Publications
Selected recent publications
Usenix Security 2024 | SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs | [PDF] [Abstract] [BibTeX] |
ICSE 2024 | Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners? | [PDF] [Abstract] [BibTeX] |
Usenix Security 2023 | The Blockchain Imitation Game | [PDF] [Abstract] [BibTeX] |
Usenix Security 2023 | Pool-Party: Exploiting Browser Resource Pools for Web Tracking | [PDF] [Abstract] [BibTeX] |
OOPSLA 2022 | A Study of Inline Assembly in Solidity Smart Contracts | [PDF] [Abstract] [BibTeX] |
CCS 2022 | STAR: Secret Sharing for Private Threshold Aggregation Reporting | [PDF] [Abstract] [BibTeX] |
PLDI 2022 | Finding Typing Compiler Bugs | [PDF] [Abstract] [BibTeX] |
WWW 2022 | Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking | [PDF] [Abstract] [BibTeX] |
CCS 2021 | SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking | [PDF] [Abstract] [BibTeX] |
FC 2021 | Liquidations: DeFi on a Knife-edge | [PDF] [Abstract] [BibTeX] |
FC 2021 | Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit | [PDF] [Abstract] [BibTeX] |
Oakland 2021 | Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures | [PDF] [Abstract] [BibTeX] |
Oakland 2021 | On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols | [PDF] [Abstract] [BibTeX] |
Usenix 2021 | Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited | [PDF] [Abstract] [BibTeX] |
Chronological list
- New:
Rorqual: Speeding up Narwhal with TEEs
Luciano Freitas, Shashank Motepalli, Matej Pavlovic, and Benjamin Livshits
arXiv:2408.14099, August 2024. - New:
A Public Dataset For the ZKsync Rollup
Maria Inês Silva, Johnnatan Messias, and Benjamin Livshits
arXiv:2407.18699, July 2024. - New:
zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs
Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Sebastian Steinhorst, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, and Michele Orrù
IEEE European Symposium on Security and Privacy (EuroS&P), July 2024. - New:
TierDrop: Harnessing Airdrop Farmers for User Growth
Aviv Yaish and Benjamin Livshits
arXiv:2407.01176, June 2024. - New:
Analyzing and Benchmarking ZK-Rollups
Stefanos Chaliasos, Itamar Reif, Adrià Torralba-Agell, Jens Ernstberger, Assimakis Kattis, Benjamin Livshits
eprint 2024/889, June 2024. - New:
Towards a Formal Foundation for Blockchain Rollups
Denis Firsov and Benjamin Livshits
Stefanos Chaliasos, Denis Firsov and Benjamin Livshits
arXiv:2406.16219, June 2024. - New:
The Ouroboros of ZK: Why Verifying the Verifier Unlocks Longer-Term ZK Innovation
Denis Firsov and Benjamin Livshits
eprint 2024/768, May 2024. - New:
SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs
Stefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits
Usenix Security Symposium, August 2024. - New:
The Writing is on the Wall: Analyzing the Boom of Inscriptions and its Impact on EVM-compatible Blockchains
Johnnatan Messias, Krzysztof Gogol, Maria Inês Silva, and Benjamin Livshits
arXiv:2405.15288, May 2024. - New:
Clap: a Rust eDSL for PlonKish Proof Systems with a Semantics-preserving Optimizing Compiler
Marco Stronati, Denis Firsov, Antonio Locascio, Benjamin Livshits
arXiv:2405.12115, May 2024. - New:
Mechanism Design for ZK-Rollup Prover Markets
Wenhao Wang, Lulu Zhou, Aviv Yaish, Fan Zhang, Ben Fisch, Benjamin Livshits
arXiv:2404.06495, April 2024. - New:
Quantifying Arbitrage in Automated Market Makers: An Empirical Study of Ethereum ZK Rollups
Krzysztof Gogol, Johnnatan Messias, Deborah Miori, Claudio Tessone, Benjamin Livshits
arXiv:2403.16083, March 2024. - New:
SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs
Stefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits
arXiv:2402.15293, February 2024. - New:
Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?
Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Benjamin Livshits
In Proceedings of the 46th International Conference on Software Engineering (ICSE), April 2024.2023
- New:
Airdrops: Giving Money Away Is Harder Than It Seems
Johnnatan Messias, Aviv Yaish, and Benjamin Livshits
arXiv:2312.02752, December 2023. - New:
zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs
Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Sebastian Steinhorst, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, and Michele Orrù
Paper 2023/1503, ePrint, October 2023. - New:
Smart Contract and DeFi Security: Insights from Tool Evaluations and Practitioner Surveys
Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Benjamin Livshits
Stanford Blockchain Conference 2023, August 2023. - New:
The Blockchain Imitation Game
Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Benjamin Livshits, Dawn Song, and Arthur Gervais
Stanford Blockchain Conference 2023, August 2023. - New:
The Blockchain Imitation Game
Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Ben Livshits, Dawn Song, Arthur Gervais
Usenix Security Symposium 2023, August 2023. - New:
Pool-Party: Exploiting Browser Resource Pools for Web Tracking
Peter Snyder, Soroush Karami, Arthur Edelstein, Benjamin Livshits, and Hamed Haddadi
Usenix Security Symposium 2023, August 2023. - New:
On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy
Zhipeng Wang, Stefanos Chaliasos, Kaihua Qin, Liyi Zhou, Lifeng Gao, Pascal Berrang, Ben Livshits and Arthur Gervais
The Web Conference (WWW 2023), April 2023.2022
- New:
A Study of Inline Assembly in Solidity Smart Contracts
Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits
Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2022), December 2022. - New:
A Study of Inline Assembly in Solidity Smart Contracts
Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits
Crypto Economics Security Conference, October 2022. - New:
STAR: Secret Sharing for Private Threshold Aggregation Reporting
(best paper award)
Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Hamed Haddadi, and Benjamin Livshits
ACM Conference on Computer and Communications Security (CCS), November 2022. - New:
Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites
Michael Smith, Peter Snyder, Moritz Haller, Benjamin Livshits, Deian Stefan, and Hamed Haddadi
Privacy Enhancing Technologies Symposium , July 2022. - New:
Finding Typing Compiler Bugs (distinguished paper and best artifact awards)
Stefanos Chaliasos, Thodoris Sotiropoulos, Diomidis Spinellis, Benjamin Livshits, and Dimitris Mitropoulos.
