Faculty Directory

Cukier, Michel

Cukier, Michel

Professor of Reliability Engineering
Director, Advanced Cybersecurity Experience for Students
Mechanical Engineering
Center for Risk and Reliability
Maryland Cybersecurity Center
UMIACS
Electrical and Computer Engineering
Computer Science
4311F John S. Toll Physics Building

Education

Ph.D., Computer Science, National Polytechnic Institute of Toulouse, France, 1996

B.S. Physics Engineering, Free University of Brussels, Belgium, 1991

Background

Michel Cukier is a professor of mechanical engineering.

From 1996 to 2001, Cukier was a researcher at the University of Illinois, Urbana-Champaign. He joined the University of Maryland in 2001 as assistant professor. His research covers dependability and security issues. Cukier has published more than 90 papers in journals and refereed conference proceedings in those areas.

He received his doctorate in computer science from the National Polytechnic Institute of Toulouse, France. 

Honors and Awards

  • The Daily Record's 2023 Higher Education Power List (2023)
  • USM Board of Regents Faculty Award for Excellence in Mentoring (2023)
  • Member of the State of Maryland Cybersecurity Council (2019)
  • SANS Difference Makers Award (2018)
  • University of Maryland Corporate Connector of the Year Award (2018)
  • Distinguished Papers Session, European Dependable Computing Conference (2017)
  • National Science Foundation (NSF) Faculty Early Career Development (CAREER) Award (2003)
  • Best Paper Award, Pacific Rim International Symposium on Dependable Computing (2002)

Professional Memberships

  • Member, IEEE

  • Fault tolerance
  • Intrusion tolerance
  • Dependability and security evaluation

Current Students

Alex Parisi (PhD, RE)

Paul Watrobski (PhD, RE)

Ciro Pinto-Coelho (PhD, RE)

Jessica Zhu (PhD, RE)

Former Students

John McGahagan (PhD, RE)

Margaret Gratian (PhD, RE)

Yazdan Movahedi (PhD, RE)

Bertrand Sobesto (PhD, RE)

Ed Condon (PhD, RE)

Robin Berthier (PhD, RE)

Danielle Chrun (PhD, RE)

Aria Khoshkhou (PhD, RE)

Jesus Molina (PhD, ECE)

Anil Sharma (MS, RE)

Melody Djam (MS, RE)

Shalom Rosenfeld (MS, ECE)

Hari Sivaramakrishnan (MS, ECE)

Merine Zinsou (MS, RE)

Frank Hemingway (MS, ECE)

Benjamin Klimkowski (MS, CS)


Risk Assessment of User Behavior

Michel Cukier (PI)

Sponsor: Laboratory for Telecommunication Sciences

Abstract: It has been claimed many times that the human is the weakest link in cybersecurity. The goal of this research is to improve the overall security of an organization by better understanding user behavior. More specifically, we will assess how users currently assess risks and how to educate them to better understand some of the risks of their online behavior. We will design and implement various experiments on the user population at the University of Maryland. In addition, we will build upon research conducted on risk perception in the physical world and identify approaches used to modify some perceptions with the goal of translating some of these approaches in cyberspace.

SFS for ACES

Michel Cukier (PI), Lawrence Gordon (Co-PI), Charles Harry (Co-PI), Jandelyn Plane (Co-PI), David Levin (Co-PI)

Sponsor: National Science Foundation

Abstract: National and personal security have become major concerns as we continue to increase our reliance on technological advancements. The growth of innovation must mirror the expansion of trained professionals. The University of Maryland (UMD), a National Security Agency - Center of Academic Excellence in Research (CAE-R), proposes to lead the challenge of educating the next cyber workforce through the creation of the Advanced Cybersecurity Experience for Students (ACES) Program, the first undergraduate honors program in cybersecurity in the United States. The CyberCorps(R): Scholarship for Service (SFS) program at UMD will provide a unique opportunity for 36 ACES students earn their Bachelor's degree with an ACES Minor in cybersecurity, and prepare them to join the cadre of cybersecurity professionals in the government. The ACES program aims to provide a unique, multidisciplinary education for a diverse group of undergraduate students of all majors. The curriculum will allow students to live together, use embedded, state-of-the-art laboratories, and work collaboratively inside and outside the classroom. In addition to fulfilling rigorous, required coursework in topics such as Cyber Policy, Psychology, and Reverse Engineering, ACES strongly emphasizes experiential learning by providing opportunities for individual and group research projects, as well as academic term and summer internships. In local middle and high schools, students will have an opportunity to work in CyberPatriot teams and participate in CyberSTEM summer camps (day and residential) and cybersecurity awareness workshops. The SFS program will enhance the university's goal of training a workforce with a range of talents, backgrounds, and expertise that can meet the cybersecurity needs of the government.

