Academy of Sciences Conference on Social Computing, Beijing, China, November 2012.

97. Secure Cloud Computing, Keynote Address, University of North Texas/Collin College SoMiC Workshop on Cyber Security, Denton, TX, April 2013.

98. Analyzing and Securing Social Networks, Featured address, WWW Workshop on Social Network Security and Privacy, Rio De Janeiro, Brazil, May 2013.

99. Measuring Expertise and Bias in Cyber Security Using Cognitive and Neuroscience Approaches, Featured address, IEEE ISI Workshop on Social Informatics, Seattle, June 2013 (Presented by Daniel Krawczyk).

100. Cloud-based Assured Information Sharing, keynote address, Conference on Security, Privacy and Trust, Melbourne, Australia, July 2013.

101. Analyzing and Securing Social Networks, keynote address, Society for Design and Process Science World Conference, Campinas, Brazil, October 2013.

102. Cloud-based Assured Information Sharing, keynote address, IEEE Cloudcom, Bristol UK, December 2013.

103. Directions for Cyber Security Research Featured address at the Cyber Security in Action Symposium as part of HICSS 2014, Waikoloa, HI, January 2014.

77

104. Cloud-centric Assured Information Sharing, keynote Address, ASE Conference on Big Data, Social Computing and Cyber Security, Stanford University, Palo Alto, May 2014.

105. Cloud-centric Assured Information Sharing featured address (via skype), NATO Conference, Estonia, June 2014.

106. Cloud-centric Assured Information Sharing, keynote address, IEEE Workshop on Big Data Security and Privacy, Anchorage Alaska, June 2014.

107. Cloud-centric Assured Information Sharing, keynote address, IEEE ACC (Autonomic and Cloud Computing) Conference Cyber Security Workshop, Imperial College, London, England, September 2014

108. Cloud-centric Assured Information Sharing, keynote address, CollaborateCom, Miami Beach, October 2014.

109. Cloud-centric Assured Information Sharing, Social Networking and Big Data, IEEE/ACM UCC (Utility and Cloud Computing) Conference Workshop on Cloud Computing, Big Data, Social Networking and Security, London, England, December 2014.

110. Cloud-based Assured Information Sharing, International Conference on Cloud Computing and Security, Nanjing, China, August 2015 (via Skype)

111. Cloud-based Assured Information Sharing, 8th International Conference on Contemporary Computing (IC3) Nodia, India Aug 20-22, 2015

112. Developments and Directions in Security for Multimedia, IEEE International Symposium on Multimedia, Miami, FL, December 2015 (presented by Latifur Khan)

113. Malware Detection in Smart Phones, SDPS Conference, Dallas TX, November 2015. 114. Cloud-centric Assured Information Sharing, 8th Central Area Networking and Security Workshop

(CANSec) Little Rock, Arkansas, October 2015. 115. Cloud-centric Assured Information Sharing, IEEE CSCLOUD, New York City, November 2015 116. Cloud-centric Assured Information Sharing, IEEE GERIS, Binghamton, NY, March 2016 117. Cloud-centric Assured Information Sharing and Big Data Security and Privacy, IEEE Big Data,

Columbia University, New York, April 2016 118. Cloud-centric Assured Information Sharing, PAISI Auckland, NZ, April 2016 119. Cloud-centric Assured Information Sharing, 9th Conference on Information and Network Security,

Newark, NJ July 2016 120. Data Driven Approach to the Science of Security, IEEE IRI, Pittsburgh, July 2016 121. Analyzing and Securing Social Media, SNAMS, Vienna, Austria, August 2016 122. Data Driven Approach to the Science of Security, SDPS, Orlando, FL, December 2016. 123. Integrating Cyber Security, Data Science and the Cloud, FiCloud; The 4th International Sypmosium

on Big Data Research & Innovation (BigR&I-2017), Prague, Czech Republic. August 2017. 124. Integrating Cyber Security, Data Science and the Cloud, ICDM Workshop, December 2017. 125. Integrating Cyber Security, Data Science and the Cloud, HICCS Symposium on Cyber Security

Analytics, January 2018 126. Secure Data Systems: Foundations, Systems and Applications, Banquet Address, ACM CODASPY,

March 2018 (Tempe Arizona) 127. ROWLBAC Access Control Model, ACM SACMAT Test of Time Award (10 yrs), Featured

Presentation, ACM SACMAT, Indianapolis, IN, June 2018. 128. Secure Data Science: Integrating Cyber Security and Data Science, IEEE SEPT, Tokyo, Japan, July

2018 129. Secure Data Science: Integrating Cyber Security and Data Science, IEEE TrustCom, New York,

August 2018 130. Secure Data Science: Integrating Cyber Security and Data Science, IEEE Big Data Innovation

Symposium, Barcelona, Spain, August 2018 131. Secure Data Science: Integrating Cyber Security and Data Science, IEEE AIKE, Laguna Hill, CA,

October 2018. 132. SecAI: Integrating Cyber Security and Artificial Intelligence, IEEE EUC (Embedded and Ubiquitous

Computing) and CSE (Computational Science and Engineering), New York, August 2019 133. Integrating Cyber Security and Artificial Intelligence for the Internet of Transportation, Clemson

University Center for Connected Multimodal Mobility, Annual Conference, October 2019.

78

134. Integrating Cyber Security and Artificial Intelligence for the Internet of Transportation, IEEE Globecom Workshop on Big Data and IoT, Kona, HI, December 2019.

135. “Can AI be for Good in the midst of Cyber Attacks and Privacy Violations”, Banquet Address ACM CODASPY, March 2020. (Position Paper published in the Proceedings) –August ‘20 (Virtual, due to COVID19)

136. SecAI: Integrating Cyber Security and Artificial Intelligence, IEEE ICDIS (International Conference on Data Intelligence and Security), 2021 (postponed due to COVID-19)

137. The Role of Cyber Security and AI for Social Media, IEEE ParSocial, May 22 (Virtual, COVID-19) 138. AI, Security Cloud and the Internet of Transportation, CS Cloud, August 2020, NYC (Virtual

COVOD-19) 139. Artificial Intelligence and Data Science Governance, IEEE IRI, Las Vegas, August 2020. (Virtual

due to COVID 19) 140. Cyber Security Meets Big Knowledge, IEEE ICKG, August 2020, Nanjing (Virtual – COVID-19) 141. Blockchain Analytics, Smartblock, 2020, Zhenzhou China, October 2020 (Virtual, COVID-19)

KEYNOTE/FEATURED ADDRESS (at Outreach Conferences)

142. Data Warehousing, Data Mining, and Security featured address at WITI (Women in Technology International), Carey, North Carolina, September 1999.

143. Research Directions in Data Management, Keynote address, NSF EPSCOR Conference, University of Arkansas, November 2001

144. Information and Data Management Program at NSF, featured address, NSF EPSCOR Conference, Louisiana State University (April 2002, Baton Rouge).

145. Computer and Information Science at NSF, featured address, NSF EPSCOR Conference, University of Oklahoma, January 2004.

146. Data Mining for Biometrics featured address at Society for Women Engineers Conference, Baltimore, MD, March 2004.

147. Data Mining for National Security featured address at L3 Communications Symposium on Data Analytics, December 2011.

148. Reactively Adaptive Malware, Kusch Distinguished Lecture, The University of Texas at Dallas, April 2013 (lecture primarily for UTD Donors)

149. Cloud-centric Assured Information Sharing, Big Data Security and Privacy, featured address, TRUST-WISE, Cornell University, Ithaca, NY, June 2014.

150. NSF Workshop on Big Data Security and Privacy: Workshop Summary, National Privacy Research Strategy, Washington DC, February 2015 (featured address)

151. CRA-W Distinguished Lecture on Cloud-Centric Assured Information Sharing, Missouri Institute of Science and Technology, March 2015

152. My Story: From Industry to Government to Academia, Inaugural Grace Hopper Series Lecture, The University of Texas at Dallas, April 2015

153. Data Mining Applications in Malware Detection, Security and the Privacy Implications, London-Hopper Conference, May 2015

154. Cloud-centric Assured Information Sharing, Distinguished Women Series Lecture, Florida International University, November 2015

155. Big Data Security for Malware Detection, Featured Address, Women in Cyber Security Conference, Dallas, TX, April 2016 (with Murat Kantarcioglu)

156. Big Data Security for Malware Detection, Featured Address, Women in Cyber Security Conference, Tucson, AZ, April 2017 (with Latifur Khan)

157. Motivational Address, Women in Services Computing, IEEE Services Federation, Honolulu, HI, June 2017.

158. Big Data Security and Privacy, Symposium on Sensor Networks, Systems and Security, Celebration 40-year anniversary of Prof. Iyengar; Lakeland, FL, September 2017.

159. Big Data Analytics, Security and Privacy, Raytheon Symposium on Data Analytics, September 2017 160. Keynote: Why a Career in Cyber Security for a Woman, ACM CCS Workshop CyberW, Dallas, TX,

October 2017. (Position Paper in the Proceedings)

79

161. Secure Data Science: Integrating Cyber Security and Data Science, Women in Data Science (WiDS) Conference, Stanford, CA, March 2018

162. Media Interview/Talk, Women in Data Science, Stanford, CA, March 2018 163. Secure Data Systems: Foundations, Systems and Applications, Jonsson School Distinguished Lecture,

The University of Texas at Dallas, April 2018 164. Cloud Centric Assured Information Sharing, Eminent Scholar Mentor Lecture, University of

Maryland, Baltimore, County, May 2018. 165. Why a Career in Services Computing/Cloud/Big Data/Cyber Security for a Woman, Women in

Services Computing Workshop, Opening Plenary, San Fran, CA, July 2018. 166. Integrating Cyber Security and DataScience, Distinguished address given at the Army Research Lab

to celebrate Black History Month, February 2019. 167. Featured Address on SecAI: Integrating Cyber Security and Artificial Intelligence, Women in

Services Computing Workshop, Milan Italy, July 2019 (Recorded presentation) 168. Why a Career in Communications Engineering for a Woman, IEEE Globecom WICE, Women in

Communications Engineering, Kona, HI, December 2019 169. Secure Data Science: Integrating Cyber Security and Data Science, Cyber-W, 2020, New Orleans,

USA, March 2020. (Virtual conference due to COVID-19) 170. SecAI: Integrating Cyber Security and AI, Cyber Security Conference, Arizona State University. TBD

due to COVID-19.

2. PANEL PAPERS AND PRESENTATIONS (some presentations published as proceeding papers)

1. Inference Problem in Database Security, Panel presentation at the 1st RADC Database Security Workshop, (Chair: M. Morgenstern) 1988. Proceedings paper published by Springer Verlag, Menlo Park, CA, 1992 (Editor: T. Lunt).

2. Issues in Trusted Distributed Database Management Systems - A Position Paper, Proceedings of the 13th National Computer Security Conference, Washington DC, October 1990 (Chair: J. Campbell).

3. Issues in Multilevel Secure Object-Oriented Database Management Systems - A Position Paper, Proceedings of the 13th National Computer Security Conference, Washington, DC, October 1990 (Chair: R. Sandhu).

4. Database Security - Threats, Solutions, Designs and Products, Panel presentation at the 6th International Data Engineering Conference, Los Angeles, CA, February 1990 (Chair: I. Kameny).

5. Recent Developments in Some Trusted Database Management Systems, Proceedings of the 14th National Computer Security Conference, Washington DC, October 1991 (Chair: J. Campbell).

6. Approaches to Handling the Inference Problem, Proceedings of the 14th National Computer Security Conference, Washington DC, October 1991 (Chair: T. Lunt).

7. Security Issues for Federated Database Systems, Presented at the 5th IFIP WG 11.3 Conference on Database Security, November 1991, Proceedings by North Holland, 1992, Shepherdstown, WV (Chair: M. Morgenstern).

8. Security Issues for Heterogeneous Database Systems, Presented at the 11th Phoenix IEEE International Conference on Computers and Communications, April 1992, Phoenix AZ (Chair: O. Sheng).

9. Secure Distributed Database Management Systems, Presented at the 6th IFIP WG 11.3 Conference on Database Security, Vancouver, BC, Canada, August 1992 (Chair: C. McCollum).

10. Approaches to Designing Trusted DBMSs, Presented at the 18th International Conference on Very Large Databases (VLDB), Vancouver, BC, Canada, August 1992 (Chair: M. Morgenstern).

11. Object-oriented Approach to the Interoperability of Trusted Database Management Systems, Proceedings of the 16th National Computer Security Conference, Baltimore, MD, September 1993 (Chair: J. Williams).

12. Integrating Object-oriented and Security Technologies, Panel Chair, OOPSLA Conference, Washington, DC, September 1993 (conference proceedings).

13. Realtime Systems: From Research to Technology to Applications, 2nd IEEE Real-time Systems Applications Workshop, Calverton, MD, July 1994 (Chair: Bob Harrison).

80

14. Inference Problem, Panel Chair, 17th NCSC Conference, Baltimore, MD, October 1994 (paper published in the proceedings).

15. Real-time and CORBA, Object World West, San Francisco, August 1995 (Chair: F. Kuhl - presentation in proceedings).

16. Real-time and CORBA, IEEE Workshop on Object-Oriented Real-time Systems, February 1996, Laguna Beach (Chair: R. Soley).

17. Distributed Systems Standards, IEEE Distributed Systems Conference, Hong Kong, May 1996, panel paper (Chair: R. Soley).

18. Standards for ADADS, Panel at IEEE ISADS 1997, Berlin, Germany (Chair: K. Kim; paper in proceedings.

19. Data Warehousing, Data Mining Overview and Security, Panels at National Computer Systems Security Conference, October 1996, Baltimore, MD (Chairs: J. Campbell, J. Davis).

20. Data Mining, Data Warehousing, and Security, Panel discussion, Proceedings IFIP Database Security Workshop, 1997 (Chapman and Hall, 1998) (Chair).

21. Data Mining of Text and Images, Panel at MIT Media Lab Forum, October 1997, Boston, MA (Chair: N. Adam).

22. Web Data Mining, Inaugural Panel at IEEE ICTAI 97, November 1997, Newport Beach, CA (Chairs: Wei Syan Li, J. Srivastava)

23. Multimedia Data Mining, AFCEA Technet Panel, June 1997, (Chair: T. Nyland); also, version at AFCEA Data Mining Symposium Panel, December 1997, Washington, DC.

24. CIO Conference on Object Security, FEDOOTS 1997, Washington DC (Chair). 25. Privacy for Data Mining and Web, Panel discussion, proceedings IFIP Database Security Conference,

1998 (Book chapter by Kluwer) (Chair). 26. Web and Data Security, Panels at IEEE COMPSAC 1998 (Proceedings) Vienna, Austria (Chair). 27. Web and Data Security, IEEE Data Engineering March 1999, Sydney, Australia (Chair). 28. Migrating Legacy Databases, IEEE Data Engineering Conference, 1998 (Chair) (proceedings),

Orlando, FL. 29. Directions for Software Technology, IEEE COMPSAC Distinguished panel, 1998, Vienna, Austria

(Chair: S. Yau). 30. Ecommerce Directions, IEEE KDEX 1998, Taipei, Taiwan (Chair: J. Tsai). 31. Future Research in Multimedia Database Semantics, IFIP 2.6 panel discussion, Rotarua, New

Zealand, January 1999 (Chair). 32. Open ADADS Systems, IEEE ISADS, Tokyo, March 1999 (Proceedings). 33. Web and Network Security Panel, IEEE COMPSAC October 2000, Taipei, Taiwan (Chair). 34. Web and Network Security, IEEE ISADS, March 2001, Dallas, TX (Chair). 35. Real-time Software Engineering, ASSET, March 2000, Dallas, TX (Chair: I. Yen). 36. Data Mining, Protecting Children from Inappropriate Content on Web, National Academy of

Sciences, July 2000, Washington DC, (Chair: R. Thornburgh, Former US Attorney General). 37. Data Fusion for Counter-terrorism, National Academy of Sciences, June 2002 Washington DC,

(Chair: G. Strong). 38. Data Security Directions, IFIP 11.3 Amsterdam, August 2000, The Netherlands, (Chair; proceedings

Kluwer 2001). 39. Directions for ISADS, Distinguished panel, IEEE ISADS, March 2001, Dallas TX (Chair: S. Yau). 40. Secure Semantic Web, Future Distributed Computing Panel, IEEE FTDCS, November 2001, Bologna,

Italy (Chair: S. Yau). 41. Data Integrity, IICIS Panel, November 2001, Proceedings Brussels, Belgium (Chair: L. Straus). 42. XML Security Panel, IFIP 11.3 July 2001, Proceedings, Niagara, Canada (Chair: S. Osborne). 43. Web Mining/Security Panel, April 2002 (SIAM Data Mining Conf.) Crystal City/Washington DC. 44. Data Engineering Directions, IEEE Data Engineering Plenary Panel, March 2002, San Jose, CA. 45. Database Technologies, Security and Privacy Stanford University Database workshop, March 2002,

Stanford, CA (Chair: J. Ullman). 46. Privacy, IFIP Data and Applications Conference, July 2002, Cambridge, UK, (Book chapter 2003,

Chair: P. Samarati). 47. Cyber Security and Terrorism, Panel at the United Nations Conference on Cyber Security, September

2002, New York, (Chair: M. Lacey).

