V. N. Venkatakrishnan

Yinzhi Cao

Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

2022

Ostinato: Cross-host Attack Correlation Through Attack Activity Similarity Detection.

[BibT_eX]

[DOI]

Sutanu Kumar Ghosh

Kiavash Satvat

Proceedings of the Information Systems Security - 18th International Conference, 2022

2021

Extractor: Extracting Attack Behavior from Threat Reports.

[BibT_eX]

[DOI]

Kiavash Satvat

Proceedings of the IEEE European Symposium on Security and Privacy, 2021

2020

Remote Check Truncation Systems: Vulnerability Analysis and Countermeasures.

[BibT_eX]

[DOI]

Hafiz Malik

Rashid Ansari

Aun Irtaza

IEEE Access, 2020

2019

HOLMES: Real-Time APT Detection through Correlation of Suspicious Information Flows.

[BibT_eX]

[DOI]

Sadegh Momeni Milajerdi

Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting.

[BibT_eX]

[DOI]

Sadegh M. Milajerdi

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018

NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications.

[BibT_eX]

[DOI]

Abeer Alhuzali

Proceedings of the 27th USENIX Security Symposium, 2018

ProPatrol: Attack Investigation via Extracted High-Level Tasks.

[BibT_eX]

[DOI]

Sadegh M. Milajerdi

Proceedings of the Information Systems Security - 14th International Conference, 2018

2017

SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data.

[BibT_eX]

[DOI]

Proceedings of the 26th USENIX Security Symposium, 2017

DynaMiner: Leveraging Offline Infection Analytics for On-the-Wire Malware Detection.

[BibT_eX]

[DOI]

Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2017

2016

Fast Memory-efficient Anomaly Detection in Streaming Heterogeneous Graphs.

[BibT_eX]

[DOI]

Emaad A. Manzoor

Sadegh Momeni

Leman Akoglu

CoRR, 2016

Attack Analysis Results for Adversarial Engagement 1 of the DARPA Transparent Computing Program.

[BibT_eX]

[DOI]

Junao Wang

CoRR, 2016

Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers.

[BibT_eX]

[DOI]

Proceedings of the 2016 IEEE International Conference on Software Quality, 2016

Patching Logic Vulnerabilities for Web Applications using LogicPatcher.

[BibT_eX]

[DOI]

Maliheh Monshizadeh

Prasad Naldurg

Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016

Chainsaw: Chained Automated Workflow-based Exploit Generation.

[BibT_eX]

[DOI]

Abeer Alhuzali

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-Party Web Content.

[BibT_eX]

[DOI]

IEEE Trans. Dependable Secur. Comput., 2015

From Verification to Optimizations.

[BibT_eX]

[DOI]

Kedar S. Namjoshi

Phu H. Phung

Proceedings of the Verification, Model Checking, and Abstract Interpretation, 2015

Vetting SSL Usage in Applications with SSLINT.

[BibT_eX]

[DOI]

Runqing Yang

Zhenrui Zhang

Proceedings of the 2015 IEEE Symposium on Security and Privacy, 2015

EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration.

[BibT_eX]

[DOI]

Vinod Yegneswaran

Proceedings of the 22nd Annual Network and Distributed System Security Symposium, 2015

Practical Exploit Generation for Intent Message Vulnerabilities in Android.

[BibT_eX]

[DOI]

Daniele Gallingani

Stefano Zanero

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 2015

2014

Automated detection of parameter tampering opportunities and vulnerabilities in web applications.

[BibT_eX]

[DOI]

Nazari Skrupsky

J. Comput. Secur., 2014

A Threat Table Based Assessment of Information Security in Telemedicine.

[BibT_eX]

[DOI]

John C. Pendergrass

Karen Heart

C. Ranganathan

Int. J. Heal. Inf. Syst. Informatics, 2014

PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification.

[BibT_eX]

[DOI]

Pratik Narang

Chittaranjan Hota

EURASIP J. Inf. Secur., 2014

DEICS: Data Erasure in Concurrent Software.

[BibT_eX]

[DOI]

Kalpana Gondi

Proceedings of the Secure IT Systems - 19th Nordic Conference, NordSec 2014, Tromsø, 2014

Digital Check Forgery Attacks on Client Check Truncation Systems.

[BibT_eX]

[DOI]

Hafiz Malik

Nilesh Sumb

Rashid Ansari

Proceedings of the Financial Cryptography and Data Security, 2014

Minimizing lifetime of sensitive data in concurrent programs.

[BibT_eX]

[DOI]

Kalpana Gondi

Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014

WebWinnow: leveraging exploit kit workflows to detect malicious urls.

[BibT_eX]

[DOI]

Proceedings of the Fourth ACM Conference on Data and Application Security and Privacy, 2014

MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications.

[BibT_eX]

[DOI]

Maliheh Monshizadeh

Prasad Naldurg

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014

2013

WEBLOG: a declarative language for secure web development.

[BibT_eX]

[DOI]

Daniele Rossetti

Gabriele Petronella

Proceedings of the 2013 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2013

SafeScript: JavaScript Transformation for Policy Enforcement.

[BibT_eX]

[DOI]

Phu H. Phung

Rohini Krishnamurti

Proceedings of the Secure IT Systems - 18th Nordic Conference, 2013

TamperProof: a server-agnostic defense for parameter tampering attacks on web applications.

[BibT_eX]

[DOI]

Nazari Skrupsky

Proceedings of the Third ACM Conference on Data and Application Security and Privacy, 2013

2012

Don't Repeat Yourself: Automatically Synthesizing Client-side Validation Code for Web Applications.

