The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

Posted by | Computer Science, Cybersecurity, Information Technology, Management of Information Technology | No Comments

SpecterMeltdown-Pierce-HoodCSSpecter and Meltdown, names given to a recently discovered vulnerability that affects almost every computer chip manufactured in the last 20 years. If exploited, attackers could gain access to data previously considered completely protected. The Specter and Meltdown flaws work by exploiting two important techniques used to make CPU chips execute faster, called speculative execution and caching.

Speculative execution allows a CPU to attempt to predict the future to work faster. For example, if the chip determines that a program contains multiple logical branches, it will start calculating the values for all of the branches before the program decides which branch to take. When the correct branch is determined, the CPU has already produced the values for that branch. If the CPU sees that the same function is frequently used, it might use idle time to compute that function so it has what it thinks the answer will be ready if needed.

Caching is used to speed up memory access. Random access memory (RAM) is located on separate chips and it takes a relatively long time for the CPU to access data in the RAM. There is a special small amount of memory storage called CPU cache that is built on the CPU chip itself that can be accessed very quickly. This cache memory gets filled with data that the CPU will need soon or often. Data that is produced by such speculative execution is often stored in the cache, which contributes to making it a speed booster. The problem arises when caching and speculative execution start circumventing protected memory.

Protected memory is a foundational concept underlying computer security. It allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.

A privilege check can take a relatively long time. Due to speculative execution, while the CPU is waiting to find out if a process is allowed to access that data, it starts working with that data even before it receives permission to do so. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. Because CPU cache memory can be accessed more quickly than regular memory and due to the long latency associated with privilege checks, the process can potentially access certain memory locations that it shouldn’t be allowed to access. As this problem exists in the hardware there is no direct way to correct it. Software patches have been offered to mitigate the exposure but have led to some degradation in performance of the CPU. In many cases, the software patch is targeted at a specific product and installing the wrong patch can severely impact system operation.

The most immediate action security teams and users can take to protect computer systems is to prevent execution of unauthorized software and avoid access to untrusted websites. Security policies must be are in place to prevent unauthorized access to systems and the introduction of unapproved software or software updates.

Bill Pierce

*Prof. Bill Pierce, the author of this article, is an Assistant Professor of computer science at the Department of Computer Science & Information Technology at Hood College in Frederick, Maryland. He teaches undergraduate and graduate courses in Computer Architecture, Digital Logic and Switching Theory, Digital Signal Processing and Musical Computing.*

Protect Yourself in 2018 with These Cyber Tips

Posted by | Computer Science, Cybersecurity, Graduate School Highlights, Information Technology, Management of Information Technology, Uncategorized | No Comments

17_CyberSecurity_Tshirt-1Each time we use our computer or device while on campus, we become a node on the College’s computer network. Being called a “node” may sound impersonal, but in reality it is an automatic assignment of personal responsibility. When it comes to computer security, a network is only as secure as its weakest link. This means that each one of us, (each node) must exercise a great deal of responsibility when using network resources and while connected on the campus network. Here are four common cases that may compromise your personal security and impact campus network security:

#1 Never Respond to Emails Asking for Personal Information
No colleague, friend, IT support professional or vendor with whom you interact should ever ask via email for account information, credit card numbers or passwords. Under no circumstance should you ever respond to such information requests via email.

#2 Never Respond to Calls about Tech Support You Did Not Initiate
A common new scam is receiving a call from a “Helpdesk” or “Microsoft Tech Support” about your computer. Legitimate technical support organizations respond to inquiries by their users, they don’t proactively call their users to “fix” unreported problems.

#3 Ransomware
Ransomware is a special type of malware. Be suspicious of any emails trying to trick you into opening infected attachments or clicking on malicious links. Common sense is your best defense. In addition, backups are often the only way you can recover from ransomware.

#4 Scam Alert: Your Trusted Friends Can Hack Your Facebook Account
If you receive a message from any of your Facebook Friends asking for urgent help to recover their Facebook account, because you are one of their ‘Trusted Contacts,’ don’t blindly believe it. Researchers have detected a new Facebook phishing scam that can trick even an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.

