“Ragib worked with myself and others on the development of a delegated authentication system. We brainstormed, designed, and mostly implemented the system during his internship. A paper covering the outcome of the work and comparing it to the OAuth industry standard has been accepted at ACSAC 2008.”
About
Activity
-
NSYSS has been a fantastic opportunity to reconnect with old friends and meet brilliant CSE faculty and students from BUET and other top schools in…
NSYSS has been a fantastic opportunity to reconnect with old friends and meet brilliant CSE faculty and students from BUET and other top schools in…
Liked by Ragib Hasan
-
Pleased to share some great news for three of our faculty members in @uab_cj. Dr. Lindsay Leban was just promoted to Associate Professor with the…
Pleased to share some great news for three of our faculty members in @uab_cj. Dr. Lindsay Leban was just promoted to Associate Professor with the…
Liked by Ragib Hasan
-
I am honored to announce that I've taken on a new role as Chief Technology Officer at Powin! Powin's commitment to excellence and innovation aligns…
I am honored to announce that I've taken on a new role as Chief Technology Officer at Powin! Powin's commitment to excellence and innovation aligns…
Liked by Ragib Hasan
Experience & Education
Publications
-
Litigo: A Cost-Driven Model for Opaque Cloud Services
Proceedings of IEEE Cloud
Cloud computing provides software, platform, and infrastructure as a service that helps organizations to perform several resource intensive tasks. The services offered by a cloud service provider are limited by provider-specific options in terms of the pre-specified configurations. Moreover, it is sometimes expensive to pay a fixed amount of money without any format of negotiation or price-matching deals for the cloud-based services and resources. Conversely, the negotiator-based model for…
Cloud computing provides software, platform, and infrastructure as a service that helps organizations to perform several resource intensive tasks. The services offered by a cloud service provider are limited by provider-specific options in terms of the pre-specified configurations. Moreover, it is sometimes expensive to pay a fixed amount of money without any format of negotiation or price-matching deals for the cloud-based services and resources. Conversely, the negotiator-based model for opaque services has gained popularity in various markets, such as, for flights, hotels, and rentals. We posit that a similar opaque inventory for cloud-based services and resources is the next generation niche for consumer acquisition and service delivery in the cloud computing market. Such a model will facilitate the clients with flexible resource and service provisioning at reasonable prices, and will also allow a higher revenue and increase resource utilization for cloud service providers. In this paper, we propose Litigo, a cost-driven model for opaque service platforms for cloud computing. The Litigo component acts as a middle-man to deliver cloud-based services from a set of cloud service providers to the end users. We present a detailed cost model and comparison between establishing a cloud service vs. an opaque cloud service. Our empirical framework allows a Litigo service provider to analyze the profit model and creates the market niche accordingly. We performed extensive analysis using simulated model verification for Litigo. The proposed model delivers an opaque cloud as a service to clients at a reasonable price by maximizing the resource utilization and revenue of cloud service providers.
Other authorsSee publication -
Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things
IEEE Services Visionary Track on Internet of Things, New York, USA
The Internet-of-Things paradigm has already started being utilized in numerous domains like e-Health, e-Home, e-Commerce, e-Trafficking, etc. Soon enough, there will be many more domains added too. This rapid expansion of Internet-of-Things, definitely, will make possible attackers more inquisitive about interconnected objects and networks, as their goal is to perform malicious acts using Internet-of-Things’ vulnerabilities in order to destroy the equilibrium of this ecosystem. Therefore…
The Internet-of-Things paradigm has already started being utilized in numerous domains like e-Health, e-Home, e-Commerce, e-Trafficking, etc. Soon enough, there will be many more domains added too. This rapid expansion of Internet-of-Things, definitely, will make possible attackers more inquisitive about interconnected objects and networks, as their goal is to perform malicious acts using Internet-of-Things’ vulnerabilities in order to destroy the equilibrium of this ecosystem. Therefore, security researchers should not be delayed to scrutinize every single component of Internet-of-Things in order to make this ecosystem secure, before it is too late. Internet-of-Things’ security may also be of a much higher importance comparing to ordinary computer system’s security, considering that it is affecting human lives and lifestyle. Thus, any weakness in its security can lead to irreparable damages. In light of the above, this literary article consists of analysis of Internet-of- Things’ attack surfaces, threat models, security issues, requirements and challenges. Moreover, the need and methodology unto Internet-of-Things forensics, in case of Internet-of-Things crime, has been outlined.
