Endadul Hoque - Syracuse University (original) (raw)

• About Me
• Research
• Publications
• Teaching
• Other

Endadul Hoque

• Assistant Professor
• Dept. of EECS
• Syracuse University
• enhoque AT syr.edu

I am currently looking for motivated graduate students for PhD positions (applicants with an MS degree is preferred) and undergraduate students who are interested in security of computer networks and systems, IoT security, vulnerability detection, and program analysis. If interested, please contact me through email.

Received Best Paper Award for our FuzzEval paper at 18th Intl. Workshop on Search-Based and Fuzz Testing (SBFT 2025), co-located with IEEE/ACMICSE 2025

Our paper "iConPAL" will appear in IEEE SecDev 2024

Our paper "VetIoT" will appear in IEEE CNS 2023

Our paper "Maverick" has been published in ACM WiSec 2023

Congratulations to Akib Nafis for winning the 2nd place in the Oral Presentation Competition at 2023 ECS Research Day

Received Google Research Scholar Award 2022

Two papers published in ACM CCS 2021

I will join EECS@Syracuse as an Assistant Professor from Fall 2019

Received Cisco Network Security Distinguished Paper Award for our TCPwn paper at NDSS 2018 (one of the top security conferences)

Our paper "TCPwn" has been accepted inNDSS 2018 (one of the top security conferences)

Our paper titled "Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach" has been accepted at NDSS Symposium 2018. Many congratulations to Samuel Jero and the rest of the team. We received excellent reviews; here is an excerpt: "This is a really cool paper -- One of those that make you wish you had thought of the idea! It takes a classical problem and presents a refreshing new take on it [...]"

Our paper "CHIRON" has been accepted in DSN 2017

Our paper "SymCerts" has been accepted inIEEE S&P 2017 (the top security conference, also known as Oakland)

Research

My research is highly concentrated on cybersecurity, particularly at the intersection of computer networks, systems, and security. Within this broad domain, my particular emphasis is on automated detection of vulnerabilities as well as creating resilient, user-friendly defenses. My work spans several areas of computing, including network communication protocols, operating systems, distributed systems, Internet-of-Things (IoT) systems, and embedded devices. I often draw inspiration from automated reasoning techniques such as SMT solving and model checking, as well as methods in runtime verification, program analysis, and software engineering, including symbolic execution and fuzz testing. Recently, I am also interested in developing LLM-driven security analysis techniques as well as creating automated techniques to improve the robustness of LLMs.

For more information, please visit the SYNE lab.

Publications

For full publication list, click

SeQR: A User-Friendly and Secure-by-Design Configurator for Enterprise Wi-Fi

• Conference ACM CHI Conference on Human Factors in Computing Systems (CHI), Yokohama, Japan, April 2025.

On Evaluating Fuzzers with Context-Sensitive Fuzzed Inputs: A Case Study on PKCS#1-v1.5

• S Mahmudul Hasan, Polina Kozyreva, and Endadul Hoque
• Workshop 8th International Workshop on Search-Based and Fuzz Testing (SBFT 2025), co-located with IEEE/ACM International Conference on Software Engineering (ICSE 2025), Ottawa, Ontario, Canada, April 2025.
• Best Paper Award

iConPAL: LLM-guided Policy Authoring Assistant for Configuring IoT Defenses

• Mahbub Alam, Siwei Zhang, Eric Rodriguez, Akib Nafis, and Endadul Hoque
• Conference IEEE Secure Development Conference (SecDev), PA USA, Oct 2024.

VetIoT: On Vetting IoT Defenses Enforcing Policies at Runtime

• Akib Jawad Nafis, Omar Chowdhury, and Endadul Hoque
• Conference IEEE Conference on Communications and Network Security (CNS), FL USA, Oct 2023.

Maverick: An App-independent and Platform-agnostic Approach to Enforce Policies in IoT Systems at Runtime

• M. Hammad Mazhar, Li Li, Endadul Hoque, and Omar Chowdhury
• Conference ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), United Kindom, May 2023.

All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations

• Man Hong Hue, Joyanta Debnath, Kin Man Leung, Li Li, Mohsen Minaei, M. Hammad Mazhar, Kailiang Xian, Endadul Hoque, Omar Chowdhury, and Sze Yiu Chau
• Conference ACM SIGSAC Conference on Computer and Communications Security (CCS), Korea, Nov 2021.

Morpheus: Bringing The (PKCS) One To Meet the Oracle

• Moosa Yahyazadeh, Sze Yiu Chau, Li Li, Man Hong Hue, Joyanta Debnath, Sheung Chiu Ip, Li Chun Ngai, Endadul Hoque, and Omar Chowdhury
• Conference ACM SIGSAC Conference on Computer and Communications Security (CCS), Korea, Nov 2021.