81

48. ADADS for National Security, Panel Paper, published Proceedings IEEE ISADS 2003 (Chair: L. Cordell; did not attend conference due to another commitment at NSF).

49. Privacy and Data Mining: Friends or Foes? KDD Panel, Washington DC, August 2003 (Chair: R. Agrawal).

50. Future of XML Databases, Panel at XML Data Workshop at EDBT, March 2004, Crete, Greece (Chair: M. Mastitis; position paper in Springer).

51. Databases for Virtual Organizations, Panel at DIVO Workshop, ACM SIGMOD Conference, June 2004, Paris, France,

52. Secure Web Services, Panel at IEEE Web Services Conference, July 2004, San Diego, CA. 53. Database Security for Homeland Security, IFIP Database Security Conference, July 2004, Barcelona,

Spain. 54. Distributed Systems Security, COMPSAC, Edinburgh, Scotland, July 2005. 55. Sensor Information Management, MITRE Community Workshop, October 2005, McLean, VA. 56. Data Mining for Cyber Security, Collin County Security Conference, April 2006, Plano, TX. 57. Data Mining for Security Applications, Plenary Panel, Information and Security Informatics, May

2006, San Diego, CA. 58. Directions in Access Control, ACM SACMAT, 2006, Lake Tahoe, CA (Chair: R. Sandhu). 59. Security Engineering Education, Panel at IEEE COMPSAC Conference on Software Engineering

Education, September 2006, Chicago, IL (Chair: D. Simmons). 60. Geospatial Semantic Web and Interoperability, OGC Interoperability Day, October 2006, Tyson’s

Corner, VA. 61. Assured Information Sharing, ACM SACMAT June 2007, Sophia Antipolis, France (Chair). 62. Information Security Education, Software Engineering and Computer Science, August 2007, Dallas,

TX. 63. Directions for Cyber Security, Panel at Cyber Security Symposium, Arizona State University, April

2008, Tempe, AZ (Chair: S. Yau). 64. Secure Distributed Systems, Panel IFIP Data Security Conference, July 2008, London, UK

(Proceedings) (Chair: S. Barker). 65. Directions for Sensor and Pervasive Applications, TRUST, December 2008, Shanghai, China, (Chair:

S. Yau). 66. Intelligence and Security Informatics, ISI, June 2009, Dallas, TX (Panel Chair). 67. Data and Applications Security, Riend van der Riet Panel, IFIP Data and Applications Security

Conference, 2009, Montreal, Canada (Panel Chair). 68. Challenges of Effective Applications of Cloud Computing, The 4th International Conference on

Frontier of Computer Science and Technology, December 2009, Shanghai, China (Chair: S. Yau). 69. Challenges for COMPSAC, Plenary Panel, July 2010, Seoul, S Korea (Chair: S. Yau) 70. Challenges for ISI, July 2011, IEEE ISI, July 2011, Beijing, China (Panel Chair). 71. Security for Cloud Computing, IEEE International Workshop on Future Trends of Distributed

Computing System (FTDCS) 2011, September 2011, Banff, Canada. 72. Big Data Challenges, IEEE Conference on Information Reuse and Integration (IRI 2012), Las Vegas,

Nevada, August 2012. 73. What if it stops working? International Society of Logistics (SOLE 2012), Jacksonville, Florida,

August 2012. 74. Social Media Challenges, IEEE/ACM International Conference on Advances in Social Networks

Analysis and Mining (ASONAM 2012), Istanbul, Turkey, August 2012. 75. Big Data Security, IEEE Big Data Conference, Santa Clara CA, July 2013. 76. Big Data Analytics, IEEE International Conference on Data Mining (ICDM), Dallas TX, December

2013. 77. Security in Big Data, Conference on Cyber Security and Big data, May 2014 (chair: TY Lin) 78. Services Computing, ICWS 2014, Anchorage, Alaska, June 2014 (chair: I. Yen) 79. Privacy Controls, National Privacy Research Strategy, Washington DC, February 2015 (Chair:

Nancy Lefkovitz) 80. Big Data Security and Privacy, ACM CODASPY, 2015 (Chair) Paper in Proceedings 81. Data Mining for Security Applications, ACM CODASPY, 2015 (via tape recording) 82. Cyber Security at UT System, Cyber Texas, San Antonio, April 2015

82

83. Big Data Security and Privacy, Panel at IEEE Cloud Conference, New York, NY, November 2015. 84. Big Data Security and Privacy, Panel at IEEE Big Data Security Conferee, New York, NY, April

2016. 85. Access Control Models, ACM SACMAT, Shanghai, June 2016. 86. Security for Smart Cities, IEEE Conference on Web Services, San Francisco, July 2016 87. Services Computing in the Era of Big Data, IEEE Services Computing, Honolulu, June 2017. 88. Vision for Access Control, Panel at ACM SACMAT, Indianapolis, IN, June 2018. 89. Plenary Panel in Web Services, IEEE ICWS, San Francisco, CA, July 2018. 90. Plenary Panel in Future of Software, IEEE COMPSAC, Tokyo, Japan, July 2018. 91. SecAI: Integrating Cyber Security and Artificial Intelligence, Opening panel presentation, IEEE

Services Congress, Milan Italy, July 11, 2019 (Recorded presentation) 92. SecAI: Integrating Cyber Security and Artificial Intelligence, Panel Chair, IEEE IRI, Los Angeles,

CA August 2019 3. PANELS AT OUTREACH CONFERENCES

93. Women in Cyber Security, Secure Knowledge Management Workshop, September 2004, Buffalo, NY.

94. Intellectual Property Protection, NAFTA Meeting, December 2006, Dallas, TX. 95. Women in Cyber Security, Secure Knowledge Management Conference, November 2008, Dallas, TX

(Chair). 96. CRA-W Panel on Writing Career Proposals, CRA-W Workshop, San Diego, CA, June 2003. 97. Information Security, DFW Chamber of Commerce, March 2007, Dallas, TX. 98. Data Security for Outsourcing, DFW Outsourcing Association, January 2009, Addison, TX (Chair:

Attorney Mr. Peter Vogel). 99. Cloud Computing, DFW-ATW (Alliance for Technology Women) Monthly Colloquium/Meeting,

November 2010 100. CRA Distinguished Speaker Series Round-table panels with students, Rolla, Missouri, March

2015. 101. Cyber Security, UT System Chancellor’s Council Annual Meeting and Conference Panel, May

2015 (For UT System Donors) 102. InSuRE Panel at CISSE Conference, Las Vegas, Nevada, June 2015 (Chair: Matt Bishop) 103. Cyber Security Research and Education, 8th Central Area Networking and Security Workshop

(CANSec) Little Rock, Arkansas, October 2015. 104. Women in Services Computing, Honolulu, HI, June 2017 (Panel Chair at Workshop). 105. Girls in Tech, Dallas, TX, October 2017 106. Women in Data Science Career Panel, Women in Data Science, Stanford, CA, March 2018 107. Women in Services Computing Panel, San Fran, CA July 2018. 108. PhD Forum at IEEE ICDM, Singapore, November 2018 109. Cyber-W: Women in Cyber Security Research, Cyber-W@ACM CODASPY, 2020, New

Orleans, LA, March 2020. (Virtual conference due to COVID-19) 110. Women in Data Science, Dallas Event. April 2020 (conjunction with IEEE ICDE 2020)

4. INVITED TALKS AT UNIVERSITY/INDUSTRY COLLOQIA AND PROGRAM TECHNOLOGY EXCHANGE MEETIMNGS

1. Algorithmic Information Theory, University of Minnesota, Seminar Series, February 1982.

2. Distributed Fault Tolerant Systems, Honeywell Inc., December 1985. 3. LDV: Design of a Secure Database System, RADC Technology Exchange, December 1987, Rome,

New York. 4. Distributed Artificial Intelligence System, MIT Lincoln Lab, Lexington, MA, October 1988. 5. Design of a Secure Object Database System, MITRE Corporation Seminar Series, Bedford, MA

October 1988. 6. Design and Development of a Network Operating System, Digital Equipment Corporation, Seminar

Series, Littleton, MA, November 1988.

83

7. Distributed Artificial Intelligence System, Lockheed Corporation, Palo Alto, November 1988. 8. Trusted Database Management Systems: Where are we? Where should we go? Technology

Exchange SPAWAR, Washington DC, February 1991, and NSA, March 1991, Ft. Meade, MD. 9. Multilevel Security for Multimedia Systems, Technology Exchange SPAWAR, February 1991,

Washington, DC, (co-presenters: H. Rubinovitz and M. Collins). 10. Secure Distributed Database System, presented at the Rome Laboratory Technology Exchange

Meeting, November 1990, Rome, NY. 11. Towards Developing SDDT: A Secure Distributed Database Testbed System, presented at the Rome

Laboratory Technology Exchange Meeting, November 1991, Rome, NY. 12. Inference Problem in Secure Databases, University of Connecticut, April 1992. 13. Multilevel Security Impact on Database Management Systems Interface Standards, presented to the

Next Generation Computer Systems Database Management Systems Interface Standards Working Group, Newport, RI, June 1992 (co-presenter: A. Carengelo).

14. Approaches to Designing Secure Database Systems, NGCR (Navy Next Generation Computing Resources) Meeting, August 1992, San Diego, CA.

15. Towards a Multilevel Data Model, NGCR (Navy Next Generation Computing Resources) Meeting, October 1992, Orlando, FL.

16. Three Presentations on Security and Integrity Constraint Processing in a Multilevel Secure Distributed Environment; Inference Problem, Applying OMT for Multilevel Database Application Design; NSA Technology Exchange Conference, July 27, 1993, Ft. Meade, MD, (Proceedings) (co-authors: H. Rubinovitz, M. Collins, L. Binns, P. Sell).

17. Transaction Processing for MDDS: Developments and Directions; Massive Digital Data Systems Workshop (Community Management Staff) February 1 and 2, 1994, Reston, VA.

18. RT-OMT: A Realtime Object Modeling Technique for Designing Real-time Database Applications, presented to the Next Generation Computer Systems Database Management Systems Interface Standards Working Group, April 1994, Alexandria, VA

19. Real-time Processing and CORBA, presented at the Next Generation Computer Systems, Database Management Systems Interface Standards Working Group, June 1994, Newport, RI.

20. Evolvable Real-time C3 Systems Initiative, Navy SPAWAR, San Diego, August 1994 21. Evolvable Real-time C3 Systems Initiative, Rome Laboratory Technology Exchange Meeting, Rome,

NY, October 1994 22. Evolvable Real-time C3 Systems Initiative, NGCR Meeting, Salt Lake City, November 1994 23. Database Inference Control, Proceedings of the DoD Database Security Workshop, Maine, June 1994

(co-authors: M. Collins and H. Rubinovitz). 24. MLS Database Application Design, Proceedings of the DoD Database Security Workshop, Maine,

June 1994 (co-authors: S. Lewis, D. Marks, P. Sell, S. Wiseman). 25. Evolvable Real-time C3 Systems Initiative, Ministry of Defense, Adelaide-Australia 1996 26. Evolvable Real-time C3 Systems Initiative, INRIA, Sophia Antipolis-France, November 1996. 27. Evolvable Real-time C3 Systems Initiative, University of Osaka, April 1997 28. Evolvable Real-time C3 Systems Initiative, EPFL Lausanne-Switzerland, May 1998 29. Evolvable Real-time C3 Systems Initiative, National University of Singapore, May 1999. 30. Massive Digital Data Systems, Rome Lab Workshop, Boston, October 1995 31. Massive Digital Data Systems, INRIA, Paris-France November 1996 32. Massive Digital Data Systems, NEC Research Labs, San Jose, April 1997 33. Massive Digital Data Systems, University of Osaka, April 1997. 34. Massive Digital Data Systems, High Performance Computing Center, Maui, May 1998 35. Massive Digital Data Systems, University of Rhode Island, June 1996 36. Massive Digital Data Systems, National University of Singapore, August 1997 37. Massive Digital Data Systems, Tokyo Institute of Technology, May 1999 38. Massive Digital Data Systems, Hiroshima University, April 1998. 39. Real-time Database Management: IEEE Computer Society, Special Presentation, Boston Chapter

January 1996; version also given in Madrid, Spain at OMG Meeting, July 1996. 40. Real-time Database Management, Madrid, Spain at OMG Meeting, July 1996. 41. Internet Database Management, OMG Meeting, Internet SIG, June 1996, Washington DC.

84

42. Data Warehousing, Data Mining and Security (version of IFIP 1996 keynote), seminars at IBM Zurich and University of Zurich (Switzerland), 1996.

43. Object Technology for C4I Applications, kickoff presentation at OMG Meeting C4I Founding Working Group, June 1996, Washington DC.

44. Real-time Command and Control Systems, March 1998, OMG Meeting, Manchester, UK 45. Real-time Object Modeling, OMG Meeting, July 1998, Helsinki. 46. Data Mining, Outreach presentation to students at Smith College, MA during their visit to the MITRE

Corporation, April 2000. 47. Data Mining, University of Cambridge, 1999 48. Data Mining, University of Stockholm June 1998 49. Data Mining, IEEE Lecture at MIT 2000 50. Data Mining, University of Wales, UK, 2001. 51. Directions for Securing Semantic Web Technologies, NSF-EU Workshop on Semantic Web (Sophia

Antipolis, France), October 2001. 52. Directions for Securing Semantic Web Technologies, NSF workshop on Semantic Web, March 2002,

Amicalola, GA. 53. Legacy Database Migration, Air Force Scientific Advisory Board, Summer Study Report to General

Jumper and his team at the Pentagon, Team presentation, December 2001 (Co-Chair of the Committee)

54. Data and Applications Security and XML Security, Wright State University, February 2003. 55. Data and Applications Security and XML Security, University of Illinois, April 2003 56. Data and Applications Security and XML Security, George Mason University, April 2003 57. Data and Applications Security and XML Security, University of Texas at Dallas, November 2003 58. Data and Applications Security and XML Security, University of Minnesota, December 2003. 59. Data and Applications Security and XML Security, University of Bristol, England, May 2004. 60. Directions for Research in Data and Applications Security and CyberTrust, New England Database

Meeting, September 2003. 61. Data and Applications Security and Discovery Informatics, Seminar series kickoff presentation, Johns

Hopkins University, October 2003 (Information Systems, College of Business) 62. Third Party Publications of XML Documents, Seminar series, Ohio State University, January 2004. 63. Third Party Publications of XML Documents, Seminar series, University of California at Riverside,

January 2004 64. Third Party Publications of XML Documents, Seminar series, Dartmouth College, February 2004 65. Third Party Publications of XML Documents, Seminar series, UIUC February 2004 66. Third Party Publications of XML Documents, Seminar series, UT Dallas, March 2004 67. Third Party Publications of XML Documents, Seminar series, Penn State University, April 2004 68. Third Party Publications of XML Documents, Seminar series, The MITRE Corporation, March 2005. 69. Data Mining for Counter-terrorism, IEEE Dallas Chapter Presentation, February 2005, Dallas, TX. 70. Data Mining for Cyber Security, ACM Dallas Chapter Presentation, April 2005, Dallas, TX. 71. Data Mining, Security and Civil Liberties, National White-Collar Crime Center, Breakfast

Colloquium, June 2005, TX. 72. Confidentiality, Privacy and Trust for the Semantic Web, The MITRE Corporation, November 2005.