-
UDaaS: A Cloud-based URL-Deduplication-as-a-Service for Big Datasets
4th IEEE International Conference on Big Data and Cloud Computing (BDCloud)
Since the number of potential malicious URLs from diverse sources is large, URL deduplication is needed for the efficient identification of malicious websites. URL Deduplication- as-a-Service (UDaaS) was developed to help a URL analyst to deploy and manage a cloud-based distributed and parallel URL deduplication infrastructure easily; this can improve the performance of malicious websites detection while reducing duplication and quantity of local storage requirements.
Other authors -
Towards Building Forensics Enabled Cloud Through Secure Logging-as-a-Service
IEEE Transactions on Dependable and Secure Computing, 2015
Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. Analyzing various logs (e.g., process logs, network logs) plays a vital role in computer forensics. Unfortunately, collecting logs from a cloud is very hard given the black-box nature of clouds and the multi-tenant cloud models, where many users share the same processing and network resources. Researchers have…
Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. Analyzing various logs (e.g., process logs, network logs) plays a vital role in computer forensics. Unfortunately, collecting logs from a cloud is very hard given the black-box nature of clouds and the multi-tenant cloud models, where many users share the same processing and network resources. Researchers have proposed using log API or cloud management console to mitigate the challenges of collecting logs from cloud infrastructure. However, there has been no concrete work, which shows how to provide cloud logs to investigator while preserving users' privacy and integrity of the logs. In this paper, we introduce Secure-Logging-as-a-Service (SecLaaS), which stores virtual machines' logs and provides access to forensic investigators ensuring the confidentiality of the cloud users. Additionally, SeclaaS preserves proofs of past log and thus protects the integrity of the logs from dishonest investigators or cloud providers. Finally, we evaluate the feasibility of the scheme by implementing SecLaaS for network access logs in OpenStack -- a popular open source cloud platform.
Other authorsSee publication -
The Enemy Within: The Emerging Threats to Healthcare from Malicious Mobile Devices
MobiHealth 2012
With the proliferation of wireless networks, mobile devices and medical devices are increasingly being equipped with wireless interfaces, such as Bluetooth and WiFi to allow easy access to and control of the medical devices. Unfortunately, the very presence and usage of such interfaces also expose the medical devices to novel attacks from malicious parties. The emerging threat from malicious mobile devices is significant and severe, since attackers can steal confidential data from a patient’s…
With the proliferation of wireless networks, mobile devices and medical devices are increasingly being equipped with wireless interfaces, such as Bluetooth and WiFi to allow easy access to and control of the medical devices. Unfortunately, the very presence and usage of such interfaces also expose the medical devices to novel attacks from malicious parties. The emerging threat from malicious mobile devices is significant and severe, since attackers can steal confidential data from a patient’s medical device. Also, attackers can compromise the medical device and either feed doctors bad data from it or issue potentially fatal commands to the device, which may even result in the death of the patient. As the mobile devices are often at close proximity to the patient (either in the hospital or home settings), attacks from such devices are hard to prevent. In this paper, we present a systematic analysis of this new threat from mobile devices on medical devices and healthcare infrastructure. We also perform a thorough secu- rity analysis of a major hospital and uncover potential vulnerabilities. Finally, we propose a set of potential solutions and defenses against such attacks.
