Mohsen Salehi

I am a Ph.D. candidate at Dependable Systems Lab (Department of Electrical and Computer Engineering at UBC) under supervision of Prof. Karthik Pattabiraman. I received my M.Sc. degree from Computer Engineering at Sharif University of Technology in Smart and Secure Systems (3S) Laboratory in 2020, and my B.Sc. degree from the University of Isfahan in Computer Software Engineering in 2018. My research interests lie in Security in Embedded Devices, Compilers, Machine Learning and Autonomous Systems.


Education

University of British Columbia

Ph.D. Candidate
Computer Engineering

Research Title: Enhancing Security in Critical Embedded Devices

Supervisor: Prof. Karthik Pattabiraman

GPA: 90 / 100 (A+)

September 2021 - Present

Sharif University of Technology

Master of Science (M.Sc.)
Computer Engineering / Secure Computing

Thesis Title: Improving Remote Attestation Techniques for IoT Devices using Physical Model

Supervisor: Dr. Siavash Bayat-Sarmadi

GPA: 19.37 / 20

September 2018 - September 2020

University of Isfahan

BACHELOR of Science (B.Sc.)
Computer Engineering / Software Engineering

Thesis Title: Design and implementation of an access control solution for Hybrid Mobile Applications

Supervisor: Dr. Behrouz Tork Ladani

GPA: 17.3 / 20

September 2014 - September 2018

Publications

AutoPatch: Automated Generation of Hotpatches for Real-Time Embedded Devices

Mohsen Salehi and Karthik Pattabiraman

Abstract: Real-time embedded devices like medical or industrial devices are increasingly targeted by cyber-attacks. Prompt patching is crucial to mitigate the serious consequences of such attacks on these devices. Hotpatching is an approach to apply a patch to mission-critical embedded devices without rebooting them. However, existing hotpatching approaches require developers to manually write the hotpatch for target systems, which is time-consuming and error-prone. To address these issues, we propose AutoPatch, a new hotpatching technique that automatically generates functionally equivalent hotpatches via static analysis of the official patches. AutoPatch introduces a new software triggering approach that supports diverse embedded devices, and preserves the functionality of the official patch. In contrast to prior work, AutoPatch does not rely on hardware support for triggering patches, or on executing patches in specialized virtual machines. We implemented AutoPatch using the LLVM compiler, and evaluated its efficiency, effectiveness and generality using 62 real CVEs on four embedded devices with different specifications and architectures running popular RTOSes. We found that AutoPatch can fix more than 90% of CVEs, and resolve the vulnerability successfully. The results revealed an average total delay of less than 12.7 μs for fixing the vulnerabilities, representing a performance improvement of 50% over RapidPatch, a state-of-the-art approach. Further, our memory overhead, on average, was slightly lower than theirs (23%). Finally, AutoPatch was able to generate hotpatches for all four devices without any modifications.

Available: https://arxiv.org/abs/2408.15372

Artifact: Artifacts Available and Functional Badges

Published in ACM CCS'24
Acceptance Rate: 16.7%

PLCDefender: Improving Remote Attestation Techniques for PLCs using Physical Model

Mohsen Salehi and Siavash Bayat-Sarmadi

Abstract: In order to guarantee the security of industrial control system (ICS) processes, the proper functioning of the programmable logic controllers (PLCs) must be ensured. In particular, cyber-attacks can manipulate the PLC control logic program and cause terrible damage that jeopardize people's life when bringing the state of the critical system into an unreliable state. Unfortunately, no remote attestation technique has yet been proposed that can validate the PLC control logic program using a physics-based model that demonstrates device behavior. In this paper, we propose PLCDefender, a mitigation method that combines hybrid remote attestation technique with a physics-based model to preserve the control behavior integrity of ICS. We implemented PLCDefender and evaluated its effectiveness against a wide range of attacks on a Secure Water Treatment (SWaT) facility. As our evaluation shows, we can model PLC physical behavior with accuracy as high as 98%. The evaluation results show that by determining the different threshold values, PLCDefender can accurately detect a wide range of attack scenarios on PLCs.

Available: https://ieeexplore.ieee.org/document/9269427

Published in IEEE Internet of Things Journal (IOTJ)
Impact Factor: 10.6

Poster AutoPatch: Automatic Hotpatching of Real-Time Embedded Devices

Mohsen Salehi and Karthik Pattabiraman

Abstract:The number of real-time embedded devices is increasing, especially in critical places such as industrial and medical devices. These devices are the target of many security attacks; therefore, their security must be ensured, and existing vulnerabilities must be fixed immediately. Typical update approaches require rebooting or halting the devices for an unpredictable time, and are hence not applicable for real-time embedded devices such as medical devices, which must run continuously without rebooting. Hotpatching, which patches the code without rebooting the device, has been used in this context. However, existing hotpatching methods %have problems such as writing the patch by the human require manual effort from programmers that is error-prone and time-consuming. Further, little attention has been paid to these techniques for real-time embedded devices. This paper proposes AutoPatch, the first automatic hotpatching approach for real-time embedded devices. AutoPatch automatically analyzes the official patch to extract its semantics using predicate abstraction, and generates a semantically equivalent patch called hotpatch. Our initial results show that AutoPatch can automatically generate hotpatches correctly based on the official patches (i.e., real-world CVEs) using program analysis. We also validate that the generated hotpatch can fix the vulnerabilities without rebooting or halting the devices.

