Publications

Selected recent publications

Usenix Security 2024 SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs [PDF] [Abstract] [BibTeX]
ICSE 2024 Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners? [PDF] [Abstract] [BibTeX]
Usenix Security 2023 The Blockchain Imitation Game [PDF] [Abstract] [BibTeX]
Usenix Security 2023 Pool-Party: Exploiting Browser Resource Pools for Web Tracking [PDF] [Abstract] [BibTeX]
OOPSLA 2022 A Study of Inline Assembly in Solidity Smart Contracts [PDF] [Abstract] [BibTeX]
CCS 2022 STAR: Secret Sharing for Private Threshold Aggregation Reporting [PDF] [Abstract] [BibTeX]
PLDI 2022 Finding Typing Compiler Bugs [PDF] [Abstract] [BibTeX]
WWW 2022 Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking [PDF] [Abstract] [BibTeX]
CCS 2021 SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking [PDF] [Abstract] [BibTeX]
FC 2021 Liquidations: DeFi on a Knife-edge [PDF] [Abstract] [BibTeX]
FC 2021 Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit [PDF] [Abstract] [BibTeX]
Oakland 2021 Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures [PDF] [Abstract] [BibTeX]
Oakland 2021 On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols [PDF] [Abstract] [BibTeX]
Usenix 2021 Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited [PDF] [Abstract] [BibTeX]

Chronological list

Papers and TRs   | Posters  | Other manuscripts  | Google Scholar

    2024


  1. New: Rorqual: Speeding up Narwhal with TEEs Luciano Freitas, Shashank Motepalli, Matej Pavlovic, and Benjamin Livshits
    arXiv:2408.14099, August 2024.

  2. New: A Public Dataset For the ZKsync Rollup Maria Inês Silva, Johnnatan Messias, and Benjamin Livshits
    arXiv:2407.18699, July 2024.

  3. New: zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Sebastian Steinhorst, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, and Michele Orrù
    IEEE European Symposium on Security and Privacy (EuroS&P), July 2024.

  4. New: TierDrop: Harnessing Airdrop Farmers for User Growth Aviv Yaish and Benjamin Livshits
    arXiv:2407.01176, June 2024.

  5. New: Analyzing and Benchmarking ZK-Rollups Stefanos Chaliasos, Itamar Reif, Adrià Torralba-Agell, Jens Ernstberger, Assimakis Kattis, Benjamin Livshits
    eprint 2024/889, June 2024.

  6. New: Towards a Formal Foundation for Blockchain Rollups Denis Firsov and Benjamin Livshits Stefanos Chaliasos, Denis Firsov and Benjamin Livshits
    arXiv:2406.16219, June 2024.

  7. New: The Ouroboros of ZK: Why Verifying the Verifier Unlocks Longer-Term ZK Innovation Denis Firsov and Benjamin Livshits
    eprint 2024/768, May 2024.

  8. New: SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs Stefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits
    Usenix Security Symposium, August 2024.

  9. New: The Writing is on the Wall: Analyzing the Boom of Inscriptions and its Impact on EVM-compatible Blockchains Johnnatan Messias, Krzysztof Gogol, Maria Inês Silva, and Benjamin Livshits
    arXiv:2405.15288, May 2024.

  10. New: Clap: a Rust eDSL for PlonKish Proof Systems with a Semantics-preserving Optimizing Compiler Marco Stronati, Denis Firsov, Antonio Locascio, Benjamin Livshits
    arXiv:2405.12115, May 2024.

  11. New: Mechanism Design for ZK-Rollup Prover Markets Wenhao Wang, Lulu Zhou, Aviv Yaish, Fan Zhang, Ben Fisch, Benjamin Livshits
    arXiv:2404.06495, April 2024.

  12. New: Quantifying Arbitrage in Automated Market Makers: An Empirical Study of Ethereum ZK Rollups Krzysztof Gogol, Johnnatan Messias, Deborah Miori, Claudio Tessone, Benjamin Livshits
    arXiv:2403.16083, March 2024.

  13. New: SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs Stefanos Chaliasos, Jens Ernstberger, David Theodore, David Wong, Mohammad Jahanara, Benjamin Livshits
    arXiv:2402.15293, February 2024.

