V. N. Venkatakrishnan

Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, 2024

ReactAppScan: Mining React Application Vulnerabilities via Component Graph.

[BibT_eX]

[DOI]

Zhiyong Guo

Mingqing Kang

Yinzhi Cao

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

2023

Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability.

[BibT_eX]

[DOI]

Yinzhi Cao

Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

2022

Ostinato: Cross-host Attack Correlation Through Attack Activity Similarity Detection.

[BibT_eX]

[DOI]

Sutanu Kumar Ghosh

Kiavash Satvat

Proceedings of the Information Systems Security - 18th International Conference, 2022

2021

Extractor: Extracting Attack Behavior from Threat Reports.

[BibT_eX]

[DOI]

Kiavash Satvat

Proceedings of the IEEE European Symposium on Security and Privacy, 2021

2020

Remote Check Truncation Systems: Vulnerability Analysis and Countermeasures.

[BibT_eX]

[DOI]

Hafiz Malik

Rashid Ansari

Aun Irtaza

IEEE Access, 2020

2019

HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows.

[BibT_eX]

[DOI]

Sadegh Momeni Milajerdi

Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting.

[BibT_eX]

[DOI]

Sadegh M. Milajerdi

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018

NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications.

[BibT_eX]

[DOI]

Abeer Alhuzali

Proceedings of the 27th USENIX Security Symposium, 2018

ProPatrol: Attack Investigation via Extracted High-Level Tasks.

[BibT_eX]

[DOI]

Sadegh M. Milajerdi

Proceedings of the Information Systems Security - 14th International Conference, 2018

2017

SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data.

[BibT_eX]

[DOI]

Proceedings of the 26th USENIX Security Symposium, 2017

DynaMiner: Leveraging Offline Infection Analytics for On-the-Wire Malware Detection.

[BibT_eX]

[DOI]

Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2017

2016

Fast Memory-efficient Anomaly Detection in Streaming Heterogeneous Graphs.

[BibT_eX]

[DOI]

Emaad A. Manzoor

Sadegh Momeni

Leman Akoglu

CoRR, 2016

Attack Analysis Results for Adversarial Engagement 1 of the DARPA Transparent Computing Program.

[BibT_eX]

[DOI]

Junao Wang

CoRR, 2016

Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers.

[BibT_eX]

[DOI]

Proceedings of the 2016 IEEE International Conference on Software Quality, 2016

Patching Logic Vulnerabilities for Web Applications using LogicPatcher.

[BibT_eX]

[DOI]

Maliheh Monshizadeh

Prasad Naldurg

Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016

Chainsaw: Chained Automated Workflow-based Exploit Generation.

[BibT_eX]

[DOI]

Abeer Alhuzali

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content.

[BibT_eX]

[DOI]

IEEE Trans. Dependable Secur. Comput., 2015

From Verification to Optimizations.

[BibT_eX]

[DOI]

Kedar S. Namjoshi

Phu H. Phung

Proceedings of the Verification, Model Checking, and Abstract Interpretation, 2015

Vetting SSL Usage in Applications with SSLINT.

[BibT_eX]

[DOI]

Runqing Yang

Zhenrui Zhang

Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration.

[BibT_eX]

[DOI]

Vinod Yegneswaran

Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

Practical Exploit Generation for Intent Message Vulnerabilities in Android.

[BibT_eX]

[DOI]

Daniele Gallingani

Stefano Zanero

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 2015

2014

Automated detection of parameter tampering opportunities and vulnerabilities in web applications.

[BibT_eX]

[DOI]

Nazari Skrupsky

J. Comput. Secur., 2014

A Threat Table Based Assessment of Information Security in Telemedicine.

[BibT_eX]

[DOI]

John C. Pendergrass

Karen Heart

C. Ranganathan

Int. J. Heal. Inf. Syst. Informatics, 2014

PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification.

[BibT_eX]

[DOI]

Pratik Narang

Chittaranjan Hota

EURASIP J. Inf. Secur., 2014

DEICS: Data Erasure in Concurrent Software.

[BibT_eX]

[DOI]

Kalpana Gondi

Proceedings of the Secure IT Systems - 19th Nordic Conference, NordSec 2014, Tromsø, 2014

Digital Check Forgery Attacks on Client Check Truncation Systems.

[BibT_eX]

[DOI]

Hafiz Malik

Nilesh Sumb

Rashid Ansari

Proceedings of the Financial Cryptography and Data Security, 2014

Minimizing lifetime of sensitive data in concurrent programs.

[BibT_eX]

[DOI]

Kalpana Gondi

Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014

WebWinnow: leveraging exploit kit workflows to detect malicious urls.

[BibT_eX]

[DOI]

Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014

MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications.

[BibT_eX]

[DOI]

Maliheh Monshizadeh

Prasad Naldurg

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

2013

WEBLOG: a declarative language for secure web development.

[BibT_eX]

[DOI]

Daniele Rossetti

Gabriele Petronella

Proceedings of the 2013 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2013

SafeScript: JavaScript Transformation for Policy Enforcement.

[BibT_eX]

[DOI]

Phu H. Phung

Rohini Krishnamurti

Proceedings of the Secure IT Systems - 18th Nordic Conference, 2013

TamperProof: a server-agnostic defense for parameter tampering attacks on web applications.

