Web Analytics

Mohammad M. Ahmadpanah

Information Security Researcher

Hi! I'm Mohammad#, a postdoctoral researcher in Information Security at KTH in Sweden, working with Musard Balliu. Before joining KTH in January 2025, I was a postdoctoral researcher at Chalmers, where I completed my PhD in August 2024 under the supervision of Andrei Sabelfeld and Daniel Hedin. Earlier in my academic journey, I spent eight years at Amirkabir (Tehran Polytechnic), where I earned my BSc in Software Engineering and MSc in Information Security, and began my doctoral studies, all under the supervision of Mehran S. Fallah. My research interests include:

  • Language-Based Security
  • Program Analysis
  • Information-Flow Security
  • Programming Languages

Email  |  CV  |  Scholar  |  dblp  |  LinkedIn

profile photo

Publications

  1. CodeX: Contextual Flow Tracking for Browser Extensions, CODASPY 2025
    Mohammad M. Ahmadpanah, Matías F. Gobbi, Daniel Hedin, Johannes Kinder, and Andrei Sabelfeld
    abstract | paper | full version | code | link
  2. Language-Based Security and Privacy in Web-driven Systems, PhD thesis 2024
    Supervisor: Andrei Sabelfeld, Co-supervisor: Daniel Hedin, Opponent: Deian Stefan, Examiner: David Sands, Grading committee: Benjamin Nguyen, Melek Önen, Simin Nadjm-Tehrani, and Magnus Almgren
    abstract | thesis | video | slides | link
  3. LazyTAP: On-Demand Data Minimization for Trigger-Action Applications, S&P 2023
    Mohammad M. Ahmadpanah, Daniel Hedin, and Andrei Sabelfeld
    abstract | paper | code | teaser | video | poster | link
  4. Securing Software in the Presence of Third-Party Modules, Licentiate thesis 2021
    Supervisor: Andrei Sabelfeld, Co-supervisor: Daniel Hedin, Opponent: Deian Stefan, Examiner: David Sands
    abstract | thesis | video | slides | link
  5. Securing Node-RED Applications, Protocols, Strands, and Logic 2021
    Mohammad M. Ahmadpanah, Musard Balliu, Daniel Hedin, Lars Eric Olsson, and Andrei Sabelfeld
    abstract | paper | proofs | video | link
  6. Nontransitive Policies Transpiled, EuroS&P 2021
    Mohammad M. Ahmadpanah, Aslan Askarov, and Andrei Sabelfeld
    abstract | paper | code | proofs | short talk | video | link
  7. SandTrap: Securing JavaScript-driven Trigger-Action Platforms, USENIX Security 2021
    Mohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, Lars Eric Olsson, and Andrei Sabelfeld
    abstract | paper | full version | code | video | poster | link
  8. Improving Multi-Execution-based Mechanisms for Enforcing Information Flow Policies, Master's thesis 2017
    Supervisor: Mehran S. Fallah, Opponents: Mehdi Shajari and Ramtin Khosravi (Grade: 20/20)
    abstract | thesis | slides | link
  9. Dynamic Enforcement of Security Hyperproperties: A Survey, Technical report 2016
    Supervisor: Mehran S. Fallah
    abstract | report | slides | link
  10. A Tool for Rewriting-Based Enforcement of Noninterference in While Programs, Bachelor's thesis 2015
    Supervisor: Mehran S. Fallah, Opponent: MohammadReza Razzazi (Grade: 20/20)
    abstract | thesis | code | slides | link

Professional Activities

Talks and Research Visits

Supervision

  • PhD co-supervision: SiKai Lu, KTH, January 2025 - present
    Differential Vulnerability Analysis on Programs
  • MSc co-supervision: Fredrik Gölman, KTH, January 2025 - present
    Improving Call Graph-based Javascript Application Vulnerability Scanning Through Taint Analysis
  • MSc supervision: Daniel Cronqvist and Saga Kortesaari, Chalmers, October 2022 - June 2023
    Securing Electronic Exam Environments
    thesis | link