  14. New: Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners? Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Benjamin Livshits
    In Proceedings of the 46th International Conference on Software Engineering (ICSE), April 2024.

    2023


  15. New: Airdrops: Giving Money Away Is Harder Than It Seems Johnnatan Messias, Aviv Yaish, and Benjamin Livshits
    arXiv:2312.02752, December 2023.

  16. New: zk-Bench: A Toolset for Comparative Evaluation and Performance Benchmarking of SNARKs Jens Ernstberger, Stefanos Chaliasos, George Kadianakis, Sebastian Steinhorst, Philipp Jovanovic, Arthur Gervais, Benjamin Livshits, and Michele Orrù
    Paper 2023/1503, ePrint, October 2023.

  17. New: Smart Contract and DeFi Security: Insights from Tool Evaluations and Practitioner Surveys Stefanos Chaliasos, Marcos Antonios Charalambous, Liyi Zhou, Rafaila Galanopoulou, Arthur Gervais, Dimitris Mitropoulos, and Benjamin Livshits
    Stanford Blockchain Conference 2023, August 2023.

  18. New: The Blockchain Imitation Game Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Benjamin Livshits, Dawn Song, and Arthur Gervais
    Stanford Blockchain Conference 2023, August 2023.

  19. New: The Blockchain Imitation Game Kaihua Qin, Stefanos Chaliasos, Liyi Zhou, Ben Livshits, Dawn Song, Arthur Gervais
    Usenix Security Symposium 2023, August 2023.

  20. New: Pool-Party: Exploiting Browser Resource Pools for Web Tracking Peter Snyder, Soroush Karami, Arthur Edelstein, Benjamin Livshits, and Hamed Haddadi
    Usenix Security Symposium 2023, August 2023.

  21. New: On How Zero-Knowledge Proof Blockchain Mixers Improve, and Worsen User Privacy Zhipeng Wang, Stefanos Chaliasos, Kaihua Qin, Liyi Zhou, Lifeng Gao, Pascal Berrang, Ben Livshits and Arthur Gervais
    The Web Conference (WWW 2023), April 2023.

    2022


  22. New: A Study of Inline Assembly in Solidity Smart Contracts Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits
    Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2022), December 2022.

  23. New: A Study of Inline Assembly in Solidity Smart Contracts Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits
    Crypto Economics Security Conference, October 2022.

  24. New: STAR: Secret Sharing for Private Threshold Aggregation Reporting (best paper award) Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, Hamed Haddadi, and Benjamin Livshits
    ACM Conference on Computer and Communications Security (CCS), November 2022.

  25. New: Blocked or Broken? Automatically Detecting When Privacy Interventions Break Websites Michael Smith, Peter Snyder, Moritz Haller, Benjamin Livshits, Deian Stefan, and Hamed Haddadi
    Privacy Enhancing Technologies Symposium , July 2022.

  26. New: Finding Typing Compiler Bugs (distinguished paper and best artifact awards) Stefanos Chaliasos, Thodoris Sotiropoulos, Diomidis Spinellis, Benjamin Livshits, and Dimitris Mitropoulos.
    Conference on Programming Language Design and Implementation (PLDI), June 2022.

  27. New: Measuring the Privacy vs. Compatibility Trade-off in Preventing Third-Party Stateful Tracking Jordan Jueckstock, Peter Snyder, Shaown Sarker, Alexandros Kapravelos, and Benjamin Livshits
    The World Wide Web Conference, April 2022.

  28. New: BatteryLab: A Collaborative Platform for Power Monitoring Matteo Varvello, Kleomenis Katevas, Mihai Plesa, Hamed Haddadi, and Benjamin Livshits
    Passive and Active Measurement Conference, March 2022.

    2021


  29. New: Towards Private On-Chain Algorithmic Trading Ceren Kocaoğullar, Arthur Gervais, and Benjamin Livshits
    arXiv:2109.11270, September 2021.

  30. New: STAR: Distributed Secret Sharing for Private Threshold Aggregation Reporting (distinguished paper award) Alex Davidson, Peter Snyder, E. B. Quirk, Joseph Genereux, and Benjamin Livshits
    arXiv:2109.10074, September 2021.