Other authorsSee publication -
Efficient Audit-based Compliance for Relational Data Retention
Proceedings of ACM ASIACCS 2011
The Sarbanes-Oxley Act inspired research on long-term high-integrity retention of business records, leveraging the immutability guarantees that WORM storage servers offer for files. In this paper, we present the {\it transaction log on WORM} (TLOW) approach for supporting long-term immutability for relational tuples. TLOW stores the transaction log on WORM and uses an audit helper (AH) add-on to continuously perform audit-related activities without compromising transaction performance or audit…
The Sarbanes-Oxley Act inspired research on long-term high-integrity retention of business records, leveraging the immutability guarantees that WORM storage servers offer for files. In this paper, we present the {\it transaction log on WORM} (TLOW) approach for supporting long-term immutability for relational tuples. TLOW stores the transaction log on WORM and uses an audit helper (AH) add-on to continuously perform audit-related activities without compromising transaction performance or audit trustworthiness. TLOW imposes only 1-11\% runtime overhead on TPC-C transactions, much less than previously proposed approaches, and does not require DBMS kernel changes. TLOW audits are extremely fast, e.g., two hours to audit a year of continuous TPC-C activity, versus 10 days for previously proposed approaches. This opens up the possibility of real-time internal audits that can detect fraudulent activity before its effects propagate throughout an enterprise. We also provide a proof of correctness for TLOW, which exposes a subtle threat that affects the correctness of previously proposed approaches.
Other authorsSee publication -
Trustworthy Vacuuming and Litigation Holds in Long-term, High-integrity Records Retention
Proceedings of EDBT 2010
Relational databases are periodically vacuumed to remove tuples that have expired. During the discovery phase of litigation, plaintiffs ask defendants for access to information related to their case. The requested information is then subject to a litigation hold, which means that the information cannot be deleted. Vacuuming exposes a database to a new threat -- adversaries can try to thwart database auditing mechanism by masquerading an illegal tuple deletion as a vacuuming operation, and…
Relational databases are periodically vacuumed to remove tuples that have expired. During the discovery phase of litigation, plaintiffs ask defendants for access to information related to their case. The requested information is then subject to a litigation hold, which means that the information cannot be deleted. Vacuuming exposes a database to a new threat -- adversaries can try to thwart database auditing mechanism by masquerading an illegal tuple deletion as a vacuuming operation, and delete an unexpired tuple, or a tuple under a litigation hold.
In this paper, we provide a generic framework for auditing vacuuming, augment existing database integrity audit mechanisms to support vacuuming, formalize the notion of a litigation hold, and identify key issues in the context of database systems for long-term, high-integrity records retention. Then, we propose several schemes for efficiently implementing trustworthy litigation holds. Finally, we evaluate the efficiency and tradeoffs of the different schemes using a series of experiments.Other authorsSee publication -
Trustworthy History and Provenance for Files and Databases
Ph.D. Thesis, Dept. of Computer Science, University of Illinois at Urbana-Champaign
In today’s world, information is increasingly created, processed, transmitted, and stored digitally. While the digital nature of information has brought enormous benefits, it has also created new vulnerabilities and attacks against data. Unlike physical documents, digitally stored information can be rapidly copied, erased, or modified. The distributed nature of today’s computing systems also implies that digital data may be stored in or transmitted via untrusted systems. In many cases, even…
In today’s world, information is increasingly created, processed, transmitted, and stored digitally. While the digital nature of information has brought enormous benefits, it has also created new vulnerabilities and attacks against data. Unlike physical documents, digitally stored information can be rapidly copied, erased, or modified. The distributed nature of today’s computing systems also implies that digital data may be stored in or transmitted via untrusted systems. In many cases, even insiders can have financial or strategic motives to tamper with data. Thus,
throughout its lifecycle, data may be exposed to many modifications, and be processed by many principals, some of whom may not be trustworthy. In order to trust data, it is therefore useful to know its history, and to protect data history from illicit
modifications. Widespread use of electronic records in high-stakes applications such as business and health-care means that the need to ensure trustworthiness of data retention is crucial. Society as a whole will benefit significantly from the development and adoption of techniques for ensuring the integrity of data history, as such assurances will increase public trust in electronic records.