Available: https://dl.acm.org/doi/abs/10.1145/3548606.3563534

Published in ACM CCS'22

Academic Experience

University of British Columbia

TA (September 2021 - Present)
Course: Software Construction II (CPEN 322)

Instructor: Prof. Karthik Pattabiraman

Course: Program Analysis (CPEN 400P)

Instructor: Prof. Karthik Pattabiraman

Course: Building Modern Web Applications (Vancouver Summer Program)

Instructor: Prof. Karthik Pattabiraman

Course: Capstone (CPEN/EECE 491)

Instructor: Prof. Paul Lusina

Course: Software Engineering Project (CPSC 319)

Instructor: Prof. Jerry Jim

Subreviewer & Committee Member
Subreviewer: DeepTest'23 Workshop (co-held with ICSE)
Subreviewer: SRDS'22 Conference

Co-supervisor
Students: Jerry Shao and Luke Matson

Sharif University of Technology

TA (September 2018 - September 2020)
Course: Hardware Security and Trust (CE 40749)

Instructor: Dr. Siavash Bayat-Sarmadi

Course: Cryptographic Engineering (CE 40744)

Instructor: Dr. Siavash Bayat-Sarmadi


Work Experience

Software Developer

Internship
IRISA Company, Tehran, Iran

In this internship, I was a member of R&D group, and I learned the Spring and Spring Security frameworks during luv2code courses. Also, I developed 50 Java language-based applications with Spring and Spring Security frameworks.

July 2018 - September 2018

Android Developer

Rasoul Amin Company, Esfahan, Iran

I developed an Android-based application for Rasoul Amin that contains hundreds of stories for children.

June 2016 - September 2016

Android Developer

I developed three Android applications for CafeBazaar with about 50,000 user installations. Cafebazaar is a platform like Google Play for downloading Android applications.

2017- 2018

Java Developer

Advanced Programming 2

Developing a game that is called "Bobby is going home" with java language.

Spring Semester 2015-2016

C++ Developer

Fundamentals of Computer Programming

Developing a game that is called "Minesweeper" with c++ language.

Fall Semester 2014-2015

Skills

Programming Languages & Frameworks
  • Android
  • Java
  • Python
  • C / C++
  • LLVM Compiler & LLVM IR
  • Spring / Spring Security
  • Java EE
  • JApplet
  • Cordova / PhoneGap
  • R
  • TensorFlow
  • Anaconda
  • Docker
Web
  • PHP
  • HTML
  • JavaScript
  • jQuery
Operating Systems
  • Linux (Fedora, Ubuntu, RedHat)
  • MacOSX
  • Windows
Data Bases
  • MySQL
  • MS SQL Server
  • SQLite Expert
Analysis & Editors & Tools
  • Android Studio
  • Weka
  • MATLAB
  • RapidMiner
  • LibSvm
  • NS2
  • Mininet
  • IDA Pro
  • Netbeans
  • Visual Studio
  • Visual Studio Code
  • PyCharm
  • Eclipse
  • IntelliJ IDEA
  • Apache Directory Studio
  • PL/SQL Developer
Mathematics & Simulation
  • MATLAB & Simulink
  • System Identification Toolbox
Electronic Software
  • Proteus
  • Codevision AVR
  • OpenPLC Editor
Workflow
  • Material Design
  • Cross Functional Teams
  • Agile Development & Scrum

Honors & Awards

  • Winning UBC Four Year Fellowship (FYF) - Ph.D. student in computer engineering - The University of British Columbia
  • Winning Faculty of Applied Science Graduate Award (GSI) - Ph.D. student in computer engineering - The University of British Columbia
  • 2nd Place - Vancouver Unikraft Hackathon - The University of British Columbia
  • 1st Place - M.Sc. graduated students in Secure Computing major - Sharif University of Technology
  • Member of the Iran's National Elites Foundation
  • Fellowship of the Iran's National Elites Foundation
  • 7th Place - M.Sc. graduated students in Computer Engineering - Sharif University of Technology
  • Honorable Mention - Atrificial Intelligent Challange (AI) 2016 - Sharif University of Technology
  • 60th Place - Iranian nation-wide information technology M.Sc. entrance exam among 20000+ participants - 2018
  • 3rd Place - B.Sc. graduated students - University of Isfahan
  • Member of Exceptional Talent Center - Sharif University of Technology
  • Honorable Mention - ACM/ICPC 2016 - Asia Region
  • 3rd Place - Atrificial Intelligent Challange (AI) 2017 - Sharif University of Technology
  • Top 1% - among more than 250,000 participants of the Iranian university entrance exam for the B.Sc. degree - 2014