Mazharul Islam (মাজহারুল ইসলাম)

Your Headshot
CV Github Google Scholar Twitter LinkedIn mislam9@wisc.edu
Recent News
[Sep 23] Excited to participate and be awarded student travel grant from saTML. Thanks sponsors and organizers!
[Sep 23] Awarded student research grants from UW-Madison.
[May 23] My last summer's internship work at Visa Research "Compact" is on ArXiv. Feedbacks and comments are welcome.
[Aug 23] Presented our work “Araña" at USENIX Security 23. Here is TL;DR tweet I made about the paper.
[Jul 23] Got student travel grant from USENIX Security 23. Thanks to USENIX organizers and sponsors!
[May 23] I returned to Visa Research this summer to work on account recovery problem in passwordless user authentication!

About

I am a Ph.D. candidate at the University of Wisconsin-Madison in the department of computer science and a member of the Madison Security and Privacy (MadS&P) research lab . I did my M.Sc. in computer science from University of Wisconsin-Madison in 2022, and before that completed my B.Sc. in computer science and engineering from Bangladesh University of Engineering and Technology (BUET) in 2017.

Research summary

I am a computer security and privacy researcher. As a researcher, I focus on designing secure systems that can counteract attacks. To achieve this, I develop novel applied cryptography protocols, privacy-preserving machine learning techniques, and derive useful security policies via empirical analysis. Before starting my PhD, I used to do research in the areas of computational biology, software security, and lightweight cryptography for edge devices.

Since 2017, I have been doing research on solving a diverse range of problems. Feel free to click on the following buttons to know details about my past and ongoing research work in different areas.

User authentication

Publications: USENIX Security '22a, '22b, '23, two under submission

My PhD thesis is in the area of modern user authentication. In particular, my work investigates how to safeguard users' online accounts against advanced attacks——all while carefully striking a right balance amongst privacy, usability, security, and deployability related crucial issues of the underlying authentication scheme. I have worked on both password and passwordless user authentication.

Password-based user authentication: My ongoing and past works have focused on addressing security, and privacy issues of different types of user authentication widely used today such as password-based, and passwordless (device bound) authentication. My works have focused on stopping attackers from launching password guessing attacks. Currently, I am working on developing robust defenses for malicious login detection. I am been advised by Prof. Rahul Chatterjee (my Ph.D. advisor) and Prof. Thomas Ristenpart (from Cornell Tech) on these projects.

Passwordless user authentication: We have been observing a major force in transitioning towards passwordless user authentication via passkeys. My ongoing work have focused on solving security problems of passkeys and FIDO2-based user authentication alike. I have been collaborating with Visa Research's Identity and Authentication Team —where I have interned twice — for this work.

Privacy preserving machine learning

Publications: PETS 2024

I have also being working at the intersection of machine learning and cryptography to address the problem of secure training, and private inference. My recent work "compact" have addressed how to make complex activation functions used in machine learning secure multi-party computation (MPC) friendly.

Computational biology

Publications: BMC Genomics 2020, Bioinformatics journal 2022

Before starting my PhD, I used to work in the area of computation biology. I developed a dynamic programming based approach to estimate statistically consistent species tree from gene trees via maximizing the triplet consistency score. My another work involved developing a probabilistic method for filling genomic sequence gaps for short sequence reads.

My Master's thesis in BUET was related to security. It focused on developing lightweight cryptography for edge devices (published in MobiQuitous 2019)

Education

flag
University of Wisconsin-Madison
Doctor of Philosophy in Computer Science
Aug 2020 - Present
flag
University of Wisconsin-Madison
Masters of Science in Computer Science
Aug 2020 - May 2022
flag
Bangladesh University of Engineering and Technology (BUET)
Bachelor of Science in Computer Science and Engineering
Jul 2012 - Feb 2017

Work Experience

flag
Graduate Research Assistant
July 2020 - Present

Supervisor: Prof. Rahul Chatterjee (Advisor) Lab: Madison Security and Privacy (MadS&P) group at UW-Madiosn
Working on enhancing security of password based authentication without sacrificing their usability

flag
Staff Research Scientist, Intern
May 2024 - August 2024

Visa Research, Identity and Authentication Group , Foster City, CA.
Team members: Dr. Coby Wang (Mentor), and Dr. Sunpreet S. Arora (supervisor)

flag
PhD Research Intern,
May 2023 - August 2023

Visa Research, Identity and Authentication Group , Palo Alto, CA.
Team members: Dr. Coby Wang (Mentor), and Dr. Sunpreet S. Arora (supervisor)
Developing solutions to account recovery problem in passwordless user authentication.

