Back to home page of Munawar




List  of Publications





At Conferences and Workshops

[W5]  Munawar Hafiz, Jeffrey Overbey, Farnaz Behrang and Jillian Hall. OpenRefactory/C: An Infrastructure for Building Correct and Complex C Transformations. 6th Workshop on Refactoring Tools, Co-located with OOPSLA 2013. Indianapolis, Indiana, Oct 2013.

[C14]  Milos Gligoric, Farnaz Behrang, Jeffrey Overbey, Munawar Hafiz and Darko Marinov. Systematic Testing of Refactoring Engines on Real Software Projects. Proceedings of the European Conference on Object Oriented Programming, ECOOP 2013, Montpellier, France, July 2013. (link) [Acceptance Rate: 29/116 (25%)]

[C13]  Zack Coker and Munawar Hafiz. Program Transformations to fix C Integers. Proceedings of the 35th International Conference on Software Engineering, ICSE 2013, San Francisco, CA, May 2013. (link) [Acceptance Rate: 85/461 (18.5%)]

[C12]  Chen Liu, Jinqiu Yang, Lin Tan and Munawar Hafiz. R2Fix: Automatically Generating Bug Fixes from Bug Reports. Proceedings of the Sixth IEEE International Conference on Software Testing, Verification and Validation (ICST 2013), Luxembourg, March 2013. (link) [Acceptance Rate: 38/152 (25%)]

[C11]  Munawar Hafiz, Paul Adamczyk and Ralph Johnson. Growing a Pattern Language (for Security). Proceedings of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012,  Tucson, Arizona, Oct 2012. (link) [Acceptance Rate: 11/43 (26%)]

[C10]  Munawar Hafiz, Paul Adamczyk and Ralph Johnson. Patterns Transform Architectures. Proceedings of the 9th Working IEEE/IFIP Conference on Software Architecture, WICSA 2011, Boulder, CO, Jun 2011. (link) [Acceptance Rate: 33/71 (46%)]

[C9]  Paul Adamczyk and Munawar Hafiz. The Tower of Babel Did Not Fail. Proceedings of the 25th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2010, Reno, NV, Oct 2010. (link) [Acceptance Rate: 3/14 (21%)]

[C8]  Karthick Jayaraman, Gregg Lewandowski, Paul Talaga, Steve Chapin and Munawar Hafiz.  Modeling User Interactions for Fun (And Profit): Preventing Web Request Forgery Attacks in Web Applications. Proceedings of the 16th Pattern Languages of Programs, PLoP 2009, Chicago, IL, Sep 2009. (link)

[W4]  Munawar Hafiz and Ralph Johnson. Improving Perimeter Security with Security-oriented Program Transformations. Proceedings of the 5th International Workshop on Software Engineering for Secure Systems, SESS 2009, Vancouver, Canada, May 2009. (link

[C7]   Munawar Hafiz, Paul Adamczyk and Ralph Johnson. Systematically Eradicating  Data Injection Attacks using Security-oriented Program Transformations. Proceedings of the Symposium on Engineering Secure Software and Systems, ESSoS 2009, Leuven, Belgium, Feb 2009. (link) [Acceptance Rate: 9/52 (17%)]

[W3]  Munawar Hafiz  and Ralph Johnson. A Security-oriented Program Transformation to "add on" policies to prevent injection attacks. 2nd Workshop on Refactoring Tools, Co-located with OOPSLA 2008. Nashville, Tennessee, Oct 2008. (link)

[C6]  Paul Adamczyk, Federico Balaguer, Munawar Hafiz and Craig Robinson. Network Congestion Control at the Application LayerProceedings of the 14th Pattern Language of Programs, PLoP 2007, Allerton, Illinois, Sep 2007. (link)

[C5]  Raja Afandi, Jianqing Zhang, Munawar Hafiz  and Carl Gunter. AMPol: Adaptive Messaging Policy. Proceedings of the 4th IEEE European Conference on Web Services, ECOWS 2006, Zurich, Switzerland, Dec 2006. (link) [Acceptance Rate: 24/115 (20%)]

[C4]  Munawar Hafiz. A Collection of Privacy Design Patterns. Proceedings of the 13th Pattern Language of Programs, PLoP 2006, Portland, Oregon, Oct 2006. (link)

[W2]  Raja Afandi, Jianqing Zhang, Munawar Hafiz  and Carl Gunter. AMPol: Adaptive Messaging Policy. IEEE Workshop on Web Services Security, held in conjunction with the 2006 IEEE Symposium on Security and Privacy, S&P 2006, Oakland, California, May 2006. (link)

[W1]  Zahid Anwar, William Yurcick, Ralph Johnson, Munawar Hafiz and Roy Campbell. Multiple Design Patterns for Voice over IP (VoIP) Security. Workshop on Information Assurance (WIA), held in conjunction with the 25th IEEE International Perfomance Computing and Communications Conference, IPCCC 2006, Phoenix, Arizona, Apr 2006. (link)

[C3]   Munawar Hafiz. Secure Pre-forking: A pattern for security and performance. Proceedings of the 12th Pattern Language of Programs, PLoP 2005, Allerton, Illinois, Sep 2005. (link)

[C2]  Munawar Hafiz. Unique atomic chunks: A pattern for security and reliability. Proceedings of the 11th Pattern Language of Programs, PLoP 2004, Allerton, Illinois, Sep 2004. (link)