Bedford, MA. 73. Data Security Research at UTD, Raytheon Corporation, January 2006, Garland, TX. 74. Assured Information Sharing, CV Ramamoorthy Workshop, May 2006, Oakland, CA 75. Developing Dependable and Secure Systems, NSF PI Workshop, Pittsburgh, PA, November 2006. 76. Cyber Security Research at UTD, Tektronix Corporation, Richardson TX, May 2007 77. Cyber Security Research at UTD, Rockwell Collins, Richardson, TX, March 2009 78. Data Mining for Security and Counter-terrorism, Central Intelligence Agency Seminar Series, May

2006 (CIA Headquarters) VA. 79. Data Mining for Malware Detection, Invited talk at AFR, Rome NY, June 2006 80. Information Operations: Assured Information Sharing, AFOSR Technology Exchange Conference,

August 2006, Utica, NY; June 2007, Syracuse, NY; June 2008, Washington DC. 81. Geospatial Semantic Web, OGC Interoperability Working Group, Oct. 2006, Tyson’s Corner, VA.

85

82. Geospatial RDF (with A. Ashraful), W3C Working Group on Geospatial Data, October 2006, Teleconference meeting (from Dallas TX).

83. Data Mining and Applications in Malicious Code Detection and Security, Seminar series, University of North Texas, November 2006; University of Texas at Arlington, December 2006.

84. Cyber Security Roadmap, MITRE Technical Exchange, June 2009 (To NAIC sponsor) 85. Data Mining for Cyber Security, Purdue University, February 2007. 86. Data Mining for Cyber Security, Polytechnic University New York, August 2007. 87. Data Security and Data Analytics Research at UTD, Navy SPAWAR, August 2007, San Diego. 88. Digital Forensics, SWE UT Dallas Chapter Meeting, October 4, 2007, Dallas, TX. 89. Digital Forensics, ACM UT Dallas Chapter Meeting, October 25, 2007, Dallas, TX. 90. Semantic Web Research at UT Dallas. IARPA KDD Workshop, Feb. 2008, ORNL, Oakridge, TN. 91. Data Mining for Security Applications, SWE Dallas TX Chapter Meeting, February 2008. 92. Blackbook Experiences, RDEC User Conference, May 2008, San Diego, CA. 93. Assured Information Requirements Gathering, DoD MURI Program Review, September 2008,

Baltimore, MD. 94. Assured Information Sharing, Seminar at National University of Singapore, October 2008; University

of Penang, October 2008. 95. Secure Knowledge Management Workshop Introductions, November 2008, Dallas, TX. 96. Managing Large RDF Graphs, IARPA KDD Workshop, December 2008, ORML, Oakridge, TN. 97. NSF Workshop on Data and Applications Security, Introduction, February 2009, Washington DC. 98. Knowledge Discovery and Security Informatics, SAP Labs, Sophia Antipolis, France, May 2009 99. Secure Semantic Grid, AFOSR Program Review Meeting, June 2009, Washington DC. 100. Welcome remarks and concluding remarks, IEEE ISI Conference, Dallas, TX, June 2009

(General Chair) 101. Data Mining and Security, Microsoft Invitational Workshop in Data for Interdisciplinary

Research, September 2009, Seattle, WA. 102. Information and Security Analytics at UTD, presentation at Wright State University, November

2009, Dayton, OH. 103. Cyber Security Research and Education at UTD, Mississippi State University, January 2010. 104. Data Mining for Malware Detection, University of Arizona, February 2010. 105. Assured Information Sharing: Malicious Code Detection, University of Louisville, Kentucky,

March 2010. 106. Assured Cloud Computing, AFOSR Review Meeting, July 2010, Arlington, VA.

107. Data Mining for Malware Detection featured address at the DFW ATW (Alliance for Technology Women) Monthly Colloquium, June 2011, Dallas, TX.

108. Information Sharing in the Cloud, AFOSR Review Meeting, September 2011, Arlington, VA. 109. Assured Cloud Computing, April 2012, University of North Carolina, Greensboro. 110. Assured Information Sharing, MURI Review (co-author), 2012 and 2013. 111. Cyber Security Research at UTD, April 2013, Raytheon Corporation, Garland, TX. 112. Analyzing and Securing Social Networks, University of Westminster, November 2013. 113. Welcome Remarks, Information Security Conference, Dallas, TX November 2013 114. Welcome and Concluding Remarks, IEEE ICDM, Dallas TX, December 2013 (general chair) 115. Assured Cloud Computing for Assured Information Sharing, University of Insubria, Italy, Dec. 2013 116. Assured Cloud Computing for Assured Information Sharing, Honeywell Inc., May 2014 117. Assured Cloud Computing for Assured Information Sharing, CUNY (Staten Island), May 2014 118. Cyber Security Research and Education Institute at UT Dallas, Pace University, May 2014. 119. NSF Big Data Security and Privacy Workshop Introduction, Dallas, TX, September 2014 120. Cloud-Centric Assured Information Sharing, University of Cambridge England, November 2014 121. Cloud-Centric Assured Information Sharing, Texas A&M University, February 2015. 122. Cyber Security Institute Summary, MITRE/NIST FFRDC Kickoff, February 2015 123. Cyber Security Research and Education at UT Dallas, Presentations to the NSA, ARL, ONR and the

Pentagon, June 2015 124. Cloud-Centric Assured Information Sharing, Kings College, University of London, November 2015 125. Cloud-Centric Assured Information Sharing, University College London (UCL), November 2015 126. Cloud-centric Assured Information Sharing, UTSA, April 2016

86

127. Proactive Defenses for Social Computing, Panel Summary Presentation, ARO Workshop on Social Media, May 2016.

128. Big Data Security and Privacy, University of Kentucky, February 2018 129. Cloud-Based Assured Information Sharing, UMBC, May 2018 (Mentorship talk) 130. Research in Secure Data Management, UMBC, March 2019. 131. SecAI: Integrating Security and Artificial Intelligence, IFIP TC11 meeting, Lisbon, Portugal, June

2019 (Recorded Presentation) 132. Data Mining/Data Science for Network Security Problem, IEEE Comsoc Communications and

Network Security Awards Presentation, Kona, HI, December 2019. 133. Sensor and Geospatial Data Management for Border Patrol and Crime Analysis, MITRE Sensor

Community Workshop, Poster Presentation, May 2007, McLean, VA (co-authors: A. Ashraful, S. Shekar, L. Khan, G. Subbiah).

134. Data Mining, Security and Privacy, Position Paper, NSF Workshop, Sept 2007, Arlington, VA. 135. Security and Ontologies, Microsoft Workshop on Semantic Technologies, June 2007, Seattle WA

(co-author: K. Hamlen). 136. Brooks-Iyengar Algorithm: Presentation Introducing the Test of Time Award, IEEE Cybermatics

Conference, Atlanta, GA, July 2019. 137. Data Mining for Malware Detection, IEEE Business Consultants Meeting, May 2016 138. UT Dallas Cyber Security Institute, NIST FFRDC Kickoff Meeting, February 2015 139. Artificial Intelligence and Cyber Security Education, Co-Lead of the Working Group and gave

the presentation, NSF SatC PI Meeting, October 2019.

5. MITRE INTERNAL SYMPOSIA AND TECHNOLOGY EXCHANGE MEETINGS (while at MITRE, 1989-2004)

1. Security in Object-Oriented Database Systems, presented at the MITRE Symposium on Object-Oriented Technology, April 1990, Bedford, MA (Proceedings published in Technical Report, MTP 382; Editor: D. Grigaro).

2. Issues in Object-Oriented Database Systems, Presented at the MITRE Managers' Symposium on Supercomputing, May 1990, McLean, VA (Proceedings Editor: L. Zeitlsler).

3. Parallel Processing and Trusted Database Management Systems, Presented at the 5th MITRE Symposium on Parallel Processing, May 1991, Bedford, MA.

4. An Overview of Parallel Database Management Systems, Presented at the 7th MITRE Symposium on Parallel Processing, April 22, 1993, Bedford, MA.

5. Object-oriented Database Management Systems, Presented at the Object-oriented Technology Day, (Bedford, MA) October 7, 1993 and (McLean, VA) March 15, 1994.

6. Massive Data and Information Systems, Presented at the 1st MITRE Technology Symposium, June 15, 1994, McLean, VA, (co-author: M. Zemankova, proceedings).

7. Data Management for Workflow Computing, Presented at the MITRE Symposium on Databases for the 90s, June 16, 1994, McLean, VA (Abstract and presentation in proceedings; co-author: B. Lavender).

8. Proceedings of the 1st Applied Database Technology Day, August 1994 (co-editor: C. Loizides – also co-chaired 2nd symposium, December 1995).

9. MITRE's Role in Real-time Systems, presented at the panel on Real-time Systems, Real-time Systems Technology Day, September 1994 (Chair: J. Knobel).

10. Real-time Database Management Systems, presented at the Advanced Information Systems Technology Day, February 1995 (Chair: M. Maybury).

11. MITRE's Role in Parallel Database Systems, presented at the Parallel Processing Symposium, 1995. 12. Massive Data and Information Systems Initiative at MITRE; Proceedings of the MITRE Data

Management Symposium, June 1995. 13. Intelligence Community Massive Digital Data Systems, MITRE McLean, November 1995, MITRE

Fort Monmouth, May 1996, MITRE San Diego, March 1998. 14. Massive and Heterogeneous Data, Massive Data and Information Systems Umbrella; Massive Digital

Data Systems Initiative, poster presentations at the 2nd MITRE Technology Symposium, 20 June 1995 (Bedford, MA) and 27 June 1995 (McLean, VA)

87

15. Evolvable Interoperable Information Systems Thrust, MITRE Technology Symposium, Plenary Presentations, 11 June 1996 (Bedford), 25 June 1996 (Reston) Proceedings Evolvable Interoperable Information Systems Thrust, MITRE Technology Symposium, June 1997.

16. Massive Digital Data Systems, Presented to the Intelligence Community meetings, April 1996, March 1997, April 1997, July 1998.

17. Proceedings of the 1st MITRE Object-Oriented Technology Conference, Welcome address, June 1996

(co-editor: T. Mowbray). 18. Privacy, MITRE Technical Exchange, April 2003.

6. OTHER MOTIVATIONAL TALKS AT INFORMATION MEETINGS AND PRESENTATIONS TO THE GENERAL PUBLIC

1. Mentoring panel for Junior Faculty on Research and Publications, University of Texas at Dallas, October 2019.

2. Mentoring panel for Junior faculty for proposal writing, grants and awards, University of Texas at Dallas, November 2019.

3. How do we inform the General Public about our Cyber Security Research? Panel on Educating the General Public, University of Texas at Dallas, March 2020.

4. Reactively Adaptive Malware, What is it? What do we do about it? featured address, Plano Library event for the general public, October 2014.

5. Reactively Adaption Malware, What is it, What do we do about it? Association of Subcontractors (Plumbers, Electricians, Concrete workers, Glazers, Locker Installers), October 2019 (a version of the 2014 talk at Plano library)

6. My Mentor: Prof. CV Ramamoorthy and how he influenced my career, CV Ramamoorthy Workshop, May 5, 2016, San Diego CA.

7. A Tribute to Prof. Kane Kim, Workshop to honor Prof. Kane Kim, Newport Beach, CA, March 2011. 8. Dallas – Ideal city for a technology conference, presented to (i) the IEEE Data Engineering Steering

Committee, March 2010, (ii) ACM CCS Conference, Vienna Austria October 2016, and (iii) IEEE ICDM Conference, Brussels, December 2012 (co-author: Rhonda Walls)

9. Several talk on UT Dallas Cyber Security and Data Science Research and Education to High School Students and Companies in DFW.

7. TUTORIALS

Conference Tutorials

1. Recent Developments in Database Security, presented at the 14th Annual Computer Security Conferences Workshops, Anaheim, CA, November 1987; lecture notes published in the tutorial proceedings; enhanced version published in the IEEE COMPSAC Conference Tutorial Proceedings, November 1989, Orlando, FL.

2. Multilevel Secure Database Management Systems, presented at the AFCEA Conference Tutorials, August 1993, Princeton, NJ (lecture notes published in the tutorial proceedings).

3. A Tutorial in Object-Oriented Database Systems, presented at the IEEE Dual Use Technology Conference, May 1994, Utica, NY.

4. Data Mining, ACM SAC, March 1998, Atlanta, GA. 5. Data Mining, IEEE COMPSAC, August 1998, Vienna, Austria. 6. Data Mining, IEEE ANNIE, November 1999, St Louis, Missouri. 7. Web Information Management and Ecommerce, IEEE ISADS, March 1999, Tokyo, Japan. 8. Web Information Management and Ecommerce IEEE COMPSAC, October 1999, Tempe, AZ. 9. Data Mining Technologies and Applications in Counter-terrorism, Technet, May 2003, Wash DC, 10. Data Mining Technologies and Applications in Counter-terrorism, TechNet, May 2004, Wash DC. 11. Data and Applications Security, TechNet, May 2005, Washington DC. 12. Data Mining for International Security, ISI Workshop, June 2010, Mysore, India. 13. Data Mining for Malware Detection, SDPS, June 2012, Berlin Germany

88

14. Secure Data Science: Integrating Cyber Security and Data Science, IEEE ICWS, San Francisco, CA, July 2018. Department of Defense and Other Agencies (Sample)

1. A Tutorial in Database System and Database System Security, A three full- day tutorial presented to the U.S. Army CECOM, Ft. Monmouth (August 1992, January 1993), and Dept. of the Navy SPAWAR, Washington D.C. (February 1993).

2. A Seminar on Secure Database System, Full-day tutorial presented to the Dept. of the Navy NCCOSC, San Diego (January 1993, June 1993); Versions also presented to the U.S. Air Force AFCSC (June, August, September 1991 - San Antonio, TX).

3. A Seminar in Object-Oriented DBMS, Full day-tutorial presented to the Department of the Navy NCCOSC, San Diego, June 1993; U.S. Army, CECOM, Ft. Monmouth, April 1994; DISA November 1994; NSA April 1995.

4. A Seminar in Distributed and Heterogeneous DBMS, Full-day tutorial presented to the Department of the Navy NCCOSC, San Diego, June 1993; U.S. Army, CECOM, Ft. Monmouth, April 1994; DISA, November 1994.

5. A Seminar in Real-time DBMS, Presented to U.S. Army, CECOM, Ft. Monmouth, N.J., April 1994. 6. A Tutorial in Database Management Systems, series of seven lectures given at ESC University,

Hanscom AFB, Bedford, MA, September 1994 - April 1995 (Introduction, Relational, Object-Oriented, Distributed, Heterogeneous data management, Real-time, Intelligent Data Management/Data Mining).

7. Data Mining, Developments and Challenges, July 1997, San Antonio (AIA), and Stuttgart Eurocom, November 1997, Colorado Springs, Spacecom, March 2000, (versions given to many govt. organizations).

8. Data Management Systems Evolution and Interoperation, AFCEA (Three days) June 1999, September 1998, DISA-DARPA-JPO (One day) September 1999.

9. Data Management, Data Mining and E-Commerce, AFCEA, October 2000 (Three days). 10. Data Management, Information Management and Knowledge Management, AFCEA Oct 2001, also

versions at AFCEA Oct 2002, Oct 2003, Sept 2004, Oct 2005 (Air Force Bases: Oct 2004 - Offut, March 2005 - Eglin, Aug 2005 - Lackland, June 2006 – Edwards, Sept 2006 - Kirkland).