In this dissertation, we explore techniques for providing integrity assurances for the history of data in an untrusted environment. We show that it is possible to provide strong integrity assurances for data history, without incurring high performance overheads, or using costly trusted hardware. We first focus on file systems
and data provenance, and develop provably-secure schemes for securing file provenance information. With empirical evaluation using realistic file system workloads, we show that our scheme has low overhead, and can be deployed with minimal changes to existing applications. Next, we investigate history integrity in database systems. We develop an efficient, low-overhead architecture for making databases tamper-evident, and ... [more in linked pdf] -
How Much Does Storage Really Cost? Towards a Full Cost Accounting Model for Data Storage
To appear at the 10th International Conference on Economics of Grids, Clouds, Systems, and Services (GECON), 2013
In our everyday lives, we create massive amounts of data. But how much does it really cost to store data? With ever decreasing cost of storage media, a popular misconception is that the cost of storage has become cheaper than ever. However, we argue that the cost of storing data is not equal to the cost of storage media alone -- rather, many often ignored factors including human, infrastructure, and environmental costs contribute to the total cost to store data. Unfortunately, very little…
In our everyday lives, we create massive amounts of data. But how much does it really cost to store data? With ever decreasing cost of storage media, a popular misconception is that the cost of storage has become cheaper than ever. However, we argue that the cost of storing data is not equal to the cost of storage media alone -- rather, many often ignored factors including human, infrastructure, and environmental costs contribute to the total cost to store data. Unfortunately, very little research has been done to determine the full cost of cloud based storage systems. Most existing studies do not account for indirect factors and determinants of storage cost. To fully determine the true cost of data storage, we need to perform full cost accounting -- a well known accounting technique. In this paper, we present a full cost accounting model for cloud storage systems. We include all the hidden and environmental costs as well as regular costs to develop a comprehensive model for storage system costs. To the best of our knowledge, this is the first work on creating a full cost accounting model for cloud based storage systems.
Other authors
Courses
-
Computer Security
-
Honors & Awards
-
2022 President's Award for Excellence in Teaching
The University of Alabama at Birmingham
The President’s Award for Excellence in Teaching recognizes full-time regular faculty members of The University of Alabama at Birmingham who have demonstrated exceptional accomplishments in teaching. A recipient is chosen from the College of Arts and Sciences and each of the schools and the Joint Health Sciences.
-
Faculty Early Career Development (CAREER) Program
National Science Foundation
CAREER: The Faculty Early Career Development (CAREER) Program is a Foundation-wide activity that offers the National Science Foundation's most prestigious awards in support of junior faculty who exemplify the role of teacher-scholars through outstanding research, excellent education and the integration of education and research within the context of the mission of their organizations. Such activities should build a firm foundation for a lifetime of leadership in integrating education and…
CAREER: The Faculty Early Career Development (CAREER) Program is a Foundation-wide activity that offers the National Science Foundation's most prestigious awards in support of junior faculty who exemplify the role of teacher-scholars through outstanding research, excellent education and the integration of education and research within the context of the mission of their organizations. Such activities should build a firm foundation for a lifetime of leadership in integrating education and research. NSF encourages submission of CAREER proposals from junior faculty members at all CAREER-eligible organizations and especially encourages women, members of underrepresented minority groups, and persons with disabilities to apply.
Languages
-
English
Native or bilingual proficiency
-
Bengali
Native or bilingual proficiency
-
C
Native or bilingual proficiency
Organizations
-
Association of Computing Machinery
Professional Member
- Present
Recommendations received
1 person has recommended Ragib
Join now to viewMore activity by Ragib
-
So happy to be promoted and congratulations to all my excellent colleagues!
