Irfan Ahmed

Associate Professor
Department of Computer Science,
College of Engineering,
Virginia Commonwealth University,
Richmond, VA - 23284


I am an Associate Professor of Computer Science at Virginia Commonwealth University (VCU). My research group is the Security and Forensics Engineering (SAFE) Lab. I am also a faculty fellow of VCU Cybersecurity Center. Before VCU, I was a Canizaro-Livingston Endowed Assistant Professor in Cybersecurity at the University of New Orleans (UNO), New Orleans, LA.

My research interests are broadly in the area of cybersecurity, currently focusing on digital forensics, malware, cyber-physical systems, and cybersecurity education.

I am a recipient of the ORAU Ralph E. Powe Junior Faculty Enhancement Award, an Outstanding Research Award from the American Academy of Forensic Sciences (AAFS), and the UNO's Early Career Research Prize.

My research work has been supported in part by the NSF, NSA, DHS, ONR, ARO, ORAU and VA CCI, and has received three Best Paper Awards at DFRWS'22, ISC'13 and ICRC'11, two Best Student Paper Awards at DFRWS'22 and DFRWS'20, and an Outstanding Poster Award at CODASPY'16.

My CV is available here.

Contact me

  • Office Address: Engineering Research Building, Room 2323, 70 S Madison St, Richmond, VA - 23220
  • Email: iahmed3@vcu.edu (best way to contact me)
  • Tel No.: (+1) 804-827-2561

Follow me @ Social Media


Research

Google Scholar
ORCID

Selected Publications [Full List]:

  • Industrial Control System Security (programmable logic controllers, SCADA systems, digital forensics, vulnerability discovery and exploit development, and network protocol and binary analysis)
    • [IEEE CSR'22] Control Logic Obfuscation Attack in Industrial Control Systems
    • [DFRWS'22] PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems (Best Paper Award)
    • [DFRWS'22] Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems (Best Student Paper Award)
    • [DFRWS'21] JTAG-based PLC Memory Acquisition Framework for Industrial Control Systems
    • [WOOT'21] Empirical Study of PLC Authentication Protocols in Industrial Control Systems
      (Resulted in 7 CVEs: CVE-2021-32980, CVE-2021-32984, CVE-2021-32986, CVE-2021-32982, CVE-2021-32978, CVE-2021-32926, and CVE-2020-15791)
    • [ICCIP'21] Attacking IEC-61131 Logic Engine in Programmable Logic Controllers in Industrial Control Systems
      (CVEs to be assigned)
    • [DFRWS'20] Control Logic Forensics Framework using Built-in Decompiler of Engineering Software in Industrial Control Systems (Best Student Paper Award)
    • [IFIP SEC'19] Control Logic Injection Attacks on Industrial Control Systems
      (Resulted in 3 CVEs: CVE-2018-7790, CVE-2018-7791, and CVE-2018-7792)
    • [ISC'19] Automated Reconstruction of Control Logic for Programmable Logic Controller Forensics
    • [DIMVA'19] Overshadow PLC to Detect Remote Control-Logic Injection Attacks
    • [NDSS BAR'19] CLIK on PLCs! Attacking Control Logic with Decompilation and Virtual PLC
    • [CODASPY'18] Denial of Engineering Operations Attacks in Industrial Control Systems
    • [IEEE S&P'17] Programmable Logic Controller Forensics
    • [DFRWS'17] SCADA Network Forensics of the PCCC Protocol
    • [ACSAC ICSS'16] A SCADA System Testbed for Cybersecurity and Forensic Research and Pedagogy
    • [IEEE Computer'12] SCADA systems: Challenges for Forensic Investigators

  • Additive Manufacturing Security (3D printers, side channel, vulnerability discovery and exploit development, and digital forensics)
    • [ICCIP'22] Low-magnitude Infill Structure Manipulation Attacks on FFF-based 3D Printers
    • [J. Additive Manufacturing'21] Dynamic-thermal and Localized Filament-kinetic Attacks on Fused Filament Fabrication based 3D Printing Process (Impact Factor: 11.00 in 2021)
    • [ICCPS'21] Spatiotemporal G-code Modeling for Secure FDM-based 3D Printing