11. Data Mining with Applications in Counter-terrorism, AFCEA June 2003, Dec 2003, Dec 2004, March 2006, Dec 2006, Nov 2007, May 2007, Nov2007, Nov 2008, June 2010

12. Knowledge Management, Semantic Web and Social Networks, AFCEA April 2008, October 2009, April 2010, October 2010.

89

APPENDIX G: ACADEMIC RESEARCH SUPERVISION

The University of Texas at Dallas (October 2004 – Present)

Ph.D. Students Graduated and first job after graduation:

Diversity: Out of the 23 PhD students (18 graduated and 5 current, 12 are women, 1 is African American, 1 Latino American, and 1 from the LGBTQ community)

• Li Liu (2004 – 2008) Privacy Preserving Data Mining; May 2008 (Senior Scientist EBay)

• Ryan Layfield (2004 – 2008) Social Network and Game Theory Applications, December 2008 (Senior Research Scientist at CISCO, laer Microsoft Seattle and now VMware)

• Zhong Wang (2007 – 2010) Complexity Results in Secure Wireless Networks, December 2010 (Shanghai Stock Exchange)

• M. Farhan Husain (2006 – 2011) Secure Cloud Data Management, May 2011 (Amazon)

• Tyrone Cadenhead (2008 – 2011) Secure Data Provenance Using Semantic Web Technologies, August 2011(Blue Cross Blue Shield, after research scientist at UTD)

• Wei-She, (2006 – 2011) Secure Service Composition with Information Flow Control, December 2011 (currently research member at Intel, Santa Clara)

• Jeffrey Partyka (2007 – 2011), Learning-Based Geospatial Schema Matching Guided by External Knowledge, December 2011, (Raytheon Research)

• Neda Alipanah (2007 – 2012) Federated Query Processing Using Ontology Structure (current UCSD School of Medicine)

• Satyen Abrol (2008 – 2013) Location Mining in Online Social Networks, May 2013, (Senior Scientist, VMWare, CA)

• Parveen Pallabi (2010 – 2013), Evolving Insider Threat Detection Using Stream Analytics and Big Data, December 2013, VCE Consortium (VMware, Cisco, EMC2)

• Vaibhav Khadilkar (2008 – 2013) Assured Cloud-based Information Sharing (Director, NutraSpace, Dallas, TX)

• Lidan Fan (2010 – 2014), Rumor Blocking in Social Networks (University of Texas at Tyler)

• Jyothsna Rachapalli (2009 – 2015) Secure RDF Data Management, August 2015 (Senior Scientist, NutraSpace, Dallas, TX)

• Justin Sahs (2013-2018), Data Science, August 2018, Startup in Houston

• Nazimiye (Ceren) Abay (2015-2020), Data Analytics for Cyber Security, 2019, Visa Research

• Huibo Wang (2015-2019), Reverse Engineering for Malware, Secure SGX 2019, Baidu

• Maryam Imani (2015-2020), Data Science/Machine Learning, 2020, Walmart Labs

• Raul Quinonez Tiradol (2015-2020) Secure Cyber Physical Systems and Internet of Transportation, 2020 (Postdoc, UCSC)

Current PhD. Students:

• Brian Ricks, (2016 – 2020) Network Security and ML, Completion: December 2020

• Vibha Chadramouli (2016-2021), Data Science and Privacy, Completion, May 2022.

• Ashrafi Akbar (2020-20204), Data Science and Security

• Two more female students are joining my team MS Students with Thesis Graduated (supported as RAs): Gal Lave (December 2005) Suspicious Event Detection, Ph.D. at Technion-Israel Vibha Sethi (August 2006) Secure Sensor Networks, Qualcom Abinanthan (May 2007) Fingerprinting Biometrics and RFID, Oracle Srinivasan (May 2007) Trust Management for Assured Information Sharing, Hewlett Packard Pavan Chittamala (May 2007) Geospatial Data Management - Microsoft Jungin Kim (August 2007) Dependable Information Management, Samsung Korea Ganesh Subbiah (December 2007) Trust Negotiation for Semantic Web, ESRI

90

Sonia Chib (2009) Geospatial Proximity for Blackbook, Nokia Pranav Parikh (2009) Secure Amazon.com Web Services, Yahoo Pankil Doshi (December 2010) SPARQL over Hadoop, Research in Motion Gautum Ganesh (May 2015), Social Media, Goldman and Sachs, Head Office, Manhattan, NY Post Docs / Research Scientists Supported (and the 1st job after the postdoc) Dr. M. Awad, 2005-2007 (Asst. Professor at University of UAE) Dr. Chuanjun Li, 2006-2007 (Postdoc at Brown University) Dr. M. Masud, 2009-2011 (Asst. Professor at University of UAE) Dr. Greg Lee, 2008-2010 (Asst. Prof at Case Western) Dr. T. Cadenhead, 2011-2013 (Senior Scientist at Blue Cross Blue Shield) Dr. Yah Zhou (2009-2011) (Research Scientist at UT Dallas) Mr. Nathan McDaniel (2012-2014) (Research Scientist at Applied Research Center) Dr. Jan Kallberg 2012-2014 (Asst Prof. WestPoint US Military Academy) Undergraduate Research Students Mythri Chilla, AI for Cyber Security, Spring 2020, Fall 2020 Note: I have supported many more students as RAs (without the thesis option); also, co-supervised students at U of MN as member of the graduate faculty and also served on thesis committees of numerous students in the US, Canada, Italy, Australia and South Africa. The Cyber Security Institute has graduated around 75 PhD students over the past 15+ years and at any one time we have around 40 PhD students. The students have been placed in Academia (e.g., UNCC, Clemson) as well as Industry (e.g., IBM TJ Watson, Google Privacy). More details can be found on my website.

91

APPENDIX H: EDUCATION AND TEACHING 1. Summary of My Teaching and Education Activities Since Graduate School Introduction: I have worked for over 40 years educating students at all levels from high school to undergraduate to graduate to professional development. This includes around 34+ years of educating students and the general public in data science and cyber security. Below is a summary of my efforts.

Early Teaching/Education Efforts: I developed a passion for educating students while I was in graduate school in England in the late 1970s when I started teaching high school students who needed extra coaching in Mathematics for the 10th and 12th grade public exams through Personal Tutors (Cheshire, England). Then, as soon as I finished my PhD, between 1980 and 1985, I started teaching courses in Theory of Computation, Mathematical Logic for Computer Scientists, Programming Languages, Assembly Language Programming, Fortran, and Data Structures for both graduate and undergraduate students at the New Mexico Institute of Technology and the University of Minnesota while I was first a visiting faculty and later as adjunct faculty while working as a Senior Developer at Control Data Corporation, one of the premier computer companies in the early 1980s.

Data Science and Cyber Security Education efforts while at Honeywell and MITRE: I began my data science and cyber security career at Honeywell in 1985 followed by MITRE, the National Science Foundation, and the University of Texas at Dallas and have taught courses in data science and cyber security in general and data and applications security and data mining in particular for over 30 years. While establishing my career in data Science and Cyber Security Research, Development, Technology Transfer, and Program Management from 1985 until 2004, I taught courses at the University of Minnesota and at Boston University Metropolitan College in Database Security and Advanced Database Management and was also a member of the graduate faculty at the University Minnesota. During this time, I was also an instructor at the MITRE Institute and at AFCEA and taught 1-3 day courses in Data Management, Data Mining and Data security multiple times to several government agencies including the NSA, CIA, DISA, ESC, AFRL, SPAWAR, CECOM, EUCOM, SPACECOM, AIA, and the DISA/DARPA Joint Program Office, as well as to Air Force Bases such as Kelly, Griffiss, Offutt, Eglin, Lackland, Edwards, and Kirkland. I also gave motivational talks to college students in Massachusetts including women from Smith College. I delivered the featured address at AFCEA’s Federal Database Colloquium annually from 1994 until 2001 and co-founded AFCEA’s Federal Data Mining Symposium in 1997. I also presented tutorials in data management, data mining and data security at several IEEE and ACM Conferences as well as at AFCEA’s TechNet events and gave invited talks at the White House Office of Science and Technology Policy and the United Nations. For my contributions to AFCEA’s mission I received AFCEA’s Medal of Merit in 2011. Even though I spent around two decades in the industry where teaching was not part of my main duties, I felt that educating students was an integral part of my mission. Also, while at NSF, where my duties were mainly to direct research programs in data security and information management, I went over and above my duties and participated in education programs including the Math/Science partnership program for high schools.

Cyber Security and Data Science Education Leadership at the University of Texas at Dallas: Since joining the University of Texas at Dallas in October 2004, together with my team, I was instrumental in formulating the cyber security education program which includes a Masters Track in Cyber Security as well as certificate programs. Together the team has received around $15M in cyber security education federal funding including multiple NSF SFS. The team has also received the NSA/DHS certifications in Cyber Security Education, Research and became the first university on Texas to receive the Cyber Operations Certification. The Team also established the annual TexSAW (Texas Security Awareness Week) and organizes cyber security workshops and exercises for students in Texas and its neighboring states and participates in NSF GenCyber program for junior and senior high school students. I have introduced and taught several cyber security courses including Data and Applications Security and Privacy, Biometrics, Secure Web Services and Semantic Web, Secure Cloud Computing. Social Media Analytics, Digital Forensics, Cyber Security Essentials which includes the CISSP modules and will teach Big Data Security and Privacy in Fall 2020. I have established multimillion-dollar integrated research and

92

education programs at UT Dallas in Secure Cloud Computing as well as integrating Data Science and Cyber Security. In addition, we are also developing NSF-funded curriculum in secure mobile system, secure software defines networks and blockchain technology. More recently I worked with our Policy researchers and established an interdisciplinary cyber security master’s degree to start in Fall 2020. With respect to Data Science, I was part of a team that established the master’s track and also developed a five day to the NSA on this subject. I have also written 15 books in data security and data analytics, some of which are tailored for technical managers and some others for researchers. These books have been used as reference material for my courses to my students as well as to those working in government and industry.

Cyber Security and Data Science Outreach Efforts: I have worked tirelessly to support Women in Cyber Security and cochaired WiCyS (800+ person conference) in March 2016 and have given featured addresses at SWE, WITI, and CRA-W, DFW-ATW as well as a keynote address at Cyber-W (Women in Cyber Security Research). I also co-chaired the Women in Data Science and Engineering Workshop as part of IEEE ICDE in April 2017 that focused on integrating data science with cyber security and delivered a featured address at Women in Data Science (WiDS) at Stanford University in 2018. Since then I have been a Co-Director of UTD’s Centers for Data Science and Cyber Security and host the annual WiDS day as ambassador to Stanford. I co-founded and co-chaired the Women in Services Computing (Secure Cloud and Web Services) Workshop held in conjunction with the IEEE Services Computing Conference on June 26, 2017 and co-chaired it also in 2018. I also co-founded the Women in Data and Applications Security and Privacy group at ACM CODASPY in 2019 and Women in Multimedia in 2020. My goal is to integrate date science and cloud computing into cyber security education and motivate women into research and education careers in these fields. Also, out of the 18 PhD students I have graduated during the 12 years, 8 are women and three are from the African American, LGBTQ and Latino communities. I give 1-3-day professional development courses in data science and cyber security including the CISSP modules and secure web services to the local industries at UT Dallas and UC San Diego (Extension). I conduct extensive outreach in cyber security and have written articles for newspapers such as the New York Times and the New York Daily News and have given interviews to magazines like Womensday.com on cyber-attacks to make millions of women aware of the problem. I have also been quoted by numerous other newspapers and magazines such as the Dallas Morning News, the LA Times, the Pittsburgh Post-Gazette, the Business Insider, Inc. Magazine and the D Magazine on cyber security. I appear frequently on DFW Television to discuss cyber security problems including issues on Ransomware and give talks on Malware at DFW Public Libraries, Subcontractor Association, as well as to High School students. I believe that education should be an integral part of one’s life regardless of his or her age. Therefore, I continue to attend professional development courses and get certifications including the Certificate of Terrorism, Studies at St Andrews University Scotland in 2010, ISC2 CISSP in 2010, and SANS GFCE in 2013.

In summary, my contributions to computer science, data science and cyber security education starts from educating high school students to undergraduate and graduate students to the members of the United States Armed Forces and the Intelligence Community to professionals in the computer and defense industries to the general public to especially women and underrepresented minority communities.

II Academic Teaching Experience (1980 – Present)

Current (October 2004 – Present) The University of Texas at Dallas Position: Founders Chair Professor of Computer Science and Director of Cyber Security Research and

Education Institute

• Data and Applications Security Graduate level, Spring 2005, Spring 2006, Spring 2007, Spring 2008, Spring 2009, Fall 2009, Fall 2010, Fall 2011, Fall 2012, Fall 2013, Fall 2014 (based on my book Database and Applications Security: Integrating Data Management and Information Security, CRC Press/Auerbach, June 2005)

• Data and Applications Security, Spring 2006, Spring 2007, Spring 2008, Spring 2011, Spring 2012 (Information Assurance, Minor Core course) Undergraduate level

• Biometrics, Fall 2005, Graduate level

93

• Building Trustworthy Semantic Webs, Fall 2006, Fall 2007, Fall 2008, Spring 2010, Spring 2011 (based on my book Building Trustworthy Semantic Webs, CRC Press, 2007) Ph.D. level

• Digital Forensics, Fall 2007, Fall 2008, Fall 2009, Fall 2010, Fall 2011, Fall 2012, Fall 2013, Fall 2014 (Information Assurance Minor, Core course) Undergraduate level

• Developing and Securing the Cloud, Spring 2012, Spring 2014, Spring 2015, Spring 2016, Spring 2017, Spring 2018, Spring 2019 Graduate level (based on my book Developing and Securing the Cloud)

• Analyzing and Securing Social Networks, Spring 2013, Fall 2015, Fall 2016, Fall 2018, Fall 2019 Graduate level (based on our book Analyzing and Securing Social Networks)

• Variations of Cyber Security Essentials (focusing on CISSP domains), Summer 2010, Summer 2011, Summer 2012, Summer 2013, Summer 2015, Summer 2017, Summer 2018, Summer 2019 (also 3-day course in May 2017).

• INSuRE Experimental Cyber Security Course (Limited to no more than 16 students), Spring 2015, Fall 2015, Spring 2016, Fall 2016, Spring 2017, Fall 2017, Spring 2018, Fall 2018, Sprig 2019, Fall 2019, Spring 2020 (partial funding from NSF/SFS. This is a multi-university program initiated by NSA).

• Big Data Security and Privacy, Starting Fall 2020 ,

King’s College, University of London (June 2015 – June 2022)

Position: Visiting Senior Research Fellow

• Research on AI and Security and Guest Lectures in Data Science and Cyber Security

Previous (1980 – 2001)

(i) New Mexico Institute of Technology, Socorro, New Mexico Position: Visiting Professor 1980 – 1981 Dept. Head: Prof. Tom Nartker (now at UNLV)

1. Department of Computer Science Theory of Computation Ph.D. level course on theory of computation covering topics such as automata theory, complexity theory and recursion theory, using the textbook Theory of Computation by Brainerd and Landweber; Date: Fall Semester 1980 (August – December 1980)

Mathematical Logic for Computer Scientists Senior undergraduate/ 1st yr MS level course covering logic, theorem proving. I developed my own lecture notes. References used: Theorem Proving by Chang and Lee, Mathematical Logic by E. Mendelssohn Date: Spring Semester 1981 (January – May 1981)

2. Department of Mathematics Undergraduate level course in Calculus Date: Spring Semester, 1981 (January – May 1981)

(ii) University of Minnesota

Position: Visiting Professor, 1981 – 1983, Host: Prof. Marion Pour-El Adjunct Professor and Member of the Graduate Faculty, September 1984 – December 1988 Schedule Coordinator: Prof. Sartaj Sahni (now at University of Florida), Host: Prof. WT Tsai

1. Department of Computer Science Fortran Programming Undergraduate course in FORTRAN programming Date: Fall Quarter 1984, Winter 1985, Spring 1985, Fall 1985, Winter 1986, Spring 1986, Fall 1986, Winter 1987, Spring 1987, Summer I and II 1987, Fall 1987, Winter 1988, Spring 1988, Summer I and II 1988

94

Basic and Advanced Assembly Language Programming Junior and senior undergraduate as well as 1st year MS level course in M68000 programming Date: Fall 1985, Winter 1986, Spring 1986, Fall 1986

Algorithms and Data Structures Junior undergraduate course in algorithms Date: Winter 1987, Winter 1988

Programming Languages using Scheme Junior undergraduate course in Scheme programming and principles Date: Spring 1987, Spring 1988 Discrete Structure of Computer Science Junior undergraduate course in Combinatorial mathematics for computer scientists Date: Summer I, 1986 Principles of Programming Languages Senior undergraduate/1st year MS level course on principles of programming languages including principles of FORTRAN, Pascal, Algal, Lisp, Prolog, and Smalltalk, Fall 1988 Database Security, Ph.D. level seminar; Date: Fall 1987

2. Department of Mathematics Calculus and Algebra Undergraduate level courses on calculus and algebra Date: Fall 1981, Winter 1982, Spring 1982, Spring 1985, Fall 1985, Winter 1986

(iii) Boston University Position: Adjunct Professor of Computer Science, 1999 – 2001 Point of Contact: Linda Goldberg

1. Department of Computer Science Advanced Data Management (Spring 2000, Spring 2001) Graduate level course which covered relational databases, object databases, distributed databases heterogeneous databases, migrating legacy databases, data mining, data warehousing, web databases. Based on my two books Data Management System Evolution and Interoperation, CRC Press, May ‘97, and Data Mining, Technologies, Techniques, Tools and Trends, CRC Press, Dce ’98. Date: Spring Semester 2000, Spring Semester 2001.

