Sazzadur Rahaman

Sazzadur Rahaman
Assistant Professor,
Department of Computer Science,
University of Arizona.



Jul 04, 2024:

Our paper on EdTech acquisition practices in HEIs got accepted in ACM CCS '24! Congrats, to Easton and Ananta!

Apr 15, 2024:

Our paper studying IoT security guidelines got accepted in ESEC/FSE '24! Congrats, to Jesse and Dharun!

Aug 16, 2023:

Our paper on the distributed data analytics platfrom security got accepted in ACSAC '23! Congrats, to Fahad!

Apr 03, 2023:

Our paper on benchmarking application debloaters got accepted in ESORICS '23! Congrats, to the team!

Nov 19, 2022:

Our paper on security analysis of native extensions got accepted in USENIX Security'23! Congrats, everyone!

Apr 13, 2022:

TPC member for NDSS'23!

Mar 10, 2022:

TPC member for USENIX Security'23!

Mar 10, 2022:

TPC member for PETS'23!

Feb 14, 2022:

Invited talk at the CS Colloquium at Marquette University, Milwaukee, Wisconsin.

Aug 18, 2021:

Our project on payment system security in collaboration with Loukas Lazos(Co-PI), received Funding support from TRIF NSS!

Jul 19, 2021:

Invited talk at FACC Workshop@CAV'21!

Apr 24, 2021:

TPC member for NDSS'22!

Mar 13, 2021:

TPC member for PETS'22!

Sep 18, 2020:

Invited talk at Clemson School of Computing seminar.

Aug 15, 2020:

TPC member for NDSS‚21!

I work towards making security research more democratized and affordable. I am broadly interested in building robust systems and methodologies by using program analysis, formal verification, applied cryptography, internet measurement and machine learning-based techniques. I emphasize on transitioning my work into practice. I lead Security, Privacy and Reliability Lab () at the University of Arizona.

I completed my Ph.D. in Computer Science from CS@VT, under the supervision of Dr. Danfeng (Daphne) Yao. Before that, I worked as a software engineer. I completed my under graduation from Bangladesh University of Engineering and technology.

Selected Recent Publications (See All)

A Unified Taxonomy and Evaluation of IoT Cybersecurity Guidelines.
Jesse Chen, Dharun Anandayuvaraj, James Davis, Sazzadur Rahaman.
ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). Porto de Galinhas, Brazil. July, 2024.

Trust, Because You Can't Verify: Privacy and Security Hurdles in Education Technology Acquisition Practices.
Easton Kelso, Ananta Soneji, Sazzadur Rahaman, Yan Soshitaishvili, Rakibul Hasan.
ACM Conference on Computer and Communications Security (CCS'24). Salt Lake City, Utah, USA. October 2024.

Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages.
Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, Michael Backes.
32nd USENIX Security Symposium. Anaheim, CA, USA. August, 2023.

The Queen’s Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms.
Fahad Shaon*, Sazzadur Rahaman*, Murat Kantarcioglu (* co-first authors)
The Annual Computer Security Applications Conference (ACSAC). Austin, Texas, USA. December, 2023.

A Tale of Reduction, Security and Correctness: Evaluating Program Debloating Paradigms and Their Compositions.
Muaz Ali, Muhammad Muzammil, Faraz Karim, Ayesha Naeem, Rukhshan Haroon, Muhammad Haris, Huzaifa Nadeem, Waseem Sabir, Fahad Shaon, Fareed Zaffar, Vinod Yegneswaran, Ashish Gehani and Sazzadur Rahaman
28th European Symposium on Research in Computer Security (ESORICS). Hague, Netherlands. September, 2023.

Optimization to the Rescue: Evading Binary Code Stylometry with Adversarial Use of Code Optimizations.
Ben Jacobsen, Sazzadur Rahaman, Saumya Debray.
The CheckMATE workshop at the ACM Conference on Computer and Communications Security (CCS'21). Virtual Conference, November 2021.

From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations.
Sazzadur Rahaman, Haipeng Cai, Omar Chowdhury and Danfeng (Daphne) Yao.
IEEE Transactions on Dependable and Secure Computing (TDSC). 2021.

Coding Practices and Recommendations of Spring Security for Enterprise Applications.
Mazharul Islam, Sazzadur Rahaman, Na Meng, Behnaz Hassanshahi, Padmanabhan Krishnan, Danfeng (Daphne) Yao.
IEEE Secure Development Conference. Atlanta, GA, September 2020.

Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
Sazzadur Rahaman, Gang Wang, Danfeng (Daphne) Yao.
ACM Conference on Computer and Communications Security (CCS'19). London, United Kingdom. November 2019.
[Conference] [Source code: PciCheckerLite, BuggyCart]

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, Danfeng (Daphne) Yao.
ACM Conference on Computer and Communications Security (CCS'19). London, United Kingdom. November 2019.
[Conference] [Source Code] [Adopted by Oracle] [ACM news Article]

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
Sazzadur Rahaman,Long Cheng, Danfeng (Daphne) Yao, He Li, and Jung-Min (Jerry) Park.
The 17th Privacy Enhancing Technologies Symposium (PETS). Minneapolis, MN, USA. July, 2017.
[Journal] [Conference]

Notice Board

We always look for motivated students to join our newly formed Security, Privacy and Reliability Lab (). The following are some of the topics of our current interest.

  • Automated software verification for security and correctness.
  • Software specialization for performance and security.
  • Internet measurement of security and privacy problems.
  • Rethinking the security of parallel and distributed systems.
  • Privacy-preserving techniques for emerging applications.
  • Adversarial machine learning in software security.

If you are interested in working with me, please send me your CV, research interest and a paragraph on why do you want a PhD.

See Detail


University of Arizona:

  • Spring 24: CSC 566 (Computer Security)
  • Fall 23: CSC 466 (Computer Security)
  • Spring 23: CSC 466 (Computer Security)
  • Fall 22: CSC 566 (Computer Security)
  • Spring 22: CSC 466/566 (Computer Security)
  • Spring 21: CSC 696I (Advanced Topics in Security)

Virginia Tech:

  • Spring 20: CS 4264 (Principles of Computer Security)

Department of Computer Science, Gould-Simpson, Room 917, 1040 E 4th St, Tucson, AZ - 85721.