Mustakimur Khandaker

Proud to make the digital world

a little more safer for all

Mustakimur Rahman

Hi

I am a cybersecurity researcher and practitioner with a background spanning both academia and industry, specializing in system and software security. Currently, I work at Samsung Research America, focusing on Security Assessment and Architecture for the Knox Zero Trust (Enterprise) project.
Before transitioning to industry, I served as an Assistant Professor of Cybersecurity in the School of Computing at the University of Georgia, where I taught, mentored students, and conducted research in system security. I earned my Ph.D. in Computer Science from Florida State University in 2020, under the supervision of Dr. Zhi Wang. I have published in the top-tier system and security conference alongside many collaborators.

Earlier in my career, I worked as an Android Software Engineer at Samsung Research and Development Institute Bangladesh. I hold a B.Sc. in Computer Science and Engineering from Chittagong University of Engineering and Technology (CUET), obtained in 2012.
I am an active contributor and advocate of open-source software. To learn more about my work and projects, please visit my research page. I also share my thoughts on security threats and defense mechanisms in my blog. Outside of work, I enjoy spending time in my little garden, traveling the world, and reading books. Check out my diary.

Email: mustakcsecuet@gmail.com
Office: Samsung Research America
Mail: 665 Clyde Ave
Mountain View, CA 94043

Publications

  • COIN attacks: on the insecurity of enclave untrusted interfaces in SGX.
    Mustakimur Rahman Khandaker, Yueqiang Cheng, Zhi Wang, Tao Wei.
    Proceedings of the 25th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’20).
    Lausanne, Switzerland, March 2020 (18%).
    [Paper] [Presentation] [Source]
  • Origin-sensitive Control Flow Integrity.
    Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, Jie Yang.
    Proceedings of the 28th USENIX Security Symposium (USENIX Security’19).
    Santa Clara, CA, USA, August 2019 (16%).
    [Paper] [Presentation] [Source]
  • Understanding the Challenges in Detecting Vulnerabilities of Rust Applications.
    Diane B. Stephens, Kawkab Aldoshan, Mustakimur Rahman Khandaker
    IEEE Secure Development Conference (SecDev’24)
    Pittsburgh, PA, October 2024 (31%).
    [Paper]
  • cmdFuzz: Fuzzing Stripped Firmware Applications with Command-line Arguments
    Kawkab Aldoshan, Diane B. Stephens, Mustakimur Rahman Khandaker
    [Paper]
  • Adaptive Call-site Sensitive Control Flow Integrity.
    Mustakimur Rahman Khandaker, Abu Naser, Wenqing Liu, Zhi Wang,Yajin Zhou,Yueqiang Cheng.
    Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P’19).
    Stockholm, Sweden, Jun 2019 (20%).
    [Paper] [Presentation] [Source] [Best Paper Award]
  • RustLIVE: Reducing the Learning Barriers of Rust Through Visualization.
    Diane B. Stephens, Kyu Hyung Lee, Mustakimur Rahman Khandaker
    Frontiers in Education 2024 (FIE’24)
    Washington DC, USA, October 2024.
    [Paper]
  • Secure In-cache Execution.
    Yue Chen, Mustakimur Rahman Khandaker, Zhi Wang.
    Proceedings of the 20th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID’17).
    Atlanta, Georgia, September 2017.
  • Pinpointing Vulnerabilities.
    Yue Chen, Mustakimur Rahman Khandaker, Zhi Wang.
    Proceedings of the 12th ACM Asia Conference on Computer and Communications Security (AsiaCCS’17).
    Abu Dhabi, United Arab Emirates, April 2017.
  • Location-based early disaster warning and evacuation system on mobile phones using OpenStreetMap.
    Khandaker Mustakimur Rahman, Tauhidul Alam, Mahfuzulhoq Chowdhury.
    Open Systems (ICOS), 2012 IEEE Conference on (ICOS ’12).
    Kuala Lumpur, 21-24 Oct. 2012.

Professional Career

  • Knox Zero Trust
    • Security Log
      Signal Assessment, Security Architecture, Code Review
  • AI Red Teaming
    • Indirect Prompt Injection
      Security Tooling, Prompt Generator
  • Control Flow Integrity
    • Context-sensitive CFI Policy
      Origin-sensitive, Callsite-sensitive, Context-sensitive
    • CFI Enforcement
      Cross-DSO coverage, LLVM-to-Instruction
  • Trustworthy System
    • Intel SGX Assessment
      Threat Modeling, Security Tooling, Vulnerability Reporting
  • Memory Safe Language
    • Rust Application
      Visualization Tool, Threat Assessment, Crate Development
  • Embedded System Software
    • IoT Firmware Analysis
      Security Tooling, Vulnerability Report
  • Android Development
    • Artecture Draw, Sketch, Paint
      UX/UI Development, Native Artwork Tooling
    • Samsung Personal Information Management System
      Feature Development, Issue Resolution
  • Teaching
    • Cyber Security [CSCI 4250/6250]
      Fall 2020, Fall 2021, Fall 2022, Fall 2023, Spring 2025.
    • Secure Programming [CSCI 8245]
      Spring 2021, Spring 2022, Spring 2023, Fall 2024.
    • Computer Networks [CSCI 6760]
      Spring 2023, Spring 2025.
  • External Reviewer
    • Program Committee.
      Annual Computer Security Applications Conference (ACSAC), 2022.
      The International Workshop on Security, Privacy, and Trust for Emergency Events, 2020.
    • Journal Reviewer.
      IEEE Transactions on Computers (TC-CS).
      IEEE Transactions on Dependable and Secure Computing (TDSC-CS).

    Honors & Awards

    • Best Paper Award (2019)
      IEEE European Symposium on Security and Privacy.
    • Career Development Influencer(2024)
      Career Center @ University of Georgia.
    • Graduate Research Assistant Award (2019)
      CS @ Florida State University.
    • Graduate Teaching Assistant Award (2018)
      CS @ Florida State University.
    • Competitive Programming (2017-2019)
      Top, ACM @ FSU.