Research Interests

• Language-Based Security
• Web and Mobile Security
• Differential Privacy
• Software Vulnerability Testing
• Formal Methods for Information Security

Education

• Amirkabir University of Technology (Tehran Polytechnic) - PhD Candidate, Software - Sep 2018, Feb 2024 - GPA: 17.86 / 20
  • Supervisor: Mehran S. Fallah
  
  
• Amirkabir University of Technology (Tehran Polytechnic) - MSc, Information Security - Sep 2015, Jan 2018 - GPA: 17.31 / 20
  • Supervisor: Babak Sadeghiyan
  
  
• Amirkabir University of Technology (Tehran Polytechnic) - BSc, Software - Sep 2011, Sep 2015 - GPA: 17.36 / 20
  • Supervisor: Babak Sadeghiyan
  
  

Research Experiences

• Differential Privacy in Personalized Web Search- PhD Thesis Proposal, Formal Security Lab- (Sep 2018-Feb 2024)
  

  Many internet applications personalize their services to the interests of users. They indeed process the natural language words in the log of interactions of a user with the application and extract a user profile that in some way represents the concepts the user is interested in. The user profile, however, may naturally reflect the private interests of the user. Hence, the users urge the applications to preserve their privacy, even though they are interested in the personalization services as far as possible. To formulate such requirements, we work on a novel notion of privacy that is built on the differential privacy notion.



• Concolic Execution for Detecting Injection Vulnerabilities in Mobile Apps- MSc Thesis, Data Security Lab- (Nov 2015 – Jan 2018)
  

  We present a method for detecting injection vulnerabilities in Android Apps with Concolic Execution and taint analysis. With static analysis, we extract desirable paths for detection analysis. With the idea of using Mock classes, we alleviate event-driven and path explosion challenges due to the Android framework. For the evaluation of our tool, we use ten self-designed and 140 F-Droid repository Apps. The overall result shows that 11 Apps are vulnerable to SQL injection.



• Design and Implementation of Extensible Software in Order to Retrieve Deleted Information from Smart Phones - BSc Project, Data Security Lab- (Mar 2015 - Sep 2015)
  

  In this work, we implement a tool for mobile forensics. With this tool, deleted information on sensitive mobile apps such as SMS, Emails, Browser bookmarks, and histories are retrieved. Additionally, our software supports deleted photos and files on internal storage. The primary approach of this work is three different methods of extracting deleted records from SQLite.

Publications

• E. Edalat, M. Fallah "Differential Privacy with Semantic Neighboring: A Notion of Privacy for Personalization Services", techrxiv preprint techrxiv.173738347.74509154, 2025. [link]
• E. Edalat "Differential Privacy in Personalized Web Search", PhD Thesis Proposal, 2021 (In Persian). [link]
• E. Edalat, B. Sadeghiyan, F. Ghassemi "ConsiDroid: A Concolic-Based Tool for Detecting SQL Injection Vulnerability in Android Apps", arXiv preprint arXiv:1811.10448, 2018. [link]
• E. Edalat, B. Sadeghiyan, "Concolic Execution for Detecting Injection Vulnerabilities in Mobile Apps", MSc Thesis, 2018 (In Persian). [link]
• E. Edalat, M. Aghvamipanah, B. Sadeghiyan "Guided Concolic Execution of Android Apps for Automatic Generation of Test Inputs", International Conference on Electrical Engineering (ICEE), 2018 (In Persian). [link]
• E. Edalat, B. Sadeghiyan "Concolic Execution for Detecting SQL Injection Vulnerability in Android Apps", Computer Society of Iran Computer Conference (CSICC), 2018 (In Persian). [link]
• E. Edalat, B. Sadeghiyan, "Design and Implementation of Extensible Software in Order to Retrieve Deleted Information from Smart Phones", ‌‌BSc Thesis, 2015 (In Persian). [link]

White Papers

• E. Edalat, "What are Audit Logs in Android OS", Mahsan, 2023 (In Persian).
• E. Edalat, "How to Preserve User's Privacy in Enterprise Mobile Management (EMM)?", Mahsan, 2023 (In Persian).
• E. Edalat, "Survey: Security and Privacy Features Implemented in Android 14", Mahsan, 2023 (In Persian).
• E. Edalat, "What is the Zero Trust Paradigm and How to Implement it in a Network?", Mahsan, 2023 (In Persian).
• E. Edalat, "Survey: Security and Privacy Features Implemented in Android 13", Mahsan, 2022 (In Persian).
• E. Edalat, "How Users' Data are Being Theft in Android Cell Phones?", Mahsan, 2022 (In Persian).
• E. Edalat, "Google Play Services: Features and Threats", Mahsan, 2021 (In Persian).
• E. Edalat, "Designing End-to-End Encryption Protocols for Messaging Including Text, Voice, and Video Calls.", Mahsan, 2020 (In Persian).
• E. Edalat, "Secure Cell Phone: Threats and Solutions", Mahsan, 2020 (In Persian).