  • Digital Forensics and Malware (cloud forensics, and OS kernel, hypervisor, virtual machines and containers)
    • [DFRWS'22] Forensic Investigation of Instant Messaging Services on Linux OS: Discord and Slack as Case Studies
    • [INTERPOL Digital 4N6 Pulse'19] Cloud Forensics - A True Game Changer
    • [Book Chapter'18] Analysis of Cloud Digital Evidence
    • [DFRWS'18] Leveraging Relocations in Kernel ELF-binaries for Linux Kernel Version Identification
    • [Digital Investigation, Elsevier'16] Cloud Forensics-Tool Development Studies & Future Outlook
    • [IFIP Forensics'16] Forensic Acquisition of Cloud Drives
    • [WiSec'16] Don't Touch that Column - Portable, Fine-Grained Access Control for Android's Native Content Providers
    • [ACSAC PPREW'15] OpSeq - Android Malware Fingerprinting
    • [CODASPY'15] Robust Fingerprinting for Relocatable Code
    • [DFRWS'14] Image-Based Kernel Fingerprinting
    • [ISC'13] Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection (Best Paper Award)
    • [IFIP Forensics'13] Rule-based Integrity Checking of Interrupt Descriptor Table in Cloud Environments
    • [ACSAC LAW'12] Atomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment
    • [ICPP CloudSec'12] ModChecker: Kernel Module Integrity Checking in the Cloud
    • [IFIP Forensics'11] Fast Content-based File-type Identification

  • Cybersecurity Education (pedagogical techniques e.g,. peer instruction, concept maps, and problem-based learning, and hands-on learning tools)
    • [IEEE Access'21] Cronus: An Automated Feedback Tool for Concept Maps
    • [IEEE Access'21] Automated Waterloo Rubric for Concept Map Grading
    • [SIGCSE'19] Evaluation of Peer Instruction for Cybersecurity Education
    • [SIGCSE'19] Topological Scoring of Concept Maps for Cybersecurity Education
    • [IEEE S&P'18] Peer Instruction Teaching Methodology for Cybersecurity Education
    • [SIGCSE'18] Using Virtual Machine Introspection for Operating Systems Security Education
    • [USENIX ASE'17] Peer Instruction for Digital Forensics
    • [USENIX ASE'16] Development of Peer Instruction Questions for Cybersecurity Education

Honors and Awards:

  • Best Paper Award, 9th Annual Digital Forensics Research Conference Europe (DFRWS EU'22), Oxford, UK
  • Best Student Paper Award, 9th Annual Digital Forensics Research Conference Europe (DFRWS EU'22), Oxford, UK
  • Best Student Paper Award, 20th Annual Digital Forensics Research Conference (DFRWS US’20), USA, 2020
  • ORAU Ralph E. Powe Junior Faculty Enhancement Award, Oak Ridge Associated Universities (ORAU), 2019
  • One of the First Ten Contributors to the NSA's National Cybersecurity Curriculum Program (NCCP), 2018
  • Canizaro-Livingston Endowed Professorship in Cybersecurity, University of New Orleans, New Orleans, LA, 2017
  • Early Career Research Prize, University of New Orleans, 2016
  • Outstanding Poster Award, 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16), 2016
  • Outstanding Research Award, 66th Annual Meeting of the American Academy of Forensic Sciences, 2014
  • Best Paper Award, 16th Information Security Conference (ISC’13), Dallas Texas, 2013
  • Best Paper Award, International Cyber Resilience Conference, Perth, Australia, 2011

Software/Hardware Vulnerability Disclosures:

Current and Past PhD Students:

  • Muhammad Ahsan, Aug 2021 - to-date
  • Adeen Ayub, Jan 2020 - to-date
  • Muhammad Haris Rais, Jan 2019 - to-date
  • Syed Ali Qasim, Aug 2017 - to-date
  • Aisha Ibrahim Ali-Gombe, August 2013 - May 2017

Teaching

  • CMSC 654: Memory and Malware Forensics
  • CMSC 414: Computer and Network Security
  • CSCI 4621: Introduction to Computer Security
  • CSCI 6627: Industrial Control System Security
  • CSCI 4623: Computer Forensics
  • CSCI 6621: Topics in Network Security and Forensics
  • CSCI 4311: Computer Networks
  • CSCI 4401: Operating System

