School of Computing and Information Sciences
Endadul Hoque is an Assistant Professor in the School of Computing and Information Sciences at Florida International University. He received his Ph.D. in Computer Science from Purdue University in 2015. During 2016, he was a Postdoctoral Research Associate in the College of Computer and Information Science at Northeastern University. His research interests lie at the intersection of networked systems and security, where the overarching goal is to aid the development of secure networked systems. His current projects are focused on creating automated analysis tools to discover bugs/vulnerabilities in implementations of networked systems, including real-world implementations of network protocols and IoT systems. During his PhD, he received the Bilsland Dissertation Fellowship award in 2015 and the Graduate Teaching Fellowship award in 2014 from Purdue University. His research work has been published in top security and networking conferences (e.g., S&P, NDSS) and journals (e.g., ToN).
Network protocols are notorious for their complexity. Implementing these protocols correctly is crucial to the success of secure communication. However, time and again, a plethora of security bugs has been discovered in these implementations. At one hand, some of these bugs (e.g., OpenSSL Heartbleed) violate the well-defined programming language standards (e.g., overflowing buffer), thereby making them defensible by implementation-agnostic solutions (e.g., memory error detection/protection mechanisms). On the other hand, some bugs (e.g., Apple’s goto fail) respect the programming language standards but violate the high-level protocol specifications. In this talk, I will present two automated noncompliance detection tools (CHIRON and SymCerts). CHIRON is designed for stateful network protocol implementations to detect specification bugs that violate some operational behavior of the protocol. SymCerts is designed for finding specification bugs in implementations of X.509 digital certificate validation logic (a crucial step in achieving communication security over the Internet) available in all major SSL/TLS libraries.