Mohsen Salehi

msalehi@ece.ubc.ca    &    mssalehi@student.ubc.ca

My name is Mohsen Salehi. I am a Ph.D. researcher at Dependable Systems Lab (Department of Electrical and Computer Engineering at UBC) under supervision of Prof. Karthik Pattabiraman. I received my M.Sc. degree from Computer Engineering at Sharif University of Technology in Smart and Secure Systems (3S) Laboratory in 2020, and my B.Sc. degree from the University of Isfahan in Computer Software Engineering in 2018. My research interests lie in Security in Embedded Devices, Compilers, Machine Learning and Autonomous Systems.

Education

University of British Columbia

Ph.D. Student
Electrical and Computer Engineering

Research Title: Improving Hotpatching Techniques for Real-time Embedded Devices

Supervisor: Prof. Karthik Pattabiraman

GPA: 90 / 100 (A+)

September 2021 - Present

Sharif University of Technology

Master of Computer Engineering
Secure Computing

Thesis Title: Improving Remote Attestation Techniques for IoT Devices using Physical Model

Supervisor: Dr. Siavash Bayat-Sarmadi

GPA: 19.37 / 20

September 2018 - September 2020

University of Isfahan

BACHELOR of Computer Engineering
Software Engineering

Thesis Title: Design and implementation of an access control solution for Hybrid Mobile Applications

Supervisor: Dr. Behrouz Tork Ladani

GPA: 17.3 / 20

September 2014 - September 2018

Publications

PLCDefender: Improving Remote Attestation Techniques for PLCs using Physical Model

Mohsen Salehi and Siavash Bayat-Sarmadi

Abstract: In order to guarantee the security of industrial control system (ICS) processes, the proper functioning of the programmable logic controllers (PLCs) must be ensured. In particular, cyber-attacks can manipulate the PLC control logic program and cause terrible damage that jeopardize people's life when bringing the state of the critical system into an unreliable state. Unfortunately, no remote attestation technique has yet been proposed that can validate the PLC control logic program using a physics-based model that demonstrates device behavior. In this paper, we propose PLCDefender, a mitigation method that combines hybrid remote attestation technique with a physics-based model to preserve the control behavior integrity of ICS. We implemented PLCDefender and evaluated its effectiveness against a wide range of attacks on a Secure Water Treatment (SWaT) facility. As our evaluation shows, we can model PLC physical behavior with accuracy as high as 98%. The evaluation results show that by determining the different threshold values, PLCDefender can accurately detect a wide range of attack scenarios on PLCs.

Available: https://ieeexplore.ieee.org/document/9269427

Published in IEEE Internet of Things Journal (IOTJ)

Poster AutoPatch: Automatic Hotpatching of Real-Time Embedded Devices

Mohsen Salehi and Karthik Pattabiraman

Abstract:The number of real-time embedded devices is increasing, especially in critical places such as industrial and medical devices. These devices are the target of many security attacks; therefore, their security must be ensured, and existing vulnerabilities must be fixed immediately. Typical update approaches require rebooting or halting the devices for an unpredictable time, and are hence not applicable for real-time embedded devices such as medical devices, which must run continuously without rebooting. Hotpatching, which patches the code without rebooting the device, has been used in this context. However, existing hotpatching methods %have problems such as writing the patch by the human require manual effort from programmers that is error-prone and time-consuming. Further, little attention has been paid to these techniques for real-time embedded devices. This paper proposes AutoPatch, the first automatic hotpatching approach for real-time embedded devices. AutoPatch automatically analyzes the official patch to extract its semantics using predicate abstraction, and generates a semantically equivalent patch called hotpatch. Our initial results show that AutoPatch can automatically generate hotpatches correctly based on the official patches (i.e., real-world CVEs) using program analysis. We also validate that the generated hotpatch can fix the vulnerabilities without rebooting or halting the devices.

