I am a software security researcher and entrepreneur. My research interests primarily revolve around the confluence of program analysis and cybersecurity. To assess the safety and security of applications in emerging fields such as Internet of Things (IoT) and Android, I utilize a mix of static and dynamic analysis, symbolic execution, and formal verification methods.

I am a research Associate at the University of Wisconsin-Madison, and was fortunate to work with Prof. Somesh Jha and Prof. Thomas Reps on software debloating and Adversarial Machine Learning.

I completed my PhD in Computer Engineering at the University of Nebraska-Lincoln, where I was fortunate to work with Dr. Hamid Bagheri and Dr. Qiben Yan and obtained MSc in Computer Security from the University of Kent. I received ACM SIGSOFT distinguished paper award and (ISC)2 graduate scholarship

 

⭐ What can I bring?⭐

1. Research Experience: ISSTA'20 (best paper award), USENIX'22, EuroS&P'22, NeurIPS'22 (oral-designated), INFOCOM’19, TIFS'20 and TSE22&23.
2. Successful collaboration with great researchers from academia, industry, and research labs.
3. Teaching Experience: delivering Security and Network courses and interest in delivering Software Supply Chain Security.
4. Mentoring Experience: 2 undergrads, 5 MSc, 3 PhD. One of my mentees sent me this message "Thank you for being a great mentor and showing me the ropes to research. You will always be a fundamental keystone in whatever career I pursue, by being my very first boss. I really do appreciate all that you have done and our time working together."
5. Open-source and reproducibility advocate: my academic tools are publically available.
6. Innovation Experience: 2 filed patents and Tech Transfer.
7. Entrepreneurship & Startup Experience: $500K pre-seed funding, launching a startup, developing MVP, hiring the team, getting first customer, and defining products roadmap.
8. Diversity Embracement: working in Netherlands, Singapore, UK, and US

Research Areas:

• IoT Safety and Privacy: [USENIX’22, IEEE TSE’22, ISSTA’20]

• Machine Learning Robustness: [NeurIPS’22]

• Android Security: [IEEE TIFS’20, INFOCOM’19]

• Software and Container Debloating: [EuroS&P’22], [SIGMETRICS’24]

Entrepreneurship & Industry:

• FitStack. Co-founded in Sept, 2022 and is the product of my postdoc work with Prof. Somesh
  Jha at UW-Madison. FitStack received $500k through the Varsity Venture
  Studio established by Wisconsin Alumni Research Foundation
  (WARF) and High-Alpha Innovation.
• Industry certificates: CISSP, CEH, Security+, CCNP Security, and Cisco Instructor

Academic Service:

• I serverd as a reviewer and external reviewer in the following conferences and journals: Euro S&P’22, USENIX’21, CSF’21, IEEE BigData’20, TIFS’20, TrustCOMM’20, INFOCOMM’17/18, IEEE Cloud Computing 2017, IEEE WCNC 2017.
• Graduate Students’ representative in the faculty committee (Academic Year 2016-2017)
• Graduate students’ representative in the Computer Engineering Committee (Academic Year 2017-2018)

Recent news:

• [Jan 2024] 🔥 Mohannad implemented and released Python Dependency Chatbot. This chatbot is a RAG application over Knowledge Graph. Check out my blog for more info
• [Jan 2024] 🔥 Our patent application "Method and Apparatus for Improved Security in Trigger Action Platforms" has issued.
• [Dec 2023] 🔥 Mohannad was invited to serve on the CCS'24 TPC Software Security Track
• [Dec 2023] 🔥 Our paper "Machine Learning Systems are Bloated and Vulnerable" has been accepted to (SIGMETRICS'24)
• [Nov 2023] 🔥 Our ONR grant to `Holistic Debloating in the Age of LLM Technology`, is funded. Thank you, ONR!!!
• [July 2023] 🔥 We released Langroid, a framework to support developers to build Multi-agent LLM applications.
• [June 2023] 🔥🔥 ONR decided to open source the Tech Transferred version of our debloating tools LMCAS and SLASH.
• [June 2023] 🔥 Mohannad serves on the Artifact Evaluation Committees for NDSS'24 and CGO'24
• [Dec 2022] 🔥 Our paper "autoMPI: Automated Multiple Perspective Attack Investigation with Semantics Aware Execution Partitioning" has been accepted to (TSE).
• [Sept 2022] 🔥 Our paper "Robust Learning against Relational Adversaries" has been accepted to (NeurIPS'22)
• [June 2022] 🔥 Our paper "IoTCOM: Dissecting Interaction Threats in IoT Systems" has been accepted to (TSE)
• [Feb 2022] 🔥 Our paper "Lightweight, Multi-Stage, Compiler-Assisted Application Specialization" has been accepted to (Euro S&P'22)
• [July 2021] 🔥 Our tool "Lightweight, Multi-Stage, Compiler-Assisted Application Specialization" has been accepted for Tech Transfer by ONR.
• [July 2021] 🔥 Our paper "Practical Data Access Minimization in Trigger-Action Platforms" has been accepted to (USENIX'22)
• [May 2021] 🔥 Patent filed COMPUTER IMPLEMENTED PROGRAM SIMPLIFICATION
• [Feb 2021] 🔥 Patent filed A METHOD AND APPARATUS FOR IMPROVED SECURITY IN TRIGGER ACTION PLATFORMS
• [Aug 2020] 🔥 Our paper "Comparing formal models of IoT app coordination analysis" has been accepted to (SEAD'20).
• [June 2020] 🔥 Our (ISSTA'20) paper received ACM SIGSOFT Distinguished Paper Award
• [April 2020] 🔥 Our paper "Scalable Analysis of Interaction Threats in IoT Systems" (ISSTA'20) paper received ACM SIGSOFT Distinguished Paper Award
• [Dec 2018] 🔥 Our paper Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code" has been accepted to (INFOCOM'19)
• [Mar 2018] 🔥 Our paper "Efficient Signature Generation for Classifying Cross-Architecture IoT Malware" accepted to IEEE Conference on Communications and Network Security 2018.
• [Feb 2018] 🔥 Our paper "Towards Best Secure Coding Practice for Implementing SSL/TLS" has been accepted to MobiSec 2018 (INFOCOM)

Updating time: 01/17/2023