Teaching

KTH

Chalmers

Amirkabir

  • Advanced Programming (Course Responsible)
    Spring 2018
  • Operating Systems Lab (Course Responsible)
    Spring 2016, Fall 2016
  • Computer Lab (Course Responsible)
    Fall 2016
  • Discrete Mathematics, by Mehran S. Fallah
    Spring 2014, Spring 2016, Spring 2017, Spring 2019
  • Discrete Mathematics, by Mostafa H. Chehreghani
    Spring 2019
  • Design of Programming Languages, by Mehran S. Fallah
    Fall 2014, Fall 2015, Fall 2016, Fall 2017, Fall 2018
  • Data Structures, by Mehdi Dehghan
    Fall 2013, Fall 2014, Fall 2016, Fall 2017
  • Principles of Compiler Design, by Mohammad Reza Razzazi
    Spring 2016, Fall 2016, Spring 2017
  • Advanced Programming, by Seyed Majid Noorhosseini
    Spring 2013, Spring 2014, Spring 2015
  • Computer Networks II, by Masoud Sabaei
    Spring 2015
  • Information Storage and Retrieval, by Ahmad NickAbadi
    Spring 2015
  • Software Engineering I, by Bahman Pourvatan
    Fall 2014
  • Computer Architecture, by Hamid Reza Zarandi
    Spring 2014

Honors

  • Member of the ShiftLeft and CHAINS projects, and the LangSec research group, KTH, January 2025 - present
  • Member of the ChalmersGU-KTH-Aarhus educational CTF organization team, Chalmers and KTH, 2021 - 2025
  • Recipient of the Adlerbert Foreign Student Hospitality Foundation Scholarship, 2021 - 2024
  • Awarded bug bounties for responsibly disclosing code injection and JavaScript sandbox breakout vulnerabilities on IFTTT, in collaboration with Daniel Hedin and Andrei Sabelfeld, 2020 and 2023
  • Member of the CyberSecIT project, Chalmers, September 2022 - January 2025
  • Fellow of the Student Activities Committee (2022-2023) and member of The Iranian Society of Engineering Education, since 2020
  • Member of The Iranian Association for Popularization of Science, since 2020
  • Member of the WebSec project and the Chalmers Security Lab, Chalmers, September 2019 - January 2025
  • Second place among PhD students of the Computer Engineering Department, Amirkabir, 2018 and 2019
  • Best Teaching Assistant and Lab Instructor of the department, Amirkabir, 2016, 2017 and 2019
  • Recognized as a Scientific Talent by the National Elites Foundation, Iran, 2018
  • Top 3% among all course responsibles, Amirkabir, Spring 2018
  • Youngest course responsible (at age 22), lab instructor (at age 20) and teaching assistant (at age 16), Amirkabir
  • Direct Admission to PhD studies, Amirkabir, 2017
  • First place among MSc students in Information Security, 2016 and 2017
  • Recipient of the Outstanding Graduate Student Scholarship, Amirkabir, 2016
  • Member of The Computer Society of Iran, since 2016
  • Direct Admission to MSc studies, Amirkabir, 2015
  • Admitted to Tarbiat-Modares University and achieved 43rd place in the Nationwide University Entrance Exam for MSc in Information Technology (30K applicants), Iran, 2015
  • Recognized as an active member of The Student Scientific Association of Computer Engineering Department (Announced as The Best Student Scientific Association of the university), Amirkabir, 2015
  • Elected as the most polite and most online student of the class of 2015, Computer Engineering Department, Amirkabir, 2015
  • Member of the Formal Security Lab, Amirkabir, September 2015 - September 2019
  • Member of the university team for the National Scientific Olympiad in Computer Engineering, Amirkabir, 2014
  • Top 2% ranking in the Nationwide University Entrance Exam in Math and Engineering (260K applicants), Iran, 2011
  • Top 1.5% ranking in the Nationwide University Entrance Exam in English (108K applicants), Iran, 2011
  • Skipped three grades of elementary school as an exceptional talent, 2002