[BibT_eX]

[DOI]

Proceedings of the 3rd USENIX Conference on Web Application Development, 2012

WAVES: Automatic Synthesis of Client-Side Validation Code for Web Applications.

[BibT_eX]

[DOI]

Proceedings of the 2012 ASE International Conference on Cyber Security, 2012

SWIPE: eager erasure of sensitive data in large scale systems software.

[BibT_eX]

[DOI]

Proceedings of the Second ACM Conference on Data and Application Security and Privacy, 2012

2011

Web Browser Security and Privacy.

[BibT_eX]

[DOI]

Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

Applications of Formal Methods to Web Application Security.

[BibT_eX]

[DOI]

Proceedings of the Encyclopedia of Cryptography and Security, 2nd Ed., 2011

WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction.

[BibT_eX]

[DOI]

Nazari Skrupsky

Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010

CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks.

[BibT_eX]

[DOI]

Parthasarathy Madhusudan

ACM Trans. Inf. Syst. Secur., 2010

AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements.

[BibT_eX]

[DOI]

Karthik Thotta Ganesh

Proceedings of the 19th USENIX Security Symposium, 2010

Strengthening XSRF Defenses for Legacy Web Applications Using Whitebox Analysis and Transformation.

[BibT_eX]

[DOI]

Michelle Zhou

Proceedings of the Information Systems Security - 6th International Conference, 2010

WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications (Invited Paper).

[BibT_eX]

[DOI]

Karthik Thotta Ganesh

Proceedings of the Information Systems Security - 6th International Conference, 2010

Automatically Preparing Safe SQL Queries.

[BibT_eX]

[DOI]

Proceedings of the Financial Cryptography and Data Security, 14th International Conference, 2010

TAPS: automatically preparing safe SQL queries.

[BibT_eX]

[DOI]

Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications.

[BibT_eX]

[DOI]

Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010

2009

Alcatraz: An Isolated Environment for Experimenting with Untrusted Software.

[BibT_eX]

[DOI]

Weiqing Sun

ACM Trans. Inf. Syst. Secur., 2009

Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers.

[BibT_eX]

[DOI]

Proceedings of the 30th IEEE Symposium on Security and Privacy (SP 2009), 2009

2008

Enhancing web browser security against malware extensions.

[BibT_eX]

[DOI]

Jin Soon Lim

J. Comput. Virol., 2008

Expanding Malware Defense by Securing Software Installations.

[BibT_eX]

[DOI]

Weiqing Sun

Proceedings of the Detection of Intrusions and Malware, 2008

XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, 2008

CMV: automatic verification of complete mediation for java virtual machines.

[BibT_eX]

[DOI]

Michelle Zhou

Hilary Branske

Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, 2008

Preventing Information Leaks through Shadow Executions.

[BibT_eX]

[DOI]

Roberto Capizzi

Antonio Longo

Proceedings of the Twenty-Fourth Annual Computer Security Applications Conference, 2008

2007

Extensible Web Browser Security.

[BibT_eX]

[DOI]

Jin Soon Lim

Proceedings of the Detection of Intrusions and Malware, 2007

CANDID: preventing sql injection attacks using dynamic candidate evaluations.

[BibT_eX]

[DOI]

Sruthi Bandhakavi

P. Madhusudan

Proceedings of the 2007 ACM Conference on Computer and Communications Security, 2007

2006

SUEZ: A Distributed Safe Execution Environment for System Administration Trials.

[BibT_eX]

[DOI]

Doo San Sim

Proceedings of the 20th Conference on Systems Administration (LISA 2006), 2006

A Framework for Building Privacy-Conscious Composite Web Services.

[BibT_eX]

[DOI]

Wei Xu

I. V. Ramakrishnan

Proceedings of the 2006 IEEE International Conference on Web Services (ICWS 2006), 2006

Provably Correct Runtime Enforcement of Non-interference Properties.

[BibT_eX]

[DOI]

Wei Xu

Daniel C. DuVarney

Proceedings of the Information and Communications Security, 8th International Conference, 2006

Data Sandboxing: A Technique for Enforcing Confidentiality Policies.

[BibT_eX]

[DOI]

Tejas Khatiwala

Raj Swaminathan

Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), 2006

2005

An approach for realizing privacy-preserving web-based services.

[BibT_eX]

[DOI]

Wei Xu

I. V. Ramakrishnan

Proceedings of the 14th international conference on World Wide Web, 2005

One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments.

[BibT_eX]

[DOI]

Weiqing Sun

Proceedings of the Network and Distributed System Security Symposium, 2005

2003

Model-carrying code: a practical approach for safe execution of untrusted applications.

[BibT_eX]

[DOI]

Samik Basu

Sandeep Bhatkar

Daniel C. DuVarney

Proceedings of the 19th ACM Symposium on Operating Systems Principles 2003, 2003

SELF: a transparent security extension for ELF binaries.

[BibT_eX]

[DOI]

Daniel C. DuVarney

Sandeep Bhatkar

Proceedings of the New Security Paradigms Workshop 2003, 2003

Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs.

[BibT_eX]

[DOI]

Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), 2003

2002

Empowering mobile code using expressive security policies.

[BibT_eX]

[DOI]

Ram Peri

Proceedings of the 2002 Workshop on New Security Paradigms, 2002

An Approach for Secure Software Installation.

[BibT_eX]

[DOI]

Proceedings of the 16th Conference on Systems Administration (LISA 2002), 2002

2000

XMC: A Logic-Programming-Based Verification Toolset.

[BibT_eX]

[DOI]