About Me
My name is Seyedhamed (Hamed) Ghavamnia (written as سید حامد قوام نیا in Persian)
and I am an Assistant Professor at the School of Computing
at University of Connecticut.
I completed my PhD at the Computer Science Department of
Stony Brook University under the supervision of my advisor,
Prof. Michalis Polychronakis
where I worked on software security and more specifically on attack surface reduction.
Prior to that I was the team lead for the security software development team in
Irisa. I obtained my B.E. in Software Engineering from University of Isfahan
and my M.S. in Computer Engineering with concentration on Network Security
from Sharif University of Technology. My Master's thesis was about
traffic analysis.
More information is available in my
CV.
@s_hamedgh |
Google Scholar
Prospective Students
If you are an undergraduate or masters student at UConn and looking to work on a research
project, please send me an email with your CV.
Research Interests
- System/Software Security
- Attack Surface Reduction through Program Analysis
- Memory Safe Languages
Teaching
- CSE4100: Programming Language Translation - Spring 2024
- CSE5095: Special Topics in Computer Science and Engineering - Fall 2023
Conference Publications
-
C2C: Fine-grained Configuration-driven System Call Filtering
Seyedhamed Ghavamnia, Tapti Palit, and Michalis Polychronakis.
In Proceedings of the 29th ACM Conference on Computer and Communications
Security (CCS). November 2022, Los Angeles, LA.
-
Decap: Deprivileging Programs by Reducing Their Capabilities
Md Mehedi Hasan, Seyedhamed Ghavamnia, and Michalis Polychronakis.
In Proceedings of the 25th International Symposium on
Research in Attacks, Intrusions, Defenses (RAID 2022). October 2022,
Limassol, Cyprus.
-
Confine: Automated System Call Policy Generation for Container
Attack Surface Reduction
Seyedhamed Ghavamnia, Tapti Palit, Azzedine Benameur, and Michalis Polychronakis.
In Proceedings of the 23rd International Symposium on
Research in Attacks, Intrusions, Defenses (RAID 2020). October 2020, San
Sebastian, Spain.
-
Temporal System Call Specialization for Attack Surface Reduction
Seyedhamed Ghavamnia, Tapti Palit, Shachee Mishra, and Michalis Polychronakis.
In Proceedings of the 29th USENIX Security Symposium. August 2020, Boston, MA
-
xMP: Selective Memory Protection for Kernel and User Space
Sergej Proskurin, Marius Momeu, Seyedhamed Ghavamnia, Vasileios P. Kemerlis, and Michalis Polychronakis.
In Proceedings of the 41st IEEE Symposium on Security & Privacy (S&P). May 2020, San Francisco, CA.
-
Classifying IDS Alerts Automatically for Use in Correlation Systems
Mohammadhosein MirshahJafari, Hamed Ghavamnia, Information Security and Cryptology (ISCISC)
2014 11th International ISC Conference, Tehran, Iran
Journal Publications
-
Confine: Fine-grained System Call Filtering for Container Attack Surface Reduction
Maryam Rostamipoor, Seyedhamed Ghavamnia, and Michalis Polychronakis.
In Computers & Security (to appear). 2023.
Workshop Publications
-
K-resolver: Towards Decentralizing Encrypted DNS Resolutions
Nguyen Phong Hoang, Ivan Lin, Seyedhamed Ghavamnia and Michalis Polychronakis.
In Proceedings of the 2nd Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb). February 2020, San Diego, CA.
-
Configuration-Driven Software Debloating
Hyungjoon Koo, Seyedhamed Ghavamnia, and Michalis Polychronakis.
In Proceedings of the 12th European Workshop on System Security (EuroSec). March 2019, Dresden, Germany
Work Experience
- Assistant Professor - University of Connecticut (August 2023 - current)
- Software Engineer Intern at Bloomberg CTO Office (May 2022 - August 2022)
Performing research on automated policy inference through program analysis.
- Research Assistant at Hexlab (May 2018 - May 2023)
I worked on reducing software attack surface by removing
unnecessary code which has been identified by performing static and dynamic analysis.
Throughout the past years we have worked on identifying properties of specific
applications which helps debloat or specialize the program to a larger extent than
previously identified. In
Temporal Specialization
we considered how
the phases of execution of server applications can be used to filter security critical
system calls (e.g., execve).
We are also looking into runtime configuration options and trying to extend our
previous work
on configuration-based software debloating to implement a more robust and
automated framework for doing so. Our work has led to C2C
(Configuration-to-Code) which will appear at CCS'22.
- Software Engineer Intern at Bloomberg CTO Office (May 2021 - August 2021)
Performed research on automated policy inference through program analysis.
- Teacher Assistant (Aug. 2017 - May 2018)
Designed and graded two homeworks for the Computer Security Fundamentals
(CSE 331) course.
Set up the automated grading framework which used Docker containers for
the undergraduate course, Systems Fundamentals (CSE 320).
- Team Lead and Software Developer at Irisa (May 2013 - Aug. 2017)
Led team in analsis, design and implementation of an SIEM tool
with log collection, storage, correlation and incident response. Our tool
consisted of java and python software development, debugging and research
in the field of security. Other than software development, I was in charge
of task planning and assignment using a SCRUM-like method.
- Instructor at Feiz College of Isfahan (Jan. 2015 - Dec. 2015)
Engaged in teaching by taking a part time job as an instructor at one
of the newly opened college institutes in Esfahan. I taught Fundamentals
of Networking for two semesters there.
- Software Developer (Dec. 2011 - Apr. 2013)
Implemented log storage for high collection rate based upon hadoop
and hbase framework. As part of the task, I designed the complete hardware and
software architecture and developed required software to fulfill the
requirements of the project.
Research Projects