Behkish Nassirzadeh
PhD Candidate at the University of Waterloo
Toronto and Waterloo, ON, Canada
bnassirz@uwaterloo.ca
Main Topics & Areas of Interest
Applications of Blockchain
Computer Security
Cryptography
Machine Learning and AI
Program Analysis
Embeded Systems
Languages
English
Farsi (Persian)
Turkish
Favorite Quotes
“Be your own hero, it’s cheaper than a movie ticket.”
— Douglas Horton
"If you don’t build your dream someone will hire you to help build theirs."
– Tony Gaskins
"Everything will be okay in the end. If it's not okay, it's not the end"
– John Lennon
Related Courses
ECE 650 - Methods and Tools for Software Engineering
Fall 2022
Instructor: Prof. Ganesh
MSCI 752 - Behavioural Decision-making
Spring 2022
Instructor: Prof. Onay
MSCI 607 - Applied Economics for Management
Spring 2022
Instructor: Dr. Tanehkar
ECE 750 - Computer-aided Reasoning
Fall 2021
Instructor: Prof. Ganesh
ECE 657A - Data and Knowledge Modeling and Analysis
Spring 2020
Instructor: Dr. Amar
ECE 653 - Testing, Quality Assurance, and Maintenance
Spring 2020
Instructor: Prof. Ganesh
ECE 720 - Cryptographic Computations
Winter 2020
Instructor: Prof. Hasan
ECE 606 - Algorithms
Fall 2019
Instructor: Prof. Tripunitara
ECE 652 - Safety-critical Embedded Software
Spring 2019
Instructor: Prof. Fischmeister
ECE 657 - Tools of Intelligent System Design
Spring 2019
Instructor: Dr. Amar
About Me
My name is Behkish. I am a PhD Candidate in Computer Engineering at the University of Waterloo under the supervision of Professor Vijay Ganesh and Professor Anwar Hasan. My research focuses on the applications and security of blockchain.
I'm designing and implementing different methods in various areas of Blockchain including security vulnerabilities of Smart Contracts, and Decentralized Oracles using techniques like runtime analysis, whitebox fuzzing, optimized binary search, and game theory. I've also recently started researching applications of AI and the intersection of Large Language Models (LLM) and Blockchain security. In this research, we use LLMs to generate code that helps us test and verify the security of smart contracts.I have over 6 years of experience working in different computer software fields, including Graduate Student Researcher, Sessional Lecturer, Project Lead Developer, Full-stack Software Developer, Web Admin, and Information Security Coordinator.
I received an MASc in Computer Engineering and a BASc in Electrical and Computer Engineering with distinction from the University of Waterloo. You can use my LinkedIn or my email to contact me.
Research
The Intersection of LLMs and Blockchain Security
Aug 2023 - Current
Advisers: Prof. Vijay Ganesh and Prof. Anwar Hasan
Static analysis tools are particularly popular because of their scalability, ease of use, and the wide variety of vulnerabilities they can detect. However, a noticeable limitation of static analysis methods is their high rate of false positives. On the other hand, fuzzing techniques generate no false positives, but are incomplete and may require considerable amount of tedious manual work. Hence, many smart contract auditors prefer to use static analysis tools to zero-in on (i.e., localize) potential vulnerabilities and then follow that up with manual analysis or write some code to fuzz the potentially vulnerable code. Although this approach saves many man-hours compared to auditing the contract manually, it still requires a lot of manual work. Our tool is an LLM that takes as input a smart contract and the report generated by a static analysis tool and generates a contract that can be fed to a fuzzer to verify the results of the static analysis tool. This way, we can generate a fully automated system by connecting static analysis and fuzzing and eliminating manual work.
Middleman Verification Problem
May 2019 - Current
Advisers: Prof. Vijay Ganesh and Prof. Anwar Hasan
A middleman is an agent, or company intermediate between the producer of goods and the retailer or consumer. Middlemen are an important part of the transactions in many fields such as the automotive industry, film industry, and online advertisement. Online advertisement is a billion-dollar industry that has many potentials and challenges. One of the greatest challenges of online advertisement is transparent accounting. This research is on implementing a reliable and intelligent platform to test the fairness and honesty of the middleman. The main focus of the research is on online advertisement. Decentralized oracles and APIs, Game theory, dand distributed systems are the main parts of this research.
Understanding CBDCs
Jan 2022 - Dec 2022
Adviser: Prof. Vijay Ganesh
Over the last few years the Governments of Canada and USA have taken great interest in the concept of Central Bank Digital Currencies (CBDCs) and are exploring the possibility of issuing them for use by the general public. This raises profound questions for society as a whole, such as, can we provide a secure, safe, and privacy-protecting architecture for CBDCs, can we make CBDCs programmable, how will CBDCs co-exist with current paper money and how do CBDCs fundamentally transform the nature of money itself? The focus of this project is to explore these questions and provide meaningful definitions and an architecture for CBDCs and all that it entails.
Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities
Jan 2020 - May 2022
Adviser: Prof. Vijay Ganesh
A smart contract is an executable program that enables the building of a programmable trust mechanism between multiple entities without the need for a trusted third-party. It is an application of blockchain and is meant to store rules and agreements made by several parties, automatically detects when certain conditions have been met, and Self-execute an agreement based on the conditions they automatically detect. The focus of this research is to develop a tool that scans smart contracts to find potential blocks of code vulnerable to DoS with Gas Limit and suggest a repair. Loops are the main pattern of this vulnerability and hence the main target for this tool. This tool utilizes static analysis, white-box fuzzing, and run-time verification. A lot of optimization is used to make the tool extremely accurate and reasonably fast. An optimized binary search approach, Static analysis, and run-time verification are the main methods used in this research.
Education
University of Waterloo
2021 - Current (Expected 2024)
Doctor of Philosophy - PhD, Computer Engineering (Computer Software)
University of Waterloo
2019 - 2021
Master of Applied Science, Computer Engineering (Computer Software)
Thesis: Security Analysis Methods for Detection and Repair of DoS Vulnerabilities in Smart Contracts
University of Waterloo
2014 - 2019
Bachelor of Applied Science, Computer Engineering