  31. New: PrivateFetch: Scalable Catalog Delivery in Privacy-Preserving Advertising Muhammad Haris Mughees, Gonçalo Pestana, Alex Davidson, and Benjamin Livshits
    arXiv:2109.08189, September 2021.

  32. New: What's in Your Wallet? Privacy and Security Issues in Web 3.0 Philipp Winter, Anna Harbluk Lorimer, Peter Snyder, and Benjamin Livshits
    arXiv:2109.06836, September 2021.

  33. New: Stronger Privacy for Federated Collaborative Filtering with Implicit Feedback Lorenzo Minto, Moritz Haller, Hamed Haddadi, and Benjamin Livshits
    ACM Conference on Recommender Systems (RecSys) 2021, September 2021.

  34. New: SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking Michael Smith, Peter Snyder, Benjamin Livshits, and Deian Stefan
    Computer and Communication Security (CCS), November 2021.

  35. New: Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited Daniel Perez and Benjamin Livshits
    Usenix Security Conference, August 2021.

  36. New: zkSENSE: A Friction-less Privacy-Preserving HumanAttestation Mechanism for Mobile Devices
    [PDF] [PDF] [BibTeX]
    Iñigo Querejeta Azurmendi, Panagiotis Papadopoulos, Matteo Varvello, Jiexin Zhang, Antonio Nappa, and Benjamin Livshits
    Proceedings on Privacy Enhancing Technologies (PoPETS) 2021, July 2021.

  37. New: On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols Liyi Zhou, Kaihua Qin, Antoine Cully, Benjamin Livshits, and Arthur Gervais
    IEEE Symposium on Security and Privacy (Oakland Security), May 2021.

  38. New: Detecting Filter List Evasion With Event-Loop-Turn Granularity JavaScript Signatures Quan Chen, Peter Snyder, Benjamin Livshits, and Alexandros Kapravelos
    IEEE Symposium on Security and Privacy (Oakland Security), May 2021.

  39. New: Towards Realistic and Reproducible Web Crawl Measurements
    [PDF] [Abstract] [BibTeX]
    Jordan Jueckstock, Shaown Sarker, Alexandros Kapravelos, Aidan Beggs, Peter Snyder, Panagiotis Papadopoulos, Matteo Varvello, and Benjamin Livshits
    World Wide Web Conference (WWW), April 2021.

  40. New: BrowseLite: A Private Data Saving Solution for the Web
    [PDF] [Abstract] [BibTeX]
    Conor Kelton, Matteo Varvello, Andrius Aucinas, Benjamin Livshits
    World Wide Web Conference (WWW), April 2021.

  41. New: Liquidations: DeFi on a Knife-edge
    [PDF] [Abstract] [BibTeX]
    Daniel Perez, Sam M. Werner, Jiahua Xu, and Benjamin Livshits
    Financial cryptography (FC), March 2021.

  42. New: Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit
    [PDF] [Abstract] [BibTeX]
    Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais
    Financial cryptography (FC), March 2021.

    2020


  43. New: Revisiting Transactional Statistics of High-scalability Blockchain
    [PDF] [Abstract] [BibTeX]
    Daniel Perez, Jiahua Xu, and Benjamin Livshits
    IMC 2020, October 2020.

  44. New: Liquidations: DeFi on a Knife-edge
    [PDF] [Abstract] [BibTeX]
    Daniel Perez, Sam M. Werner, Jiahua Xu, and Benjamin Livshits
    arXiv:2009.13235, September 2020.

  45. New: THEMIS: Decentralized and Trustless Ad Platform with Reporting Integrity
    [PDF] [Abstract] [BibTeX]
    Gonçalo Pestana, Iñigo Querejeta-Azurmendi, Panagiotis Papadopoulos, and Benjamin Livshits
    arXiv:2003.03810, July 2020.

  46. New: Percival: Making In-Browser Perceptual Ad Blocking Practical With Deep Learning
    [PDF] [Abstract] [BibTeX]
    Zain ul Abi Din, Panagiotis Tigas, Samuel T. King, and Benjamin Livshits
    Usenix ATC, July 2020.

  47. New: Privacy-Preserving Bandits. Mohammad Malekzadeh, Dimitrios Athanasakis, Hamed Haddadi, and Benjamin Livshits
    MLSys, March 2020.