Work Experiences

• Naad, Aug 2024 - now
  • Security team lead in different security fields (such as Network Security, Blue team operations, and OT Security).
  
  
• Mahsan, Aug 2020 - Sep 2024
  • Security team lead in different security fields. (such as Red team and Blue team operations, Pentest, Fuzzing, and R&D projects)
  • My experiences are outlined below, but they are not limited to these items

    • Supervising Projects:
      1. Software Fuzzing
      2. Mobile and Web Pentests
      3. SOC:
      1. MITRE ATT&CK Framework
      2. Incident and Response Procedures
      3. Security appliances (such as Vulnerability management tool, IDS/IPS, Mail security and Password management)
    • Researching to find solutions to:
      1. Make secure a network architecture of a production
      2. Make anonymous communication between two parties.
    • Familiar with:
      1. Security standards as NIST 800-53, CIS security hardening guides, Cisco SAFE
      2. Security Protection Profiles, NIAP, Mobile Device fundamentals for example
      3. Secure Software Development Lifecycle (SSDLC)
      4. System Security (Secure boot, TPM, Full Disk Encryption)
    • Talks:
      Introduction to Fuzzing
  • Show More
  
  
• Vice-Presidency for Science and Technology, Nov 2020 - Jan 2022
  • Security Consultant and Examiner
  
  
• Kolah Sefid (Bug Bounty Platform), Jan 2018 - Oct 2019
  • Chief Technical Officer (CTO), Technical Referee (Web Application Security), and Consultant
  
  
• Kahkeshan Moshaver, Jun 2018 - Jul 2019
  • Security Consultant and Provider of Security Protection Profiles
  
  
• AUT CERT Lab, May 2014 - Oct 2019
  • Web Application Security Penetration Tester, Forensics, Software Developer and Instructor
  
  
• Idea Pardazan (6thsoloution), Summer 2015
  • Android Developer
  
  
• Rayan Pardazan Nikro Emertat (RAPNA), Summer 2014
  • Software Engineer and Web Developer (PHP server-side for an Android application) - Summer Internship
  
  

Teaching Experiences

As Course Responsible and Lecturer:

• Advanced Programming: Fall 2021, Spring 2021, Fall 2020, Spring 2020, Fall 2019
  
  

As Lab Instructor:

• Advanced Programming Lab, Spring 2018
  
  
• Principles of Programming Lab, Fall 2017
  
  
• Computer Lab, Fall 2016
  
  

As Teaching Assistant:

• Design and Principles of Databases, Under supervision of Saeedeh Momtazi, Spring 2016
  
  
• Design and Principles of Databases, Under supervision of Maryam AmirHaeiri, Fall 2015, 2016
  
  
• Computer Networks I, Under the supervision of Babak Sadeghiyan, Spring 2017
  
  
• Design and Principles of Compilers, Under the supervision of MohammadReza Razzazi, Spring 2015
  
  
• Computer Networks II, Under the supervision of Masoud Sabaei, Spring 2015
  
  
• Internet Engineering, Under the supervision of Bahador Bakhshi, Fall 2014
  
  
• Advanced Programming, Under the supervision of Bahman Pourvatan, Spring 2014
  
  
• Data Structures, Under the supervision of Mehdi Dehghan Takht Fooladi, Fall 2013
  
  

Talks and Workshops

• "Secure Architecture of OT Networks" in SepehrAmn, Feb 2025.
  
  
• "Are Your Smartphone Location Data being Theft?" in GradTalks, Computer Engineering, Amirkabir University of Technology, Dec 2021.
  
  
• "What is the Academic Research?" in VisionUp, Computer Engineering, Amirkabir University of Technology, Dec 2021.
  
  
• "How to Read a Paper?" in GradTalks, Computer Engineering, Amirkabir University of Technology, Jun 2020.
  
