Cristian-Alexandru Staicu

Orcid: 0000-0002-6542-2226

Affiliations:
  • CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
  • Darmstadt University of Technology, Germany (PhD 2020)


According to our database1, Cristian-Alexandru Staicu authored at least 22 papers between 2016 and 2023.

Collaborative distances:
  • Dijkstra number2 of four.
  • Erdős number3 of four.

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2023
Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages.
Proceedings of the 32nd USENIX Security Symposium, 2023

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js.
Proceedings of the 32nd USENIX Security Symposium, 2023

SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes.
Proceedings of the 32nd USENIX Security Symposium, 2023

SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript.
Proceedings of the 45th IEEE/ACM International Conference on Software Engineering, 2023

Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications.
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022
A Tale of Frozen Clouds: Quantifying the Impact of Algorithmic Complexity Vulnerabilities in Popular Web Servers.
CoRR, 2022

SimSCOOD: Systematic Analysis of Out-of-Distribution Behavior of Source Code Models.
CoRR, 2022

2021
SampleFix: Learning to Generate Functionally Diverse Fixes.
Proceedings of the Machine Learning and Principles and Practice of Knowledge Discovery in Databases, 2021

Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction.
Proceedings of the CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15, 2021

2020
Enhancing the Security and Privacy of Full-Stack JavaScript Web Applications.
PhD thesis, 2020

Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript.
CoRR, 2020

Extracting taint specifications for JavaScript libraries.
Proceedings of the ICSE '20: 42nd International Conference on Software Engineering, Seoul, South Korea, 27 June, 2020

2019
Anything to Hide? Studying Minified and Obfuscated Code in the Web.
Proceedings of the World Wide Web Conference, 2019

Small World with High Risks: A Study of Security Threats in the npm Ecosystem.
Proceedings of the 28th USENIX Security Symposium, 2019

Leaky Images: Targeted Privacy Attacks in the Web.
Proceedings of the 28th USENIX Security Symposium, 2019

An Empirical Study of Information Flows in Real-World JavaScript.
Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2019

2018
Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers.
Proceedings of the 27th USENIX Security Symposium, 2018

SYNODE: Understanding and Automatically Preventing Injection Attacks on NODE.JS.
Proceedings of the 25th Annual Network and Distributed System Security Symposium, 2018

2017
A Survey of Dynamic Analysis and Test Generation for JavaScript.
ACM Comput. Surv., 2017

Saying 'hi!' is not enough: mining inputs for effective test generation.
Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, 2017

2016
Search Based Clustering for Protecting Software with Diversified Updates.
Proceedings of the Search Based Software Engineering - 8th International Symposium, 2016

Nomen est omen: exploring and exploiting similarities between argument and parameter names.
Proceedings of the 38th International Conference on Software Engineering, 2016


  Loading...