M.Hassan Nadeem

Software Engineer

About Me

Not looking for external opportunities at the moment!

Hi, my name’s Muhammad Hassan Nadeem. I prefer to go by Hassan. I’m a software and hardware engineer. I have designed various products from ground up - all the way from pcb layouts to writing code. I have worked at a number of companies gaining teamwork and leadership skills.

I write clean and secure code.

I am most skilled in: Python and C. At my current job, I deal with Python, Typescript, React and Deployment/Maintenance.

Experience

Bloomberg L.P.

Software Engineer

July 2019 - Present

https://bloomberg.com

Worked in a team as a full stack engineer to support Bloomberg Enterprise Access Point, data.bloomberg.com. Serves >2M API requests/day.

  • Built multiple backend RestAPI micro-services using Python, Flask, FastApi, Gunicorn, Apache Solr and Apache Kafka.
  • Created UI components using node, Express, TypeScript and React.
  • Designed REST APIs following OpenAPI specification.
  • Containerized various repositories using Docker.
  • Implemented CI/CD workflows on Jenkins for testing, packaging and deployment of various packages.
  • Spearheaded the delivery of various features from technical design, development, deployment to maintenance.
  • Used locust.io to benchmark and stress our services before major release.

Virginia Tech

Research Assistant - Systems Software Research Group (SSRG)

August 2017 - May 2019

https://ssrg.ece.vt.edu/

Worked on computer security under the supervision of a now Assistant Professor Ruslan Nikolaev in a group led Professor Binoy Ravindran, this work resulted in a publication in ASPLOS 2022.

  • Improved OS security by implementing Linux Kernel Module continuous address space re-randomization to defend against Just-In-Time ROP attacks.
  • Added support to compile and load Linux Drivers as position independent code, extending KASLR to 64 bits.
  • Implemented lockfree, high performance algorithm for stack and code re-randomizaton.
  • Experiments with ethernet driver re-randomized at 1ms period resulted in negligible impact on CPU utilization and network throughput.

Siemens (Mentor Graphics)

Software Engineer

August 2016 - June 2017

https://siemens.com

Worked as a contractorin a team led by Ahmed Majeed.

  • Worked in a team to implement features and maintain AUTOSAR OS for automotive ECUs.
  • Responsible for maintaining AUTOSAR OS port on ARM Cortex processors.

Viaesys

Software Engineer

May 2015 - July 2016

https://viaesys.com/

Worked independently to design and code a hardware gadget for GPS Tracking, Salt Tracking and Field Crew Management for North American municipal industry. These devices are operational on the field today.

  • Developed firmware for ARM® Cortex® M4 μProcessor with fixed-priority preemptive scheduling (pre-prod) featuring support for file system and over the air updates.
  • Wrote drivers to interface with various sensors over a variety of communication protocols.
  • Wrote simulators to simulate various sensors and developed a hardware testing setup for quality assurance of our products.
  • Developed Python based framework to build, package and deliver over the air updates via TFTP.
  • Designed multi-layered PCBs. Including circuit design, component selection, schematic design and PCB layout.

LUMS

Teaching Assistant

Fall, Spring 2014-2015

https://lums.edu.pk/

Introduction to programming in C++, Microcontrollers and Interfacing

  • Worked under the supervision of Prof. Jahangir Ikram (Jikram) to design development boards that were used in lab exercises and course projects (~150 pupils).
  • Updated Lab Manuals, delivered lab lectures, evaluated students’ lab performance and supervised their course projects.
  • Designed and graded assignments and quizzes.

Education

Virginia Tech

M.S. Computer Science

August 2017 - May 2019

Got degree in Computer Science but did my thesis with the Computer Engineering Department. I was also employed part-time as a research assistant.

Courses: Linux Kernel Programming, Computer Architecture, Multiprocessor Programming, Systems Security, Data Analytics, Info Visualization, Urban Computing

LUMS

B.S. Electrical Engineering

August 2011 - May 2015

In my senior year I was employed part-time as a teaching assistant. I also assumed various positions as an unpaid research assistant.

Courses: Microcontrollers and Interfacing, Embedded Systems, Computer Networks, Data Structures, Advanced Programming

Projects

pigeon (minimal twitter clone)

github::MHassanNadeem::pigeon

Write a minimal twitter clone to demonstrate various web attacks and their defenses.

  • HTML injection.
  • SQL injection.
  • Cross Site Scripting (XSS).
  • Cross Site Request Forgery (CSRF).
  • XSS Worm.
  • Sammy Worm.

