Endadul Hoque
  • Assistant Professor
  • Computing and Information Sciences
  • Florida International University
  •   ehoque AT fiu.edu
About Me

I am an Assistant Professor in the School of Computing and Information Sciences at Florida International University (FIU) . I received my Ph.D. in Computer Science from from the Department of Computer Science at Purdue University under the supervision of Prof. Cristina Nita-Rotaru in 2015. During 2016, I was a Postdoctoral Research Associate at Northeastern University (Host: Prof. Cristina Nita-Rotaru).


Academic positions
Awards and Grants
Fall 2017
I am currently looking for motivated graduate and undergraduate students who are interested in tackling practical cybersecurity problems in the networking domain. If interested, please contact me through email.
  Latest News
Aug 2017
CIS 5373 course page is up!
Mar 2017
I will join CIS@FIU as an Assistant Professor from Fall 2017
Mar 2017
Our paper "CHIRON" has been accepted in DSN 2017
Our paper titled "Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs" has been accepted at IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017. Many congratulations to Sze Yiu Chau and Omar Chowdhury
Feb 2017
Our paper "SymCerts" has been accepted in IEEE S&P 2017 (the top security conference, also known as Oakland)
Our paper titled "SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations" has been accepted at IEEE Symposium on Security and Privacy (S&P) 2017. [Acceptance rate: 13%] Many congratulations to Sze Yiu Chau and Omar Chowdhury


My research interests lie at the intersection of networked systems and security. Broadly, I'm interested in tackling practical cybersecurity problems in the networking domain, where the overarching goal is to create automated techniques to achieve higher assurance on networked systems. I primarily apply program analysis and formal verification techniques to design and develop automated analysis techniques for aiding the development of secure networked systems, including real-world implementations of network protocols and IoT systems.


Semantic bug detection via compliance checking

Vulnerable Execution Discovery in Internet Security Protocols


For full publication list, click  

  Selected Publications
Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs
  • Endadul Hoque, Omar Chowdhury, Sze Yiu Chau, Cristina Nita-Rotaru, and Ninghui Li
  • Conference IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO. June 2017
Network protocol implementations must comply with their specifications that include properties describing the correct operational behavior of the protocol in response to different temporal orderings of network events. Due to inconsistent interpretations of the specification, developers can unknowingly introduce semantic bugs, which cause the implementations to violate the respective properties. Detecting such bugs in stateful protocols becomes significantly difficult as their operations depend on their internal state machines and the complex interactions between the protocol logic. In this paper, we present an automated tool to help developers analyze their protocol implementations and detect semantic bugs violating the temporal properties of the protocols. Given an implementation, our tool (1) extracts the implemented finite state machine (FSM) of the protocol from the source code by symbolically exploring the code and (2) determines whether the extracted FSM violates given temporal properties by using an off-the-shelf model checker. We demonstrated the efficacy of our tool by applying it on 6 protocol implementations. We detected 11 semantic bugs (2 with security implications) when we analyzed these implementations against properties obtained from their publicly available specifications.
SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
  • Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li
  • Conference IEEE Symposium on Security and Privacy (S&P), San Jose, CA. May 2017.

The X.509 Public-Key Infrastructure has long been used in the SSL/TLS protocol to achieve authentication. A recent trend of Internet-of-Things (IoT) systems employing small footprint SSL/TLS libraries for secure communication has further propelled its prominence. The security guarantees provided by X.509 hinge on the assumption that the underlying implementation rigorously scrutinizes X.509 certificate chains, and accepts only the valid ones. Noncompliant implementations of X.509 can potentially lead to attacks and/or interoperability issues. In the literature, black-box fuzzing has been used to find flaws in X.509 validation implementations; fuzzing, however, cannot guarantee coverage and thus severe flaws may remain undetected. To thoroughly analyze X.509 implementations in small footprint SSL/TLS libraries, this paper takes the complementary approach of using symbolic execution.

We observe that symbolic execution, a technique proven to be effective in finding software implementation flaws, can also be leveraged to expose noncompliance in X.509 implementations. Directly applying an off-the-shelf symbolic execution engine on SSL/TLS libraries is, however, not practical due to the problem of path explosion. To this end, we propose the use of SymCerts, which are X.509 certificate chains carefully constructed with a mixture of symbolic and concrete values. Utilizing SymCerts and some domain-specific optimizations, we symbolically execute the certificate chain validation code of each library and extract path constraints describing its accepting and rejecting certificate universes. These path constraints help us identify missing checks in different libraries. For exposing subtle but intricate noncompliance with X.509 standard, we cross-validate the constraints extracted from different libraries to find further implementation flaws. Our analysis of 9 small footprint X.509 implementations has uncovered 48 instances of noncompliance. Findings and suggestions provided by us have already been incorporated by developers into newer versions of their libraries.

Automated Adversarial Testing of Unmodified Wireless Routing Implementations
  • Endadul Hoque, Hyojeong Lee, Rahul Potharaju, Charles Killian, and Cristina Nita-Rotaru
  • Journal IEEE/ACM Transactions on Networking (ToN), vol 24, issue 6, Dec 2016.
Numerous routing protocols have been designed and subjected to model checking and simulations. However, model checking the design or testing the simulator-based prototype of a protocol does not guarantee that the implementation is free of bugs and vulnerabilities. Testing implementations beyond their basic functionality (also known as adversarial testing) can increase protocol robustness. We focus on automated adversarial testing of real-world implementations of wireless routing protocols. In our previous work we created Turret, a platform that uses a network emulator and virtualization to test unmodified binaries of general distributed systems. Based on Turret, we create Turret-W designed specifically for wireless routing protocols. Turret-W includes new functionalities such as differentiating routing messages from data messages to enable evaluation of attacks on the control plane and the data plane separately, support for several additional protocols (e.g., those that use homogeneous/heterogenous packet formats, those that run on geographic forwarding (not just IP), those that operate at the data link layer instead of the network layer), support for several additional attacks (e.g., replay attacks) and for establishment of adversarial side-channels that allow for collusion. Turret-W can test not only general routing attacks, but also wireless specific attacks such as wormhole. Using Turret-W on publicly available implementations of five representative routing protocols, we (re-)discovered 37 attacks and 3 bugs. All these bugs and 5 of the total attacks were not previously reported to the best of our knowledge.
Building Robust Distributed Systems and Network Protocols Using Adversarial Testing and Behavioral Analysis
  • Endadul Hoque and Cristina Nita-Rotaru
  • Conference IEEE Cybersecurity Development Conference (SecDev), Boston, MA. Nov 2016
We describe our experience over the past five years with building more robust distributed systems and network protocols by using adversarial testing and behavioral analysis. We describe the benefits and disadvantages of both approaches and the design of the tools we have built (Turret, Turret-W, SNAKE, and Chiron). We discuss how we applied them to byzantine-resilient state machine replication, wireless routing protocols, transport protocols, TLS, and IoT implementation of application-level protocols.

Program Committee Member

Program Chair

  • PerIoT'18 (co-chair with Farzana Rahman and Samy El-Tawab), PerIoT'17 (co-chair with Farzana Rahman)

Contact Me

The best way to contact me is through email!