Muhammad Hassnain profile picture

Muhammad Hassnain


I am Muhammad Hassnain. I am a PhD student at University of California, Davis. I am working under the supervision of Dr. Caleb Stanford. I am currently working on software supply chain security for Rust.

  • Fellowship
  • 🥈Blockchain, Generative AI Hackathon - Feb, 2022
  • Dean's Honors List
  • NOP Scholarship -
  • (FSc.) - Sep 2017 - April 2019

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGa16PoBEAChwOwZOQn5hxN6KzQBWa1ypC02smiPmi24Jvh2hC13oGMDfT2W
DBImXWUlr0A9kN9lhH1t1rM797PSz5GCS/4H8lQhs9nebCH6hKeuJDp7EPrqBASR
8RVlYqPww+58KZax/sUQzzqC3+VaA3TjksPvSrxeMXowEjyYGB2PKj6fidw9iL+K
yzLceAdEiyfRT1rraiGhiH0rTUd3tfoNAZOqE79sCWDoaIWIjf3x5E61LpUAHSsG
IpKC1Ar9AXPRWI9k6Tq3WU6gnRQ/JXIk/s/iIw6Jn4ahd0IR+cMymrJQo9e5tLld
r0wNILMwFHUr3jmfgTtWWZcsmAk5cxseVSuBMgw8cYFFD8cEV1oKVMvsx4AuaRok
QswYcTSnkReTn/1RjrC3kpUjqUnT5nCjzELLgcqZL++D9VYn0RepTh6tJ0iEqSPA
EltSP/Pycq4LbqJvm47sJGJ/re7JLQbX/zdp90f4DYTh7F6FyKFrxyMi0A/9x5x8
JUWqCTRaslePagFg8uZ3MPnuk5z9RRm0bQkc1QQC6SG8Kjf7sldRidgkggYjXwJH
oZNoiI/CIBnzBatWZkzXOYYtgJy8EIGT4LW07QgGfxlHR3/WKCK2KWcVFSgo8mMD
7WSm27mRJyS/G31zVweZg5eV2zSrPgPRv3OPwiy8Hy3dKmEa9GA6cH4jbQARAQAB
tDhNdWhhbW1hZCBIYXNzbmFpbiAoSGVsbG8gV29ybGQhKSA8bWhhc3NuYWluQHVj
ZGF2aXMuZWR1PokCUQQTAQgAOxYhBAztzKcBDqeWUnhdpZhrCHihe0+rBQJmtej6
AhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEJhrCHihe0+rbucP/jFn
TPVdZ8WGC73GsLomSoprcS1sPh0g88g0b1WM/CLW8J/IEvfXZTQ07lqxPDDhYbzJ
echrGCLUPsQlogmSWmb1PlIaiRSTyiQgPSlASjy6Ezbw1riKD7PpuGxIA1CXhTtJ
kz5XkPwZ/0GUwNhrzbJJD71MZrRbpiyJFRu6mJRzG/lpnDj0WxRuQ+CyZ+6ZgDtQ
nmUZLb8KvPLO7u2Y0DF8cAf5UVDULI6qOtd5wa57KVQnQeXTaBe/SFWH0qWj/LKV
vCKlc66NxlibQAco34tLsIK+uQ0hGpw2jTZsFGIKdNzPeeKWFL34GPta0gYh+05h
ftMORmSyBXYAs9XI9p8PuitiHK+LRjKIl2K4Dne4UJTPp6reksXLJLjEcUKo5sy3
HKXluTSHIAnYGea5Szy/xNE3pSGDCIklg23rn6jNr5iiM6GHUANBB0eC6D0QQ8uz
383wyDkvx15rX1lzFYrXOCIAnWDZm/ajqQIsZ2GZGUVQlUON27icezjYeLPH3jjx
dXOAU0TDnUw0e0f4sl+osrDYRFHNmVJF7Bl5rsoXNgPtcZDowdqaibvsfQ6ov6I+
apO03LdyDqqDaZIqOeI4Zs3G4NedfISXBD2UNKEBWFogBgMxD0zraZ6OmLao+QPW
CKdSe704HLkJ2PHbPH13hzK9W8GlkhIz9JiUNTpLuQINBGa16PoBEAC8LtOlnTCj
MNoul0YlCPMkmlMBuPKjFNoP/XbliCaZzTa+gizwhR3u5EGz2lm3D2LgO5BPrwWb
p1eRADaOrduzV/TPk0EDh/sS2WagqsWfkUSWamwEf/smX7Z+A8wmjroxNMbzF0aV
u4j97fb98wuVsWPweeTW64G0TR8LUKv/Ce5CIc1vWqNljxsVy3HkPZzlNXvPKHtR
nHEZpoGp0O5FCQCQkcemktQjHULpsFBZ0SMThLS53fDkrUe47Ivnza2mbYnWEDqM
cmnIg+uAlv/38rNdL9+9q7DpuBMVand/VPbyrgaf6sf+hwv43MJUwIM9fkaD+y9x
sZsliwsuOvHQelpqxoGH2l55T1xLSDOy40kOzCCi0WS4LHK8PFsxmyX2+OXimHug
FZnXrVWTyY4SL1rkmC9f9mtrs5EOFuvsUFgM/8aBvq8qQp/PuFTd8D6LMsrrFok5
jD1o60l5DwK2NFUhu8l+MZNhOyRioLzvRes5faewFO8Ql7Tnwvq12CATqEgkg50X
DEqrm/Ui2TFQp7+fFgD4kIxiHr93/Q6FfoBx49obidYmUK4c8rOiKvEaq381/gjb
RuKrPf1LzN2Hjc4nxheXtTSyL+btBdBdff34JAmPkcjSHWGW/ImInDQ76HqkwNRF
kuf6XgnkjydSGeiYAk5F0KS21+L+manXowARAQABiQI2BBgBCAAgFiEEDO3MpwEO
p5ZSeF2lmGsIeKF7T6sFAma16PoCGwwACgkQmGsIeKF7T6vO8Q//cP+D8UvS1dNs
UF3NyJO1UM9gfBxazNjL2EEnXjV9rEYOTmI4c8ggQef8UXMSpSf21P3ULAJxyCkM
Y91avHTl1TUgU2t48dZYZFGf6r5wx9ijpUVDQ3xsxsUNnnD+ck6ZSm9YQQo2k+dO
ntX4oRJodxHmrvM1I52P8ZJtrT2mi/I8VOfC9FYRmrbw3pjDVAO7Qg/EkFhS5Or7
8Xl04/NeLF6fgtm9GXhDmK4MIWRPB7BhtmR0Qxs8ohubam2LzSX/kTdABDgDuYut
2wtezRC+f92Jzk/AiB6yvITSuveoFOZAeybkoxH0YGvCUBol9d3LAJUKa8HGaYwc
Eun8C+HPVmlomJ5JWirAzjWEuez1od1z/XlebqH50wQe7xQhV2wHZKaEgq4SvMzX
9NMIMJbRTCkTCwWW4GQfVZ4GkAk19ptY+qnL5l+Ettcpz6YuwuOAMM+dBqWxIqX/
6V58jqqQBjPnJCgljOj2bIO5qMKnEtIjSJ+ou+FF7YuXrR5pCVzRKELqi12a2fs5
Fp8ZdgGkz3zZXDhGOCPhlwIXmRqAIfffXmJ6KhcuAnurgfA3wVR8LXtRGyhXVQle
TmUGjRxuq5gOWiMnI8WTxnCF7HVUnmOb3n0X5zMJemqq2dSZ561jy3roGRmtPTvK
ibVKevD0sEhOQcnFRzNNGhhC04dDnXw=
=XGMd
-----END PGP PUBLIC KEY BLOCK-----
								