[BibT_eX]

[DOI]

Nazari Skrupsky

Proceedings of the Third ACM Conference on Data and Application Security and Privacy, 2013

2012

Don't Repeat Yourself: Automatically Synthesizing Client-side Validation Code for Web Applications.

[BibT_eX]

[DOI]

Proceedings of the 3rd USENIX Conference on Web Application Development, 2012

WAVES: Automatic Synthesis of Client-Side Validation Code for Web Applications.

[BibT_eX]

[DOI]

Proceedings of the 2012 ASE International Conference on Cyber Security, 2012

SWIPE: eager erasure of sensitive data in large scale systems software.

[BibT_eX]

[DOI]

Proceedings of the Second ACM Conference on Data and Application Security and Privacy, 2012

2011

Web Browser Security and Privacy.

[BibT_eX]

[DOI]

Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Applications of Formal Methods to Web Application Security.

[BibT_eX]

[DOI]

Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction.

[BibT_eX]

[DOI]

Nazari Skrupsky

Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010

CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks.

[BibT_eX]

[DOI]

Parthasarathy Madhusudan

ACM Trans. Inf. Syst. Secur., 2010

AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements.

[BibT_eX]

[DOI]

Karthik Thotta Ganesh

Proceedings of the 19th USENIX Security Symposium, 2010

Strengthening XSRF Defenses for Legacy Web Applications Using Whitebox Analysis and Transformation.

[BibT_eX]

[DOI]

Michelle Zhou

Proceedings of the Information Systems Security - 6th International Conference, 2010

WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications (Invited Paper).

[BibT_eX]

[DOI]

Karthik Thotta Ganesh

Proceedings of the Information Systems Security - 6th International Conference, 2010

Automatically Preparing Safe SQL Queries.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 14th International Conference, 2010

TAPS: automatically preparing safe SQL queries.

[BibT_eX]

[DOI]

Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications.

[BibT_eX]

[DOI]

Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

2009

Alcatraz: An Isolated Environment for Experimenting with Untrusted Software.

[BibT_eX]

[DOI]

Weiqing Sun

ACM Trans. Inf. Syst. Secur., 2009

Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers.

[BibT_eX]

[DOI]

Proceedings of the 30th IEEE Symposium on Security and Privacy (SP 2009), 2009

2008

Enhancing web browser security against malware extensions.

[BibT_eX]

[DOI]

Jin Soon Lim

J. Comput. Virol., 2008

Expanding Malware Defense by Securing Software Installations.

[BibT_eX]

[DOI]

Weiqing Sun

Proceedings of the Detection of Intrusions and Malware, 2008

XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, 2008

CMV: automatic verification of complete mediation for java virtual machines.

[BibT_eX]

[DOI]

Michelle Zhou

Hilary Branske

Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, 2008

Preventing Information Leaks through Shadow Executions.

[BibT_eX]

[DOI]

Roberto Capizzi

Antonio Longo

Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

2007

Extensible Web Browser Security.

[BibT_eX]

[DOI]

Jin Soon Lim

Proceedings of the Detection of Intrusions and Malware, 2007

CANDID: preventing sql injection attacks using dynamic candidate evaluations.

[BibT_eX]

[DOI]

Sruthi Bandhakavi

P. Madhusudan

Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007

2006

SUEZ: A Distributed Safe Execution Environment for System Administration Trials.

[BibT_eX]

[DOI]

Doo San Sim

Proceedings of the 20th Conference on Systems Administration (LISA 2006), 2006

A Framework for Building Privacy-Conscious Composite Web Services.

[BibT_eX]

[DOI]

Wei Xu

I. V. Ramakrishnan

Proceedings of the 2006 IEEE International Conference on Web Services (ICWS 2006), 2006

Provably Correct Runtime Enforcement of Non-interference Properties.

[BibT_eX]

[DOI]

Wei Xu

Daniel C. DuVarney

Proceedings of the Information and Communications Security, 8th International Conference, 2006

Data Sandboxing: A Technique for Enforcing Confidentiality Policies.

[BibT_eX]

[DOI]

Tejas Khatiwala

Raj Swaminathan

Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

2005

An approach for realizing privacy-preserving web-based services.

[BibT_eX]

[DOI]

Wei Xu

I. V. Ramakrishnan

Proceedings of the 14th international conference on World Wide Web, 2005

One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments.

[BibT_eX]

[DOI]

Weiqing Sun

Proceedings of the Network and Distributed System Security Symposium, 2005

2003

Model-carrying code: a practical approach for safe execution of untrusted applications.

[BibT_eX]

[DOI]

Samik Basu

Sandeep Bhatkar

Daniel C. DuVarney

Proceedings of the 19th ACM Symposium on Operating Systems Principles 2003, 2003

SELF: a transparent security extension for ELF binaries.

[BibT_eX]

[DOI]

Daniel C. DuVarney

Sandeep Bhatkar

Proceedings of the New Security Paradigms Workshop 2003, 2003

Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs.

[BibT_eX]

[DOI]

Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), 2003

2002

Empowering mobile code using expressive security policies.

[BibT_eX]

[DOI]

Ram Peri

Proceedings of the 2002 Workshop on New Security Paradigms, 2002

An Approach for Secure Software Installation.

[BibT_eX]

[DOI]

Proceedings of the 16th Conference on Systems Administration (LISA 2002), 2002

2000

XMC: A Logic-Programming-Based Verification Toolset.

[BibT_eX]

[DOI]