Service

  • Conference Organization:
    • Program chair, ACSAC Industrial Control System Security (ICSS) Workshop, 2015-2021
    • Program chair, ACSAC Malware Memory Forensics Workshop (MMF), 2014
    • General co-chair, 10th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C), 2018, New Orleans

  • Technical Program Committee (TPC) Member:
    • International Workshop on Additive Manufacturing Security (AMSec) with ACM CCS -- 2022
    • ACM Conference on Data and Application Security and Privacy (CODASPY) -- 2019-2021
    • Digital Forensics Research Conference (DFRWS USA) -- 2015, 2016, 2020-2022
    • Digital Forensics Research Conference (DFRWS Europe) -- 2021
    • IEEE International Conference on Big Data (IEEE BigData) -- 2019-2020
    • ACM Technical Symposium on Computer Science Education (SIGCSE) -- 2017-2021
    • Annual Conference on Innovation and Technology in Computer Science Education (ITiCSE) -- 2020
    • International Conference on Smart City and Informatization (iSCI) -- 2019-2020
    • International Conference on Internet Monitoring and Protection (ICIMP) -- 2018-2019
    • International Conference on Digital Forensics \& Cyber Crime (ICDF2C) -- 2013-2018
    • International Conference on High Performance Computing and Communications (HPCC) -- 2014
    • International Conference on Emerging Technologies (ICET) -- 2012-2013, 2017
    • Annual Cyber and Information Security Research Conference (CISRC), held at Oak Ridge National Laboratory -- 2018
    • International Workshop on Cyber-Physical Systems (IWCPS), held with IEEE TrustCom -- 2018
    • International Conference on Cyber-Technologies and Cyber-Systems (CYBER) -- 2018
    • The Northwest Cybersecurity Symposium at Pacific Northwest National Laboratory (Cybersec) -- 2020

  • Editorial Work:
    • Review Editor, Cybersecurity and Privacy Section, In Frontiers in Big Data, 2018~
    • Guest Editor, Special Issue on SCADA and Control System Security, In International Journal of Information Security (IJIS), Springer, Vol. 11, No. 4, August 2012
    • Guest Editor, Special Issue on Applications of Machine Learning Techniques on Intrusion Detection and Digital Forensics, In Security and Communication Networks Journal, Wiley, May 2011

  • Funding Proposal Reviewer:
    • NNSA Minority Serving Institution Partnership Program (MSIPP), 2020-22
    • ORAU Ralph E. Powe Junior Faculty Award, 2020
    • DHS Office of University Programs for Criminal Investigations and Network Analysis (CINA), 2019
    • DHS Office of University Programs for Terrorism Prevention and Counterterrorism Research (TPCR) Center of Excellence (COE), 2019
    • UTSA Limited Submission for Department of Defense's Historically Black Colleges and Universities/Minority Institutions (HBCU/MI) Science Program for basic research, 2019
    • Florida Center for Cybersecurity - Collaborative Seed Awards and Capacity Building Awards, 2018-2020
    • UTSA Limited Submission for the NSF Major Research Instrumentation (MRI), 2018
    • UTSA Limited Submission for Johnson & Johnson Scholars Program, 2018
    • DHS Scientific Leadership Awards at Minority Serving Institutions, 2016

  • External Cybersecurity Curriculum Reviewer:
    • Chair, External Curriculum Reviewer Team, Master of Science (MS) in Cybersecurity Engineering, University of New Hampshire, 2019
    • External Reviewer, NSA National Cybersecurity Curriculum (NCCP) Program - Two courses on the Cybersecurity of Industrial Control Systems, 2018

  • Panel Moderator and Panelist:
    • Panelist, "Infrastructure Cybersecurity: Industry, Government, and Academia Viewpoints", University of New Orleans Engineering Forum, and Southeast Symposium on Contemporary Engineering Topics (SSCET), New Orleans LA, Sept 2017
    • Moderator, a panel on "SCADA System Security: Challenges and Future Directions", Annual Computer Security Applications Conference (ACSAC), New Orleans LA, Dec 2014