							

Active Projects

CodeCleaner

CodeCleaner is about the supply chain security for RUST. The secure programming languages like RUST can also be made unsafe for critical softwares by adding malicious code to the dependecies. There is a notion of trust between developers when using these dependecies. However, some people exploit this to conduct attacks such as data leakages or creating a backdoor in the application. This tool aims to address this problem. We scan all the dependecies the application is using and check them for side effects. If found anything it automatically switches to a safer version. In case it cannot find a safe alternative, it notifies the developer about the side effects. The code will be made open source, once completed. This work is being done under the supervsion of Dr. Caleb Stanford.

Voice Domain Ad Targetting

We are currently embarking on an ambitious project aimed at revolutionizing voice domain ad targeting, specifically through Alexa-enabled devices. Our project, in its developmental phase, is centered around creating a 'Shazam for Ads'—a novel concept in the realm of digital advertising. Leveraging cutting-edge machine learning techniques, we are exploring new frontiers in advertisement targeting via smart speakers. A pivotal aspect of our research is the commitment to user privacy and data security. We are actively developing robust mechanisms for user data obfuscation to ensure the highest standards of privacy protection while delivering a tailored and efficient ad experience. This in-progress initiative promises to set new benchmarks in targeted advertising and user privacy in the voice-activated technology space. This work is done under the supervision of Dr. Zubair Shafiq.