[C1]  Munawar Hafiz, Ralph Johnson and Raja Afandi. Security Architecture of qmail. Proceedings of the 11th Pattern Language of Programs, PLoP 2004, Allerton, Illinois, Sep 2004. (link)




Journal Articles

[J3]  Munawar Hafiz. A Pattern Language for Developing Privacy Enhancing Technologies. To be published in Software---Practice and Experience. (link)

[J2]  Munawar Hafiz and Ralph Johnson. Evolution of Mail Transfer Agent architecture: The impact of security. Software---Practice and Experience, 38(15): 1569-1599, Dec 2008. (link)

[J1]  Munawar Hafiz and Ralph Johnson. Organizing Security Patterns. IEEE Software Special Issue on Software Patterns, 24(4), pp. 52-60, Jul/Aug 2007. (link)




Books and Book Chapters

[Chap1]  Paul Adamczyk, P. Smith, Ralph Johnson and Munawar Hafiz. REST and Web Services: In Theory and In Practice. Book Chapter in REST: From Research to Practice, Springer, 2011. (link)

[Book1]  Munawar Hafiz, Mohammad Sohel Rahman, Mohammad Saifur Rahman, Mohammed Eunus Ali and M Kaykobad. System Analysis and Design: A Practitioner's Approach. University Grants Commission, Bangladesh, 2004.



Tutorial Presentations

[T3]  Munawar Hafiz. Security: Philosophy, Patterns and Practices. Tutorial 16 in the 23rd Object-oriented Programming, Systems, Languages and Applications, OOPSLA 2008, Nashville, Tennessee, Oct 2008.

[T2]  Munawar Hafiz. Security Patterns and Secure Software Architecture. Tutorial 14 in the 22nd Object-oriented Programming, Systems, Languages and Applications, OOPSLA 2007, Montreal, Canada, Oct 2007.

[T1]  Munawar Hafiz. Security Patterns and Secure Software Architecture. Tutorial 51 in the 21st Object-oriented Programming, Systems, Languages and Applications, OOPSLA 2006, Portland, Oregon, Oct 2006.




Formal Demonstrations

[D2]  Munawar Hafiz and Jeffrey Overbey. OpenRefactory/C: An infrastructure for developing program transformations for C programs. Companion of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012,  Tucson, Arizona, Oct 2012. (link)

[D1]  Munawar Hafiz. An 'Explicit Type Enforcement' program transformation tool for preventing integer vulnerabilities. Companion of the 26th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2011,  Portland, Oregon, Oct 2012. (link)




Posters

[P8]  Munawar Hafiz and Paul Adamczyk. The nature of order:  From security patterns to a pattern language. Companion of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012,  Tucson, Arizona, Oct 2012. (link)

[P7]  Sharath Gude. JavaScript: The used parts. 2012 SPLASH ACM Student Research Competition.  Companion of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012,  Tucson, Arizona, Oct 2012. (link)

[P6]  Zack Coker. Security-oriented program transformations to cure integer overflow vulnerabilities. 2012 SPLASH ACM Student Research Competition. Companion of the 27th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2012,  Tucson, Arizona, Oct 2012. (link)

[P5]  Zack Coker and Munawar Hafiz. Program transformations to remove integer-handling vulnerabilities in C programs.  Auburn University Research Week. Auburn, AL, USA, Apr 2012.  (link)

[P4]  Munawar Hafiz. Security-oriented program transformations (Or how to add security on demand).  Companion of the 23rd Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2008,  San Diego, California, Oct 2008.  (link)

[P3]  Munawar Hafiz and Ralph Johnson.  Program transformation to 'add on' protection against buffer overflow attacks.  4th ITI Workshop on Dependability and Security, Urbana, Illinois, Nov 2007. (link)

[P2]  Paul Adamczyk, Munawar Hafiz and Ralph Johnson. HTTP methods for Web services. Poster at the 4th IEEE European Conference on Web Services, ECOWS 2006, Zurich, Switzerland, Dec 2006. (link)

[P1]  Munawar Hafiz. Security patterns and evolution of MTA architecture. Companion of the 20th Object-Oriented Programming, Systems, Languages and Applications, OOPSLA 2005, San Diego, California, Oct 2005. (link)




Technical Reports

[TR3]  Munawar Hafiz, Paul Adamczyk and Ralph Johnson. A Catalog of Security-oriented Program Transformations. Report No. UIUCDCS-R-2009-3031, Feb 2009.

[TR2]  Paul Adamczyk, Munawar Hafiz and Ralph Johnson. Non-compliant and Proud: A case study of HTTP compliance. Report No. UIUCDCS-R-2008-2935, Jan 2008. (link)

[TR1]  Munawar Hafiz and Ralph Johnson. Security patterns and their classification schemes. Technical Report for Microsoft's Patterns and Practices Group, Sep 2006. (link)




PhD Thesis

[Th1]  Munawar Hafiz. Security On Demand. Department of Computer Science, University of Illinois. Urbana, Illinois, Dec 2010. (link)




Masters Thesis

[Th1]  Munawar Hafiz. Security Architecture of Mail Transfer Agents. Department of Computer Science, University of Illinois, Urbana, Illinois, May 2005. (link)
 

 

Last modified: Sep 30, 2013

Conceived and Maintained by: Munawar Hafiz