M. Mannan -- Students and Teaching

Prospective students

If you are interested in Ph.D., you must have at least one publication in a decent security venue. For both Ph.D. and Master's, I expect you to have the following qualities: highly motivated to solve difficult security/privacy problems; strong academic background (e.g., good university with good GPA); and strong systems knowledge and programming experience. Students with diverse background and life experiences will be given special consideration. If you meet my criteria, please send me an email with your CV and transcripts. I will definitely try to respond within a day or two. I have open positions for both Ph.D. (fully funded), MASc (partial support).

Ph.D. Students

  1. Sajjad Pourali

Master's Students

  1. Abdelrahman Ragab
  2. Kazi Farhat Lamisa
  3. Xin Sun
  4. Philippe Mangeard
  5. Fahimeh Rezaei
  6. Tariq Houis

Student Success Highlights

  1. Dr. Lianying Zhao has joined as an assistant professor at Carleton!
  2. Dr. Xavier de Carné de Carnavalet has joined as a research assistant professor at the Hong Kong Polytechnic University! The Masters graduates went mostly into leading security companies or security positions in other small and large companies, including: Fortinet, Meta/Facebook, Deloitte, Offchain Labs, Tigera, SAP Canada, RBC Canada, BNP Paribas, Amazon.
  3. My students published at top systems security conferences, including: NDSS 2013-16, NDSS 2019, ACM CCS 2016, 2022 and journals: ACM TISSEC, IEEE TIFS, IEEE TDSC.
  4. Our research has been Slashdotted several times. Other media include: BBC, CBC, CTV, ACM Technews; see press coverage.
  5. Xavier de Carné de Carnavalet is the first ENCS/Concordia recipient of Vanier Canada Graduate Scholarship (the most prominent Ph.D. scholarship in Canada).


  1. Supraja Baskaran Master's thesis (Oct 30, 2023), Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case
  2. Xiufen Yu Master's thesis (Sept 12, 2023), Privacy Analysis of Technological Solutions Designed for Victims of Intimate Partner Abuse
  3. Rohan Pagey Master's thesis (Jan 23, 2023), Security Weaknesses in E-commerce Platforms
  4. Bhaskar Tejaswi Master's thesis (Jan 25, 2023), Security Weaknesses in IoT Management Platforms
  5. Nayanamana Samarasinghe PhD thesis (Nov 17, 2022), Measuring for privacy: From tracking to cloaking
  6. Pranay Kapoor, MASc thesis (Aug 24, 2022), Silver Surfers on the Tech Wave: Privacy Analysis of Android Apps for the Elderly
  7. Maryna Kluban, MASc thesis (Apr 29, 2022), On Measuring JavaScript Vulnerabilities in the NPM Packages, Websites and Chrome Extensions
  8. Mehdi Salehi, MASc thesis (Apr 28, 2022), An Analysis of Upgradeability, Oracles, and Stablecoins in the Ethereum Blockchain
  9. Behnam Shobiri, MASc thesis (Dec 8, 2021), CDNs' Dark Side: Identifying Security Problems in CDN-to-Origin
  10. Mounir Elgharabawy, MASc thesis (Oct 5, 2021), Cross-vendor Security Analysis of Android Unix Domain Sockets
  11. Md. Shahab Uddin MASc thesis (Aug 25, 2021), HORUS: A Security Assessment Framework for Android Crypto Wallets
  12. Tina Safaie MASc thesis (Mar 31, 2021), ByPass: Reconsidering the Usability of Password Managers
  13. Quentin Duchaussoy, MASc thesis (Nov 3, 2020), Security and Privacy Analysis of Parental Control Solutions
  14. Tousif Osman, MASc thesis (Sept 9, 2020), AppVeto: Securing Android Applications through Resource Access Veto
  15. Mina Jafari, MASc thesis (Sept 3, 2020), Measuring the Effectiveness of Microsoft Authenticode: A Systematic Analysis of Signed Freeware
  16. Suzan Ali, MASc thesis (May 25, 2020), A Large-Scale Evaluation of Privacy Practices of Public Wifi Captive Portals
  17. Xavier de Carné de Carnavalet, PhD thesis (July 24, 2019), Last-Mile TLS Interception: Analysis and Observation of the Non-Public HTTPS Ecosystem
  18. Md Zakir Hossen, MASc thesis (December 11, 2018), On Understanding Permission Usage Contextuality of Android Apps
  19. Lianying Zhao, PhD thesis (July 23, 2018), Authentication and Data Protection under Strong Adversarial Model
  20. Abhimanyu Khanna, MASc thesis (April 24, 2017), Towards Usable and Fine-grained Security for HTTPS with Middleboxes
  21. Parul Khanna, MASc thesis (April 18, 2017), Detecting Privacy Leaks Through Existing Android Frameworks
  22. Briti Sundar Mondal, MASc thesis (August 24, 2016), Bintype: A Scalable Type Inference Tool for Compiled C Programs
  23. Arash Shahkar, MASc thesis (March 1, 2016), On Matching Binary to Source Code
  24. Suryadipta Majumdar, MASc thesis (September 8, 2014), On End-to-end Encryption for Cloud-based Services
  25. Xavier de Carné de Carnavalet, MASc thesis (April 7, 2014), A Large-scale Evaluation of High-impact Password Strength Meters
  26. A. Mert Kara, MASc thesis (January 10, 2014), Malicious Payload Distribution Channels in Domain Name System
  27. Atieh Saberi Pirouz, MASc thesis (August 27, 2013), Securing Email through Online Social Networks
  28. Adam Skillen, MASc thesis (April 3, 2013), Deniable Storage Encryption for Mobile Devices

  29. Chelsea Guan (CUSRA 2021)
  30. Adam Slimi (ENSTA Paris, Summer Intern 2021)
  31. Simon Brillant-Giroux (NSERC USRA 2019)
  32. Nohan Fleurant (NSERC USRA 2019)
  33. Sebastian Proctor-Shah (NSERC USRA 2016)
  34. Philippe Fisher (NSERC USRA 2016)
  35. Devirs Isler, Mitacs Globalink Intern from Zirve University, Turkey (summer 2014)

Some students are/were co-supervised with A. Youssef, Jeremy Clark, Lianying Zhao, Elizabeth Stobert, Mourad Debbabi