DNS Vs DDoS Attacks

This is a course project for ECS 235A - Computer and Information Security. We are building a Domain Name Server that can remain functional in case of a denial of service attack. We also aim to maximise the efficiency and reduce latency.

Crowd Analytics

The Crowd Monitoring System is a startup project offering real-time crowd density data for public spaces. Utilizing advanced machine learning in computer vision, it integrates with existing camera infrastructure for cost-effective setup. This system aims to enhance decision-making and efficiency by providing crowd information through popular platforms like Google Maps, making it accessible to the public. This work is done under the supervision of Dr. Dipak Ghosal.

Relics from the Past

Privacy Enhancing Web Refactoring

The presence of tracking javascript code on a webpage poses a threat to the privacy of the user. To evade detection from privacy-enhancing content-blocking tools, trackers have started using bundling tools to 'mix' the scripts such that removing them breaks functionality. Our project aims to refactor or un-bundle such mixed-use javascript so that content-blocking tools can become effective again. Heading a team of students, I have designed and implemented a chromium browser-based pipeline to detect bundled code. We focus on the popular webpack bundling tool and use Brave's pagegraph representation for Alexa top 1K websites. We analyze the graphs and interactions between different graph components to train a Machine learning model. Our approach detects bundled code with 98% accuracy.

Accessibility of Advertisements

This is a first-of-its-kind study to quantify the accessibility of advertisements across websites and advertisement platforms. The main idea behind the project was that while accessibility support does exist, the browsing experience for visually impaired people is very different due to a lack of compliance and understanding. Our goal is to create an inclusive browsing experience for visually impaired users who rely on screen readers. We collected advertisements from the most frequently visited 10k websites from the tranco list. We analyzed the extracted HTML and checked features like the presence of aria-label, aria-hidden, and aria-live. We also performed a manual analysis of the meaningfulness of the aria label. We do this study across the ranks and ad platforms to see how this accessibility varies. Our results show that accessibility support is highly variable and is typically provided to tick a checkbox rather than care about actual usability.

Bloodlink

Bloodlink is department of community service society at LUMS. They aim to connect blood requestors with donors in case of an emergency. This society has been functional for 15+ years at LUMS. I developed a mobile application to automate their manual system. It allows people to request for blood and than application automatically makes a post on bloodlink social media accounts moreover, it also sends an email and push notification to people who have the requested blood group. Moreover, with a single click, it allows the admins to send a mass email to all email IDs registered under the LUMS domain. It is up on playstore at the following link.

LUMS Digital Archive

As part of my RAship at Technology for People Initiative Lab at LUMS. I developed parts of the LUMS digital archive website. The LUMS Digital Archive is a research repository that aims at collecting, cataloging and preserving rare material (books, pamphlets, newspapers and other items) of historical significance and making them available to researchers. In particular, the archive focuses on events, groups, movements and personalities relating to broader historical, political and cultural trends in South Asia, with an emphasis on preserving the accounts of marginalized and subaltern groups. This site is available at this link

Git Secrets

As part of my RAship at the Internet Security and Privacy Lab (LUMS), I worked on characterising secret leakages through public GitHub repos. We cloned the thousand most frequently updated public GitHub repos. We used deep learning techniques to process the code in these repositories to build a model that could extract secrets like API keys, access tokens, and app_keys. We were able to extract a lot of secrets from a small-scale experiment. This project is in second phase now, where we aim to extend this project by looking at the git history (for instance, if some secret was committed in the past and then removed) and to build a tool that can check the staged changes before pushing, thus avoiding accidental leakage of secrets.

NPM Hidden Dependencies

This was a measurement study of how NPM dependencies have evolved. We also programmatically analyzed these dependencies to flag any malicious dependencies. We built a parser to replicate the working of the npm dependency tree, but it also flags the packages in node_modules that are not present as a dependency for any other package. We aim to analyze these packages to see what purposes they serve programmatically. We akso see how and when these malicious dependecies were added in the package.

AssistTh

The idea was to tackle health-related problems by linking patients and physicians and considering numerous factors while optimizing the efficiency of available resources. The COVID-19 pandemic posed a threat to elderly and disabled patients who needed regular health care checkups. We conducted a study, taking in opinons of doctors and patients to develop a mobile application to effictively and effictively carry out these routine checkups. We also supported online consulations and checkups. Furthur details can be found on this link

ASR Model

Built an ASR model for Urdu langauge obtaining WER as low as 0.2. I also recorded the dataset myself which contained all the phonemes of Urdu Language.