So happy to be promoted and congratulations to all my excellent colleagues!
Liked by Ragib Hasan
-
We are proud to announce that four College of Engineering professors recently received the National Science Foundation CAREER Award, one of the most…
We are proud to announce that four College of Engineering professors recently received the National Science Foundation CAREER Award, one of the most…
Liked by Ragib Hasan
-
Journey to solve a problem is as much a journey to understand the problem structure as it is to solve it. Being able to look the problem in the right…
Journey to solve a problem is as much a journey to understand the problem structure as it is to solve it. Being able to look the problem in the right…
Liked by Ragib Hasan
-
An early morning surprize from the ECE staff - thank you. #eceisthebest
An early morning surprize from the ECE staff - thank you. #eceisthebest
Liked by Ragib Hasan
-
"In practical terms, this building will create even more opportunities for faculty, as well as undergraduate and graduate students, to conduct…
"In practical terms, this building will create even more opportunities for faculty, as well as undergraduate and graduate students, to conduct…
Liked by Ragib Hasan
-
Proud to be a part of this exciting project.
Proud to be a part of this exciting project.
Liked by Ragib Hasan
-
I am thrilled and honored to join the CCC council, where I will have the privilege of working with a group of distinguished colleagues and serving…
I am thrilled and honored to join the CCC council, where I will have the privilege of working with a group of distinguished colleagues and serving…
Liked by Ragib Hasan
-
Sharing a blogpost showcasing examples on how our recently-launched vector search, embedding generation, and LLM inference capabilities can be used…
Sharing a blogpost showcasing examples on how our recently-launched vector search, embedding generation, and LLM inference capabilities can be used…
Liked by Ragib Hasan
-
In a typical week, I teach classes at both undergraduate and graduate levels in materials science and engineering, supervise students, manage…
In a typical week, I teach classes at both undergraduate and graduate levels in materials science and engineering, supervise students, manage…
Liked by Ragib Hasan
-
I am truly humbled and honored to have been appointed as an Endowed faculty - McNeel Associate Professor of Engineering - at the University of…
I am truly humbled and honored to have been appointed as an Endowed faculty - McNeel Associate Professor of Engineering - at the University of…
Liked by Ragib Hasan
-
I was honored to receive the High Performance Distributed Computing Achievement Award last week in Pisa. The citation begins: “For pioneering…
I was honored to receive the High Performance Distributed Computing Achievement Award last week in Pisa. The citation begins: “For pioneering…
Liked by Ragib Hasan
Other similar profiles
-
Jamil Saad
Professor at University of Alabama at Birmingham
Connect -
Mahmut Unan
Assistant Professor at University of Alabama at Birmingham - Computer Science
Connect -
Yuliang Zheng (Dr. Signcryption)
Professor and Chair
Connect -
BAOCHENG GENG
Assistant Professor at University of Alabama at Birmingham
Connect -
Akhlaque Haque
Professor at University of Alabama at Birmingham
Connect -
Gary Warner
Connect -
Md Kamruzzaman Sarker
Assistant Professor of Computer Science
Connect -
Monir Hossain
Ph.D. Candidate | Blazer Graduate Research Fellow | Sparkman Fellow
Connect -
Mosharaf Chowdhury
Connect -
Syed Rafiul Hussain
Assistant Professor at Penn State University
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Ragib Hasan
-
Ragib Hasan
Senior Software Engineer at DX Group
-
Ragib Hasan
Project Manager-Akyas Sanitation
-
Ragib Hasan
SEO Strategiest | Transforming businesses through strategic SEO solutions | Let's boost your online presence together with my expert guidance!
-
Ragib Hasan
Air/Sea Freight | Freight Forwarding | Export/Import | Logistic & Procurement | Operation & Planning | B2B Sales | DG Expert I Customer Satisfaction | Relationship Management | Leadership
79 others named Ragib Hasan are on LinkedIn
See others named Ragib Hasan