A Unified Taxonomy and Evaluation of IoT Cybersecurity Guidelines.
Jesse Chen, Dharun Anandayuvaraj, James Davis, Sazzadur Rahaman.
ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). Porto de Galinhas, Brazil. July, 2024.


Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages.
Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, Michael Backes.
32nd USENIX Security Symposium. Anaheim, CA, USA. August, 2023.

The Queen’s Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms.
Fahad Shaon*, Sazzadur Rahaman*, Murat Kantarcioglu (* co-first authors)
The Annual Computer Security Applications Conference (ACSAC). Austin, Texas, USA. December, 2023.

A Tale of Reduction, Security and Correctness: Evaluating Program Debloating Paradigms and Their Compositions.
Muaz Ali, Muhammad Muzammil, Faraz Karim, Ayesha Naeem, Rukhshan Haroon, Muhammad Haris, Huzaifa Nadeem, Waseem Sabir, Fahad Shaon, Fareed Zaffar, Vinod Yegneswaran, Ashish Gehani and Sazzadur Rahaman
28th European Symposium on Research in Computer Security (ESORICS). Hague, Netherlands. September, 2023.

Evaluating Container Debloaters.
Muhammad Hassan*, Talha Tahir*, Muhammad Farrukh, Abdullah Naveed, Anas Naeem, Fareed Zaffar, Fahad Shaon, Ashish Gehani and Sazzadur Rahaman (* co-first authors)
IEEE Secure Development Conference. Atlanta, GA. October, 2023.

Blade: Towards Scalable Source Code Debloating.
Muaz Ali, Rumaisa Habib, Ashish Gehani, Sazzadur Rahaman and Zartash Uzmi.
IEEE Secure Development Conference. Atlanta, GA. October, 2023.

SpanL: A Language for Screening Improper Use of Security APIs in High-level Languages.
Sazzadur Rahaman, Miles Frantz, Barton Miller and Danfeng Yao.
Secure Cryptographic Implementation Workshop collocated with 21st International Conference on Applied Cryptography and Network Security (ACNS), 2023.


Being the Developers' Friend: Our Experience Developing a High-Precision Tool for Secure Coding.
Danfeng (Daphne) Yao, Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Miles Frantz, Ke Tian, Na Meng, Cristina Cifuentes, Yang Zhao, Nicholas Allen, Nathan Keynes, Barton Miller, Elisa Heymann, Fahad Shaon, Murat Kantarcioglu.
IEEE Security and Privacy Journal.

Evaluation of Static Vulnerability Detection Tools with Java Cryptographic API Benchmarks.
Sharmin Afrose, Ya Xiao, Sazzadur Rahaman , Barton Miller, Danfeng (Daphne) Yao.
IEEE Transactions on Software Engineering (TSE). 2022.

``If security is required'': Engineering and Security Practices for Machine Learning-based IoT Devices.
Nikhil Gopalakrishna, Dharun Anandayuvaraj, Annan Detti, Forrest Lee Bland, Sazzadur Rahaman, James Davis.
SERP4IoT workshop collocated with ACM/IEEE International Conference on Software Engineering (ICSE). 2022.


Optimization to the Rescue: Evading Binary Code Stylometry with Adversarial Use of Code Optimizations.
Ben Jacobsen, Sazzadur Rahaman, Saumya Debray.
The CheckMATE workshop collocated with the ACM Conference on Computer and Communications Security (CCS'21). Virtual Conference. November 2021.

From Theory to Code: Identifying Logical Flaws in Cryptographic Implementations.
Sazzadur Rahaman, Haipeng Cai, Omar Chowdhury and Danfeng (Daphne) Yao.
IEEE Transactions on Dependable and Secure Computing (TDSC). 2021.


Coding Practices and Recommendations of Spring Security for Enterprise Applications.
Mazharul Islam, Sazzadur Rahaman, Na Meng, Behnaz Hassanshahi, Padmanabhan Krishnan, Danfeng (Daphne) Yao.
IEEE Secure Development Conference. Atlanta, GA, September 2020.


Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations.
Sazzadur Rahaman, Gang Wang, Danfeng (Daphne) Yao.
ACM Conference on Computer and Communications Security (CCS'19). London, United Kingdom. November 2019.
[Conference] [Source code: PciCheckerLite, BuggyCart]

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects.
Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, Danfeng (Daphne) Yao.
ACM Conference on Computer and Communications Security (CCS'19). London, United Kingdom. November 2019.
[Conference] [Source Code] [Adopted by Oracle] [ACM news Article]

CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses.
Sharmin Afrose, Sazzadur Rahaman, Danfeng (Daphne) Yao.
2019 IEEE Secure Development Conference. McLean, VA. September 2019.
[Conference] [Source Code]


Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation.
Sazzadur Rahaman,Long Cheng, Danfeng (Daphne) Yao, He Li, and Jung-Min (Jerry) Park.
The 17th Privacy Enhancing Technologies Symposium (PETS). Minneapolis, MN, USA. July, 2017.
[Journal] [Conference]

Toward Automatic Program Analysis of Cryptography Implementations for Security.
Sazzadur Rahaman,Danfeng (Daphne) Yao.
2017 IEEE Secure Development Conference. Cambridge, MA, USA. September, 2017.

[Before '17]

Antibandwidth Problem for Itchy Caterpillars.
Sazzadur Rahaman,Tousif Ahmed Eshan, Sad Al Abdullah.
2014 International Conference on International Conference on Informatics, Electronics & Vision (ICIEV). Dhaka, Bangladesh. May, 2014.

A Novel Approach for Constructing Emulator for Microsoft Kinect XBOX 360 Sensor in the .NET Platform.
Mohammad Raihanul Islam, Sazzadur Rahaman,Rakibul Hasan, Ridwan Rashid Noel, Asif Salekin, and Hasan Shahid Ferdous.
4th International Conference on Intelligent Systems Modelling & Simulation (ISMS). Bangkok, Thailand. January, 2013.


[US Patents]

Fahad Shaon, Sazzadur Rahaman. Systems and methods for proactive and reactive data security. U.S. Application No: 16/698,328 (filed).


Department of Computer Science, Gould-Simpson, Room 917, 1040 E 4th St, Tucson, AZ - 85721.