flag
PhD Research Intern,
May 2022 - August 2022

Visa Research, Systems Security Group , Palo Alto, CA.
Team members: Dr. Maliheh Shirvanian (Mentor), Dr. Peter Rindel, and Dr. Sunpreet S. Arora(supervisor)
During the internship, I worked on designing multi-party computation (MPC) friendly complex non-linear functions used in deep neural networks.

flag
Lecturer,
Jul. 2017 - Jun. 2019

United International University (UIU), Dhaka, Bangladesh
Department of Computer Science and Engineering (CSE)
I was the primary instructor for undergraduate level theory courses. Throughout three years I designed and instructed the following undergraduate level courses to more than 300 students:
1. CSE-477: Network Security (Summer-17, Spring-18, Summer-18, Fall-18)
2. CSE-315: Data communications (Spring-18, Summer-18)

flag
Software Engineer
May 2017 - Jul. 2017

iPay Systems Ltd (an e-wallet and secure payment platform based company), Dhaka. Bangladesh
Supervisor: Tahmid Tanzim
1. Designed contact search, profile settings, and money transaction pages into the existing code base using Angular JS - 1.2
2. I developed a firewall manager from scratch on top of a Linux program named iptables using Angular JS-1.2 as frontend and Django as backend. The application was designed to help the network administrators to navigate and manage firewall rules with ease (similar to Cisco firewall manager).

Publications

[1] Mazharul Islam, Sunpreet S. Arora, Ke Coby Wang
“Detecting Compromise of Remotely Backed up Cryptographic Credentials" (title changed for anonymity)
PDF, Under review.

[2] Mazharul Islam, Marina Sanusi Bohuk, Thomas Ristenpart, Rahul Chatterjee
“Detecting Malicious logins in the Presence of Adaptive Attackers in Real Time" (title changed for anonymity)
PDF, Under review.

[3] Mazharul Islam, Sunpreet S. Arora, Rahul Chatterjee, Peter Rindal, Maliheh Shirvanian
“Compact: Approximating Complex Activation Functions for Secure Computation".
 PDF, Proceedings on Privacy Enhancing Technologies (PETS), 2024

[4] Mazharul Islam*, Marina Sanusi Bohuk*, Paul Chung, Thomas Ristenpart, Rahul Chatterjee (*co-first authors)
Araña: Discovering and Characterizing Password Guessing Attacks in Practice"
USENIX Security 2023, Acceptance rate = 29%.
PDF, Source Code Slides BibTeX

Citation

@inproceedings {islamArayna23,
author = {Mazharul Islam and Marina Sanusi Bohuk and Paul Chung and Thomas Ristenpart and Rahul Chatterjee},
title = {{Ara\~{n}a: Discovering and Characterizing Password Guessing Attacks in Practice}},
booktitle = {32nd USENIX Security Symposium (USENIX Security 22)},
year = {2023},
isbn = {},
address = {Anaheim, California, USA},
pages = {1867--1884},
url = {},
publisher = {USENIX Association},
month = aug,
}

[5] Marina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael Swift, Thomas Ristenpart, Rahul Chatterjee
Gossamer: Securely Measuring Password-based Logins"
USENIX Security 2022, Acceptance rate = 17.2%.
PDF, Source Code, Media Coverage: USENIX ;login: BibTeX

Citation

@inproceedings {281408,
author = {Marina Sanusi Bohuk and Mazharul Islam and Suleman Ahmad and Michael Swift and Thomas Ristenpart and Rahul Chatterjee},
title = {Gossamer: Securely Measuring Password-based Logins},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {1867--1884},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/sanusi-bohuk},
publisher = {USENIX Association},
month = aug,
}

[6] Bijeeta Pal, Mazharul Islam, Marina Sanusi Bohuk, Nick Sullivan, Luke Valenta, Tara Whalen, Christopher Wood, Thomas Ristenpart, Rahul Chattejee
"Might I Get Pwned: A Second Generation Compromised Credential Checking Service"
USENIX Security 2022, Acceptance rate = 17.2%.
PDF, Source Code, Media Coverage: The Cloudflare Blog. BibTeX