Conference on Programming Language Design and Implementation (PLDI), June 2022. - New:
Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking
Jordan Jueckstock, Peter Snyder, Shaown Sarker, Alexandros Kapravelos, and Benjamin Livshits
The World Wide Web Conference, April 2022. - New:
BatteryLab: A Collaborative Platform for Power Monitoring
Matteo Varvello, Kleomenis Katevas, Mihai Plesa, Hamed Haddadi, and Benjamin Livshits
Passive and Active Measurement Conference, March 2022.2021
- New:
Towards Private On-Chain Algorithmic Trading
Ceren Kocaoğullar, Arthur Gervais, and Benjamin Livshits
arXiv:2109.11270, September 2021. - New:
STAR: Distributed Secret Sharing for Private Threshold Aggregation Reporting (distinguished paper award)
Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, and Benjamin Livshits
arXiv:2109.10074, September 2021. - New:
PrivateFetch: Scalable Catalog Delivery in Privacy-Preserving Advertising
Muhammad Haris Mughees, Gonçalo Pestana, Alex Davidson, and Benjamin Livshits
arXiv:2109.08189, September 2021. - New:
What's in Your Wallet? Privacy and Security Issues in Web 3.0
Philipp Winter, Anna Harbluk Lorimer, Peter Snyder, and Benjamin Livshits
arXiv:2109.06836, September 2021. - New:
Stronger Privacy for Federated Collaborative Filtering with Implicit Feedback
Lorenzo Minto, Moritz Haller, Hamed Haddadi, and Benjamin Livshits
ACM Conference on Recommender Systems (RecSys) 2021, September 2021. - New:
SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking
Michael Smith, Peter Snyder, Benjamin Livshits, and Deian Stefan
Computer and Communication Security (CCS), November 2021. - New:
Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited
Daniel Perez and Benjamin Livshits
Usenix Security Conference, August 2021. - New:
zkSENSE: A Friction-less Privacy-Preserving HumanAttestation Mechanism for Mobile Devices
Iñigo Querejeta Azurmendi, Panagiotis Papadopoulos, Matteo Varvello, Jiexin Zhang, Antonio Nappa, and Benjamin Livshits
Proceedings on Privacy Enhancing Technologies (PoPETS) 2021, July 2021. - New:
On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols
Liyi Zhou, Kaihua Qin, Antoine Cully, Benjamin Livshits, and Arthur Gervais
IEEE Symposium on Security and Privacy (Oakland Security), May 2021. - New:
Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures
Quan Chen, Peter Snyder, Benjamin Livshits, and Alexandros Kapravelos
IEEE Symposium on Security and Privacy (Oakland Security), May 2021. - New:
Towards Realistic and Reproducible Web Crawl Measurements
[PDF] [Abstract] [BibTeX]Jordan Jueckstock, Shaown Sarker, Alexandros Kapravelos, Aidan Beggs, Peter Snyder, Panagiotis Papadopoulos, Matteo Varvello, and Benjamin Livshits
World Wide Web Conference (WWW), April 2021. - New:
BrowseLite: A Private Data Saving Solution for the Web
[PDF] [Abstract] [BibTeX]Conor Kelton, Matteo Varvello, Andrius Aucinas, Benjamin Livshits
World Wide Web Conference (WWW), April 2021. - New:
Liquidations: DeFi on a Knife-edge
Daniel Perez, Sam M. Werner, Jiahua Xu, and Benjamin Livshits
Financial cryptography (FC), March 2021. - New:
Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit
Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais
Financial cryptography (FC), March 2021.2020
- New:
Revisiting Transactional Statistics of High-scalability Blockchain
[PDF] [Abstract] [BibTeX]Daniel Perez, Jiahua Xu, and Benjamin Livshits
IMC 2020, October 2020. - New:
Liquidations: DeFi on a Knife-edge
[PDF] [Abstract] [BibTeX]Daniel Perez, Sam M. Werner, Jiahua Xu, and Benjamin Livshits
arXiv:2009.13235, September 2020. - New:
THEMIS: Decentralized and Trustless Ad Platform with Reporting Integrity
[PDF] [Abstract] [BibTeX]Gonçalo Pestana, Iñigo Querejeta-Azurmendi, Panagiotis Papadopoulos, and Benjamin Livshits
arXiv:2003.03810, July 2020. - New:
Percival: Making In-Browser Perceptual Ad Blocking Practical With Deep Learning
[PDF] [Abstract] [BibTeX]Zain ul Abi Din, Panagiotis Tigas, Samuel T. King, and Benjamin Livshits
Usenix ATC, July 2020. - New:
Privacy-Preserving Bandits.
Mohammad Malekzadeh, Dimitrios Athanasakis, Hamed Haddadi, and Benjamin Livshits
MLSys, March 2020. - New:
The Decentralized Financial Crisis: Attacking DeFi.