PatrIoT: Policy Assisted Resilient Programmable IoT System

• Moosa Yahyazadeh, Syed Rafiul Hussain, Endadul Hoque, and Omar Chowdhury
• Conference International Conference on Runtime verification (RV), Los Angeles, CA, USA, Oct 2020.

aBBRate: Automating BBR Attack Exploration Using a Model-Based Approach

• Anthony Peterson, Samuel Jero, Endadul Hoque, Dave Choffnes, and Cristina Nita-Rotaru
• Conference International Symposium on Research in Attacks, Intrusions and Defenses (RAID), San Sebastian, Spain, Oct 2020.

A Formal Security Analysis of ZigBee (1.0 and 3.0)

• Li Li, Proyash Podder, and Endadul Hoque
• Conference Hot Topics in the Science of Security Symposium (HotSoS), Lawrence, KS, USA, Sep 2020.

Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms.

• Moosa Yahyazadeh, Proyash Podder, Endadul Hoque, and Omar Chowdhury
• Conference ACM Symposium on Access Control Models and Technologies (SACMAT), Toronto, ON, Canada, Jun 2019.

This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., automatically turning on the AC when the room temperature is above 80 F). Due to the lack of effective access control mechanisms, these automation apps can not only have unrestricted access to the user's sensitive information (e.g., the user is not at home) but also violate user expectations by performing undesired actions. As users often obtain these apps from unvetted sources, a malicious app can wreak havoc on a smart-home system by either violating the user's security and privacy, or creating safety hazards (e.g., turning on the oven when no one is at home). To mitigate such threats, we propose Expat which ensures that user expectations are never violated by the installed automation apps at runtime. To achieve this goal, Expat provides a platform-agnostic, formal specification language Uei for capturing user expectations of the installed automation apps' behavior. For effective authoring of these expectations (as policies) in Uei, Expat also allows a user to check the desired properties (e.g., consistency, entailment) of them; which due to their formal semantics can be easily discharged by an SMT solver. Expat then enforces Uei policies in situ with an inline reference monitor which can be realized using the same app programming interface exposed by the underlying platform. We instantiate Expat for one of the representative platforms, OpenHAB, and demonstrate it can effectively mitigate a wide array of threats by enforcing user expectations while incurring only modest performance overhead.

Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach

• Sameul Jero, Endadul Hoque, David Choffnes, Alan Mislove, and Cristina Nita-Rotaru
• Conference Network and Distributed System Security Symposium (NDSS), San Diego, California, Feb 2018.
• Cisco Network Security Distinguished Paper Award
• Media Link

One of the most important goals of TCP is to ensure fairness and prevent congestion collapse by implementing congestion control. Various attacks against TCP congestion control have been reported over the years, most of which have been discovered through manual analysis. In this paper, we propose an automated method that combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis to find attacks against implementations of TCP congestion control. It uses a model-guided approach to generate abstract attack strategies, by leveraging a state machine model of TCP congestion control to find vulnerable state machine paths that an attacker could exploit to increase or decrease the throughput of a connection to his advantage. These abstract strategies are then mapped to concrete attack strategies, which consist of sequences of actions such as injection or modification of acknowledgements and a logical time for injection. We design and implement a virtualized platform, TCPwn, that consists of a a proxy-based attack injector and a TCP congestion control state tracker that uses only network traffic to create and inject these concrete attack strategies. We evaluated 5 TCP implementations from 4 Linux distributions and Windows 8.1. Overall, we found 11 classes of attacks, of which 8 are new.

Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs

• Endadul Hoque, Omar Chowdhury, Sze Yiu Chau, Cristina Nita-Rotaru, and Ninghui Li
• Conference IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO. June 2017

Network protocol implementations must comply with their specifications that include properties describing the correct operational behavior of the protocol in response to different temporal orderings of network events. Due to inconsistent interpretations of the specification, developers can unknowingly introduce semantic bugs, which cause the implementations to violate the respective properties. Detecting such bugs in stateful protocols becomes significantly difficult as their operations depend on their internal state machines and the complex interactions between the protocol logic. In this paper, we present an automated tool to help developers analyze their protocol implementations and detect semantic bugs violating the temporal properties of the protocols. Given an implementation, our tool (1) extracts the implemented finite state machine (FSM) of the protocol from the source code by symbolically exploring the code and (2) determines whether the extracted FSM violates given temporal properties by using an off-the-shelf model checker. We demonstrated the efficacy of our tool by applying it on 6 protocol implementations. We detected 11 semantic bugs (2 with security implications) when we analyzed these implementations against properties obtained from their publicly available specifications.

SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations

• Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li
• Conference IEEE Symposium on Security and Privacy (S&P), San Jose, CA. May 2017.
• Finalist - CSAW 2017 Applied Research Competition

The X.509 Public-Key Infrastructure has long been used in the SSL/TLS protocol to achieve authentication. A recent trend of Internet-of-Things (IoT) systems employing small footprint SSL/TLS libraries for secure communication has further propelled its prominence. The security guarantees provided by X.509 hinge on the assumption that the underlying implementation rigorously scrutinizes X.509 certificate chains, and accepts only the valid ones. Noncompliant implementations of X.509 can potentially lead to attacks and/or interoperability issues. In the literature, black-box fuzzing has been used to find flaws in X.509 validation implementations; fuzzing, however, cannot guarantee coverage and thus severe flaws may remain undetected. To thoroughly analyze X.509 implementations in small footprint SSL/TLS libraries, this paper takes the complementary approach of using symbolic execution.