Citation

@inproceedings {279998,
author = {Bijeeta Pal and Mazharul Islam and Marina Sanusi Bohuk and Nick Sullivan and Luke Valenta and Tara Whalen and Christopher Wood and Thomas Ristenpart and Rahul Chatterjee},
title = {Might I Get Pwned: A Second Generation Compromised Credential Checking Service},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {1831--1848},
url = {https://www.usenix.org/conference/usenixsecurity22/presentation/pal},
publisher = {USENIX Association},
month = aug,
}

[7] Mazharul Islam, Sazzadur Rahaman, Na Meng, Behnaz Hassanshahi, Padmanabhan Krishnan, Danfeng (Daphne) Yao.
"Coding Practices and Recommendations of Spring Security for Enterprise Applications".
IEEE Secure Development Conference. Atlanta, GA, September 2020. Acceptance rate = 39%
PDF, Presentation Video BibTeX

Citation

@INPROCEEDINGS{islamCoding2020,
author={Islam, Mazharul and Rahaman, Sazzadur and Meng, Na and Hassanshahi, Behnaz and Krishnan, Padmanabhan and Yao, Danfeng Daphne},
booktitle={2020 IEEE Secure Development (SecDev)},
title={Coding Practices and Recommendations of Spring Security for Enterprise Applications},
year={2020},
volume={},
number={},
pages={49-57},
doi={10.1109/SecDev45635.2020.00024}
}

2020 and earlier

Mazharul Islam, Kowshika Sarker, Trisha Das, Rezwana Reaz, Md. Shamsuzzoha Bayzid
STELAR: a statistically consistent coalescent-based species tree estimation method by maximizing triplet consistency".
BMC Genomics 21, 136 (2020). Impact Factor: 3.9
PDF, Source Code BibTeX

Citation

@article{islam2020stelar,
title={{STELAR: A statistically consistent coalescent-based species tree estimation method by maximizing triplet consistency}},
author={Islam, Mazharul and Sarker, Kowshika and Das, Trisha and Reaz, Rezwana and Bayzid, Md Shamsuzzoha},
journal={BMC Genomics},
volume={21},
number={1},
pages={1--13},
year={2020},
publisher={BioMed Central}
}

Sumit Tarafder, Mazharul Islam, Swakkhar Shatabda, Atif Rahman
Figbird: a probabilistic method for filling gaps in genome assemblies".
Bioinformatics, Volume 38, Issue 15, 1 August 2022, Pages 3717–3724. Impact Factor: 6.9
PDF, Source Code BibTeX

Citation

@article{tarafder2022figbird,
title={Figbird: a probabilistic method for filling gaps in genome assemblies},
author={Tarafder, Sumit and Islam, Mazharul and Shatabda, Swakkhar and Rahman, Atif},
journal={Bioinformatics},
volume={38},
number={15},
pages={3717--3724},
year={2022},
publisher={Oxford University Press}
}

Mazharul Islam, Novia Nurain , Mohammad Kaykobad , Sriram Chellappan , A. B. M. Alim Al Islam
"HEliOS: huffman coding based lightweight encryption scheme for data transmission".
Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and ServicesNovember 2019 (MobiQuitous '19), Pages 70–79. H-index: 40, Acceptance Rate = 30%.
PDF Presentation Slides BibTeX

Citation

@inproceedings{islam2019helios,
title={{HEliOS: huffman coding based lightweight encryption scheme for data transmission}},
author={Islam, Mazharul and Nurain, Novia and Kaykobad, Mohammad and Chellappan, Sriram and Islam, ABM Alim Al},
booktitle={Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services},
pages={70--79},
year={2019}
}

Mazharul Islam, MD. Nazmuddoha Ansary, Novia Nurain, Salauddin Parvez Shams, A. B. M. Alim Al Islam
A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm".
2018 5th International Conference on Networking, Systems and Security (NSysS)
PDF BibTeX

Citation

@INPROCEEDINGS{8631373,
author={Islam, Mazharul and Ansary, MD. Nazmuddoha and Nurain, Novia and Shams, Salauddin Parvez and Alim Al Islam, A. B. M.},
booktitle={2018 5th International Conference on Networking, Systems and Security (NSysS)},
title={A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm},
year={2018},
volume={},
number={},
pages={1-9},
doi={10.1109/NSysS.2018.8631373}}

Miscellaneous

  • My wife Salsabil Arabi is also a graduate student at UW-Madison. Her research interest is in the area of data science, machine learning, and she trains models to predict breakthrough results in medical science in their early stage.
  • In free time, I like driving and visiting national parks (we have so many in Wisconsin!). It makes me feel closer to the nature 😊