Available: https://dl.acm.org/doi/abs/10.1145/3548606.3563534

Published in ACM CCS'22

Academic Experience

University of British Columbia

TA
Course: Software Construction II (CPEN 322)

Instructor: Prof. Karthik Pattabiraman

Course: Program Analysis (CPEN 400P)

Instructor: Prof. Karthik Pattabiraman

Course: Building Modern Web Applications (Vancouver Summer Program 2023)

Instructor: Prof. Karthik Pattabiraman

Subreviewer & Committee Member
Subreviewer: DeepTest'23 Workshop (co-held with ICSE)
Subreviewer: SRDS'22 Conference

Sharif University of Technology

TA
Course: Hardware Security and Trust (CE 40749)

Instructor: Dr. Siavash Bayat-Sarmadi

Course: Cryptographic Engineering (CE 40744)

Instructor: Dr. Siavash Bayat-Sarmadi

Work Experience

Software Developer

Internship
IRISA Company, Tehran, Iran

In this internship, I was a member of R&D group, and I learned the Spring and Spring Security frameworks during luv2code courses. Also, I developed 50 Java language-based applications with Spring and Spring Security frameworks.

July 2018 - September 2018

Android Developer

Rasoul Amin Company, Esfahan, Iran

I developed an Android-based application for Rasoul Amin that contains hundreds of stories for children.

June 2016 - September 2016

Android Developer

CafeBazaar

I developed three Android applications for CafeBazaar with about 50,000 user installations. Cafebazaar is a platform like Google Play for downloading Android applications.

2017- 2018

Java Developer

Advanced Programming 2

Developing a game that is called "Bobby is going home" with java language.

Spring Semester 2015-2016

C++ Developer

Fundamentals of Computer Programming

Developing a game that is called "Minesweeper" with c++ language.

Fall Semester 2014-2015

Skills

Programming Languages & Frameworks
  • Android
  • Java
  • Python
  • C / C++
  • LLVM Compiler & LLVM IR
  • Spring / Spring Security
  • Java EE
  • JApplet
  • Cordova / PhoneGap
  • R
  • TensorFlow
  • Anaconda
  • Docker
Web
  • PHP
  • HTML
  • JavaScript
  • jQuery
Operating Systems
  • Linux (Fedora, Ubuntu, RedHat)
  • MacOSX
  • Windows
Data Bases
  • MySQL
  • MS SQL Server
  • SQLite Expert
Analysis & Editors & Tools
  • Android Studio
  • Weka
  • MATLAB
  • RapidMiner
  • LibSvm
  • NS2
  • Mininet
  • IDA Pro
  • Netbeans
  • Visual Studio
  • Visual Studio Code
  • PyCharm
  • Eclipse
  • IntelliJ IDEA
  • Apache Directory Studio
  • PL/SQL Developer
Mathematics & Simulation
  • MATLAB & Simulink
  • System Identification Toolbox
Electronic Software
  • Proteus
  • Codevision AVR
  • OpenPLC Editor
Workflow
  • Material Design
  • Cross Functional Teams
  • Agile Development & Scrum

Honors & Awards

  • Winning UBC Four Year Fellowship (FYF) - Ph.D. student in computer engineering - The University of British Columbia
  • Winning Faculty of Applied Science Graduate Award (GSI) - Ph.D. student in computer engineering - The University of British Columbia
  • 2nd Place - Vancouver Unikraft Hackathon - The University of British Columbia
  • 1st Place - M.Sc. graduated students in Secure Computing major - Sharif University of Technology
  • Member of the Iran's National Elites Foundation
  • Fellowship of the Iran's National Elites Foundation
  • 7th Place - M.Sc. graduated students in Computer Engineering - Sharif University of Technology
  • Honorable Mention - Atrificial Intelligent Challange (AI) 2016 - Sharif University of Technology
  • 60th Place - Iranian nation-wide information technology M.Sc. entrance exam among 20000+ participants - 2018
  • 3rd Place - B.Sc. graduated students - University of Isfahan
  • Member of Exceptional Talent Center - Sharif University of Technology
  • Honorable Mention - ACM/ICPC 2016 - Asia Region
  • 3rd Place - Atrificial Intelligent Challange (AI) 2017 - Sharif University of Technology
  • Top 1% - among more than 250,000 participants of the Iranian university entrance exam for the B.Sc. degree - 2014