We observe that symbolic execution, a technique proven to be effective in finding software implementation flaws, can also be leveraged to expose noncompliance in X.509 implementations. Directly applying an off-the-shelf symbolic execution engine on SSL/TLS libraries is, however, not practical due to the problem of path explosion. To this end, we propose the use of SymCerts, which are X.509 certificate chains carefully constructed with a mixture of symbolic and concrete values. Utilizing SymCerts and some domain-specific optimizations, we symbolically execute the certificate chain validation code of each library and extract path constraints describing its accepting and rejecting certificate universes. These path constraints help us identify missing checks in different libraries. For exposing subtle but intricate noncompliance with X.509 standard, we cross-validate the constraints extracted from different libraries to find further implementation flaws. Our analysis of 9 small footprint X.509 implementations has uncovered 48 instances of noncompliance. Findings and suggestions provided by us have already been incorporated by developers into newer versions of their libraries.

Automated Adversarial Testing of Unmodified Wireless Routing Implementations

• Endadul Hoque, Hyojeong Lee, Rahul Potharaju, Charles Killian, and Cristina Nita-Rotaru
• Journal IEEE/ACM Transactions on Networking (ToN), vol 24, issue 6, Dec 2016.

Numerous routing protocols have been designed and subjected to model checking and simulations. However, model checking the design or testing the simulator-based prototype of a protocol does not guarantee that the implementation is free of bugs and vulnerabilities. Testing implementations beyond their basic functionality (also known as adversarial testing) can increase protocol robustness. We focus on automated adversarial testing of real-world implementations of wireless routing protocols. In our previous work we created Turret, a platform that uses a network emulator and virtualization to test unmodified binaries of general distributed systems. Based on Turret, we create Turret-W designed specifically for wireless routing protocols. Turret-W includes new functionalities such as differentiating routing messages from data messages to enable evaluation of attacks on the control plane and the data plane separately, support for several additional protocols (e.g., those that use homogeneous/heterogenous packet formats, those that run on geographic forwarding (not just IP), those that operate at the data link layer instead of the network layer), support for several additional attacks (e.g., replay attacks) and for establishment of adversarial side-channels that allow for collusion. Turret-W can test not only general routing attacks, but also wireless specific attacks such as wormhole. Using Turret-W on publicly available implementations of five representative routing protocols, we (re-)discovered 37 attacks and 3 bugs. All these bugs and 5 of the total attacks were not previously reported to the best of our knowledge.

Building Robust Distributed Systems and Network Protocols Using Adversarial Testing and Behavioral Analysis

• Endadul Hoque and Cristina Nita-Rotaru
• Conference IEEE Cybersecurity Development Conference (SecDev), Boston, MA. Nov 2016

We describe our experience over the past five years with building more robust distributed systems and network protocols by using adversarial testing and behavioral analysis. We describe the benefits and disadvantages of both approaches and the design of the tools we have built (Turret, Turret-W, SNAKE, and Chiron). We discuss how we applied them to byzantine-resilient state machine replication, wireless routing protocols, transport protocols, TLS, and IoT implementation of application-level protocols.

Fall 2021

• CSE 486: Design of Operating Systems [course page]

• CIS600/CIS700/CSE691/CSE791: Security and Assurance of Software Stacks [course page]

Spring 2021

• CIS 657: Principles of Operating Systems [course page]

Fall 2020

• CIS600/CIS700/CSE691/CSE791: Security and Assurance of Emerging Areas [course page]

Spring 2020

• CIS 657: Principles of Operating Systems [course page]

Courses Taught at FIU

• CIS 5373: Systems Security

[Spring 2019, Fall 2018, Fall 2017]

• COT 5428: Formal Foundations of Cybersecurity

[Spring 2018]

Program Committee Member

• IEEE Symposium on Security and Privacy (S&P) – 2025
• IEEE Secure Development Conference (SecDev) – 2024, 2025
• ACM Symposium on Access Control Models and Technologies (SACMAT) – 2021, 2022, 2023
• IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) [Fast Abstracts] – 2022
• International Conference on Networking, Systems and Security (NSysS) – 2019, 2020
• The Network and Distributed System Security Symposium (NDSS) – 2019, 2018
• The Web Conference (WebConference/WWW) – 2019
• IEEE International Conference on Network Protocols (ICNP) – 2018, 2019
• IEEE International Conference on Distributed Computing Systems (ICDCS) – 2018
• European Dependable Computing Conference (EDCC) – 2018

Program Chair/Co-chair

• PerIoT'20,PerIoT'19,PerIoT'18,PerIoT'17

Contact Me

The best way to contact me is through email!

enhoque AT syr.edu

(315)-443-3948