  
• Workshop Instructor of AUT Linux Festival (Penetration testing with Kali Linux), Computer Engineering, Amirkabir University of Technology, Feb 2020.
  
  
• "Arms Race in Cyber Security: Vulnerabilities in Operating Systems" in Information Security Talks, Computer Engineering, Amirkabir University of Technology, May 2019.
  
  
• "Arms Race in Cyber Security: Social Engineering and Steal Information" in Information Security Talks, Computer Engineering, Amirkabir University of Technology, Jun 2019.
  
  
• Founder and Coordinator of Information Security Talks, Computer Engineering, Amirkabir University of Technology, Feb. 2019.
  
  
• "Concolic Execution in Software Testing" in GradTalks, Computer Engineering, Amirkabir University of Technology, Feb 2017.
  
  

Honors

• Offered for Direct Admission to graduate school (PhD) in Computer Engineering - Software, from two top universities of Iran, University of Tehran and Amirkabir University of Technology, without taking the Nationwide University Entrance Exam for PhD as a reward of academic records and achievements, Tehran, Iran, 2018.
  
  
• Announced as the Outstanding Student and Achieved 2st place among 2015- entries in Information Security major, Amirkabir University of Technology, Tehran, Iran, 2016 and 2017.
  
  
• Admitted to Tarbiat-Modares University and Achieved 49th place among all applicants of the Nationwide University Entrance Exam for MSc in Information Technology (Approximately 30000 applicants), Iran, 2015.
  
  
• Member of Formal Security Lab, Computer Engineering, Amirkabir University of Technology, Tehran, Iran, Sep 2018 - now.
  
  
• Member of Data Security Lab, Computer Engineering, Amirkabir University of Technology, Tehran, Iran, March 2015 - Sep 2018.
  
  
• Qualified for Direct Admission to graduate school (MSc) of Computer Engineering, Amirkabir University of Technology, without taking the Nationwide University Entrance Exam for MSc as a reward of academic records and achievements, Tehran, Iran, 2014.
  
  
• Achieved 18th place among about 100 undergraduate students (8th place in Software Eng. Major) in Computer Engineering, Amirkabir University of Technology, Tehran, Iran, 2013.
  
  
• Achieved top 2% place among all applicants of the Nationwide University Entrance Exam for BSc in Math. and Engineering (Approximately 260000 applicants), Iran, 2011.
  
  
• Achieved top 1.5% place among all applicants of the Nationwide University Entrance Exam for BSc in Foreign Languages - English (Approximately 108000 applicants), Iran, 2011.
  
  

Technical Skills

• Programming Languages:
  • Java, Python, C/C++, C#, PHP, ML, OCaml, Haskell
  
  
• Penetration Testing Tools:
  • Nessus, MetaSploit, BurpSuit, NetSparker, Accunetix, and SQLMap
  
  
• Blue Team Tools:
  • Splunk Enterprise, Splunk ES, Wazuh, and Suricata
  
  
• Database Systems:
  • MySQL, MongoDB, MSSQL
  
  
• Web Development:
  • HTML, CSS, JavaScript, PHP, Yii, J2EE
  
  
• Operating System:
  • Windows, Linux (Ubuntu and Kali)
  
  
• Others:
  • Symbolic Path Finder (SPF), Soot, MaudePSL, SELinux MS Threat Modeling Tool, and PREfast
  
  

Courses

PhD

• Introduction to Design Patterns, 19.25/20
• Program Analysis, 18/20
• Advanced Programming Languages, 17.5/20
• Advanced Software Engineering, 16.7/20

MSc

• Seminar, 20/20
• Formal Models and Information Security, 18/20
• Software Systems Security, 17.5/20
• Security Protocols, 17/20
• Information Security S.C., 16.5/20
• Database Security, 16/20
• Networks Security, 16/20
• Applied Cryptography, 16/20
• Secure Computer Systems, 14.85/20

References

• Ahmad Boorghany, PhD
  Security Services Department, Naad
  Email: boorghany@ce.sharif.edu
  
  
• Hossein Nikoonia, PhD
  System Security Department, Mahsan
  Email: nikoonia@mahsan.co
  
  
• Mehran S. Fallah, Associate Professor
  Computer Engineering, Amirkabir University of Technology
  Email: msfallah@aut.ac.ir
  
  
• Babak Sadeghiyan, Associate Professor
  Computer Engineering, Amirkabir University of Technology
  Email: basadegh@aut.ac.ir