  48. New: The Decentralized Financial Crisis: Attacking DeFi. Lewis Gudgeon, Daniel Perez, Dominik Harz, Arthur Gervais, and Benjamin Livshits
    Crypto Valley Conference, June 2020.

  49. New: Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit.
    [PDF] [Abstract] [BibTeX]
    Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Gervais
    arXiv:2003.03810, March 2020.

  50. New: We Know What They've Been Put Through: Revisiting High-scalability Blockchain Transactions.
    [PDF] [Abstract] [BibTeX]
    Daniel Perez, Jiahua Xu, and Benjamin Livshits
    arXiv:2003.02693, March 2020.

  51. The Decentralized Financial Crisis: Attacking DeFi.
    [PDF] [Abstract] [BibTeX]
    Lewis Gudgeon, Daniel Perez, Dominik Harz, Arthur Gervais, and Benjamin Livshits
    arXiv:2002.08099, February 2020.

  52. Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking. Antoine Vastel, Peter Snyder, and Benjamin Livshits
    SIGMETRICS, June 2020.

  53. Broken Metre: Attacking Resource Metering in EVM. Daniel Perez and Benjamin Livshits
    Network and Distributed Systems Symposium (NDSS), February 2020.

  54. Keeping Out the Masses: Understanding the Popularity and Implications of Internet Paywalls. Panagiotis Papadopoulos, Peter Snyder, and Benjamin Livshits
    International World Wide Web Conference (WWW), April 2020.

  55. Filter List Generation for Underserved Regions. Alexander Sjosten, Peter Snyder, Antonio Pastor, Panagiotis Papadopoulos, and Benjamin Livshits
    International World Wide Web Conference (WWW), April 2020.

  56. Evaluating the End-User Experience of Private Browsing Mode. Ruba Abu-Salma and Benjamin Livshits
    CHI Conference on Human Factors in Computing Systems Proceedings (CHI'20), April 2020.

  57. Broken Metre: Attacking Resource Metering in EVM. Daniel Perez and Benjamin Livshits
    arXiv:1909.07220, September 2020.

  58. AdGraph: A Graph-Based Approach to Ad and Tracker Blocking. Umar Iqbal, Peter Snyder, Shitong Zhu, Benjamin Livshits, Zhiyun Qian, and Zubair Shafiq
    IEEE Symposium on Security and Privacy (Oakland Security), May 2020.

    2019


  59. The Anatomy of a Cryptocurrency Pump-and-Dump Scheme. Jiahua Xu and Benjamin Livshits
    Usenix Security, August 2019.

  60. BatteryLab, A Distributed Power Monitoring Platform For Mobile Devices
    [PDF] [Abstract] [BibTeX]
    Matteo Varvello, Kleomenis Katevas, Mihai Plesa, Hamed Haddadi, Benjamin Livshits
    Technical Report arXiv:1910.08951, October 2019.

  61. The Blind Men and the Internet: Multi-Vantage Point Web Measurements
    [PDF] [Abstract] [BibTeX]
    Jordan Jueckstock, Shaown Sarker, Peter Snyder, Panagiotis Papadopoulos, Matteo Varvello, Benjamin Livshits and Alexandros Kapravelos
    Technical Report arXiv:1905.08767, May 2019.

  62. Percival: Making In-Browser Perceptual Ad Blocking Practical With Deep Learning
    [PDF] [Abstract] [BibTeX]
    Zain ul Abi Din, Panagiotis Tigas, and Samuel T. King, and Benjamin Livshits
    Technical Report arXiv:1905.07444, May 2019.

  63. Static Analysis for Asynchronous JavaScript Programs. Thodoris Sotiropoulos and Benjamin Livshits
    European Conference on Object-Oriented Programming (ECOOP), July 2019.

  64. Puff of Steem: Security Analysis of Decentralized Content Curation.
    [PDF] [Abstract] [BibTeX]
    Aggelos Kiayias, Benjamin Livshits, Andrés Monteoliva Mosteiro, and Orfeas Stefanos Thyfronitis Litos
    Tokenomics, May 2019.

  65. Smart Contract Vulnerabilities: Does Anyone Care?
    [PDF] [Abstract] [BibTeX]
    Daniel Perez and Benjamin Livshits
    Technical Report arXiv:1902.06710, February 2019.