Lewis Gudgeon, Daniel Perez, Dominik Harz, Arthur Gervais, and Benjamin Livshits
Crypto Valley Conference, June 2020. - New:
Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit.
[PDF] [Abstract] [BibTeX]Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais
arXiv:2003.03810, March 2020. - New:
We Know What They've Been Put Through: Revisiting High-scalability Blockchain Transactions.
[PDF] [Abstract] [BibTeX]Daniel Perez, Jiahua Xu, and Benjamin Livshits
arXiv:2003.02693, March 2020. -
The Decentralized Financial Crisis: Attacking DeFi.
[PDF] [Abstract] [BibTeX]Lewis Gudgeon, Daniel Perez, Dominik Harz, Arthur Gervais, and Benjamin Livshits
arXiv:2002.08099, February 2020. -
Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking.
Antoine Vastel, Peter Snyder, and Benjamin Livshits
SIGMETRICS, June 2020. -
Broken Metre: Attacking Resource Metering in EVM.
Daniel Perez and Benjamin Livshits
Network and Distributed Systems Symposium (NDSS), February 2020. -
Keeping Out the Masses: Understanding the Popularity and Implications of Internet Paywalls.
Panagiotis Papadopoulos, Peter Snyder, and Benjamin Livshits
International World Wide Web Conference (WWW), April 2020. -
Filter List Generation for Underserved Regions.
Alexander Sjosten, Peter Snyder, Antonio Pastor, Panagiotis Papadopoulos, and Benjamin Livshits
International World Wide Web Conference (WWW), April 2020. -
Evaluating the End-User Experience of Private Browsing Mode.
Ruba Abu-Salma and Benjamin Livshits
CHI Conference on Human Factors in Computing Systems Proceedings (CHI'20), April 2020. -
Broken Metre: Attacking Resource Metering in EVM.
Daniel Perez and Benjamin Livshits
arXiv:1909.07220, September 2020. -
AdGraph: A Graph-Based Approach to Ad and Tracker Blocking.
Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, and Zubair Shafiq
IEEE Symposium on Security and Privacy (Oakland Security), May 2020.2019
-
The Anatomy of a Cryptocurrency Pump-and-Dump Scheme.
Jiahua Xu and Benjamin Livshits
Usenix Security, August 2019. -
BatteryLab, A Distributed Power Monitoring Platform For Mobile Devices
[PDF] [Abstract] [BibTeX]Matteo Varvello, Kleomenis Katevas, Mihai Plesa, Hamed Haddadi, Benjamin Livshits
Technical Report arXiv:1910.08951, October 2019. -
The Blind Men and the Internet: Multi-Vantage Point Web Measurements
[PDF] [Abstract] [BibTeX]Jordan Jueckstock, Shaown Sarker, Peter Snyder, Panagiotis Papadopoulos, Matteo Varvello, Benjamin Livshits and Alexandros Kapravelos
Technical Report arXiv:1905.08767, May 2019. -
Percival: Making In-Browser Perceptual Ad Blocking Practical With Deep Learning
[PDF] [Abstract] [BibTeX]Zain ul Abi Din, Panagiotis Tigas, and Samuel T. King, and Benjamin Livshits
Technical Report arXiv:1905.07444, May 2019. -
Static Analysis for Asynchronous JavaScript Programs.
Thodoris Sotiropoulos and Benjamin Livshits
European Conference on Object-Oriented Programming (ECOOP), July 2019. -
Puff of Steem: Security Analysis of Decentralized Content Curation.
[PDF] [Abstract] [BibTeX]Aggelos Kiayias, Benjamin Livshits, Andrés Monteoliva Mosteiro, and Orfeas Stefanos Thyfronitis Litos
Tokenomics, May 2019. -
Smart Contract Vulnerabilities: Does Anyone Care?
[PDF] [Abstract] [BibTeX]Daniel Perez and Benjamin Livshits
Technical Report arXiv:1902.06710, February 2019. -
When the Signal is in the Noise: Exploiting Diffix's Sticky Noise.
[PDF] [Abstract] [BibTeX]Andrea Gadotti, Florimond Houssiau, Luc Rocher, Yves-Alexandre de Montjoye, Benjamin Livshits
Usenix Security, August 2019. -
SpeedReader: Reader Mode Made Fast and Private.
[PDF] [Abstract] [BibTeX]Mohammad Ghasemisharif, Peter Snyder, Andrius Aucinas, and Benjamin Livshits
Work Wide Web Conference, May 2019.2018
-
Static Analysis for Asynchronous JavaScript Programs.
[PDF] [Abstract] [BibTeX]Thodoris Sotiropoulos and Benjamin Livshits
Technical Report arXiv:1901.03575, January 2019. -
The Anatomy of a Cryptocurrency Pump-and-Dump Scheme.
Jiahua Xu and Benjamin Livshits
Technical Report arXiv:1811.10109v1, November 2018. -
Evaluating the End-User Experience of Private Browsing Mode.
[PDF] [Abstract] [BibTeX]Ruba Abu-Salma and Benjamin Livshits
Technical Report ArXiv 1811.08460, November 2018. -
SpeedReader: Reader Mode Made Fast and Private.
[PDF] [Abstract] [BibTeX]Mohammad Ghasemisharif, Peter Snyder, Andrius Aucinas, and Benjamin Livshits
Technical Report ArXiv 1811.03661, November 2018. -
Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking.
[PDF] [Abstract] [BibTeX]Antoine Vastel, Peter Snyder and Benjamin Livshits
Technical Report ArXiv 1810.09160, October 2018. -
AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking.