Keyword Spotting System

Used the wav2vec2 model develiped by meta and fine tuned it for the Urdu language. Obtained an accuracy as high as ninety percent.

Chat Application

Built a simple chat application using sockets and mult-threading in python. Implemented the UDP protocol and than upgraded it to TCP. The application allowed file sharing as well.

Robot

Built a cute minion robot which could follow a line. It can avoid obstacles as well. I named it banaana. It was developed for a competetion held at LUMS. Around 40 teams partcipated in the competition. I ranked fourth in the tournament. Here is a picture of the robot

A robot enclosed in a cardboard which looks like a minnion. It is holding a banana in one hand

🧑 Muhammad Hassnain?

Muhammad Hassnain

Graduate Student Researcher

University of California, Davis Sep 2023 - Present

I am working as a Graduate Student Researcher at the Computer Science Department at UC Davis. I am working under the supervision of Dr. Caleb Stanford. The aim of research is to make widely used critical systems software - such as web browsers, operating system kernels, and the networking stack - more secure; to do so, we will leverage modern techniques in security and programming languages, and modern provably safe programming languages such as Rust, to build automated tools to secure and audit new and legacy software.

Cyber Security Instructor

Knoweldge Streams June 2023 - Aug 2023

I am co-teaching a course on Cyber Security at Knowledge Streams. The course is designed for people who aim to develop a career in cyber security. This introductory-level course provides foundational knowledge and skills in cybersecurity and web application security. Topics covered include cybersecurity principles and policies, common threats and attacks, ethical hacking and penetration testing, networking fundamentals, web application architecture, vulnerability assessment, and remediation. The course concludes with a final project in which you will conduct a comprehensive security assessment of a web application, focusing on OWASP Top 10 vulnerabilities. More details about the course are available at link

Research Assistant

Internet Security and Privacy Lab - Technology for People Initiaitve Lab June 2022 - Aug 2023

I am working as Research Assistant at the Internet Security and Privacy Lab and Technology for People Initiaitve Lab, LUMS. During this time I worked on various research projects. I also maintained the digital archive website under this RAship. More details about the projects can be found in the prjects section of the website.

Teaching Assistant

CS Department LUMS Sep 2021 - May 2023

I worked as teaching assistant five time during my undergrad. I worked as a head teaching assisstant three times. I interacted with more than 600 students during this time. I conducted weekly tutorial sessions and office hours and obtained excellent reviews each time. I also evaluated students in weekly graded labs. Fun Fact: I also won the TA of the batch award on my undergrad convocation.

Best TA of the Batch Certificate

The courses I TAed are:

  • Introduction to Computational Problem Solving(Fall 2021, Spring 2022, Summer 2022*)
  • Object Oriented Programming(Fall 2022*)
  • Advanced Programming{mainly covers different programming paradims and MERN}(Spring 2023*)
* means I was the head teaching assisstant.

Mobile Application Developer

Computer Human Interaction and Social Accessibility Lab Jan 2022 - Dec 2022

I worked on automating the bloodlink manual process under the computer human interaction and social accessibility lab. The application is up on playstore and iOS build has delievered to the lab as well. More details can be found in the projects section of the webpage.

Research Intern

Center for Speech and Language Technology Jan 2022 - May 2022

I worked on multiple projects centered around speech processing. I worked on building the largest emotionally tagged dataset for the Urdu language. Moreover, I build a keyword spotting system which will be used in a medical chatbot. More details can be found in the projects section of the webpage.

This is just a random collection of various things. It has some of the pictures I have taken, things I have done, I plan to add a blog here as well. I am intersted in literature, philosophy, nature, sciences, cooking. I believe in seeking knowledge for the sake of knowledge. This section consists of:

Images

Here are some of the images I took of planets,moons etc. None of these have been processed.
Moon through a telescope
Moon
Jupiter with her moons
Jupiter and three moons.
The north of Pakistan is a very beautiful place. Here are some of the pictures of FairyMeadows and Nanga Parbat.
Mountains
View from my Camp at Fairy Meadows, Pakistan
An ice covered mountain
Nanga Parbat or Killer Mountain before start of trek
A mountain and glaciers
View from Base Camp Nanga Parbat. White Part is the Glaciers.

Literature

⏱️ Work in Progress

Blogs

⏱️ Work in Progress
Work in Progress ⏱️