  66. When the Signal is in the Noise: Exploiting Diffix's Sticky Noise.
    [PDF] [Abstract] [BibTeX]
    Andrea Gadotti, Florimond Houssiau, Luc Rocher, Yves-Alexandre de Montjoye, Benjamin Livshits
    Usenix Security, August 2019.

  67. SpeedReader: Reader Mode Made Fast and Private.
    [PDF] [Abstract] [BibTeX]
    Mohammad Ghasemisharif, Peter Snyder, Andrius Aucinas, and Benjamin Livshits
    Work Wide Web Conference, May 2019.

    2018


  68. Static Analysis for Asynchronous JavaScript Programs.
    [PDF] [Abstract] [BibTeX]
    Thodoris Sotiropoulos and Benjamin Livshits
    Technical Report arXiv:1901.03575, January 2019.

  69. The Anatomy of a Cryptocurrency Pump-and-Dump Scheme. Jiahua Xu and Benjamin Livshits
    Technical Report arXiv:1811.10109v1, November 2018.

  70. Evaluating the End-User Experience of Private Browsing Mode.
    [PDF] [Abstract] [BibTeX]
    Ruba Abu-Salma and Benjamin Livshits
    Technical Report ArXiv 1811.08460, November 2018.

  71. SpeedReader: Reader Mode Made Fast and Private.
    [PDF] [Abstract] [BibTeX]
    Mohammad Ghasemisharif, Peter Snyder, Andrius Aucinas, and Benjamin Livshits
    Technical Report ArXiv 1811.03661, November 2018.

  72. Who Filters the Filters: Understanding the Growth, Usefulness and Efficiency of Crowdsourced Ad Blocking.
    [PDF] [Abstract] [BibTeX]
    Antoine Vastel, Peter Snyder and Benjamin Livshits
    Technical Report ArXiv 1810.09160, October 2018.

  73. AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking.
    [PDF] [Abstract] [BibTeX]
    Umar Iqbal, Zubair Shafiq, Peter Snyder, Shitong Zhu, Zhiyun Qian, and Benjamin Livshits
    Technical Report ArXiv 1810.09160, October 2018.

  74. A Puff of Steem: Security Analysis of Decentralized Content Curation. Aggelos Kiayias, Benjamin Livshits, Andres Monteoliva Mosteiro, and Orfeas Stefanos Thyfronitis Litos
    Technical Report Arxiv-2412873, September 2018.

  75. EthIR: A Framework for High-Level Analysis of Ethereum Bytecode. Elvira Albert, Pablo Gordillo, Benjamin Livshits, Albert Rubio, and Ilya Sergey
    International Symposium on Automated Technology for Verification and Analysis, October 2018.

  76. EthIR: A Framework for High-Level Analysis of Ethereum Bytecode. Elvira Albert, Pablo Gordillo, Benjamin Livshits, Albert Rubio, and Ilya Sergey
    International Symposium on Automated Technology for Verification and Analysis, October 2018.

  77. AdGraph: A Machine Learning Approach to Automatic and Effective Adblocking. Umar Iqbal, Zubair Shafiq, Peter Snyder, Shitong Zhu, and Zhiyun Qian, May 2018.

  78. Synode: Understanding and Automatically Preventing Injection Attacks on Node.js. Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits
    Network and Distributed Systems Symposium (NDSS), February 2018.

    2017


  79. Toward Full Elasticity in Distributed Static Analysis: The Case of Callgraph Analysis. Diego Garbervetsky, Edgardo Zoppi, and Benjamin Livshits
    Foundations of Software Engineering (FSE), September 2017.

  80. BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model. Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, and Benjamin Livshits
    Usenix Security, August 2017.

  81. BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model. Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, and Benjamin Livshits
    Technical Report Arxiv-1879097, April 2017.

  82. Just-in-Time Static Analysis. Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith and Emerson Murphy-Hill
    International Symposium on Software Testing and Analysis (ISSTA), July 2017.

    2016


  83. Prepose: Privacy, Security, and Reliability for Gesture-Based Programming. Lucas Silva Figueiredo, David Molnar, Margus Veanes, and Benjamin Livshits,
    IEEE Journal of Security and Privacy, December 2016.