[PDF] [Abstract] [BibTeX]Umar Iqbal, Zubair Shafiq, Peter Snyder, Shitong Zhu, Zhiyun Qian, and Benjamin Livshits
Technical Report ArXiv 1810.09160, October 2018. -
A Puff of Steem: Security Analysis of Decentralized Content Curation.
Aggelos Kiayias, Benjamin Livshits, Andres Monteoliva Mosteiro, and Orfeas Stefanos Thyfronitis Litos
Technical Report Arxiv-2412873, September 2018. - EthIR: A Framework for High-Level Analysis of Ethereum Bytecode.
Elvira Albert, Pablo Gordillo, Benjamin Livshits, Albert Rubio, and Ilya Sergey
International Symposium on Automated Technology for Verification and Analysis, October 2018. - EthIR: A Framework for High-Level Analysis of Ethereum Bytecode.
Elvira Albert, Pablo Gordillo, Benjamin Livshits, Albert Rubio, and Ilya Sergey
International Symposium on Automated Technology for Verification and Analysis, October 2018. - AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking.
Umar Iqbal, Zubair Shafiq, Peter Snyder, Shitong Zhu, and Zhiyun Qian, May 2018.
- Synode: Understanding and Automatically Preventing Injection Attacks on Node.js.
Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits
Network and Distributed Systems Symposium (NDSS), February 2018.2017
-
Toward Full Elasticity in Distributed Static Analysis: The Case of Callgraph Analysis.
Diego Garbervetsky, Edgardo Zoppi, and Benjamin Livshits
Foundations of Software Engineering (FSE), September 2017. -
BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model.
Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, and Benjamin Livshits
Usenix Security, August 2017. -
BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model.
Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, and Benjamin Livshits
Technical Report Arxiv-1879097, April 2017. -
Just-in-Time Static Analysis.
Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith and Emerson Murphy-Hill
International Symposium on Software Testing and Analysis (ISSTA), July 2017.2016
- Prepose: Privacy, Security, and Reliability for Gesture-Based Programming.
Lucas Silva Figueiredo, David Molnar, Margus Veanes, and Benjamin Livshits,
IEEE Journal of Security and Privacy, December 2016. - Understanding and Automatically Preventing Injection Attacks on Node.JS.
Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits
CASED Technical Report , November 2016. - Toward an Evidence-based Design for Reactive Security Policies and Mechanisms.
Omer Katz and Benjamin Livshits,
Technion Technical Report CS-2016-04-2016, November 2016. - PrePose: Security and Privacy for Gesture-Based Programming.
Lucas Silva Figueiredo, David Molnar, Margus Veanes, and Benjamin Livshits,
Microsoft Research Technical Report MSR-TR-2016-xxx, August 2016. - Just-in-Time Static Analysis.
Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill
University of Alberta Technical Report doi:10.7939/DVN/10859, August 2016. - Kizzle: A Signature Compiler for Exploit Kits.
Ben Stock, Benjamin Livshits, and Benjamin Zorn
International Conference on Dependable Systems and Networks (DSN), June 2016. - Toward Full Elasticity in Distributed Static Analysis.
Diego Garbervetsky, Edgardo Zoppi, Thomas Ball, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2015-88, March 2016. - PrePose: Security and Privacy for Gesture-Based Programming.
Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, and Margus Veanes
IEEE Symposium on Security and Privacy (Oakland Security), May 2016.2015
- Toward a Just-in-Time Static Analysis.
Lisa Nguyen Quang Do, Karim Ali, Eric Bodden and Benjamin Livshits
Technical University of Darmstadt Technical Report TUD-CS-2015-1167, July 2015. - Fast: a Transducer-Based Language for Tree Manipulation.
[PDF] [Abstract] [BibTeX]Loris D'Antoni, Margus Veanes, Benjamin Livshits and David Molnar
Transactions on Programming Languages and Systems (TOPLAS), 2015. - Detecting JavaScript Races that Matter.
Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
Foundations of Software Engineering (FSE), September 2015. - Detecting JavaScript Races that Matter.
Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2015-24, March 2015. - SurroundWeb : Mitigating Privacy Concerns in a 3D Web Browser.
John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
IEEE Symposium on Security and Privacy (Oakland Security), May 2015. - InterPoll: Crowd-Sourced Internet Polls.
Benjamin Livshits and Todd Mytkowicz
Summit On Advances In Programming Languages (SNAPL), May 2015. - PriVaricator: Deceiving Fingerprinters with Little White Lies.
Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits
International World Wide Web Conference (WWW), May 2015. - Kizzle: A Signature Compiler for Exploit Kits.
Ben Stock, Benjamin Livshits, and Benjamin Zorn
Microsoft Research Technical Report, February 2015. - In Defense of Soundiness: A Manifesto.
Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondrej Lhoták, J. Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis
Communications of the ACM (CACM), February 2015. - Program Boosting: Program Synthesis via Crowd-Sourcing.
Robert Cochran, Loris D'Antoni, Benjamin Livshits, David Molnar, and Margus Veanes
Symposium on the Principles of Programming Languages (POPL), January 2015. - Data Parallel String Manipulating Programs.
Margus Veanes, Todd Mytkowicz, David Molnar, Benjamin Livshits
Symposium on the Principles of Programming Languages (POPL), January 2015.2014
- SurroundWeb : Mitigating Privacy Concerns in a 3D Web Browser.
John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
Microsoft Research Technical Report MSR-TR-2014-147, November 2014. - PrePose: Security and Privacy for Gesture-Based Programming.
Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, and Margus Veanes
Microsoft Research Technical Report MSR-TR-2014-146, November 2014. - Optimizing Human Computation to Save Time and Money.