III. Professional Teaching Experience (1990 – Present)

(i) The MITRE Institute (1990 – 2000) Position: Instructor Schedule Coordinator: Phil Trudeau

Courses taught: Database Security (Four two-hour lectures, 1990) Introduction to Databases (3-hour, 10-week course, 1992, 1993) Heterogeneous Database Integration (1-day course taught several times in 1993 – 1994) Object Databases (1-day course taught several times in 1993 – 1994) Real-time Databases (1-day course taught several times in 1994) Data Management Systems Evolution and Interoperation (2-day course taught several times in 1997 -1999), based on my book Data Mining (1-day course taught several times in 1998 – 2000), based on my book

95

Through the MITRE Corporation, I taught courses to several government agencies (1990 – 2000)

Topics: secure databases, data management and data mining (based on my books) US Government (DoD and Intelligence)

Agencies: Air Force (ESC, AIA, SPACECOM), Navy (SPAWAR, NRaD), Army (CECOM), Other: DISA, DISA/JPO, NSA, EUCOM

(ii) AFCEA Professional Development Center (1998 – 2010) Position: Instructor (helps in developing contacts with the DoD) Schedule Coordinator: Ann Beckham

Courses Taught (all courses based on my books – see publications) Data Management (3-day course in September 1998, June 1999) Data Management, Data Mining and E-Commerce (3-day course in October 2000) Data Management, Information Management and Knowledge Management (3-day course in

October 2001, October 2002, October 2003, September 2004, October 2005) Data Mining for Course (3-day course in June 2003, December 2003, December 2004, March 2006, December 2006, November 2007, May 2008, November 2008, June 2010) Knowledge Management through Semantic Web and Social Network (April 2008, October 2009,

April 2010, October 2010) Data and Applications Security, AFCEA Technet, May 2005 Data Management, Information Management and Knowledge Management: to the Air Force

through AFCEA (3-day course) Offutt AFB, October 2004 Eglin AFB, March 2005 Lackland AFB, August 2006 Edwards AFB, June 2006 Kirkland AFB, September 2006

(iii) Professional Education at Universities Secure Web Services, UC San Diego Extension, January 2008.

Cyber Security Essentials, a 3-day course taught at UT Dallas (May 30-June 2, 2017)

Data Science, 5-day course taught with colleagues at UT Dallas to NSA (July 2019)

96

APPENDIX I: RESEARCH AND EDUCATION FUNDING

(External Funding Only)

I have obtained research funding at The University of Texas at Dallas, The MITRE Corporation, and Honeywell, Inc. My team at UT Dallas has brought in around $50 million in research grants and contracts since October 2005 and around $15 million in education funding. I have been a PI for several projects. For several other projects I initiated them and served as Co-PI or Senior Personnel and in a few cases was not part of the project)

The University of Texas at Dallas (October 2004 – Present)

1. Air Force Office of Scientific Research, 2005 – 2008 (PI) Topic: Information Operations Across Infospheres: Assured Information Sharing Subcontract to UTSA (100K) Amount: $300,000

2. CH2MHILL, 2005 – 2007 (co-PI) Topic: Geospatial Data Management Equipment Grant PI: D. Harris Amount: $50,000

3. Raytheon Corporation, 2006 – 2009 (PI) Topic: Geospatial Semantic Web Research, Data Mining and Security Raytheon University Research Program Amount: $400,000

4. Raytheon Corporation, 2007 – 2008 (co-PI) Topic: Geospatial Semantic Web Development for Security Applications PI: L. Khan Amount: $100,000

5. Air Force Office of Scientific Research, 2006 – 2009 (co-PI) Topic: System Integrity Control Subcontract from Purdue University PI: M. Kantarcioglu Amount: $150,000 I initiated this project

6. The National Science Foundation, 2007 – 2009 (PI) Topic: A Semantic Framework for Policy Specification and Enforcement Response to Program Solicitation: 07-500 Collaboration with UMBC and UTSA Amount: $590,000

7. The National Science Foundation, 2007 – 2008 (PI) Topic: Data and Applications Security Workshop Amount: $50,000

8. National Geospatial Intelligence Agency, 2007 – 2010 (co-PI, NURI project) Topic: Geospatial Data Mining for Crime Analysis Subcontract from University of Minnesota PI: L. Khan Amount: $200,000

9. Department of Defense/AFOSR 2008 – 2013 (PI: 2008 – 2010, Co-PI: 2010 – 2013) Topic: Assured Information Sharing Multi-university research initiative (MURI) funded by the DoD/AFOSR (Subcontract from UMBC); I wrote the one page that went into the BAA and put together the team and requested UMBC to lead the effort. Amount: $1 million

97

10. National Aeronautic Space Administration, 2008 – 2010 (co-PI) Topic: Data Mining of Fault Reports Subcontract from University of Illinois, Urbana Champaign PI: L. Khan Amount: $360,000

11. Intelligence Advanced Research Projects Agency, 2008 – 2010 (PI) Topic: Ontology Alignment (part of the KDD program) Subcontract to Raytheon for 75K Amount: $560K

12. Air Force Office of Scientific Research, 2008 – 2012 (PI) Topic: Secure Grid/Cloud Information Management Mini-MURI (term coined by AFOSR PM) Subcontract to Purdue University (400K) Amount: $2.2 million

13. Air Force Office of Scientific Research, 2009 – 2014 (PI) Topic: Secure Social and Sensor Networks Mini-MURI (term coined by AFOSR PM) Subcontracts to Purdue (200K); Collin County, TX (400K) Amount: $1.6 million

14. National Science Foundation, 2009 (PI) Topic: Intelligence and Security Informatics (Student Scholarships) Amount: $10,000

15. Air Force Office of Scientific Research, 2009 – 2012 (Senior Personnel) Topic: Malware Detection PI: Kevin Hamlen, co-PI: Latifur Khan Amount: $450,000

16. National Science Foundation, 2009 (Co-PI) Topic: Secure Peer to Peer Data Management (EAGER) PI: Kevin Hamlen Amount: $80,000 I initiated this project

17. National Science Foundation, 2010 – 2013 (Senior Personnel) Topic: Privacy Preserving Ontology Alignment (TC: Small) PI: M. Kantarcioglu Amount: $260,000 I initiated this project

18. National Science Foundation, 2010 – 2014 (Co-PI) Topic: Scholarship for Service PI: Kamil Sarac Amount: $2.2 million (with supplements) I initiated this project

19. Air Force Office of Scientific Research, 2010 – 2011 (PI) Topic: Assured Cloud Computing Co-PI: L. Khan, M. Kantarcioglu Amount: $44,000

20. Air Force Office of Scientific Research, 2011 (Co-PI) Topic: Assured Cloud Computing Equipment PI: L. Khan Amount: $260,000 (This was added to one of the existing projects)

21. National Science Foundation, 2011 – 2013 (PI) Topic: Capacity Building for Assured Cloud Computing Co-PI: K. Hamlen, M. Kantarcioglu, K. Sarac, L. Khan Amount: $300,000

98

22. Raytheon Corporation, 2011 – 2012 (Co-PI) Topic: Malicious Behavior Pattern Extrapolation PI: L. Khan Amount: $100,000

23. National Science Foundation, 2011 – 2016 (Co-PI) Topic: Privacy-Enhanced Secure Data Provenance (TC: Large; I initiated the project) PI: M. Kantarcioglu Amount: $912,000 I initiated this project

24. US Army (Homeland Protection Institute), 2011 – 2012 (Co-PI) Topic: Adaptive Malware Detection over Evolving Malware: Attacks and Defenses Subcontract from The University of Texas at El Paso PI: L. Khan Amount: $280,000 I initiated this project

25. Air Force Office of Scientific Research, 2012 – 2017 (PI) Topic: Semantic Approach to Behavior-based IDS and Its Application (Data Mining for Malware Detection in Mobile Systems) Subcontract from SUNY Binghamton PI: B. Thuraisingham Mini-MURI (term coined by AFOSR PM) Amount: $970,000

26. Air Force Office of Scientific Research, 2012 – 2015 (Co-PI) Topic: Ecologically Inspired Framework for Assured Data Cloud PI: M. Kantarcioglu Amount: $448,526

27. Army Research Office, 2012 – 2015 (Co-PI) Topic: A Game: Theoretic Framework for Adversarial Classification PI: M. Kantarcioglu Amount: $439,880

28. National Science Foundation, 2018-2021 (Co-PI) NSF MRI on Assured Cloud Computing Amount 300K, PI: L. Khan I initiated this project

29. The National Science Foundation, 2013 – 2014 (PI) Topic: Big Data Security and Privacy Workshop Amount: $20,000

30. The National Science Foundation, 2013 – 2014 (Co-PI) Topic: IEEE ICDM Conference Student Scholarship PI: Diane Cook Amount: $25,000

31. National Science Foundation, 2014 – 2019 (Co-PI) Topic: Scholarship for Service PI: Kamil Sarac Amount: $4.4 million (with supplements)

32. National Science Foundation, 2014 – 2016 (PI) Topic: Insure (this is part of Dr. Sarac’s SFS project)

33. National Science Foundation, 2014 – 2017 (PI) Topic: Malware Collection and Analysis (Subcontract from U of AZ)) Amount: $150K

99

34. National Science Foundation, 2015 – 2017 (Co-PI) Topic: Secure Mobile Computing (Virtual Lab) PI: Latifur Khan Amount: $300K I initiated this project

35. National Science Foundation, 2015 – 2018 (Senior Personnel; was instrumental in initiating this project with Political Sciences) Topic: RIDIR: Modernizing Political Event Data for Big Data Social Science Research Amount: $1.5M; PI: Patrick Brandt

36. National Science Foundation, 2015 – 2016 (PI) Women in Cyber Security (subcontract from TN Tech) Amount: $330K

37. National Science Foundation, 2017 – 2020 ((Principal Investigator) Topic: Capacity Building in Big Data Security and Privacy Co-PI: Latifur Khan) Amount: 500K

38. National Security Agency: 2018-2023 (Co-PI – subcontract from Vanderbilt) Science of Security Lablet on Cyber Physical Systems Amount: $1.5M (approx) PI: A. Cardenas

39. National Security Agency, 2017 – 2019 (Co-PI) Topic: Curriculum Development in Data Science and Security Amount: approx. 300K, PI: L. Khan

40. Army Research Office DURIP – Equopment for Trustworthy Analysis, 2018 (PI) Amount: 250K

41. Army Research Office Adversarial Machine Learning 2018-2020 (Sr. Personnel) Amount: 450K, PI. M. Kantarcioglu

42. National Science Foundation, 2018-2021 (Co-PI) NSF MRI on Cyber Security and Machine Learning (Co-PI) Amount 600K, PI: M. Kantarcioglu I initiated this project

43. NSA Adversarial Machine Learning 2018-2020 (Co-PI) Approx 250K, PI. M. Kantarcioglu) I initiated this project

44. National Science Foundation 2019-2021 (Co-PI) Capacity Development on Blockchain, Amount approx. 500K (PI: L. Khan)

45. National Science Foundation, 2019– 2024 (Co-PI) Topic: Scholarship for Service PI: Kamil Sarac Amount: $4 million +

46. National Security Agency, 2018 – 2019 (Co-PI) Education Grant in Advanced Data Science) Develop 5-day course in Advanced Data Science and present it to NSA staff. PI: Latifur Khan Amount: 250K

47. The National Science Foundation, 2020 (Co-PI) Topic: IEEE ICDE Conference Women in Data Science PI: Latifur Khan Amount: $18,750

48. The National Science Foundation, 2020 (Co-PI) Topic: IEEE ICDE Conference Student Scholarship PI: Latifur Khan Amount: $25,000

100

Awards Received by Team Members without me as co-PI or sr. personnel (2006 – Present -Sample)

Kevin Hamlen: Air Force Young Investigator Program Award, 2008, 350K Murat Kantarcioglu: NSF CAREER Award, 2009, 400K Murat Kantarcioglu: Botnet, ONR (subcontract from Purdue), 2009, 60K Murat Kantarcioglu: Privacy in Genomic Databases, NIH (sub. from Vanderbilt), 2009 – 2012, 350K Murat Kantarcioglu: Privacy in Genomic Databases, NIH (sub. from Vanderbilt), 2013– 2016, 350K Murat Kantarcioglu: Secure Sensor Data, NSF NeTS, 2010, 260K Murat Kantarcioglu, Rapid Response, COVID-19, NSF, 100K Kevin Hamlen: NSF Career, 2011, 500K Kevin Hamlen: Medium Trustworthy Computing, 2011, 550K Latifur Khan: NSF Workshop, 2012, 20K Latifur Khan: Tektronix, 2012, 50K Latifur Khan: Sandia Labs, 2013 - 2016, 180K Latifur Khan: NSF MRI on Assured Cloud Computing, 300K+ Zhiqiang Lin: DARPA, Reverse Engineering for Secure Legacy Code, 2011, 450K DoD IASP Capacity Building and Scholarship, 2006 – Present, approx. 75K/year (Kamil Sarac, Murat Kantarcioglu, Kevin Hamlen, Latifur Khan) Policy Management and Semantic Web, 2012 – 2015, Approx. 400K, Murat Kantarcioglu, Kevin Hamlen, Latifur Khan (with MIT and UMBC) I initiated this project Kevin Hamlen: In-Line Reference Monitor, 2013 – 2016, Approx. 600K, ONR Kevin Hamlen, Raytheon, Lockheed, IUCRC on Network Centric Systems, 2013 – 2018 Alvaro Cardenas, Control Systems Security, 2013 – 2015, Approx. 100K, MITRE Zhiqiang Lin: Binary Code Analysis, Air Force Young Investigator Program Award, 2015 Kevin Hamlen: AFOSR, Author attribution, 2014, Approx 600K Alvaro Cardenas, Cyber Physical Systems Security, 2014 –2015, 100K, NIST Yvo Desmedt, STARS, 500K, State of TX, 2012 Zhiqiang Lin, Virtual Machine Introspection, 500K, NSF CAREER 2015-2020 Kevin Hamlen, Language Security, Medium SatC, 500K, 2015 – 2018 Yiorgos Makris, $3M, Multiple NSF SatC, ARO Projects on Hardware Security, 2011 – Present Yiorgos Makris, Industry funding on Hardware Security from TI, Intel, SRC Alvaro Cardenas, Secure Cyber Physical Systems, 500K, NSF CAREER 2016-2021 Murat Kantarcioglu, Cyber Infrastructure, NSF, 250K, 2015-8 Kevin Hamlen, Language Security, NSF, 480K, 2015-8 Kevin Hamlen, Malware Research, NSA, 300K 2015-7 Alvaro Cardenas, Cyber Physical Systems Security Policy, 500K, 2015-8 Murat Kantarcioglu, Genomic data privacy, Multiple NIH (with Vanderbilt) JV Rajendran, Hardware Security, 500K, NSF CAREER 2017-2022 Zhiqiang Lin, NSF/VMware partnership Research grant, 600K (total $3M), NSF, 2017-2021 Kevin Hamlen, ONR Grant on Binary Code Retrofitting $1.7M (2017-2021) Alvaro Cardenas, DHS, Cyber Physical Systems Security, Approx. $500K, 2018 Alvaro Cardenas, NSA Via NCState, Data Analytics, Approx. 20K, 2016-Present Kevin Hamlen, $3M DARPA Grant (UTD share around 800K), 2018-Present Murat Kantarcioglu, NSF/Amazon Partnership. 2019-2020 List of additional funding from NIST, VMware, Cisco, TI, Intel, as well as NSF and other agencies

is being compiled. Infrastructure Development Funding I have supported my colleagues in the NSA Capacity building efforts for 2007 (Murat Kantarcioglu), 2008 (Kevin Hamlen), 2010 (Latifur Khan) and 2011 to present (Kamil Sarac). In 2011, we received infrastructure funding from AFOSR. In 2011, 2015, 2017, 2018, and 2019 we also received capacity building funds from NSF SFS (for courses in assured cloud computing, secure mobile systems, Big data Security and Privacy, Secure Software Defined Networks, and Blockchain Technology).

101

The MITRE Corporation (January 1989 – 2004) MITRE is a Not-for-Profit federally funded research and development center and therefore the research projects that are externally funded are internally completed. One staff year is approximately $200,000.