  84. Understanding and Automatically Preventing Injection Attacks on Node.JS. Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits
    CASED Technical Report , November 2016.

  85. Toward an Evidence-based Design for Reactive Security Policies and Mechanisms. Omer Katz and Benjamin Livshits,
    Technion Technical Report CS-2016-04-2016, November 2016.

  86. PrePose: Security and Privacy for Gesture-Based Programming. Lucas Silva Figueiredo, David Molnar, Margus Veanes, and Benjamin Livshits,
    Microsoft Research Technical Report MSR-TR-2016-xxx, August 2016.

  87. Just-in-Time Static Analysis. Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill
    University of Alberta Technical Report doi:10.7939/DVN/10859, August 2016.

  88. Kizzle: A Signature Compiler for Exploit Kits. Ben Stock, Benjamin Livshits, and Benjamin Zorn
    International Conference on Dependable Systems and Networks (DSN), June 2016.

  89. Toward Full Elasticity in Distributed Static Analysis. Diego Garbervetsky, Edgardo Zoppi, Thomas Ball, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2015-88, March 2016.

  90. PrePose: Security and Privacy for Gesture-Based Programming. Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, and Margus Veanes
    IEEE Symposium on Security and Privacy (Oakland Security), May 2016.

    2015


  91. Toward a Just-in-Time Static Analysis. Lisa Nguyen Quang Do, Karim Ali, Eric Bodden and Benjamin Livshits
    Technical University of Darmstadt Technical Report TUD-CS-2015-1167, July 2015.

  92. Fast: a Transducer-Based Language for Tree Manipulation.
    [PDF] [Abstract] [BibTeX]
    Loris D'Antoni, Margus Veanes, Benjamin Livshits and David Molnar
    Transactions on Programming Languages and Systems (TOPLAS), 2015.

  93. Detecting JavaScript Races that Matter. Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
    Foundations of Software Engineering (FSE), September 2015.

  94. Detecting JavaScript Races that Matter.
    [PDF] [Abstract] [BibTeX]
    Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2015-24, March 2015.

  95. SurroundWeb : Mitigating Privacy Concerns in a 3D Web Browser. John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
    IEEE Symposium on Security and Privacy (Oakland Security), May 2015.

  96. InterPoll: Crowd-Sourced Internet Polls. Benjamin Livshits and Todd Mytkowicz
    Summit On Advances In Programming Languages (SNAPL), May 2015.

  97. PriVaricator: Deceiving Fingerprinters with Little White Lies. Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits
    International World Wide Web Conference (WWW), May 2015.

  98. Kizzle: A Signature Compiler for Exploit Kits.
    [PDF] [Abstract] [BibTeX]
    Ben Stock, Benjamin Livshits, and Benjamin Zorn
    Microsoft Research Technical Report, February 2015.

  99. In Defense of Soundiness: A Manifesto. Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondrej Lhoták, J. Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis
    Communications of the ACM (CACM), February 2015.

  100. Program Boosting: Program Synthesis via Crowd-Sourcing. Robert Cochran, Loris D'Antoni, Benjamin Livshits, David Molnar, and Margus Veanes
    Symposium on the Principles of Programming Languages (POPL), January 2015.

  101. Data Parallel String Manipulating Programs. Margus Veanes, Todd Mytkowicz, David Molnar, Benjamin Livshits
    Symposium on the Principles of Programming Languages (POPL), January 2015.

    2014


  102. SurroundWeb : Mitigating Privacy Concerns in a 3D Web Browser. John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
    Microsoft Research Technical Report MSR-TR-2014-147, November 2014.

  103. PrePose: Security and Privacy for Gesture-Based Programming. Lucas Silva Figueiredo, Benjamin Livshits, David Molnar, and Margus Veanes
    Microsoft Research Technical Report MSR-TR-2014-146, November 2014.

  104. Optimizing Human Computation to Save Time and Money. Benjamin Livshits and George Kastrinis
    Microsoft Research Technical Report MSR-TR-2014-145, November 2014.

  105. Saving Money While Polling with InterPoll using Power Analysis. Benjamin Livshits and Todd Mytkowicz
    Conference on Human Computation & Crowdsourcing (HCOMP 2014), November 2014.