Benjamin Livshits and George Kastrinis
Microsoft Research Technical Report MSR-TR-2014-145, November 2014. - Saving Money While Polling with InterPoll using Power Analysis.
Benjamin Livshits and Todd Mytkowicz
Conference on Human Computation & Crowdsourcing (HCOMP 2014), November 2014. - MoRePriv: Mobile OS Support for Application Personalization and Privacy.
Drew Davidson, Matt Fredrikson, and Benjamin Livshits
Annual Computer Security Applications Conference (ACSAC), December 2014. - Automated Migration of Build Scripts using Dynamic Analysis and Search-Based Refactoring.
Milos Gligoric, Wolfram Schulte, Chandra Prasad, Danny van Velzen, Iman Narasamdya, Benjamin Livshits
Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2014), October 2014. - Z0: An Optimizing Distributing Zero-Knowledge Compiler.
Matt Fredrikson and Benjamin Livshits
USENIX Security Symposium, August 2014. - I Know It When I See It: Observable Races in JavaScript Applications (Position paper).
Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
Workshop on Dynamic Languages and Applications (DYLA) 2014, , June 2014. - Web Application Security Special Issue.
[PDF] [Abstract] [BibTeX]Lieven Desmet, Martin Johns, Benjamin Livshits and Andrei Sabelfeld
Journal of Computer Security, Volume 22, Number 4 / 2014, May 2014. - Saving Money While Polling with InterPoll using Power Analysis.
Benjamin Livshits and Todd Mytkowicz
Microsoft Research Technical Report MSR-TR-2014-50, April 2014. - PriVaricator: Deceiving Fingerprinters with Little White Lies.
Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2014-26, February 2014. - I Know It When I See It: Observable Races in JavaScript Applications (Position paper).
Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2014-29, February 2014. - SurroundWeb: Least Privilege for Immersive "Web Rooms".
John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
Microsoft Research Technical Report MSR-TR-2014-25, February 2014. - Z0: An Optimizing Distributing Zero-Knowledge Compiler.
Matt Fredrikson and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2014-27 (updated version of MSR-TR-2013-43), February 2014. - Least Privilege Rendering in a 3D Web Browser.
John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
Microsoft Research Technical Report MSR-TR-2014-25, February 2014. - Fast: a Transducer-Based Language for Tree Manipulation.
Loris D'Antoni, Margus Veanes, Benjamin Livshits and David Molnar
Conference on Programming Language Design and Implementation (PLDI), June 2014. - In Defense of Probabilistic Static Analysis.
Benjamin Livshits and Shuvendu Lahiri
Workshop on Probabilistic and Approximate Computing (APPROX), June 2014. - InterPoll: Crowd-Sourced Internet Polls (Done Right).
Benjamin Livshits and Todd Mytkowicz
Microsoft Research Technical Report MSR-TR-2014-3, January 2014. - Let's Do It at My Place? Attitudinal and Behavioral Study of Privacy in Client-Side Personalization.
Alfred Kobsa, Bart Knijnenburg, and Benjamin Livshits
CHI Conference on Human Factors in Computing Systems Proceedings (CHI'14), April 2014.2013
- Program Boosting or Crowd-Sourcing for Correctness.
Robert Cochran, Loris D'Antoni, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2013-94, September 2013. - Practical Static Analysis of JavaScript Applications in the Presence of Frameworks and Libraries.
Magnus Madsen, Benjamin Livshits, and Michael Fanning
Foundations of Software Engineering (FSE), August 2013. - Enabling fine-grained permissions for augmented reality applications with recognizers.
Suman Jana, David Molnar, Alexander Moshchuk, Alan Dunn, Benjamin Livshits, Helen J. Wang, Eyal Ofek
USENIX Security Symposium, August 2013. - Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications.
Benjamin Livshits and Jaeyeon Jung
USENIX Security Symposium, August 2013. - Z0: An Optimizing Distributing Zero-Knowledge Compiler.
Matthew Fredrikson and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2013-43, April 2013. - Operating System Support For Augmented Reality Applications.
Loris D'Antoni, Alan Dunn, Suman Jana, Tadayoshi Kohno, Benjamin Livshits, David Molnar, Alex Moshchuk, Eyal Ofek, Franziska Roesner, Scott Saponas, Margus Veanes, and Helen J. Wang
HotOS, May 2013. - Engineering Secure Software and Systems: 5th International Symposium, ESSoS 2013, Paris, France, February 27 - March 1, 2013: proceedings.
[PDF] [Abstract] [BibTeX]Jan Jürjens(Editor), Benjamin Livshits (Editor), Riccardo Scandariato (Editor)
March 2013. - Web Application Security (Dagstuhl Seminar 12401).
Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld
Dagstuhl Reports, February 2013. - Verifying Higher-order Programs with the Dijkstra Monad.
Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen and Benjamin Livshits
Conference on Programming Language Design and Implementation (PLDI), June 2013. - Browser security: appearances can be deceiving.
CACM Staff
Communications of the ACM, January 2013. - Towards Fully Automatic Placement of Security Sanitizers and Declassifiers.
Benjamin Livshits and Stephen Chong
Symposium on the Principles of Programming Languages (POPL), January 2013. - Fully Abstract Compilation to JavaScript.
Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub and Benjamin Livshits
Symposium on the Principles of Programming Languages (POPL), January 2013.2012
- FAST: A Transducer-Based Language for Tree Manipulation.
[PDF] [Abstract] [BibTeX]Loris D'Antoni, Margus Veanes, Benjamin Livshits, and David Molnar
Microsoft Research Technical Report MSR-TR-2012-123, November 2012. - Dynamic Taint Tracking in Managed Runtimes.