Parrot AR Drone was programmed to follow a marker using computer vision.

  • Cross-compiled OpenCV for drone’s ARM processor.
  • Drone’s video feed was captured from TCP port and decoded using FFMPEG libraries for OpenCV.
  • Multithreaded application was written to process the video feed and control the drone using PID loops.

Digital Logic Circuit Simulator written in Java using swing toolkit, as a course project for Advanced Programming CS:300 Spring 2012-13, a course I look in my 2nd year of B.S. at LUMS.

  • Used Swing toolkit to design and code Digital Logic Circuit Simulator in Java.
  • Implemented Logic Gates such as AND, OR, XOR and NOR.
  • Implemented debugging tools such as Logic Stage and Logic Probe.
  • Implemented Digital ICs such as Counter and 7 segment Display Unit.
  • Implemented ability to save and load designs to file system.

Handcarfted a line follower robot as a course project for Digital Circuit Design, a course I look in my 2nd year of B.S. at LUMS.

  • Recycled an old ice-cream box into a line following robot.
  • Machined components to connect motors with toy wheels.
  • Used basic hardware logic gates and photodiodes to program the robot to follow a black line.

Recreated one of my favourite childhood game in Java, for an assignment for Advanced Programming CS:300 Spring 2012-13, a course I look in my 2nd year of B.S. at LUMS.

  • Used Swing toolkit to design and code bomberman game in Java.

Publications

Adelie: Continuous Address Space Layout Re-randomization for Linux Drivers

27th edition of the ASPLOS

2nd Author

dl.acm.org

While address space layout randomization (ASLR) has been extensively studied for user-space programs, the corresponding OS kernel’s KASLR support remains very limited, making the kernel vulnerable to just-in-time (JIT) return-oriented programming (ROP) attacks. Furthermore, commodity OSs such as Linux restrict their KASLR range to 32 bits due to architectural constraints (e.g., x86-64 only supports 32-bit immediate operands for most instructions), which makes them vulnerable to even unsophisticated brute-force ROP attacks due to low entropy. Most in-kernel pointers remain static, exacerbating the problem when pointers are leaked.

Adelie, our kernel defense mechanism, overcomes KASLR limitations, increases KASLR entropy, and makes successful ROP attacks on the Linux kernel much harder to achieve. First, Adelie enables the position-independent code (PIC) model so that the kernel and its modules can be placed anywhere in the 64-bit virtual address space, at any distance apart from each other. Second, Adelie implements stack re-randomization and address encryption on modules. Finally, Adelie enables efficient continuous KASLR for modules by using the PIC model to make it (almost) impossible to inject ROP gadgets through these modules regardless of gadget’s origin.

Linux Kernel Module Continuous Address Space Re-Randomization

Virginia Tech Electronic Theses and Dissertations

Masters Thesis

vt.edu

Address space layout randomization (ASLR) is a technique employed to prevent exploitation of memory corruption vulnerabilities in user-space programs. While this technique is widely studied, its kernel space counterpart known as kernel address space layout randomization (KASLR) has received less attention in the research community. KASLR, as it is implemented today is limited in entropy of randomization. Specifically, the kernel image and its modules can only be randomized within a narrow 1GB range. Moreover, KASLR does not protect against memory disclosure vulnerabilities, the presence of which reduces or completely eliminates the benefits of KASLR.

In this thesis, we make two major contributions. First, we add support for position-independent kernel modules to Linux so that the modules can be placed anywhere in the 64-bit virtual address space and at any distance apart from each other. Second, we enable continuous KASLR re-randomization for Linux kernel modules by leveraging the position-independent model. Both contributions increase the entropy and reduce the chance of successful ROP attacks. Since prior art tackles only user-space programs, we also solve a number of challenges unique to the kernel code.

Our experimental evaluation shows that the overhead of position-independent code is very low. Likewise, the cost of re-randomization is also small even at very high re-randomization frequencies.

Skills

  • Proficient in Python and C.
  • Experience in Javascript, Typescript, Java, Nginx, MATLAB, C++, Assembly Language, Linker Scripts, Makefile, Apache Solr, Apache Kafka, React, Docker, Jenkins, OpenAPI, Rest, Linux Kernel, Git, Hardware Communication Protocols, Debugging

A Little More About Me

Alongside my interests in software engineering and product development some of my other interests and hobbies are:

  • Watching Movies and TV shows. Friends, Seinfeld, Big Bang Theory, Inception, Dark Knight are amongst my favourites.
  • Table Tennis and Cricket
  • Blogging
  • I am also getting into hosting my own podcast