My name is Mohsen Salehi. I am a Ph.D. researcher at Dependable Systems Lab (Department of Electrical and Computer Engineering at UBC) under supervision of Prof. Karthik Pattabiraman. I received my M.Sc. degree from Computer Engineering at Sharif University of Technology in Smart and Secure Systems (3S) Laboratory in 2020, and my B.Sc. degree from the University of Isfahan in Computer Software Engineering in 2018. My research interests lie in Security in Embedded Devices, Compilers, Machine Learning and Autonomous Systems.
Research Title: Improving Hotpatching Techniques for Real-time Embedded Devices
Supervisor: Prof. Karthik Pattabiraman
GPA: 90 / 100 (A+)
Thesis Title: Improving Remote Attestation Techniques for IoT Devices using Physical Model
Supervisor: Dr. Siavash Bayat-Sarmadi
GPA: 19.37 / 20
Thesis Title: Design and implementation of an access control solution for Hybrid Mobile Applications
Supervisor: Dr. Behrouz Tork Ladani
GPA: 17.3 / 20
Abstract: In order to guarantee the security of industrial control system (ICS) processes, the proper functioning of the programmable logic controllers (PLCs) must be ensured. In particular, cyber-attacks can manipulate the PLC control logic program and cause terrible damage that jeopardize people's life when bringing the state of the critical system into an unreliable state. Unfortunately, no remote attestation technique has yet been proposed that can validate the PLC control logic program using a physics-based model that demonstrates device behavior. In this paper, we propose PLCDefender, a mitigation method that combines hybrid remote attestation technique with a physics-based model to preserve the control behavior integrity of ICS. We implemented PLCDefender and evaluated its effectiveness against a wide range of attacks on a Secure Water Treatment (SWaT) facility. As our evaluation shows, we can model PLC physical behavior with accuracy as high as 98%. The evaluation results show that by determining the different threshold values, PLCDefender can accurately detect a wide range of attack scenarios on PLCs.
Available: https://ieeexplore.ieee.org/document/9269427
Abstract:The number of real-time embedded devices is increasing, especially in critical places such as industrial and medical devices. These devices are the target of many security attacks; therefore, their security must be ensured, and existing vulnerabilities must be fixed immediately. Typical update approaches require rebooting or halting the devices for an unpredictable time, and are hence not applicable for real-time embedded devices such as medical devices, which must run continuously without rebooting. Hotpatching, which patches the code without rebooting the device, has been used in this context. However, existing hotpatching methods %have problems such as writing the patch by the human require manual effort from programmers that is error-prone and time-consuming. Further, little attention has been paid to these techniques for real-time embedded devices. This paper proposes AutoPatch, the first automatic hotpatching approach for real-time embedded devices. AutoPatch automatically analyzes the official patch to extract its semantics using predicate abstraction, and generates a semantically equivalent patch called hotpatch. Our initial results show that AutoPatch can automatically generate hotpatches correctly based on the official patches (i.e., real-world CVEs) using program analysis. We also validate that the generated hotpatch can fix the vulnerabilities without rebooting or halting the devices.
Available: https://dl.acm.org/doi/abs/10.1145/3548606.3563534
Instructor: Prof. Karthik Pattabiraman
Instructor: Prof. Karthik Pattabiraman
Instructor: Prof. Karthik Pattabiraman
Instructor: Dr. Siavash Bayat-Sarmadi
Instructor: Dr. Siavash Bayat-Sarmadi
In this internship, I was a member of R&D group, and I learned the Spring and Spring Security frameworks during luv2code courses. Also, I developed 50 Java language-based applications with Spring and Spring Security frameworks.
I developed an Android-based application for Rasoul Amin that contains hundreds of stories for children.
I developed three Android applications for CafeBazaar with about 50,000 user installations. Cafebazaar is a platform like Google Play for downloading Android applications.
Developing a game that is called "Bobby is going home" with java language.
Developing a game that is called "Minesweeper" with c++ language.