Any of the above may compromise your system or device (e.g. tablet, phone) or allow scammers to obtain your personal information. More importantly, any of these will make you the “weakest link” in the College’s network, putting everyone else in danger of further exploitation. Computer security is, unfortunately, one more thing we must be vigilant about. But with some common sense you can keep yourself safe and contribute to keeping the campus computing environment safe for all of us.


By Eddie F. Hamad M.S.’18 (Cybersecurity), CISSP, CEH and George Dimitoglou, Ph.D., Program Director, Cybersecurity

How a Hood graduate degree can help you get a high-paying job

Posted by | Accounting, Bioinformatics, Biomedical Science, Business Administration, Computer Science, Cybersecurity, Financial Management, Graduate School Highlights, Information Technology, Management of Information Technology, Professional Development Institute, Uncategorized | No Comments

GS_Banner (1)

According to job and recruiting marketplace Glassdoor, nearly seven of ten people (68%) report that compensation is among the “leading considerations” when choosing where to work. In “25 Highest Paying Jobs in America in 2017,” physicians, software engineers and managers are among the highlighted highest paid jobs. “This report reinforces that high pay continues to be tied to in-demand skills, higher education and working in jobs that are protected from competition or automation. This is why we see several jobs within the technology and healthcare industries,” said Dr. Andrew Chamberlain, Glassdoor’s Chief Economist. Therefore, one of the crucial and initial steps to take if looking into such highly paid valued positions, is to obtain the needed education for executing them.

Whether one is looking into changing a career to IT or software architecture, getting a promotion to Software Engineer Manager or starting work in the ever-growing fields of Cybersecurity or Biomedicine, the Graduate School at Hood College is here to for those seeking advancement.

For advancement in jobs mentioned in the Glassdoor research, such as Pharmacy Manager, Information System Manager, Financial Planning and Analysis Manager, Hood’s Graduate School offers degrees in Business (Accounting, MBA, Financial Management), Computer Science (Computer Science, IT, Management of Information Systems and Cybersecurity) and Bioinformatics, Biomedical Science and Geographic Information Systems, all designed to deepen intellectual understanding and to broaden competencies for career advancement. The Graduate School is also providing graduate-level courses for non-degree-seeking individuals who wish to pursue continuing education for career growth or personal interest or to sample a particular program.

Take a first step towards your dream job at the Hood College Graduate School. Contact us at

The full list of Glassdoor’s highest paying jobs can be found at

Hood College Graduate School launches new MS Program in Cybersecurity

Posted by | Cybersecurity, Graduate School Highlights | No Comments


Interview with Dr. George Dimitoglou; Cybersecurity Program Director and Director of the Center for Computer Security and Information Assurance


How will this program serve the region’s cybersecurity needs?
The regional needs for properly trained cybersecurity professionals is staggering. There are over 60,000 unfilled positions in the two major metropolitan Mid-Atlantic areas (Baltimore, DC) alone. Our goal is for graduates of our MS in Cybersecurity program to fill as many of these positions as possible at all levels, depending on their interests: from the highly technical to the managerial.

Can you tell us more about creating the Cybersecurity degree?
The MS in Cybersecurity was created to address the growing regional needs for cybersecurity professionals. Creating the degree did not start from scratch. The Department of Computer Science & Information Technology has been offering a graduate Certificate in Cybersecurity for over seven years and it became our foundation for our master’s program. But we wanted to make sure that we adhere to the state of the art in cybersecurity education so we build the new program.

What are the strengths of the program?
The most important aspects of the program are the hands-on, experiential learning component and the Capstone experience. While we are committed to providing all the necessary theoretical background, cybersecurity is an applied field, so our courses have a heavy hands-on, laboratory component to reinforce the lecture material and sharpen student skills. The Capstone is unique because it is the culmination of what our students learn during the program, applied to a regional organization. Our students become “embedded” to an organization and work on real-life cybersecurity projects. Students that already work in the industry have the option to work one-on-one with faculty and an industry mentor on a significant research project.

What is unique about this program?
There are several courses that are really interesting — our Forensics course provides students with hands-on lab experience using state of the art forensic analysis tools (think of CSI but solving computer and network hacking incidents). Our Ethical Hacking course is training students how to think like hackers to better protect computers and networks. We are constantly introducing interesting topics and my top priority is to recruit and retain the best faculty to teach in our classes.

