Omar Chowdhury.jpg


Omar Haider Chowdhury

Assistant Professor
Department of Computer Science
The University of Iowa

omar-chowdhury@uiowa.edu

319-335-0745

1408 Seamans Center

About Me About Me

I am an Assistant Professor of Computer Science at the University of Iowa. I lead the Computational Logic Center (CLC) along with my colleagues Aaron Stump and Cesare Tinelli. I am also involved with the Iowa Informatics Initiative.

Before joining the University of Iowa, I was a post-doctoral research associate at Cylab, Carnegie Mellon University (Host: Prof. Anupam Datta) and Purdue University (Host: Prof. Ninghui Li). I received my Ph.D. in Computer Science from the University of Texas at San Antonio under the supervision of Prof. Jianwei Niu and Prof. William H. Winsborough (deceased). I received my undergraduate education in Computer Science and Engineering (CSE) at the Bangladesh University of Engineering and Technology (BUET).


Research Research

My research interest lies in Computer Security and Privacy. Broadly, I am interested in applying techniques from formal verification and runtime monitoring in achieving provable security and privacy assurances of modern systems and protocols. I am also interested in applying formal verification and software engineering techniques to automatically detect functional bugs in network protocols and safety-critical cyber-physical and IoT systems.


News News

DARPA-VERDICT Our project titled "VERDICT: Verification Evidence & Resilient Design In anticipation of Cybersecurity Threats " has been funded under the DARPA CASE Program (In Collaboration with Cesare Tinelli and GE Global Research). Thanks DARPA.

DNS Our paper titled "Adaptive Deterrence of DNS Cache Poisoning" has been accepted at the 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018).

LTEInspectornews3 Our NDSS 2018 paper on 4G LTE has been invited to be presented at the 2018 Qualcomm Mobile Security Summit.

LTEInspectornews3 Our NDSS 2018 paper on 4G LTE has been highlighted at the ACM Tech news.

LTEInspectornews2 Our NDSS 2018 paper titled "LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE" has been showcased in the technology media.

LTEInspectornews Our paper titled "LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE" (accepted at the Network and Distributed System Security Symposium (NDSS) 2018) has received positive feedback.

PC PC: ACM SACMAT 2018; PST 2018; IEEE S&P 2019

bugs2 [Reported Bugs in SSL/TLS Libraries:] CVE-2017-1000415; CVE-2017-1000416; CVE-2017-1000417

LTEInspector Our paper titled "LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE" has been accepted at the Network and Distributed System Security Symposium (NDSS) 2018. Congratulations Syed Rafiul Hussain and Shagufta Mehnaz.

SymCerts2 Our "SymCerts" paper has been selected as a CSAW North America finalist for the applied research competition. Congratulations Sze Yiu Chau and Endadul Hoque.

CHIRON Our paper titled "Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs" has been accepted at IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017. Congratulations Sze Yiu Chau and Endadul Hoque.

SymCerts Our paper titled "SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations" has been accepted at IEEE S&P 2017. Congratulations Sze Yiu Chau and Endadul Hoque.

NSF-CRII Project on the development of a compliant Internet PKI has been funded under NSF SaTC CRII program. Thanks NSF. Unabridged award abstract may be found here.

daily-iowan Contributed to an article in the Daily Iowan.

Invited to CCS PC I have been invited to join the CCS 2017, PST 2017, WPES 2017 PC.

bugs1 [Bugs] We tested MatrixSSL v3.7.2 for RFC compliance and other vulnerabilities. The developers of MatrixSSL acknowledged our findings of a collision-prone OID comparison, and ineffective expiration date checks. All of these have been fixed in newer versions.

bugs2 [Bugs] We tested axTLS 1.5.3 for RFC compliance and other vulnerabilities. The developers of axTLS acknowledged our findings of certain attributes of distinguished names being ignored, certificates with unrecognised extensions are not being rejected, hhmmss of UTCTime being ignored, not processing any extensions (they added support for 3 extension: subject alternative name, basic constraints and key usage, in commit r273 and commit r274), and an off-by-one error in interpreting the year of UTCTime. Fixes have been implemented or being implemented in future revision.

Joined UIOWA CS FALL 2016: Joined the University of Iowa as an Assistant Professor of Computer Science.

CCS 2016 SUMMER 2016: Two papers accepted in CCS 2016.

Students Students

Yahyazadeh Moosa (Ph.D. student; co-advised with Octav Chipara)

Mitziu Echeverria (Ph.D. student)

Selected Publications Selected Publications

DNS Adaptive Deterrence of DNS Cache Poisoning
With Chau, Sze Yiu (Purdue University); Gonsalves, Victor (Purdue University); Ge, Huangyi (Purdue University); Yang, Weining (Google Inc.); Fahmy, Sonia (Purdue University); Li, Ninghui (Purdue University)
Appeared in Proceedings of the 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018).

LTEInspector LTEInspector : A Systematic Approach for Adversarial Testing of 4G LTE
With Syed Rafiul Hussain (Purdue University), Shagufta Mehnaz (Purdue University), and Elisa Bertino (Purdue University)
Appeared in Proceedings of the Network and Distributed System Security Symposium (NDSS 2018) .
Selected PublicationsVideo of the presentation and Slides

CHIRON-DSN17 Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs
With Endadul Hoque (Purdue University), Sze Yiu Chau (Purdue University), Cristina Nita-Rotaru (Northeastern University), and Ninghui Li (Purdue University)
Appeared in Proceedings of the 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017) .

symcert-paper-OAKLAND17 SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
With Sze Yiu Chau (Purdue University), Endadul Hoque (Purdue University), Huangyi Ge (Purdue University), Aniket Kate (Purdue University), Cristina Nita-Rotaru (Northeastern University), and Ninghui Li (Purdue University)
Appeared in Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P 2017).
Selected PublicationsVideo of the presentation bugs1Errata

password-paper-CCS16 An Empirical Study of Mnemonic Sentence-based Password Generation Strategies
With Weining Yang, Ninghui Li, Aiping Xiong, and Robert Proctor
Appeared in the Proceeding of 23rd ACM Conference on Computer and Communications Security (CCS), 2016.

passwindow-paper-CCS16 On the Security and Usability of Segment-based Visual Cryptographic Authentication Protocols
With Tianhao Wang, Huangyi Ge, Hemanta K. Maji, and Ninghui Li
Appeared in the Proceeding of 23rd ACM Conference on Computer and Communications Security (CCS), 2016.

ereduce-paper-CCS16 Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits
With Deepak Garg, Limin Jia, and Anupam Datta
Appeared in the Proceeding of 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

ereduce-paper-CCS16 Temporal Mode-Checking for Runtime Monitoring of Privacy Policies
With Limin Jia, Deepak Garg, and Anupam Datta
Appeared in the Proceedings of 26th International Conference on Computer Aided Verification (CAV), 2014.