-
-
-
Updates.
-
CFPs.
-
Useful Links.
- Tweets by sazzad_14
I am a PhD candidate in Computer Science Department @VT, working under the supervision of Dr. Danfeng (Daphne) Yao. I work towards making security research more democratized and affordable. I am broadly interested in building robust systems and methodologies by using program analysis, formal verification, applied cryptography, internet measurement and machine learning-based techniques. I emphasize on transitioning my work into practice. My strength is building rigorous methodologies and deployable systems. Our efforts (me and my Ph.D. supervisor) on cryptographic code screening and applied cryptography brought $800,000 of research funding. My research papers appeared in top security and privacy conferences (e.g., CCS, PETS) and Journals (e.g., TDSC). As a recognition of my work, I was awarded two fellowships (Bitshare and Pratt Fellowship) at Virginia Tech! Before moving in Blacksburg, I worked as a software engineer. I have 3.5+ years of industry experience in OOP, AOP and soul JavaEE technologies, smart card and payment based solutions. I completed my under graduation from BUET. I am greatly indebted to my undergrad thesis supervisor, Dr. Md. Saidur Rahman for his guidance, support and inspiration. Announcement: I will be joining as a tenure-track assistant professor in the department of computer science at the University of Arizona from Fall, 2020!
Sazzadur Rahaman, Gang Wang, Danfeng (Daphne) Yao.
Security Certification in Payment Card Industry: Testbeds, Measurements, and
Recommendations.
ACM Conference on Computer and Communications Security (CCS'19). London, United Kingdom.
November 2019.
Conference
[PDF] [Source code: PciCheckerLite, BuggyCart]
Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian,
Miles Frantz, Murat Kantarcioglu, Danfeng (Daphne) Yao. CryptoGuard: High Precision
Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
ACM Conference on Computer and Communications Security (CCS'19). London, United Kingdom.
November 2019.
Conference
[PDF] [Source code] [Implemented in Oracle's internal code screening platform!]
Sazzadur Rahaman, Haipeng Cai, Omar Chowdhury and Danfeng (Daphne)
Yao.
From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations.
IEEE Transactions on Dependable and Secure Computing (TDSC). 2019.
Journal [preprint]
Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao.
CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses.
2019 IEEE Secure Development Conference. McLean, VA. September 2019.
Conference
[PDF] [Source code]
Sazzadur Rahaman, Long Cheng, Danfeng (Daphne) Yao, He Li, and
Jung-Min (Jerry) Park. Provably Secure Anonymous-yet-Accountable Crowdsensing with
Scalable Sublinear Revocation. The 17th Privacy Enhancing Technologies Symposium (PETS).
Minneapolis, MN, USA. July, 2017.
Journal
Conference
[PDF]
Sazzadur Rahaman, Danfeng (Daphne) Yao. Toward Automatic Program
Analysis of Cryptography Implementations for Security. 2017 IEEE Secure Development
Conference. Cambridge, MA, USA. September, 2017.
Conference
[PDF]
Sazzadur Rahaman, Tousif Ahmed Eshan, Sad Al Abdullah.
Antibandwidth Problem for Itchy Caterpillars. 2014 International Conference on
International Conference on Informatics, Electronics & Vision (ICIEV). Dhaka,
Bangladesh. May, 2014.
Conference
[PDF]
Mohammad Raihanul Islam, Sazzadur Rahaman, Rakibul Hasan, Ridwan
Rashid Noel, Asif Salekin, and Hasan Shahid Ferdous. A Novel Approach for Constructing
Emulator for Microsoft Kinect XBOX 360 Sensor in the .NET Platform. 4th International
Conference on Intelligent Systems Modelling & Simulation (ISMS). Bangkok, Thailand.
January, 2013.
Conference
[PDF]
Fahad Shaon, Sazzadur Rahaman. Systems and methods for proactive and reactive data security. U.S. Application No: 16/698,328 (filed).
August, 2017 - Current
August, 2015 - May, 2017
Blacksburg, VA
Projects:
• Compliance checking: Tools and methodologies to measure PCI DSS compliance for e-commerce.
• CryptoGuard: A deployment-grade tool to find cryptographic API misuses
(Java, Android).
• TaintCrypt: A tool to find numerous vulnerabilities in cryptographic
implementations
(C/C++).
• GroupSense: Privacy-preserving scalable crowdsensing based on a new
VLR-based group signature.
May, 2019 - August, 2019
May, 2017 - August, 2017
Dallas, TX
Responsibilities:
• Design and development of secure platform for big data analytics frameworks
(e.g., Hadoop, Spark, etc.).
• Peer code review, source code analysis.
March, 2014 - July, 2015
Dhaka, Bangladesh
Responsibilities:
• Significant contribution in architecture level design
of core products (e.g., Kona Pay [news],
Kona TSM).
• Following payment industry specs (e.g., GlobalPlatform,
ISO/IEC, Visa, MasterCard, AmEx, EMVCo, etc.).
• Significant contribution in standardizing software engineering practices
and tools.
Apr, 2012 - February, 2014
Dhaka, Bangladesh
Responsibilities:
• Development, system
performance monitoring, analysis & optimization, peer code reviewing.
• Wrote utility frameworks for significant reductions in boilerplate codes.
Pratt Fellowship, Fall 2019 and Spring 2020
Bitshare Fellowship, Fall 2018 and Spring 2019
Champion in .Net platform, Inter University System Design Competition-2011, BUET
Dean's List Award, BUET, Session 2009-2010
Sharmin Afrose, Ya Xiao, Myles Frantz, Mazharul Islam
Hannah Roth (2017)
IEEE Transactions on Dependable and Secure Computing (TDSC)
PETS '18 '19 '20, SecDev '18
CCS '17 '18 '19, S&P '18 '19 '20, NDSS '19, WWW '19, AsiaCCS '17 '18, DSN '17
CCS 2017
sazzad14 [at] vt [dot] edu
Department of Computer Science,
2202 Kraft Drive, KnowledgeWork II, Blacksburg, VA, USA -
24060.