Who will be teaching the classes?
Aside from our regular, full-time faculty we always bring in highly qualified industry professionals — for example, our Cryptography course is taught by a former US Army code breaker.

What can you tell us about current interests of and from students?
Students are very interested in system and network security because it is the foundation of skills and knowledge in this area. We see a lot of interest in forensics and ethical hacking.
The program was approved by the Maryland Higher Education Commission (MHEC) in late August and within weeks we had a full class of students in the new program. We are now accepting applications for the spring semester.

Hood’s Graduate School at the CyberMaryland conference

Posted by | Cybersecurity, Graduate School Highlights | No Comments

CyberMDHood College Professors Ahmed Salem and George Dimitoglou attended the 2017 CyberMaryland conference October 11 & 12 in Baltimore. Titled “Leading the Cyber Generation”, the conference included opening remarks by Governor Larry Hogan, Senator Chris Van Hollen, and talks by several nationally recognized speakers and thought leaders from Maryland’s cybersecurity sector, and panelists on cyber and technology innovations. The Hood Graduate School also participated in the Cyber Maryland Industry Showcase with an exhibitor space, joining today’s top cybersecurity companies and organizations while showcasing Hood’s educational offerings, including the new MS in Cybersecurity, set to officially begin with the spring, 2018 semester. The conference promoted Maryland as a nationally and internationally recognized cybersecurity leader, with the development of cybersecurity experts, education and training programs, technology, products, systems and infrastructure. Such development is crucial, as the United States is at risk with over 10 million cyber hacks a day resulting in an annual worldwide cost of over $100 billion.

CyberMaryland was a place to talk about the tens of millions of Americans who have had their identities and bank accounts threatened or compromised. The conference’s website states: “Ensuring that our nation has the workforce, technology and resources to protect our citizens, businesses, infrastructure, intellectual property and more is of paramount importance. Maryland continues to be a leader on this front”.

​Dr. Dimitoglou says that there is a significant regional need for qualified cybersecurity professionals. “Hood College is in one of the most exciting states in the US for cybersecurity, as there are over 60,000 unfilled positions in the two major metropolitan Mid-Atlantic areas of Baltimore and DC alone. We are really in the heart of where everything happens.”

Graduate Women in Science Establishes Local Chapter at Hood College

Posted by | Bioinformatics, Biomedical Science, Computer Science, Cybersecurity, Environmental Biology, Graduate School Highlights, Information Technology, Management of Information Technology, Mathematics Education and Leadership | No Comments


FREDERICK, Md. — An international organization dedicated to empowering women in science is launching its 25th United States chapter Jan. 23.

The Greater Maryland Chapter of Graduate Women in Science (GWIS) will launch at 6 p.m. in the Whitaker Campus Center Commons at Hood College. The event begins with an informal mixer followed by a lecture by featured speaker Col. Andrea Stahl, deputy commander of USAMRIID at Fort Detrick. Afterward, there will be a business meeting to discuss upcoming events for this new chapter.

The GWIS mission is “to build a global community to inspire, support, recognize and empower women in science. The organization strives to build a powerful international network of women scientists, mentor the leaders of today so that they can inspire the leaders of tomorrow and empower women scientists to excel in their careers.”

The event is free and open to the public. For more information about GWIS, visit For more information about the launch event, contact April Boulton, Dean of Hood College’s Graduate School and Associate Professor of Biology, and co-founding member of the new chapter, at 301-696-3600 or


Hood College receives ABET accreditation

Posted by | Computer Science, Cybersecurity, Graduate School Highlights, Information Technology, Management of Information Technology | No Comments

Hood College’s Bachelor of Science program in computer science recently received the ABET accreditation which is a demonstration of its commitment to providing students quality education. The ABET accreditation is a voluntary peer-review process that requires programs to undergo comprehensive, periodic evaluations. The evaluations focus on program curriculum, faculty, facilities and institutional support and are conducted by teams of professionals from industry, academia and government with expertise in the ABET disciplines of applied science, computing, engineering and engineering technology.