I. Principal Investigator for the following research projects at MITRE: 1. Secure Distributed Data Management

US Navy, SPAWAR, FY89 (1 staff year, Team lead) Team members: Bhavani Thuraisingham, Amyl Kemon USAF Rome Air Development Center, FY90, FY91, FY92 (1 staff year/yr, Team lead)

2. Inference Problem/Constraint Processing US Navy, SPAWAR, FY90 (1.5 staff years, Team lead) Team Members: Bhavani Thuraisingham, William Ford, Marie Collins, Jonathan O’Keeffe US Army CECOM, FY91 – FY95 (1.5 staff years/yr approx.) Continued to work on project FY96 and 97 Team Members: B. Thuraisingham, William Ford, Harvey Rubinovitz, Marie Collins, David Foti US Air Force, FY99 (1 staff year, Team lead) Team Members: Bhavani Thuraisingham, Harvey Rubinovitz

3. Secure Multimedia/Object Database Management US Navy SPAWAR, FY91 – FY93 (2 staff years/yr. approx, Team lead) Continued to work on project FY94, FY95 as Team member Team Members: Bhavani Thuraisingham, William Herndon, Arnon Rosenthal, Richard Graubart, Jim Williams

4. Secure Client Server Computing US Army CECOM, FY94 (1 staff year, Team lead) Investigated security for client-server computing and identified security for object request brokers. Team Members: Bhavani Thuraisingham, Brian Kahn

5. Research Directions in Database Security, Special topics in Database Security (Secure Federated Data Mgmt, Foundations of Inference Problem, Data Mining and Privacy) NSA FY91 (0.5 staff year), FY92 (1.5 staff years), FY93 – FY95 (0.5 staff year/yr), FY96 (1 staff year, Team lead). Project continued under Dr. Chris Clifton, FY97 Team Members: Bhavani Thuraisingham, Mark Nadel, Leonard Monk, Chris Clifton NSA Team Members: Leonard Binns, Don Marks, Peter Sell

6. Research Directions in Massive Digital Data Systems (MDDS), Data Mining for Text Databases CIA MDDS FY93 – FY99 (1.5 staff year/yr, Team member 93-94, Team lead 95-99) Text mining (initiated project for 2 staff years/yr in FY96 – subcontractor: Stanford University, project managed by Dr. Chris Clifton and continued until FY99) Team Members: Bhavani Thuraisingham, Maria Zemankova, Beth Lavender, Henry Bayard, Marcia Kerchner, Manette Lazar, Chip Paradise, Chris Clifton, Arnon Rosenthal

7. Research in Real-time Data Management and Real-time Middleware USAF Rome Lab, FY93 – FY99 (PI for Real-time Data Management portion of project: 2 staff year/yr). Part of larger project, approx. 5 – 7 staff year/yr managed by John Maurer) Team members: Bhavani Thuraisingham, Alice Shafer, Gary Gengo, Mike Squadrito, Roman Ginis, Victor Fay-Wolfe, Steve Wohlever, Eric Hughes

8. Research Directions in Data Management MITRE Research FY95 – FY97 (1 staff year/yr) Team Members: Bhavani Thuraisingham, Barbara Blaustein, Arnon Rosenthal, Len Seligman, Penny Chase, Tom Mowbray

III. Research Management 1. MITRE: Department Head of Information and Data Management MITRE, managed budget of

approx. $5 million/yr for 4+ years. 2. MITRE: Head, MITRE’s research in Data Management, managed a budget of approx.

$5million/yr for 3 years. 3. CIA: As manager of fifteen research projects for CIA and NSA, managed a budget of approx. $3

million/yr for 6 years.

102

Honeywell Inc. (1986 – 1989) 1. Air Force, (AFRL Rome): Secure Distributed Data Views (also known as Lock Data Views)

Secure Distributed Data Views (SDDV), RADC. Became the principal investigator during the 2nd year of the three-year SDDV project. (January 1986 – December 1988); managed 3 staff years/yr Team Members: P. Dwyer, E. Oneugbe, P. Stachour, T. Haigh, E. Boebert, B. Dillaway

2. Air Force, (AFRL, Dayton): Engineering Information Systems As project contributor, led the data modeling part of the project for Engineering Information Systems; project funded by Wright Patterson AFB (October 1987 - December 1988); managed 2 staff years/yr (Team member: Venkat Venkataraman)

3. NASA: (Johnson Space Center) Distributed Systems Project contributor on the distributed systems project for NASA; principal investigator of the Network Operating Systems portion of the project (November 1986- October 1987); managed 2 staff year /yr

4. Multiple grants from Honeywell Divisions for research in data management and analytics (Team member)

103

APPENDIX J: INVENTIONS, PATENTS AND TECHNOLOGY TRANSFER I PATENTS ISSUED The MITRE Corporation

1. US Patent, October 1994, US5355474A System for a multilevel secure database management system using a knowledge base with release-based and other security constraints for query, response and update modifications (with William Ford and Marie Collins)

Description: System for processing security constraints (i.e. policies) in a multilevel secure database system. The invention describes the inference controller that handles some constraints during query processing, some during database updated and some during database design operation. 2. US Patent, January 1996, US5481700A An apparatus and method of a multilevel secure database management system based on a multilevel logic programing system (sole inventor)

Description: A multilevel secure database system that is based on a new logic called Nonmonotonic Typed Multilevel Logic. This system is essentially a logic programming system to process multilevel data. 3. US Patent, December 1997, US5694590A Apparatus and method for the detection of security violations in multilevel secure databases (with W. Ford)

Description: An expert system to process data and protect against unauthorized inferences. The system consists of a knowledge base and a reasoning engine. Status of the Patents In 2003, former Microsoft CTO Nathan Myhrvold’s company (Intellectual Ventures) purchased 4 “must-have” patents from MITRE for a substantial amount which includes Dr. Thuraisingham’s three patents listed above. The University of Texas at Dallas

4. US Patent, January 2015, US8965974 Systems and methods for determining user attribute values by mining user network data and information (Bhavani Thuraisingham, Latifur Khan, Satyen Abrol, Vaibhav Khadilkar)

Description: A data mining system that analyzes social media data (e.g., twitter) and extracts unknown information such as demographics (location, friendships, travel patterns, etc.) 5. US Patent, November 2015, US 9165051 Systems and Methods for Detecting a Novel Data Class (Bhavani Thuraisingham, Latifur Khan, M. Mehedy Masud, Jiawei Han, Jing Gao; this patent is jointly with professor and student from UIUC, although the main inventors are professors and students from UTD)

Description: A data mining system that forms novel classes. That is, usually data are classified according to predefined classes. When a piece of data does not belong to a particular class, then over time the system forms novel classes and classifies such data.

6. Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps, Patent Application No.: US 14/629876 (B. Thuraisingham, L. Khan, Z. Lin; Patent: US 9,977,904, May 2018)

Description: This invention describes a system that utilizes a hybrid approach to detect man in the middle attacks for Android applications and other smart phones. In particular, it combines static analysis with highly novel dynamic analysis to develop such a system. This patent is in the process if being issued.

104

Status of the Patents Regarding the patent US 9165051, we have developed a system called InXite based on the technology (invention US 14/746,576) and Knowledge and Security Analytics, LLC (Dr. Thuraisingham’s start-up company) is licensing the patent and commercializing the technology.

Dr. Maria Cordova, the Director of NSF has commended this effort in her address at TAMEST in November 2015 (http://www.nsf.gov/news/speeches/cordova/15/fc151113_TAMEST.jsp). In particular, she stated the following as shown on the NSF website.

“Bhavani Thuraisingham (pronounced "Bha-van-e Thu-ra-sing-ham"), from The University of Texas at Dallas, developed a tool to mine data on Twitter, which transferred to a startup company called Knowledge and Security Analytics. She is Professor of Computer Science and Director of the Cyber Security Research Center at UT Dallas.”

Discussions are under way to license the patent US8965974 by KSA. Prototype systems have been developed that use novel class detection techniques for detecting malware including zero-day attacks. We will commercialize the technology to detect the new malware unleashed by attackers.

II PATENT APPLICATIONS The University of Texas at Dallas 1. System and Method for Media Data Analytics, Patent Application No.: US 14/746,576. Satyen Abrol, Latifur Khan, Vaibhav Khadilkar, Bhavani Thuraisingham, Nathan McDaniel G. Rajaseker, G. Ganesh.

Description: This invention describes a comprehensive system for integration of multiple heterogeneous databases including social media data and applies novel analytics techniques and identifies persons of interest as well as their activities and sentiments. It also utilizes predictive analytics techniques to determine future actions.

This invention together with US 9165051 is being commercialized by Knowledge and Security Analytics, LLC.). TECHNOLOGY TRANSFER (SAMPLE) 1. Secure Relational Database System: Some aspects of the design of the Lock Data Views System designed at Honeywell under contract with Rome Air Development Center have been adopted by Oracle in their Trusted Database System product in 1991 (as well as by Sybase and Informix). In particular, Lock Data Views designed a multilevel relational data model and a system architecture that relied on the operating system to provide mandatory access control for query and update processing. This was the design adopted by Oracle in one of their trusted database system products. 2. Distributed Data Dictionary Systems: The Distributed Data Dictionary System designed at Honeywell was transferred to Honeywell Residential Control’s Division in 1987 (with Dr. Krishna Mikkilineni et al). The system we designed and developed utilized an entity-relational model as the common representation and transformed the various data models (e.g., relational data models) into the common model. Our design was based on the ANSI IRD standard. The prototype was transferred to Honeywell’s division. 3. Expert System for Control Systems: XIMKON system, an expert system for control systems, designed at Honeywell was transferred to Honeywell’s Industrial Automation Systems Division in 1989 (with Dr. Ferit Konar et al). In particular, XIMKON was an expert system that will analyze the sensor data and reasons about the data and give advice to the operator about the status of the industrial plant. We designed and developed XIMKON and the prototype was transferred to Honeywell’s division.

105

4. Secure Distributed Database System: Some aspects of the secure distributed database system designed and developed at MITRE for the Air Force Rome Laboratory and US Army CECOM was transferred to the Army’s MCS (Maneuver Control System) in 1994 (with Harvey Rubinovitz et al). In particular, we first designed and developed a secure distributed database system for the Air Force and subsequently we used our system to connect database systems securely and MITRE Bedford and MITRE McLean. US Army CECOM was very interested in this effort and funded us to make significant enhancements to this prototype. In particular, we implemented a distributed constraint processor on top of the secure distributed database system and also enhanced the performance of the system. Our prototype was transferred to US Amy CECOM for the MCS program. 5. Distributed Real-time Object System. Some aspects of the Distributed Real-time Object System design and developed at MITRE for the Air Force was transferred to the AWACS system in 1997 (as well as to the Real-time task force at OMG; with John Maurer et al). In particular, we designed and developed an object-based real-time infrastructure, application, and data manager for next generating AWACS program for the Air Force. We demonstrated our prototypes to the Air Force and the system was transferred to the AWACS program. In addition, this work was presented to the OMG’s Real-time SIG and influenced the subsequent standards developed. 6. Cloud-based Assured Information Sharing System: We designed and developed a comprehensive policy-based information sharing system in the Cloud at UTD. The system was revolutionary and the Air Force published a press release on our work (http://www.wpafb.af.mil/News/Article-Display/Article/400150/afosr-funded-initiative-creates-more-secure-environment-for-cloud-computing). We submitted a one-page STTR on this effort to the Air Force which went into the BAA in 2011 and a company is now implementing a product. In addition, our papers were read by a new start-up company in

DFW and we are having discussions on transferring the technology to this company.

106

APPENDIX K: PROFESSIONAL ACTIVITIES

Editor-in-Chief Computer Standards and Interface Journal, 2005-2009

Editorial Boards Journal of Computer Security, 1990 – 2000

IEEE Transactions on Knowledge and Data Engineering, 1996 – 2000

Computer Standards and Interfaces, 1993 – 2005

ACM Transactions on Information Systems Security, 2004 – 2007

IEEE Transactions on Dependable and Secure Computing, 2004 – 2010

Journal of Distributed Sensor Networks, 2004 – 2008

Journal of Computer Science and Network Security, 2006 – 2010

Journal of Information and Computer Security, 2005 – 2009

Journal of Information Security and Privacy, 2006 – 2014

Very Large Database Journal, 2007 – 2011

IEEE Intelligent Systems, 2012 – 2018

ACM Transactions on Management Information Systems, 2013 – 2020

IEEE Transactions on Services Computing, 2018-Present

Transactions on Machine Learning and Artificial Intelligent, 2013-Presemt

ACM /IMS Transactions on Data Science, 2020-Present

Advisory Boards and Steering Committees (Sample)

• Member of the Air Force Scientific Advisory Board Study on Migrating Legacy Applications, 2001

• Purdue University, Computer Science Department, 2004 – 2006

• Journal of Privacy Technologies, 2004

• Journal of Computer Security, 2000

• IASTED, 2001 – 2004

• Advisory Board, Accuvant Corporation, 2011 – 2015

• Vice President for Development, SDPS, 2012 – 2014

• NIST FFRDC Academic Advisory Council, 2014 – present

• PhD Advisory Board, University of Insubria, Italy 2015

• University of GA, Dept of CS, Advisory Board, 2015 – Present.

• Illinois Institute of Technology Dept of CS, Advisory Board, 2018

• IEEE ICDE Steering Committee, 2018-Present

• Advisory Board of Maxxsure Corporation, 2018-Present

General Conference Chair/Co-Chair (Sample)

1. IEEE WORDS Conference, Rome, Italy, January 2001

2. IFIP Data Integrity and Control Conference, Warrenton, VA, November 2005

3. Intelligence and Security Informatics, ISI, San Diego, CA, May 2006

4. Secure Knowledge Management, Dallas, TX, November 2008

5. Intelligence and Security Informatics, ISI, Dallas, TX, June 2009

6. NSF Workshop on Data and Applications Security, Arlington, VA, February 2009

7. Information Security Conference, Dallas, TX, November 2013

8. IEEE International Conference on Data Mining (ICDM), Dallas, TX, December 2013

9. NSF Big Data Security and Privacy Workshop, Dallas, TX, September 2014.

10. IEEE International Conference on Web Services (ICWS), New York, June 2015

11. SecureComm, Dallas, TX, October 2015

12. IEEE ISI, Baltimore, MD, June 2015

13. Women in Cyber Security, Dallas, TX, March 2016

107

14. IEEE International Conference on Web Services (ICWS), June 2016

15. IEEE International Conference on Data Engineering (ICDE), San Diego, CA, April 2017

16. Women in Data Science/Eng. Workshop, (co-located with ICDE), San Diego, CA, April 2017.

17. IEEE Cloud, Honolulu, HI, June 2017.

18. Women in Services Computing Workshop (co-located with IEEE ICWS, Honolulu, June 2017)

19. ACM Conference on Computer and Communications Security (CCS), Dallas TX, October 2017.

20. Women in Services Computing Workshop ((co-located with IEEE ICWS, San Fran July 2018)

21. The IEEE International Symp. on Big Data Security on Cloud (BigDataSecurity), Omaha May 2018

22. IEEE FiCloud, Barcelona, Spain, August 2018.

23. ACM CODASPY, Dallas TX, March 2019

24. IEEE Big Data Security, Washington DC, May 2019

25. IEEE ICWS, Milano, Italy. July 2019

26. IEEE ICDM Blockchain Analytics Workshop, November 2019

27. ACM CODASPY, New Orleans, LA, March 2020 postponed due to COVID-19)

28. IEEE ICDE, Dallas, TX, April 2020 (First Virtual Conference in ICDE History due to COVID-19))

29. IEEE ICDE WiDS Dallas Event, virtual Event, April 2020

30. IEEE Bi Data Security, May 2020, Honorary General Chair.

31. IEEE Comsoc 9th N2 Women Workshop, Greece, October 2020

32. IEEE ISI 2020 Honorary Chair

Program Chair/Co-Chair (Sample) 1. IFIP Database Security Conference, Vancouver, Canada, August 1992

2. ACM OOPSLA Conference Workshop on Secure Object, Washington DC, Sept 1993

3. ACM Multimedia Conference Workshop on Multimedia Data, San Francisco, CA, October 1994

ACM OOPSLA Conference Workshop on Objects in Healthcare, Portland, OR, October 1994

