M. Mannan -- Students and Teaching

Prospective students

If you are interested in Ph.D., you must have at least one publication in a decent security venue. For both Ph.D. and Master's, I expect you to have the following qualities: highly motivated to solve difficult security/privacy problems; strong academic background (e.g., good university with good GPA); and strong systems knowledge and programming experience. Students with diverse background and life experiences will be given special consideration. If you meet my criteria, please send me an email with your CV and transcripts. I will definitely try to respond within a day or two. I have open positions for both Ph.D. (fully funded), MASc (partial support).

Ph.D. Students

  1. Shaoqi Jiang
  2. Manar Adel Mohamed Taha Hamed
  3. Ebraam Mesak

Master's Students

  1. Tariq Houis
  2. Tarek Ramadan
  3. Zhaolong Chu

Student Success Highlights

  1. Dr. Lianying Zhao has joined as an assistant professor at Carleton University (now an associate professor).
  2. Dr. Xavier de Carné de Carnavalet has joined as an assistant professor at Radbound University (the Netherlands).
  3. Dr. Nayanamana Samarasinghe has joined as the Lead Cybersecurity Engineer at Morgan Stanley.
  4. The Masters graduates went mostly into leading security companies or security positions in other small and large companies, including: Fortinet, Meta/Facebook, Deloitte, Offchain Labs, Tigera, SAP Canada, RBC Canada, BNP Paribas, Amazon.
  5. My students published at top systems security conferences, including NDSS, ACM CCS, Usenix Security, and journals: ACM TISSEC/TOPS, IEEE TIFS, IEEE TDSC.
  6. Our research has been Slashdotted several times. Other media include: BBC, CBC, CTV, ACM Technews; see press coverage.
  7. Xavier de Carné de Carnavalet is the first ENCS/Concordia recipient of Vanier Canada Graduate Scholarship (the most prominent Ph.D. scholarship in Canada).

Alumni

  1. Sajjad Pourali PhD thesis (Feb 6, 2025), Uncovering Privacy and Security Issues in Android Apps at Scale Through Comprehensive Dynamic Analysis
  2. Fahimeh Rezaei Master's thesis (May 5, 2025), On Analyzing SSO Permissions Across Web and Android Platforms
  3. Xin Sun Master's thesis (Dec 5, 2024), A Comprehensive Analysis of Security Questions in Web Authentication
  4. Kazi Farhat Lamisa Master's thesis (Nov 25, 2024), Measuring Improper Token Invalidation in Real-world Web Logins
  5. Philippe Mangeard Master's thesis (Aug 27, 2024), WARNE: A Stalkerware Evidence Collection Tool
  6. Abdelrahman Ragab Master's thesis (Aug 20, 2024), Privacy and Security Analysis of Virtual Shopping and AI Companion Platforms
  7. Supraja Baskaran Master's thesis (Oct 30, 2023), Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case
  8. Xiufen Yu Master's thesis (Sept 12, 2023), Privacy Analysis of Technological Solutions Designed for Victims of Intimate Partner Abuse
  9. Rohan Pagey Master's thesis (Jan 23, 2023), Security Weaknesses in E-commerce Platforms
  10. Bhaskar Tejaswi Master's thesis (Jan 25, 2023), Security Weaknesses in IoT Management Platforms
  11. Nayanamana Samarasinghe PhD thesis (Nov 17, 2022), Measuring for privacy: From tracking to cloaking
  12. Pranay Kapoor, MASc thesis (Aug 24, 2022), Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly
  13. Maryna Kluban, MASc thesis (Apr 29, 2022), On Measuring JavaScript Vulnerabilities in the NPM Packages, Websites and Chrome Extensions
  14. Mehdi Salehi, MASc thesis (Apr 28, 2022), An Analysis of Upgradeability, Oracles, and Stablecoins in the Ethereum Blockchain
  15. Behnam Shobiri, MASc thesis (Dec 8, 2021), CDNs' Dark Side: Identifying Security Problems in CDN-to-Origin
  16. Mounir Elgharabawy, MASc thesis (Oct 5, 2021), Cross-vendor Security Analysis of Android Unix Domain Sockets
  17. Md. Shahab Uddin MASc thesis (Aug 25, 2021), HORUS: A Security Assessment Framework for Android Crypto Wallets
  18. Tina Safaie MASc thesis (Mar 31, 2021), ByPass: Reconsidering the Usability of Password Managers
  19. Quentin Duchaussoy, MASc thesis (Nov 3, 2020), Security and Privacy Analysis of Parental Control Solutions
  20. Tousif Osman, MASc thesis (Sept 9, 2020), AppVeto: Securing Android Applications through Resource Access Veto
  21. Mina Jafari, MASc thesis (Sept 3, 2020), Measuring the Effectiveness of Microsoft Authenticode: A Systematic Analysis of Signed Freeware
  22. Suzan Ali, MASc thesis (May 25, 2020), A Large-Scale Evaluation of Privacy Practices of Public Wifi Captive Portals
  23. Xavier de Carné de Carnavalet, PhD thesis (July 24, 2019), Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem
  24. Md Zakir Hossen, MASc thesis (December 11, 2018), On Understanding Permission Usage Contextuality of Android Apps
  25. Lianying Zhao, PhD thesis (July 23, 2018), Authentication and Data Protection under Strong Adversarial Model
  26. Abhimanyu Khanna, MASc thesis (April 24, 2017), Towards Usable and Fine-grained Security for HTTPS with Middleboxes
  27. Parul Khanna, MASc thesis (April 18, 2017), Detecting Privacy Leaks Through Existing Android Frameworks
  28. Briti Sundar Mondal, MASc thesis (August 24, 2016), Bintype: A Scalable Type Inference Tool for Compiled C Programs
  29. Arash Shahkar, MASc thesis (March 1, 2016), On Matching Binary to Source Code
  30. Suryadipta Majumdar, MASc thesis (September 8, 2014), On End-to-end Encryption for Cloud-based Services
  31. Xavier de Carné de Carnavalet, MASc thesis (April 7, 2014), A Large-scale Evaluation of High-impact Password Strength Meters
  32. A. Mert Kara, MASc thesis (January 10, 2014), Malicious Payload Distribution Channels in Domain Name System
  33. Atieh Saberi Pirouz, MASc thesis (August 27, 2013), Securing Email through Online Social Networks
  34. Adam Skillen, MASc thesis (April 3, 2013), Deniable Storage Encryption for Mobile Devices

  35. Chelsea Guan (CUSRA 2021)
  36. Adam Slimi (ENSTA Paris, Summer Intern 2021)
  37. Simon Brillant-Giroux (NSERC USRA 2019)
  38. Nohan Fleurant (NSERC USRA 2019)
  39. Sebastian Proctor-Shah (NSERC USRA 2016)
  40. Philippe Fisher (NSERC USRA 2016)
  41. Devirs Isler, Mitacs Globalink Intern from Zirve University, Turkey (summer 2014)

Some students are/were co-supervised with A. Youssef, Jeremy Clark, Lianying Zhao, Elizabeth Stobert, Mourad Debbabi