Collaborative Proposal: SaTC: Frontiers: Enabling a Secure and Trustworthy Software Supply Chain

Michel Cukier (PI)

Sponsor: National Science Foundation

Abstract: The modern world relies on software in almost every human endeavor, and a typical software product includes 80% open source components. Attackers find and exploit accidentally-injected security vulnerabilities and, increasingly, aggressively implant vulnerabilities or malicious code directly into the software supply chain -- the open source software and its build and deployment pipelines. This Frontiers project establishes the Secure Software Supply Chain Center (S3C2), a large-scale, multi-institution effort designed to aid the software industry re-establish trust in the software supply chain through the development of scientific principles, synergistic tools, metrics, and models in the context of human behavior among software supply chain stakeholders. The project?s novelties include the contributions to a diverse workforce that is trained in secure software supply chain methods through research and outreach initiatives, including summer research experiences for undergraduates (REU), summer camps, and the development of course modules for undergraduates, graduate students, and practitioners. The project?s broader significance and importance are the ways in which S3C2 will facilitate rapid innovation with increased confidence in software supply chain security.
S3C2 focuses on interconnected research thrusts for two supply chain attack vectors: (1) upstream dependencies and (2) the build process in the context of a continuous integration/continuous deployment (CI/CD) pipeline. Thrust One focuses on developing tools and techniques to aid practitioners with the risk of upstream dependencies. It enhances the utility of the Software Bill of Materials (SBoM) by identifying exploitability of vulnerabilities and changes to attack surfaces and isolates risky code as a stop-gap before patching is possible. Thrust Two focuses on developing tools and techniques to aid practitioners with the risk of build processes. It enables strong guarantees for build integrity through analysis of CI/CD configuration and techniques that help developers achieve reproducible builds.

Summer Cyber and Telecommunications Research

Michel Cukier (PI)

Sponsor: Laboratory for Telecommunication Sciences

Abstract: The LASR Internship program offers ACES students a summer research internship experience at the Laboratory for Telecommunication Sciences.

CyberSTEM Outreach Research

Michel Cukier (PI), Jandelyn Plane (Co-PI)

Sponsor: Laboratory for Telecommunication Sciences

Abstract: The subject of intense research at the University of Maryland’s Maryland Center for Women in Computing [MCWIC] and Maryland Cybersecurity Center [MC2] is to understand how best to validate, catalyze, and achieve the creation of a pipeline from STEM education to STEM careers. Two entities - the MCWIC and MC2 - have partnered to conduct foundational studies to inform, define, and create the best solutions to closing the STEM-articulate, graduate gap, with a specific emphasis on significantly reversing national trends in gender-diversity and underrepresented population in computer science.

Fall 2023

ENME 392: Statistical Methods for Product and Processes Development

HACS 200: Applied Cybersecurity Foundations II

HACS 100: Foundations in Cybersecurity I

Spring 2023

ENME 392: Statistical Methods for Product and Processes Development

Fall 2022

ENME 392: Statistical Methods for Product and Processes Development

HACS 200: Applied Cybersecurity Foundations II

HACS 100: Foundations in Cybersecurity I

Spring 2022

ENME 392: Statistical Methods for Product and Processes Development

Fall 2021

ENME 442/ENRE 684: Information Security

HACS 200: Applied Cybersecurity Foundations II

HACS 100: Foundations in Cybersecurity I

Spring 2021

ENME 392: Statistical Methods for Product and Processes Development

Fall 2020

ENME 442/ENRE 684: Information Security

HACS 200: Applied Cybersecurity Foundations II

HACS 100: Foundations in Cybersecurity I

Spring 2020

ENME 392: Statistical Methods for Product and Processes Development

Fall 2019

ENME 442/ENRE 684: Information Security

HACS 200: Applied Cybersecurity Foundations II

Spring 2019

ENME 392: Statistical Methods for Product and Processes Development

Fall 2018

ENME 442/ENRE 684: Information Security

HACS 200: Applied Cybersecurity Foundations II

Spring 2018

ENME 392: Statistical Methods for Product and Processes Development

Fall 2017

ENME 442/ENRE 684: Information Security

Spring 2017

ENME 442/ENRE 684: Information Security

2019

Vulnerability Prediction Capability: A Comparison between Vulnerability Discovery Models and Neural Network Models