This accreditation is noteworthy for students in our graduate programs who pay their way through school via tuition reimbursement from their employers. Several employers are only willing to reimburse students who enroll in schools with ABET accreditation. These employers see the accreditation as a measure of the quality of the programs at a school.

According to Xinlian Liu, Ph.D., co-chair of the Department of Computer Science and Information Technology, “this accreditation is expected to attract a lot more students to our programs, especially with our proximity to the I-270 technology corridor. We hope to see a lot more interest in our programs going forward”.

Find out more about the computer science department and programs, visit

Fall 2016 Computer Science and Information Technology Department Events

Posted by | Computer Science, Cybersecurity, Graduate School Highlights, Information Technology, Management of Information Technology | No Comments

This fall, the Computer Science and Information Technology Department at Hood will be co-hosting a number of exciting events here on campus. All students, faculty and staff are welcome.

Python Frederick- 2nd Wednesday Talk – Jupyter Notebook
Whitaker Commons
Thursday, September 14
6:30 p.m.

Python Frederick has a talk the second Wednesday of each month. This month:
Jupyter Notebooks ( are helpful tools for anyone working with data. Popular with scientists of all types, Jupyter Notebooks let you work with Python right from your web browser! You can easily graph data and share your findings with others.
You’ll learn how to use Jupyter Notebooks so you can learn to supercharge any research you’re involved in.

Python Frederick – 3rd Saturday Open Workshop – Python Serverless Microframework for AWS
Coblentz Hall Seminar Room
Saturday, September 17
10:00 a.m. – 12:00 p.m.

Python Frederick has an open workshop the 3rd Saturday of each month. You can work on a common project selected for the day or bring your own project and enlist the help of others.

Hack Frederick Hackathon
Coblentz Hall Seminar Room
Saturday, October 8
10:00 a.m.

Registration is required to attend this event. Additional information is available at Interested students should contact Dr. George Dimitoglou at to form teams.

Python Frederick- 2nd Wednesday Talk – pygame
Whitaker Commons
Wednesday, October 12
6:30 p.m.

Python Frederick’s Second Wednesday talk for October will talk gaming!  We’ll discuss pygame, a Python library for making video games, with the Frederick Game Development meetup.

Meet Program Directors at Virtual Open Houses

Posted by | Bioinformatics, Biomedical Science, Business Administration, Cybersecurity, Environmental Biology, Geographic Information Systems, Graduate School Highlights, Information Technology, International Students, Management of Information Technology | No Comments

Can’t make it to campus but want to talk with top faculty about Graduate School programs?  Six virtual open houses in November 2015 provide online opportunities to do just that.

Meet directors of the Biomedical Science, Environmental Biology, MBA, Management of Information Technology and Information Technology masters programs and the GIS and Cybersecurity certificate programs. Ask questions and get answers straight from the source. Go to the Visit Us page to register for your choice of sessions.

Grad Student’s Internship Leads to Bioinformatics Job

Posted by | Bioinformatics, Biomedical Science, Computer Science, Cybersecurity, Graduate School Highlights, International Students | No Comments
Danny Watson

Danny Watson

Daniel Watson, who proudly hails from “the tropical paradise of Barbados in the Caribbean,” discovered the Graduate School by way of his cousin, a past international undergraduate student who “highly recommended me to apply because of her very positive experience.”

While working toward his master’s degree in Computer Science, Danny was selected for appointment to the Student Research Participation Program at the U.S. Army Medical Research and Materiel Command (USAMRMC) at Fort Detrick. The CPT (Curricular Practical Training) internship working with the bioinformatics team will lead to a position after he graduates in December 2015 as a bioinformatics analyst, a role in which he will continue develop new technologies for the analysis and interactive visualization of biomedical and genomic data.

Danny gives much credit for this career-launching opportunity to Dr. Xinlian Liu—his “primary mentor” and instructor in operating system design and algorithms —as well as Hood’s relationship with Fort Detrick’s Advanced Biomedical Computing Center. Professors George Dimitoglou and Ahmed Salem are among other “major influences” at the Graduate School.

Danny was delighted to “give back to the Hood College community” through a workship at Hood’s Center for Academic Achievement and Retention.