4. IEEE Workshop on Multimedia Database Systems, Blue Mountain Lake, NY, August 1995

5. ACM OOPSLA Conference Workshop on Objects in Healthcare, Austin, TX, October 1995

6. ACM Multimedia Conference Workshop on Multimedia Database, San Francisco, CA, Nov 1995

7. IEEE Metadata Conference, Silver Spring, MD, April 1996 (Founding Chair)

8. ACM OOPSLA Conference Workshop on Objects in Healthcare, San Jose, CA, October 1996

9. Federal Data Mining Symposium, Washington DC, December 1997 (Founding Co-Chair)

10. IEEE Multimedia Database Workshop, Dayton, OH August 1998

11. IEEE COMPSAC Conference, Vienna, Austria, 1998

12. IEEE WORDS Workshop, Santa Barbara, CA, January 1999

13. IEEE ISORC, Newport Beach, CA, March 2000 (Co-chair)

14. IFIP Database Security Conference, Amsterdam, Netherlands, August 2000 (Primary Co-chair)

15. CODATA Symposium on Integrating Heterogeneous Data, Stressa Italy, October 2000

16. IEEE ISADS Conference, Dallas, TX, March 2001 (Chair)

17. IEEE COMPSAC Conference Workshop on Web Security, Oxford, UK, August 2002

18. IEEE ISORC, Korea, April 2006 (Co-Chair)

19. ACM SACMAT Conference, Sophia Antipolis, France, June 2007

20. ICDE Secure Semantic Web Workshop, Mexico, April 2008

21. ICWS Security Workshop, Los Angeles, CA, July 2009

22. PASSAT, Vancouver, Canada, August 2009

23. Indo-US Summit in Infrastructure Security, Bangalore, January 2010

24. IEEE Information Reuse and Integration, Las Vegas, NV, August 2012

25. IEEE Information Reuse and Integration, Las Vegas, NV, August 2013

26. Trustcom 2013, Melbourne, Australia July 2013

27. IEEE ICWS, June 2014, Anchorage, Alaska

28. IEEE Information Reuse and Integration, Las Vegas, NV, August 2014

29. IEEE ICWS, June 2015, New York City, NY, June 2015

108

30. IEEE Information Reuse and Integration, Las Vegas, NV, August 2015

31. The IEEE International Symp. on Big Data Security on Cloud (BigDataSecurity), NYC Aug. 2015

32. CODASPY Workshop on Security and Privacy Analytics, Scottsdale, AZ, March 2017.

33. IEEE ICWS, July 2018, San Francisco

34. IEEE TrustCom, NYC, August 2018

35. IEEE ICDM (International Conference on Data Mining), Singapore, November 2018

36. ICDM Workshop on Adapting Data Mining for Security, Singapore, November 2018.

37. IEEE Bug Cyber, December 2018, Seattle, WA

38. IEEE Big Cyber, December 2019, Los Angeles, CA

39. IEEE Big Cyber, December 2020, Atlanta, GA

Program Vice Chair and/or Special Roles 1. IEEE ICDE Conference, Mexico, 2008, Vice Chair for Security

2. IEEE ICDE Conference, Sydney, 1999, Panel Chair

3. ECML/PKDD, Track Chair 2011

4. Computer Security Applications Conference, 1990, Chair, Database Security Track

Program Committee Member (Sample, not a complete list) 1. IEEE Local Area Networks Conference, Minneapolis, MN, October 1987

2. ACM Computer and Communications Security Conference, Fairfax, VA, November 1994

3. ACM SAC 1994, Phoenix, AZ, March 1994

4. ACM SAC 1995, Nashville, TN, February 1995

5. IEEE ICECCS Conference, Ft. Lauderdale, FL, October 1995

6. ACM SIGMOD Conference Workshop on Data Mining, Montreal, Canada, June 1996

7. Pacific Workshop on Distributed Multimedia Systems, Hong Kong, June 1996

8. IEEE ICECCS, Montreal, Canada, October 1996

9. IEEE WORDS Workshop, Newport Beach, CA, February 1997

10. Rough Sets and Soft Computing Workshop, Raleigh, NC, March 1997

11. Pacific Workshop on Distributed Multimedia Systems, July 1997

12. Real-time Database Systems Workshop, Burlington, VT, September 1997

13. IEEE COMPSAC, Bethesda, MD, August 1997

14. Compugraphics and Visualization Conference, Algarve, Portugal, December 1997

15. IEEE ICDE, Orlando, FL, February 1998

16. IEEE ISORC, Kyoto, Japan, April 1998

17. PAKDD, Melbourne, Australia, April 1998

18. Real-time Systems Applications Conference, Denver, CO, June1998

19. Euro micro Workshop on Multimedia and Communications, Vesteras, Sweden, August 1998

20. ASSET, Dallas, TX, March 1999

21. IEEE ISADS, Tokyo, Japan, March 1999

22. DASFAA, Taiwan, April 1999

23. Federal Data Mining Symposium, McLean, VA, March 1999

24. IEEE COMPSAC, Tempe, AZ, October 1999

25. IEEE WORDS 1999F, Monterey, CA November 1999

26. E-Commerce and Web-based Information Systems Workshop, San Jose, CA, April 1999

27. PAKDD, Beijing, China, April 1999

28. Federal Data Mining Symposium, Washington DC, March 2000

29. PAKDD, Kyoto, Japan, April 2000

30. ACM CCS Workshop on E-Commerce Security, Athens, Greece, November 2000

31. IEEE ISORC, Magdeburg, Germany, May 2001

32. IEEE COMPSAC, Chicago, IL, October 2001

33. International Workshop on Multimedia Middleware, Ottawa, Canada, November 2001

109

34. IEEE FTDCS, Bologna, Italy, November 2001

35. IEEE WORDS, San Diego, CA, January 2002

36. IASTED Applied Informatics, Innsbruck, Austria, February 2002

37. PAKDD Workshop on Rough Sets and Data Mining, Taiwan, May 2002

38. IEEE ISORC, Washington DC, May 2002

39. IEEE ICDM, 2002, Maebashi City, Japan, December 2002

40. ACM SACMAT, Monterey, CA, June 2002

41. Second Semantic Web Symposium, Sardinia, Italy, June 2002

42. IEEE COMPSAC, Oxford, UK, August 2002

43. COOPIS, Irvine, CA, October 2002

44. IEEE ICTAI 2002, Crystal City, VA, November 2002

45. IFIP Integrity and Control Conference, Bonn, Germany, November 2002

46. NSF/NIJ Symposium on Security Informatics, Tucson, AZ, June 2003

47. IASTED Applied Informatics, Innsbruck, Austria, February 2003

48. IEEE ISADS, Pisa, Italy, April 2003

49. IEEE ISORC, Japan, May 2003

50. IFIP Data Security, Colorado Springs, CO, August 2003

51. IEEE WORDS 2003F, Capri Island, Italy, October 2003

52. IFIP Integrity and Control Conference, Lausanne, Switzerland, November 2003

53. ACM Computer and Communications Security, Washington DC, October 2003

54. IEEE ICTAI, Sacramento, CA, November 2003

55. IEEE COMPSAC, Dallas, TX, November 2003

56. IFIP Database Security Conference, Estes Park, CO, August 2003

57. IEEE ISORC, Vienna, Austria, May 2004

58. NSF/NIJ Symposium on Security Informatics, Tucson, AZ, June 2004

59. ACM SACMAT, Yorktown Heights, NY, June 2004

60. ACM SIGMOD Workshop on Databases in Virtual Organizations, Paris, France, June 2004

61. IFIP Database Security Conference, Sitges, Spain, July 2004

62. DEXA Workshop on Web Security, Zaragoza, Spain, August 2004

63. DEXA Workshop on Trust and Privacy in Digital Business, Zaragoza, Spain, August 2004

64. IEEE COMPSAC, Hong Kong, September 2004

65. IEEE SRDS, Florianopolis, Brazil, October 2004

66. IEEE ISADS, Chengdu, China, March 2005

67. IEEE ICDE, Tokyo, Japan, April 2005

68. ACM SACMAT, Stockholm, Sweden, June 2005

69. ACM SIGMOD, Baltimore, MD, June 2005

70. IEEE Distributed Systems in Sensor Systems, Marina del Rey, CA, July 2005

71. IFIP Database Security Conference, Storrs, CT, August 2005

72. Privacy in Data Mining Workshop, November 2005

73. ACM SACMAT, Lake Tahoe, CA, June 2006

74. ACM SIGKDD, Philadelphia, PA, August 2006

75. IFIP Database Security Conference, Sophia Antipolis, France, August 2006

76. IEEE COMPSAC, Chicago, IL, September 2006

77. IEEE SRDS, London, England, October 2006

78. ICWS, Montreux, Switzerland, October 2006

79. CIKM, Arlington, VA, November 2006

80. Privacy in Data Mining Workshop, December 2006

81. ACM SIGKDD, San Jose, CA, August 2007

82. AAAI, Vancouver, BC, Canada, July 2007

83. IEEE POLICY, Bologna, Italy, June 2007

84. IFIP Database Security Conference, Redondo Beach, CA, July 2007

110

85. IEEE POLICY, Palisades, NY, June 2008

86. ACM SACMAT, Estes Park, CO, June 2008

87. ASIACCS, Sydney, Australia, March 2009

88. CIKM 2008, Napa Valley, 2008

89. DAWAM 2009, Fukuoka, Japan, March 2009

90. IEEE ICDE, Shanghai, China, March 2009

91. ACM SACMAT, Stresa, Italy, June 2009

92. ICWS, Los Angeles, CA, July 2009

93. DHS/CPS Workshop, 2009

94. IEEE Globecom, Honolulu, HI, November – December 2009

95. IEEE ACSAC, Honolulu, HI, December 2009

96. IEEE ACSAC, Austin, TX December 2010

97. COCOA, Big Island Hawaii, December 2010

98. ACM CODASPY 2011, San Antonio, TX 2011

99. ASIACCS, Hong Kong 2011

100. IEEE ISADS 2011

101. Society, Privacy and the Semantic Web 2013

102. IFIP SEC 2014

103. IEEE ICDM 2014

104. KMIS (Knowledge Management and Information Sharing), 2014

105. IFIP SEC 2015

106. KMIS (Knowledge Management and Information Sharing), 2015

107. IEEE BigDataService 2015

108. IEEE ICDM 2016

109. IEEE ICDM 2017

110. ACM SACMAT 2018

(I am compiling a list of all conferences I served as program committee member)

Advisory/Steering/Organizing Committee

1. IEEE Big Data Congress, Santa Clara, CA 2013

2. PASSAT/SOCIALCOM, 2010-2013

3. Annual Symposium on Information Assurance (ASIA), New York, 2014

4. Secure Knowledge Management, 2004-Present

5. TrustCom Conference, 2011

6. IEEE Conference on Mobile services, 2013

7. ACM SACMAT, 2008 – 2014

8. ASE Conference Big Data, Cyber Security, Social Computing, 2014

9. Information Security Conference (ISC), 2014

10. The Second International Workshop on Social Networks Analysis, Management and Security, 2015

11. IEEE ICDE, 2018-Present

Other Boards and Activities 1. Member, National Academy Panel on Protecting Children from Inappropriate Content on the

Internet, 2000 (Chair, Hon. Dick Thornburgh)

2. Vice Chair, AF SAB Panel on Migrating Legacy Databases, 2000-2001

3. Member, National Academy Workshop on GIS, 2001 (participated from NSF)

4. Member, National Academy Panel on Information Fusion and Counter-terrorism, 2002 (participated

from NSF; Chair: T. Mitchell)

5. Member, Curriculum Committee, K-6, 7-12, USGIF, 2006 (Geospatial Intelligence)

6. IEEE Distinguished Lecturer (2002 – 2005)

7. IEEE Conferences and Tutorials Board (1997 – 1998)

111

8. IEEE CS Awards Committee Member 2002-2015; Kanai Committee Chair 2002-2006, Technical

Achievement Awards Committee Chair 2008-2012; Committee Member 2013-2015

9. IEEE Awards Committee for Societal Infrastructure Award, Chair: 2017-8, Member 2016, 2019.

10. NSF Panel Member (regular programs, Infrastructure programs, SBIR programs, Center programs)

Oct. 1992, Dec. 1994 (twice), Jan. 1996, Nov. 1998, May 1999, May 2000, Dec 2000, Jan. 2001,

March 2005, Nov. 2005, Dec. 2007, March 2008, Nov. 2009, Dec. 2010, Oct 2012, August 2015,

September 2015, December 2015, February 2016.

11. NSF SBIR Panel Member (Phase 1 and 2), March 2015, September 2015, March 2016, September

2016, September 2017, February 2018, April 2018, October 2018

12. Reviewer of proposals for NSA-URP (1992, 1993, 1994), CMS-MDDS (1993, 1994, 1995), DHHS

(2002, States Bioterrorism Initiative), DARPA (2004), ARDA/IARPA (2002)

13. Reviewer for numerous journals and conferences including IEEE Computer, IEEE TSE, IEEE

TKDE, ACM TODS, IEEE TDSC, ….

14. SIGSAC Representative for TC 11, 2013-Present

15. CRA-SWISS Reviewer, 2015-2020, Reviewer for Scholarships for girls.

16. Reviewer for ACM for Heidelberg Scholarships 2019-2020

17. Reviewer for AAAS, DHS and Several Universities of Proposals

18. Steering committee for conferences and workshops

19. Session chair for numerous conferences and workshops (100+)

Internal Conferences Chaired/Co-Chaired (Sample) MITRE Applied Database Conference, August 1994

MITRE Object Technology Conference, December 1996

UT Dallas Cyber Security Symposium, February 2005

UT Dallas TexSAW (Texas Security Awareness Week) Symposium and Student Workshop, 2011-2019

Internal Activities UTD Mentoring Committee, 2019-2020

PhD Student information presentations, 2015 and 2016

Freshman Student information presentation, 2019

University, Vice President for Research Search Committee Member, 2017 – 2018

Advisory Committee on Research, 2016 – 2018

Vice Provost for Graduate Studies Search Committee, 2015

CS Department Head Search Committee Chair, 2008 – 2009

Engineering School Dean Search Committee Member, 2007 – 2008

CS Faculty Search Committee, 2005 – 2012, 2015-2018

CS Tenure and Promotion Committee Chair, 2005 – 2006, 2006 – 2007, 2007 – 2008, 2010 – 2011

CS Promotion Committee Member: 2009 – 2010, 2011 – 2012, 2014 – 2015, 2016-7, 2019-20

University, Science School Dean Search Committee Member, 2006 – 2007

University, Vice President for Business Search Committee Member, 2005 – 2006

112

APPENDIX L: CONULTING AND TRAINING

I Sample Consulting Projects

1. Department of the Treasury/The MITRE Corporation Since January 1999 I have been a software expert for the Internal Revenue Service on Corporate Software Research Credit involving Fortune 500 corporations in banking and finance, insurance, telecommunications, data processing, energy, air transportation and retail sectors. I wrote a report for each case and delivered to the IRS. In 2000 I was involved in one of the first prefiling cases for the IRS and my work was quoted in the Wall Street Journal in December 2000 and was commended by both the IRS and the Taxpayer at a major conference in February 2001. I also served as a consultant to the Department of Justice Lawyers in March 2001 on behalf of IRS. In addition, I have also worked on multiple prefiling cases as well as appeals cases (including serving as a member of the appeals team). I have written numerous reports based on the Treasury regulations and given several presentations at Appeals meetings.

2. Technology Futures Inc. Austin, TX (April 2006 - September 2006) I was introduced

to this assignment by the Vice President of Research at the University of Texas at Dallas. Technology Futures Inc. was requested by a government customer in Washington DC to conduct a survey and analysis of IPV6 Technology. I contributed to this study and provided a detailed analysis of IPV6, its advantages over IPV4 and the security issues for IPV6. Short reports were submitted to Technology Futures Inc.

II Sample Expert Witness Projects

1. Morrison and Foerster MoFo (December 2007 - February 2008) I worked as an expert witness for MoFo whose client was being sued by a company for patent infringement in a cyber security topic. I reviewed several patents and papers and gave advice to MoFo and also completed a draft report. The case was settled out of court in February 2008.

2. Wilson Sonsini Goodrich & Rosati WSGR (November 2010 - May 2011) 8. I worked

as an expert witness for WSGR whose client was being sued for patent infringement in a cyber security topic. I reviewed several patents and papers and explained the concepts to the lawyers and helped them to prepare the brief.

3. McKool and Smith (August 2013 – November 2013) I worked as an expert witness for

McKool and Smith whose client was suing another company on patent infringement in a cyber security topic. I reviewed the patent and the web sites of the defendant and explained the concepts to the lawyers and helped them prepare the brief.