Y. Mohavedi, M. Cukier, and I. Gashi

Computers & Security, August 2019

(Impact Factor: 2.650)

Perspective: Risk and the Five Hard Problems of Cybersecurity

N. M. Scala, A. C. Reilly, P. L. Goethals, and M. Cukier

Risk Analysis, March 2019

(Impact Factor: 2.898)

Cluster-based vulnerability assessment of operating systems and web browsers

Y. Movahedi, M. Cukier, A. Andongabo, and I. Gashi

Computing, vol. 101, no. 2, February 2019, pp. 139-160.

(Impact Factor: 1.654)

Identifying infected users via network traffic

M. Gratian, D. Bhansali, M. Cukier, and J. Dykstra

Computers & Security, vol. 80, January 2019, pp 306-316.

A Comprehensive Evaluation of HTTP Header Features for Detecting Malicious Websites

J. McGahagan, D. Bhansali, M. Gratian and M. Cukier

in Proc. 15th European Dependable Computing Conference (EDCC), 2019.

(54% acceptance rate)

"Help, I've Been Hacked!": Insights from a Corpus of User-Reported Cyber Victimization Cases on Twitter

M. Gratian, D. Bhansali, M. Cukier, and J. Dykstra

in Proc. Human Factors and Ergonomics Society's 2019 International Annual Meeting, Seattle, USA, Oct. 28 – Nov. 1, 2019.

(64% acceptance rate)

2018

Process Mining and Hierarchical Clustering to Help Intrusion Alert Visualization

S. Carlisto de Alvarenga, S. Barbon Junior, R. Sanches Miani, M. Cukier, and B. Bogaz Zarpelão

Computers & Security, vol. 73, March 2018, pp 474-491.

(Impact Factor: 2.650)

Correlating Human Traits and Cyber Security Behavior Intentions

M. Gratian, S. Bandi, M. Cukier, J. Dykstra, and A. Ginther

Computers & Security, vol. 73, March 2018, pp 345–358.

(Impact Factor: 2.650)

2017

Illegal Roaming and File Manipulation on Target Computers

A. Testa, D. Maimon, B. Sobesto, and M. Cukier

Criminology & Public Policy, vol. 16, issue 3, August 2017, pp 689–726

(Impact Factor: 2.216)

Discovering Attackers Past Behavior to Generate Online Hyper-Alerts

CT. Kawakani, S. Barbon, RS. Miani, M. Cukier, and BB. Zarpelão

iSys-Revista Brasileira de Sistemas de Informação, vol.10, issue 1, 2017, pp 122-147.

AVAMAT: AntiVirus and Malware Analysis Tool

P. Shahegh, T. Dietz, M. Cukier, A. Algaith, A. Brozik, and I. Gashi

in Proc. 16th IEEE International Symposium on Network Computing and Applications, Boston, USA, 30 Oct - 1 Nov 2017.

(26% acceptance rate)

Cluster-based Vulnerability Assessment Applied to Operating Systems

Y. Movahedi, M. Cukier, A. Andongabo, and I. Gashi

in Proc. 13th European Dependable Computing Conference (EDCC), 2017.

(26% acceptance rate) 

Application of Routine Activity Theory to Cyber Intrusion Location and Time

K Bock, S Shannon, Y Movahedi, and M Cukier

in Proc. 13th European Dependable Computing Conference (EDCC), 2017.

(26% acceptance rate)

Four UMD Leaders Among 30 Most Influential Figures in Maryland Higher Education 2023 Power List

Four leaders from the University of Maryland (UMD) made the 2023 Higher Education Power List

Student Spotlight: Ciro Pinto-Coelho

Meet Ciro whose research focuses on cybersecurity and how people in online communities are influenced.