[PDF] [Abstract] [BibTeX]Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2012-114, November 2012. - Data-Parallel String-Manipulating Programs.
Margus Veanes, David Molnar, Todd Mytkowicz, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2012-72, July 2012. - Towards Fully Automatic Placement of Security Sanitizers and Declassifiers.
[PDF] [Abstract] [BibTeX]Benjamin Livshits and Stephen Chong
Harvard University Technical Report TR-03-12, July 2012. - Practical Static Analysis of JavaScript Applications in the Presence of Frameworks and Libraries.
[PDF] [Abstract] [BibTeX]Magnus Madsen, Benjamin Livshits, and Michael Fanning
Microsoft Research Technical Report MSR-TR-2012-66, July 2012. - MoRePriv: Mobile OS-Wide Application Personalization.
Drew Davidson and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2012-50, May 2012. - Private Client-side Profiling with Random Forests and Hidden Markov Models.
[PDF] [Abstract] [BibTeX]George Danezis, Markulf Kohlweiss, Benjamin Livshits, and Alfredo Rial
Privacy Enhancing Technologies Symposium, July 2012. - Monadic Refinement Types for Verifying JavaScript Programs.
[PDF] [Abstract] [BibTeX]Nikhil Swamy, Joel Weinberger, Juan Chen, Ben Livshits, and Cole Schlesinger
Microsoft Research Technical Report MSR-TR-2012-37, March 2012. - Rozzle: De-Cloaking Internet Malware.
Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
IEEE Symposium on Security and Privacy (Oakland Security), May 2012. - Engineering Secure Software and Systems: 4th International Symposium.
[PDF] [Abstract] [BibTeX]Gilles Barthe (Editor), Ben Livshits (Editor), Riccardo Scandariato (Editor)
March 2012. - Symbolic Finite State Transducers: Algorithms and Applications.
Nikolaj Bjorner, Pieter Hooimeijer, Benjamin Livshits, David Molnar, and Margus Veanes
Symposium on the Principles of Programming Languages (POPL), January 2012.2011
- Generating Fast String Manipulating Code Through Transducer Exploration and SIMD Integration.
[PDF] [Abstract] [BibTeX]Margus Veanes, David Molnar, Benjamin Livshits, and Lubomir Litchev
Microsoft Research Technical Report MSR-TR-2011-124, November 2011. - ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications.
Prateek Saxena, David Molnar, and Benjamin Livshits
Conference on Computer and Communications Security (CCS), November 2011. - Towards Ensuring Client-Side Computational Integrity.
[PDF] [Abstract] [BibTeX]George Danezis and Benjamin Livshits
Conference on Computer and Communications Security (CCSW), November 2011. - Rozzle: De-Cloaking Internet Malware.
Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
Microsoft Research Technical Report MSR-TR-2011-94, August 2011. - Symbolic Finite State Transducers: Algorithms and Applications.
Nikolaj Bjorner, Pieter Hooimeijer, Benjamin Livshits, David Molnar, and Margus Veanes
Microsoft Research Technical Report MSR-TR-2011-85, July 2011. - Mining Software Specifications: Methodologies and Applications.
[PDF] [Abstract] [BibTeX]Two contributed book chapters in a book published by Chapman & Hall
- Zozzle: Low-overhead Mostly Static JavaScript Malware Detection.
Charles Curtsinger, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
USENIX Security Symposium, August 2011. - Fast and Precise Sanitizer Analysis With BEK.
Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes
USENIX Security Symposium, August 2011. - Towards Enforceable Data-Driven Privacy Policies.
Matthew Fredrikson, Benjamin Livshits, Somesh Jha, and Drew Davidson
Web 2.0 Security and Privacy (W2SP), May 2011. - RePriv: Re-Imagining Content Personalization and In-Browser Privacy.
Matthew Fredrikson and Benjamin Livshits
IEEE Symposium on Security and Privacy (Oakland Security), May 2011. - Verified Security for Browser Extensions.
Arjun Guha, Matthew Fredrikson, Benjamin Livshits, and Nikhil Swamy
IEEE Symposium on Security and Privacy (Oakland Security), May 2011. - "NOFUS: Automatically Detecting" + String.fromCharCode(32) + "ObFuSCateD ".toLowerCase() + "JavaScript Code".
Scott Kaplan, Benjamin Livshits, Benjamin Zorn, Christian Seifert, and Charles Curtsinger
Microsoft Research Technical Report MSR-TR-2011-57, May 2011. - Decision Procedures for Composition and Equivalence of Symbolic Finite State Transducers.
Margus Veanes, David Molnar, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2011-32, March 2011.2010
- Verified Security for Browser Extensions.
Nikhil Swamy, Benjamin Livshits, Arjun Guha, and Matthew Fredrikson
Microsoft Research Technical Report MSR-TR-2010-157, November 2010. - Zozzle: Low-overhead Mostly Static JavaScript Malware Detection.
Charles Curtsinger, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
Microsoft Research Technical Report MSR-TR-2010-156, January 2010 (updated). - Bek: Modeling Imperative String Operations with Symbolic Transducers.
Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes
Microsoft Research Technical Report MSR-TR-2010-154, November 2010. - ScriptGard: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization.
Prateek Saxena, David Molnar, and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2010-128, October 2010. - AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications.
Emre Kiciman and Benjamin Livshits
ACM Transactions on The Web, Vol. 4, No. 4, Article 13, September 2010. - RePriv: Re-Envisioning In-Browser Privacy.
