Imranur Rahman

Imranur Rahman

he/him

PhD Student in Computer Science at the NC State

Publications

You can also find my articles on my Google Scholar profile.

Less Is More: A Mixed-Methods Study on Security-Sensitive API Calls in Java for Better Dependency Selection

Published in arxiv, 2024

We made a list of Security Sensitive APIs in Java using JDK documentation, past CVE fixes, and CWE examples. We then measured the prevalence of these Security-Sensitive API usage in our chosen 45 Java packages and in their dependencies. We finally conducted a developer survey to validate whether security-sensitive API information can be helpful in selecting dependencies.

Recommended citation: @misc{rahman2024moremixedmethodsstudysecuritysensitive, title={Less Is More: A Mixed-Methods Study on Security-Sensitive API Calls in Java for Better Dependency Selection}, author={Imranur Rahman and Ranidya Paramitha and Henrik Plate and Dominik Wermke and Laurie Williams}, year={2024}, eprint={2408.02846}, archivePrefix={arXiv}, primaryClass={cs.CR}, url={https://arxiv.org/abs/2408.02846}, }
Download Paper

Characterizing Dependency Update Practice of NPM, PyPI, and Cargo Packages

Published in arxiv, 2024

We quantified the updatedness of dependencies and updatedness of vulnerable dependencies in the context of open source dependencies in this project. The idea is very common in Reliability domain (e.g., Mean-Time-To-Update, Mean-Time-To-Repair, Mean-Time-To-Remediate). We did a large-scale study of our proposed update metrics in NPM, PyPI, and Cargo packages.

Recommended citation: @article{rahman2024characterizing, title={Characterizing Dependency Update Practice of NPM, PyPI and Cargo Packages}, author={Rahman, Imranur and Zahan, Nusrat and Magill, Stephen and Enck, William and Williams, Laurie}, journal={arXiv preprint arXiv:2403.17382}, year={2024} }
Download Paper

SecureImgStego: A Keyed Shuffling-based Deep Learning Model for Secure Image Steganography

Published in 2023 IEEE Conference on Communications and Network Security (CNS), 2023

In this study, we uncovered the inherent vulnerabilities in deep learning based steganogaphic systems, and proposed simple shuffling based solution to mitigate that.

Recommended citation: @inproceedings{chakraborty2023secureimgstego, title={SecureImgStego: A Keyed Shuffling-based Deep Learning Model for Secure Image Steganography}, author={Chakraborty, Trishna and Rahman, Imranur and Murad, Hasan and Hossain, Md Shohrab and Mehnaz, Shagufta}, booktitle={2023 IEEE Conference on Communications and Network Security (CNS)}, pages={1--9}, year={2023}, organization={IEEE} }
Download Paper | Download Slides