Tamjid Al Rahat

Research areas:

Software and systems security
AI for security
Formal verification and program analysis
Program repair

I am an Applied Scientist at Amazon Web Services (AWS) where I work on innovating automated technologies to proactively detect and mitigate security issues across AWS services and applications.

I completed my Ph.D. from the University of California Los Angeles (UCLA) in 2024, where I was advised by Prof. Yuan Tian, and also mentored by Prof. Yu Feng from UC Santa Barbara. I finished my M.S in Computer Science from the University of Virginia and B.S in Computer Science and Engineering from the Bangladesh University of Engineering and Technology (BUET).

I am broadly interested in software and systems security. My research focuses on building automated and scalable techniques, employing formal methods, static analysis, reverse engineering, program repair/synthesis, and machine learning to guarantee the underlying systems adhere to their security specifications. My research methods have been used to identify high-severity security bugs in popular software products, including Google's authentication, and discover 60+ security bugs/zero-days leading to 8+ new CVEs.

Publications

- ACM CCS 2024 : "AuthSaber: Automated Safety Verification of OpenID Connect Programs" [Paper]
  Tamjid Al Rahat, Yu Feng, and Yuan Tian
  31st ACM Conference on Computer and Communications Security
- ACM CCS 2022: "Cerberus: Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations" [Paper]
  Tamjid Al Rahat, Yu Feng, and Yuan Tian
  29th ACM Conference on Computer and Communications Security
- IEEE TPS 2022 (Best Paper Award): "ML-FEED: Machine Learning Framework for Efficient Exploit Detection'' [Paper]
  Tanujay Saha, Tamjid Al Rahat, Najwa Aaraj, Yuan Tian, Niraj K. Jha
  IEEE International Conference on Trust, Privacy and Security.
- ACM WPES 2022: "Is Your Policy Compliant? A Deep Learning-based Empirical Study of Privacy Policies' Compliance with GDPR" [Paper]
  Tamjid Al Rahat, Minjun Long, and Yuan Tian
  ACM Workshop on Privacy in the Electronic Society.
- VEHITS 2020: "Evaluating the Dedicated Short-range Communication for Connected Vehicles against Network Security Attacks" [Paper]
  Tu Le, Ingy Elsayed-Aly, Weizhao Jin, Seunghan Ryu, Guy Verrier, Tamjid Al Rahat, B. Brian Park, Yuan Tian
  6th Int. Conference on Vehicle Technology and Intelligent Transport Systems
- ACM/IEEE ASE 2019: "OAuthLint: An Empirical Study on OAuth Bugs in Android Applications" [Paper]
  Tamjid Al Rahat, Yu Feng, and Yuan Tian
  34th IEEE/ACM Int. Conference on Automated Software Engineering
- ADC 2018: "Maximizing Reverse k Nearest Neighbors for Trajectories (MaxRkNNT)" [Paper]
  Tamjid Al Rahat, Arif Arman, Mohammed Eunus Ali
  29th Australasian Database Conference
- ACSAC 2023 [Poster]: "Using Program Knowledge Graph to Uncover Software Vulnerabilities"
  Mengjie Xie, Tamjid Al Rahat, Wei Wang, Yuan Tian
  Annual Computer Security Applications Conference (ACSAC), 2023

News

I will serve on the PC committee of Usenix 2024 (Poster). [July 2024]
I have joined at AWS Proactive Security as an Applied Scientist. [July 2024]
I have defended my PhD thesis on "Automated Detection and Mitigation of Vulnerabilities in Single Sign-on Implementations." [June 2024]
Our paper titled "AuthSaber: Automated Safety Verification of OpenID Connect Programs" is accepted in ACM CCS 2024. [April 2024]
I will serve on the Program Committee of IEEE S&P '24 (posters). [Mar 2024]
Our poster titled "Using Program Knowledge Graph to Uncover Software Vulnerabilities" has been accepted in ACSAC 2023. [Nov 2023]
I received Google Research Paper Rewards for my work on the security analysis of open-source Single Sign-on Service Providers. [Apr 2023]
I have been selected as a Finalist for the Qualcomm Innovation Fellowship 2023. [Mar 2023]
I will serve on the Program Committee of IEEE S&P '23 (posters). [Feb 2023]
Our paper "ML-FEED" received the Best Paper Award in IEEE TPS 2023. [Dec 2022]
I will serve as session chair in ACM CCS '22. [Nov 2022]
Our paper titled "ML-FEED: Machine Learning Framework for Efficient Exploit Detection'' is accepted in IEEE TPS 2022. [Oct 2022]
I will serve as session chair in WPES '22. [Oct 2022]
My paper titled "Is Your Policy Compliant? An Empirical Study of Privacy Policies' Compliance with GDPR" is accepted in WPES '22 (co-located with ACM CCS). [Oct 2022]
I have been awarded Google Vulnerability Research Grant [July 2022].
I will serve on the Program Committee of CCS 2022 Posters & Demos.
I am excited to rejoin AWS Automated Reasoning Group at Amazon as an Applied Scientist Intern to work on the Formal Security Verification of AWS Services.
My research findings are published in The Hacker News, Cloud7, and featured in UVA Engineering [May 2022].
My paper titled "Cerberus: Query-driven Scalable Security Checking for OAuth Service Provider Implementations'' is accepted in ACM CCS 2022.
Google acknowledged my report on a critical security vulnerability (with 5000$ rewards) in a popular authentication library of Java. [April 2022].
This vulnerability got a new CVE-2021-22573 with CVSS score 8.7/10 and is a part of Snyk Vulnerability DB.
Pac4j acknowledged and fixed a critical security vulnerability I reported in their OpenID protocol implementation. [Dec 2021]
This vulnerability got a new CVE-2021-44878 with CVSS score 7.5/10.
I spent the Summer '20 as an Applied Scientist Intern at AWS Automated Reasoning Group in Amazon. [May 2020].
My paper titled "OAuthLint: An Empirical Study on OAuth Bugs in Android Applications" is accepted in ASE 2019.
I received a travel grant to participate in Amazon’s Graduate Research Symposium 2019. [March 2019].