Matthew Fredrikson and Benjamin Livshits
Microsoft Research Technical Report MSR-TR-2010-116, August 2010. - Dagstuhl Seminar 09141: Web Application Security (Executive summary).
Dan Boneh, Ulfar Erlingsson, Martin Johns, and Benjamin Livshits
- Dagstuhl Seminar 09141: Web Application Security (Abstracts Collection).
Dan Boneh, Ulfar Erlingsson, Martin Johns, and Benjamin Livshits
- Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications.
Salvatore Guarnieri and Benjamin Livshits
USENIX Conference on Web Application Development (WebApps) , June 2010. - JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications.
Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
USENIX Conference on Web Application Development (WebApps) , June 2010. - JSZap: Compressing JavaScript Code
Martin Burtscher, Benjamin Livshits, Gaurav Sinha, and Benjamin Zorn
USENIX Conference on Web Application Development (WebApps) , June 2010. - Fluxo: A System for Internet Service Programming by Non-expert Developers.
Emre Kiciman, Benjamin Livshits, Madanlal Musuvathi, and Kevin C. Webb
ACM Symposium on Cloud Computing (SOCC) , June 2010. - Empowering Browser Security for Mobile Devices Using Smart CDNs.
Benjamin Livshits and David Molnar
Workshop on Web 2.0 Security and Privacy (W2SP), May 2010. - Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources.
Leo Meyerovich, David Zhu, and Benjamin Livshits
Workshop on Web 2.0 Security and Privacy (W2SP), May 2010. - ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser.
Leo Meyerovich and Benjamin Livshits
IEEE Symposium on Security and Privacy (Oakland Security), May 2010. - JSZap: Compressing JavaScript Code.
Martin Burtscher, Benjamin Livshits, Gaurav Sinha, and Benjamin G. Zorn
Microsoft Research Technical Report MSR-TR-2010-21, March 2010. - JSMeter: Characterizing Real-World Behavior of JavaScript Programs (short version).
Paruj Ratanaworabhan, Benjamin Livshits, David Simmons, and Benjamin Zorn
Microsoft Research Technical Report MSR-TR-2010-8, January 2010. - Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications.
Benjamin Livshits and Salvatore Guarnieri
Microsoft Research Technical Report MSR-TR-2010-4, January 2010.2009
- JSMeter: Characterizing Real-World Behavior of JavaScript Programs.
Paruj Ratanaworabhan, Benjamin Livshits, David Simmons, and Benjamin Zorn
Microsoft Research Technical Report MSR-TR-2009-173, December 2009. - ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser.
Benjamin Livshits and Leo Meyerovich
Microsoft Research Technical Report MSR-TR-2009-158, February 2009. - Ripley: Automatically Securing Web 2.0 Applications Through Replicated Execution.
K. Vikram, Abhishek Prateek, and Benjamin Livshits
Conference on Computer and Communications Security (CCS), November 2009. - CatchAndRetry: Extending Exceptions to Handle Distributed System Failures and Recovery.
Emre Kiciman, Benjamin Livshits, and Madanlal Musuvathi
Programming Languages and Operating Systems (PLOS), October 2009. - Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code.
Salvatore Guarnieri and Benjamin Livshits
USENIX Security Symposium, August 2009. - Nozzle: A Defense Against Heap-spraying Code Injection Attacks.
Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
USENIX Security Symposium, August 2009. - Fluxo: A Simple Service Compiler.
Emre Kiciman, Benjamin Livshits, and Madanlal Musuvathi
Workshop on Hot Topics in Operating Systems, HotOS 2009, May 2009. - Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code.
Benjamin Livshits and Salvatore Guarnieri
Microsoft Research Technical Report MSR-TR-2009-16, February 2009. - Merlin: Specification Inference for Explicit Information Flow Problems.
Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani, and Anindya Banerjee
Conference on Programming Language Design and Implementation (PLDI) 2009, June 2009. - Improving the Responsiveness of Interactive Internet Services with Automatic Cache Placement.
Alex Rasmussen, Emre Kiciman, Benjamin Livshits, Madanlal Musuvathi
European Conference on Computer Systems (EuroSys) 2009, March 2009.2008
- Merlin: Specification Inference for Explicit Information Flow Problems.
Anindya Banerjee, Benjamin Livshits, Aditya V. Nori, and Sriram K. Rajamani
Microsoft Research Technical Report MSR-TR-2008-xxx, December 2008. - Nozzle: A Defense Against Heap-spraying Code Injection Attacks.
Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
Microsoft Research Technical Report MSR-TR-2008-176, November 2008. - Ripley: Automatically Securing Distributed Web Applications Through Replicated Execution.
Benjamin Livshits, Abhishek Prateek, and K. Vikram
Microsoft Research Technical Report MSR-TR-2008-174, November 2008. - Doloto: Code Splitting for Network-Bound Web 2.0 Applications.
Benjamin Livshits and Emre Kiciman
Foundations of Software Engineering (FSE), November 2008. - Volta: Developing Distributed Applications by Recompiling.
Dragos Manolescu, Brian Beckman, and Benjamin Livshits
IEEE Software, October 2008. - Spectator: Detection and Containment of JavaScript Worms.
Benjamin Livshits and Weidong Cui
USENIX Annual Technical Conference, June 2008. - Securing Web Applications with Static and Dynamic Information Flow Tracking.
Monica S. Lam, Michael Martin, Benjamin Livshits, and John Whaley
In Workshop on Partial Evaluation and Program Manipulation, January 2008.2007
- Doloto: Code Splitting for Network-Bound Web 2.0 Applications.
Benjamin Livshits and Emre Kiciman
Microsoft Research Technical Report MSR-TR-2007-159, December 2007. - AjaxScope: a Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications.