113

III Sample Training Projects

1. AFCEA: I have taught courses to several agencies in the US Government through AFCEA (Armed Forces Communications and Electronics Association) since 1998. In addition to teaching at the headquarters in Fairfax VA, I have also taught at several Air Force Bases including at Edwards, Offutt, Lackland, Eglin and Kirkland. The course topics are in data management, data mining and data security. Courses also include: (i) Knowledge Management through Semantic Web and Social Networking and (ii) Data Mining Technologies and their Applications in Counter terrorism.

2. The MITRE Institute: Between 1990 and 2000 I taught numerous courses at the MITRE Institute as well as for a variety of MITRE sponsors in data management, data mining and data security. Organizations include Kelly AFB, AIA, CIA, NSA, DISA, Eurocom, ESC/Hanscom, Spacecom, CECOM, SPAWAR, DARPA/DISA Joint Program Office.

3. UC San Diego Extension: In January 2008 I taught a course at UC San Diego Extension on

Secure Web Services and Service Oriented Architectures. This course was the basis on which I wrote a book on Secure Semantic Service Oriented Systems.

114

Appendix M: Sample Media Interviews and Press Releases 1. WEB, TELEVISION AND RADIO INTERVIEWS Women in Data Science (WiDS) 2018 Interview with the CUBE March 2018 https://www.youtube.com/watch?v=xfBie2oVzkA&t=8s Addressing the Evolving Challenges Of Cybersecurity November 4, 2014 https://www.keranews.org/post/addressing-evolving-challenges-cybersecurity Computer Ransom Crime on the Rise April 13, 2016 https://www.nbcdfw.com/news/local/Computer-Ransom-Crime-on-the-Rise-375648881.html Cybersecurity Expert Says Reason to be Concerned About Both DNC Hack and Donald Trump Challenge to Hacker July 27, 2016 https://www.nbcdfw.com/news/local/Cybersecurity-Expert-Says-Reason-to-be-Concerned-About-Both-DNC-Hack-and-Donald-Trump-Challenge-to-Hacker-388499302.html Crooks Use New Technology to Steal Credit Card Information at The Pump August 5, 2016 https://www.nbcdfw.com/news/local/Crooks-Use-New-Technology-to-Steal-Credit-Card-Information-At-The-Pump-389332201.html Hospitals the Target of International Cyber Attack May 12, 2017 https://www.nbcdfw.com/news/business/Hospitals-the-Target-of-International-Cyber-Attack-422125843.html CBS 11 I-Team Explains Controversial Hate Website 8chan August 6, 2019 https://dfw.cbslocal.com/video/4139926-cbs-11-i-team-explains-controversial-hate-website-8chan/ 8chan Owner Defends Website, Online Forum Connected To 3rd Mass Shooting Suspect This Year (same as previous article but with annotations) August 6, 2019 https://dfw.cbslocal.com/2019/08/06/8chan-owner-defends-website-online-forum-mass-shooting-suspect/ ASE BigData/SocialCom/CyberSecurity Media Interview https://www.youtube.com/watch?v=4DApDbR9oO8 Today’s Trading Stop Opportunity for Cyber Awareness July 8, 2015 https://dfw.cbslocal.com/2015/07/08/todays-trading-stop-opportunity-for-cyber-awareness/

115

Also, several additional Television Interviews since 2009 with CW33, DFW-ABC, DFW-NBC, and DFW-CBS are being compiled. 2. NEWSPAPER ARTICLES Keeping Better Tabs on Suspicious Persons January 13, 2015 https://www.nytimes.com/roomfordebate/2015/01/12/when-known-jihadists-come-home/keeping-better-tabs-on-suspicious-persons Hillary Clinton’s use of personal email account was major security risk: expert March 4, 2015 https://www.nydailynews.com/news/politics/hillary-clinton-personal-email-risky-expert-article-1.2136848 3. ARTICLES AND/OR QUOTES ABOUT ME Managing the Web May 2002 https://www.siliconindia.com/magazine_articles/Managing_the_Web-HPK497612166.html I Really Want to be Challenged March 2003 https://www.utdallas.edu/~bxt043000/Press-Releases/Bhavani-MITRE-article-with-Marty-Faga.pdf The Terrorist Hunter: A UTD professor’s inventive technique takes aim at the bad guys https://www.dmagazine.com/publications/d-magazine/2005/july/pulse/ The Computer Revolution and Us: Computer Science at Swansea University from the 1960s https://collections.swansea.ac.uk/s/swansea-2020/page/computer-science 4. ARTICLES WHERE MY QUOTES/STATEMENTS APPEAR 9 Steps You Must Take If Someone Hacks Your Facebook or Email November 20, 2013 https://www.womansday.com/life/work-money/tips/a7134/facebook-hacked/ Bush family emails hacked; ‘can happen to anyone,’ experts say February 8, 2013 https://www.latimes.com/nation/la-xpm-2013-feb-08-la-na-nn-texas-bush-email-hacked-20130208-story.html Pittsburgh cybersquad leads way in fighting cybercrime June 16, 2014 https://www.post-gazette.com/local/2014/06/17/Pittsburgh-cybersquad-leads-way-in-fighting-cybercrime/stories/201406160019

116

International cybercrime marketplace taken down July 15, 2015 https://www.post-gazette.com/business/tech-news/2015/07/15/International-cybercrime-ring-bust-to-be-announced/stories/201507150167 Researchers Help Ensure Security of Military Logistics October 22, 2009 https://cacm.acm.org/news/48687-researchers-help-ensure-security-of-military-logistics/fulltext?mobile=false This ain’t CSI: How the FBI hunts down cyber criminals around the globe August 2, 2015 https://www.digitaltrends.com/computing/how-the-fbi-hunts-down-cyber-criminals-around-the-globe/ Cyber Security is a Shared Responsibility at the C-Level Inc. Magazine (Inc.com), September 2016 https://www.inc.com/brandedcontent/cybersecurity-is-a-shared-responsibility-at-the-c-level.html This is how the FBI hunts down the world's most notorious cyber-criminals https://www.businessinsider.com/this-is-how-the-fbi-hunts-down-the-worlds-most-notorious-cyber-criminals-2015-8

IEEE International Conference on Data Engineering (IEEE ICDE) Pivots to All Virtual Event, Case Study ICDE 2020 https://www.computer.org/conferences/organize-a-conference/organizer-resources/hosting-a-virtual-event/success-stories/IEEE-ICDE-2020 https://www.computer.org/conferences/organize-a-conference/organizer-resources/hosting-a-virtual-event

5. Women/Top Professors in Cyber Security / Data Science 10 Key Female Cybersecurity Leaders to Know in 2020 Information Security Solutions Review, March 2020 https://solutionsreview.com/security-information-event-management/10-key-female-cybersecurity-leaders-to-know-in-2020/ Top 25 Women in Cyber Security – Winners Cyber Defense Magazine, August 2019 https://cyberdefenseawards.com/top-25-women-in-cybersecurity/ Women are Changing the Field of Cyber Security February 2019 http://www.scientistafoundation.com/career-blog/women-are-changing-the-field-of-cyber-security Women in IT Security, Academics Security Magazine, June 2017

117

https://www.scmagazine.com/home/security-news/features/women-in-it-security-academics-and-voting/ The Five Leading Women Leading Careers in Cyber Security Careesincybersecurity.com, November 2016 https://careersincybersecurity.com/cyber-security-leading-women/ 15 Top Cyber Security Professors Forensics Colleges, December 2013 https://www.forensicscolleges.com/blog/profs/15-top-cyber-security-professors Meet the Woman Behind UTD’s Cyber Security Program October 2017 https://www.bizjournals.com/dallas/news/2017/10/03/bhavani-thuraisingham-university-of-texas-dallas.html A Cyber Celebration: Hidden Figures in Cybersecurity

March 2019

https://www.cybervista.net/a-cyber-celebration-hidden-figures-in-cybersecurity/ Inclusion and Growth Focused – Women in Cyber Security https://www.ilantus.com/blog/inclusive-and-growth-focused-women-in-cybersecurity/ 5. UT Dallas Press Releases (Sample)

Computer Science, ATEC Professors Earn Recognition January 30, 2020 https://www.utdallas.edu/news/faculty-staff/computer-science-atec-professors-earn-recognition/ New Master’s Degree Combines Public Policy with Cybersecurity January 16, 2020 https://www.utdallas.edu/news/students-teaching/new-degree-cybersecurity-public-policy-2020/ Dr. Bhavani Thuraisingham Awarded Communications and Information Security Technical Recognition Award from IEEE Communications Society December 16, 2019 https://cs.utdallas.edu/dr-bhavani-thuraisingham-awarded-communications-and-information-security-technical-recognition-award-from-ieee-comsoc/ Grant Helps UT Dallas Create Next Generation of Cybersecurity Experts October 14, 2019 https://www.utdallas.edu/news/students-teaching/cyberscholars-nsf-grant-2019/ UT Dallas CS Hosts NSA Workshop on Advanced Data Science

August 9, 2019 https://cs.utdallas.edu/ut-dallas-cs-hosts-nsa-workshop-on-advanced-data-science-summer-2019/

118

Drs. Kantarcioglu and Thuraisingham presented with the SACMAT test of time award August 22, 2019 https://cs.utdallas.edu/drs-kantarcioglu-and-thuraisingham-presented-with-the-sacmat-test-of-time-award/ Cybersecurity Expert Elected Fellow of Two Technology Organizations January 14, 2019 https://www.utdallas.edu/news/faculty-staff/cybersecurity-expert-elected-fellow-of-two-distinguished-technology-organizations/ Thuraisingham receives the IEEE Computer Society Services Computing Technical Committee’s Inaugural 2017 Research Innovation Award July 12, 2017 https://cs.utdallas.edu/thuraisingham-2017-research-innovation-award/ Thuraisingham Receives the Inaugural And Prestigious Research Award In Data And Applications Security And Privacy At The 2017 ACM CODASPY March 27, 2017 https://cs.utdallas.edu/thuraisingham-receives-the-codaspy-research-award/ Cybersecurity Institute to Celebrate Its 10th Anniversary with Events October 29, 2014 https://www.utdallas.edu/news/campus-community/cybersecurity-institute-to-celebrate-its-10th-anni/ $3.9 Million Award Bolsters Cybersecurity Scholarship Program October 1, 2014 https://www.utdallas.edu/news/campus-community/39-million-award-bolsters-cybersecurity-scholarshi/ NSF Grant Funds Search for Ways to Ensure Data Authenticity http://www.utdallas.edu/news/2011/12/12-14651_NSF-Grant-Funds-Search-for-Ways-to-Ensure-Data-Aut_article-wide.html Researcher Seeks Ways to Keep Old Data Secure http://www.utdallas.edu/news/2011/11/14-14021_Researcher-Seeks-Ways-to-Keep-Old-Data-Secure_article.html NSF Funds Search for New Computer Virus Defense http://www.utdallas.edu/news/2011/8/29-12341_NSF-Funds-Search-for-New-Computer-Virus-Defense_article.html Computer Scientist Receives Prestigious Degree from University of Bristol http://ecs.utdallas.edu/news-events/news/thuraisingham-degree.html Investment in Cloud Computing Research Pays Off http://www.utdallas.edu/news/2011/4/19-10311_Investment-in-Cloud-Computing-Research-Pays-Off_article.html

119

Scholars to Help Fortify Nation's Cyberdefenses http://www.utdallas.edu/news/2010/9/29-5961_Scholars-to-Help-Fortify-Nations-Cyberdefenses_article.html Grants Further Bolster Cybersecurity Research http://www.utdallas.edu/news/2010/8/25-5121_Grants-Further-Bolster-Cybersecurity-Research_article.html Team Releases Tools for Secure Cloud Computing http://www.utdallas.edu/news/2010/8/2-4651_Team-Releases-Tools-for-Secure-Cloud-Computing_article.html UT Dallas Cyber Security Research and Education Institute Establishes Engaging Women in Cyber Security, March 2016 https://cs.utdallas.edu/center-for-engaging-women-in-cyber-security/ Dr. Bhavani Thuraisingham Delivers the Inaugural Grace Series Lecture, April 2015 https://cs.utdallas.edu/inauguralgraceseries/ Researchers Help Ensure Security of Military Logistics https://cacm.acm.org/news/48687-researchers-help-ensure-security-of-military-logistics/fulltext?mobile=false (originally appeared as a UTD Press release) 6 WEB VIDEO/AUDIO TALKS, PANELS, CONFERENE OPENINGS CCAM: Building a Global Firewall, May 18, 2015 https://www.youtube.com/watch?v=idAyTJihcwc&t=6s Data Mining for Malware Detection, September 2011 https://www.blod.gr/lectures/data-mining-for-malicious-code-detection-and-security-application/ Tech Talk: WiDS 2018, March 2018 https://www.youtube.com/watch?v=DKnTSUGhSNk&t=74s ASE BigData/SocialCom/CyberSecurity Featured Address, May 2014 https://www.youtube.com/watch?v=x3jESUgGrKE WiDS Career Panel. March 2018 https://www.youtube.com/watch?v=9c2NL3WqRys&t=1695s Assured Information Sharing at CERIAS Purdue University February 2007 (one of several links that comprise the talk) https://www.youtube.com/watch?v=LcNfzKjTvfc&t=1s CyberW, Keynote Address (virtual Conference), March 2020 https://www.youtube.com/watch?v=XFoWiq8_ZVs

120

WiDS Dallas event at ICDE 2020 (introductions and keynote address by Margot Gerritsen) (April 24, 2020) https://www.youtube.com/watch?v=az6lTAvv32E) IEEE Services Plenary Panel on Services Computing July 2019 (Streaming) https://www.youtube.com/watch?time_continue=2&v=FzXx3KMTuY4&feature=emb_logo IEEE Services Panel: Cyber Security and AI (Audio), July 2019 (Regular) https://www.youtube.com/watch?v=FzXx3KMTuY4 ACM CCS 2017 (Welcome, approx.. 1000+ participants) https://www.youtube.com/watch?v=IiV3fFFBOu4 ACM CCS 2017 Opening https://www.youtube.com/watch?v=IiV3fFFBOu4&t=354s IEEE ICDE 2020 (Welcome – approx. 2000 participants), April 21, 2020 https://www.youtube.com/watch?v=iC9kwvaIpck IEEE ICDE 2020 Keynote #2 Introduction (April 21, 2020) https://www.youtube.com/watch?v=LvLlonH1QK0 IEEE ICDE 2020 Opening Second Day of Conference and thanking Alibaba Group (April 22, 2024) https://www.youtube.com/watch?v=E-8VrAnMUak Women in Data Science, Dallas Event (Welcome – streaming live) April 24, 2020 https://www.youtube.com/watch?time_continue=2&v=az6lTAvv32E&feature=emb_logo Women in Data Science, Dallas Event (Welcome – Regular), April 24, 2020 https://www.youtube.com/watch?v=az6lTAvv32E&t=3293s WiDS Dallas Event Entire Presentations, April 24, 2020 https://www.youtube.com/watch?v=9D9Zw_GjxW0 UTDallas PhD Student Forum (Fall 2016) https://www.youtube.com/watch?v=cB6vyc--y2g&t=45s

6. YouTube Technical Presentations and Motivational Talks (Bhavani Thuraisingham Channel)

Bhavani Thuraisingham, Johnson School Distinguished Lecture, Parts 1, 2 and 3 https://www.youtube.com/watch?v=CViAhGuXSW0&t=1331s https://www.youtube.com/watch?v=xgQPTmzEVfc&t=12s https://www.youtube.com/watch?v=2wBeIrYKOpI&t=1s Keynote Address at IEEE ParSocial 2020, May 22, 2020 https://www.youtube.com/watch?v=cNhDgEsU6us&t=20s

121

Conference Talk Given at IEEE Big Data Security, May 26, 2020 https://www.youtube.com/watch?v=DKYQdk6v57Y&t=12s Cyber Security Research and Education Institute, May 31, 2020 https://www.youtube.com/watch?v=H94mY9RkEAU&t=106s Women in Services Computing, 2019 (Milan Italy): “Security and Artificial Intelligence (SecAI)” Featured audio address given on July 7, 2019. Video version taped on June 7, 2020 Link to be given https://www.youtube.com/watch?v=wZlalWMItjU&t=22s Multilevel Secure Database Management System Link to be given after video version is taped Proposal for IFIP TC 11 Working Group on SecAI (Cyber Security and Artificial Intelligence) Audio presentation give on June 24, 2019 (Lisbon, Portugal). Link will be given after the video version is taped.