Emre Kiciman and Benjamin Livshits
In Symposium of Operating System Principles (SOSP 2007), Stevenson, Washington, October 2007. - Code Splitting for Network Bound Web 2.0 Applications.
Benjamin Livshits and Chen Ding
Microsoft Research Technical Report MSR-TR-2007-101, August 2007. - Spectator: Detection and Containment of JavaScript Worms.
Benjamin Livshits and Weidong Cui
Microsoft Research Technical Report MSR-TR-2007-55, July 2007. - Using Web Application Construction Frameworks To Protect Against Code Injection Attacks.
Benjamin Livshits and Ulfar Erlingsson
In Workshop on Programming Languages and Analysis for Security (PLAS 2007), San Diego, California, June 2007. - Towards Security By Construction For Web 2.0 Applications.
Benjamin Livshits and Ulfar Erlingsson
In Workshop on Web 2.0 Security and Privacy (W2SP 2007), May 2007. - End-to-end Web Application Security.
Ulfar Erlingsson, Benjamin Livshits, and Yinglian Xie
In Workshop on Hot Topics in Operating Systems (HotOS XI), San Diego, California, May 2007. - DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
Benjamin Livshits and Thomas Zimmermann
extended version of the FSE'05 paper currently under submission, February 2007.2006
- Improving Software Security with Precise Static and Runtime Analysis.
Benjamin Livshits, Doctoral dissertation
Stanford University, Stanford, California, December, 2006. - Mining Additions of Method Calls in ArgoUML.
Thomas Zimmerman, Silvia Breu, Christian Lindig, and Benjamin Livshits.
In International Workshop on Mining Software Repositories Challenge, Shanghai, China, May, 2006.2005
- Reflection Analysis for Java.
Benjamin Livshits, John Whaley, and Monica S. Lam
A technical report, which represents an extended version of the paper below. - Reflection Analysis for Java.
Benjamin Livshits, John Whaley and Monica S. Lam
In Third Asian Symposium on Programming Languages and Systems, Tsukuba, Japan, November, 2005. - SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities.
Benjamin Livshits, Michael Martin, and Monica S. Lam
A technical report, which describes the runtime system for vulnerability protection first described in the OOPSLA '05 paper. - Finding Application Errors and Security Flaws Using PQL: a Program Query Language.
Michael Martin, Benjamin Livshits, and Monica S. Lam
In 20th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, San Diego, California, October 2005. - DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
Benjamin Livshits and Thomas Zimmermann
In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2005), Lisbon, Portugal, September 2005. - Defining a Set of Common Benchmarks for Web Application Security.
Benjamin Livshits
Position paper on Stanford SecuriBench for the Workshop on Defining the State of the Art in Software Security Tools, Baltimore, August 2005. - Finding Security Vulnerabilities in Java Applications with Static Analysis.
Benjamin Livshits and Monica S. Lam
A technical report, which represents an extended version of the paper above. - Finding Security Vulnerabilities in Java Applications with Static Analysis.
Benjamin Livshits and Monica S. Lam
In Proceedings of the Usenix Security Symposium, Baltimore, Maryland, August 2005. - Locating Matching Method Calls by Mining Revision History Data.
Benjamin Livshits and Thomas Zimmermann
In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, June 2005. - Context-Sensitive Program Analysis as Database Queries.
Monica S. Lam, John Whaley, Benjamin Livshits, Michael Martin, Dzintars Avots, Michael Carbin, Christopher Unkel.
In Proceedings of Principles of Database Systems (PODS), Baltimore, Maryland, June 2005. - Improving Software Security with a C Pointer Analysis.
Dzintars Avots, Michael Dalton, Benjamin Livshits, Monica S. Lam.
In Proceedings of the 27th International Conference on Software Engineering (ICSE), May 2005 - Turning Eclipse Against Itself: Improving the Quality of Eclipse Plugins.
Benjamin Livshits
A technical report, which is an extended version of the paper above. - Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using Lightweight Static Analysis.
Benjamin Livshits
In Eclipsecon '05 Research Exchange, March 2005.
I maintain a page devoted to Checklipse, the tool described in the paper.2004 and before
- Finding Security Errors in Java Applications Using Lightweight Static Analysis.
Benjamin Livshits.
In Annual Computer Security Applications Conference, Work-in-Progress Report, November 2004. - Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs.
Benjamin Livshits and Monica S. Lam
In Proceedings of the 11th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, September 2003.
2024 |
Posters | Top of page |
-
Static and Runtime Solutions for Web Application Vulnerabilities.
Benjamin Livshits.
A Poster Presented at a Trust Event, April 2006. -
Using Eclipse to Detect Security Errors in Web Applications.
Benjamin Livshits.
A Poster Presented at Eclipsecon '05, March 2005.
Unpublished Manuscripts | Top of page |
-
Looking for Memory Leaks.
[PDF]Benjamin Livshits
An article on detecting memory leaks in Java for Oracle Developer Network as part of the Mastering J2EE Application Development Series, 2005. -
Unsupervised Web Page Clustering.
[PDF]Paul Ruhlen, Husrev Tolga Ilhan, and Benjamin Livshits.
Report for a project in natural language processing at Stanford (CS 224N), Spring 2000. -
Applications of Cache-conscious Data Layout to Copying Garbage Collection.
[PDF]Benjamin Livshits and David Louie.
Report for a graduate project in compilers (CS 612) at Cornell University, May 1999. -
Mostly copying garbage collector (MCC) for Java.
[PDF]Benjamin Livshits.
MCC for Java, Undergraduate final project at Cornell, May 1999.