  106. MoRePriv: Mobile OS Support for Application Personalization and Privacy.
    [PDF] [Abstract] [BibTeX]
    Drew Davidson, Matt Fredrikson, and Benjamin Livshits
    Annual Computer Security Applications Conference (ACSAC), December 2014.

  107. Automated Migration of Build Scripts using Dynamic Analysis and Search-Based Refactoring. Milos Gligoric, Wolfram Schulte, Chandra Prasad, Danny van Velzen, Iman Narasamdya, Benjamin Livshits
    Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2014), October 2014.

  108. Z0: An Optimizing Distributing Zero-Knowledge Compiler. Matt Fredrikson and Benjamin Livshits
    USENIX Security Symposium, August 2014.

  109. I Know It When I See It: Observable Races in JavaScript Applications (Position paper). Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
    Workshop on Dynamic Languages and Applications (DYLA) 2014, , June 2014.

  110. Web Application Security Special Issue.
    [PDF] [Abstract] [BibTeX]
    Lieven Desmet, Martin Johns, Benjamin Livshits and Andrei Sabelfeld
    Journal of Computer Security, Volume 22, Number 4 / 2014, May 2014.

  111. Saving Money While Polling with InterPoll using Power Analysis. Benjamin Livshits and Todd Mytkowicz
    Microsoft Research Technical Report MSR-TR-2014-50, April 2014.

  112. PriVaricator: Deceiving Fingerprinters with Little White Lies. Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2014-26, February 2014.

  113. I Know It When I See It: Observable Races in JavaScript Applications (Position paper). Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2014-29, February 2014.

  114. SurroundWeb: Least Privilege for Immersive "Web Rooms". John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
    Microsoft Research Technical Report MSR-TR-2014-25, February 2014.

  115. Z0: An Optimizing Distributing Zero-Knowledge Compiler. Matt Fredrikson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2014-27 (updated version of MSR-TR-2013-43), February 2014.

  116. Least Privilege Rendering in a 3D Web Browser. John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
    Microsoft Research Technical Report MSR-TR-2014-25, February 2014.

  117. Fast: a Transducer-Based Language for Tree Manipulation. Loris D'Antoni, Margus Veanes, Benjamin Livshits and David Molnar
    Conference on Programming Language Design and Implementation (PLDI), June 2014.

  118. In Defense of Probabilistic Static Analysis. Benjamin Livshits and Shuvendu Lahiri
    Workshop on Probabilistic and Approximate Computing (APPROX), June 2014.

  119. InterPoll: Crowd-Sourced Internet Polls (Done Right). Benjamin Livshits and Todd Mytkowicz
    Microsoft Research Technical Report MSR-TR-2014-3, January 2014.

  120. Let's Do It at My Place? Attitudinal and Behavioral Study of Privacy in Client-Side Personalization. Alfred Kobsa, Bart Knijnenburg, and Benjamin Livshits
    CHI Conference on Human Factors in Computing Systems Proceedings (CHI'14), April 2014.

    2013


  121. Program Boosting or Crowd-Sourcing for Correctness. Robert Cochran, Loris D'Antoni, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2013-94, September 2013.

  122. Practical Static Analysis of JavaScript Applications in the Presence of Frameworks and Libraries. Magnus Madsen, Benjamin Livshits, and Michael Fanning
    Foundations of Software Engineering (FSE), August 2013.

  123. Enabling fine-grained permissions for augmented reality applications with recognizers. Suman Jana, David Molnar, Alexander Moshchuk, Alan Dunn, Benjamin Livshits, Helen J. Wang, Eyal Ofek
    USENIX Security Symposium, August 2013.

  124. Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Jaeyeon Jung
    USENIX Security Symposium, August 2013.

  125. Z0: An Optimizing Distributing Zero-Knowledge Compiler. Matthew Fredrikson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2013-43, April 2013.

  126. Operating System Support For Augmented Reality Applications. Loris D'Antoni, Alan Dunn, Suman Jana, Tadayoshi Kohno, Benjamin Livshits, David Molnar, Alex Moshchuk, Eyal Ofek, Franziska Roesner, Scott Saponas, Margus Veanes, and Helen J. Wang
    HotOS, May 2013.

  127. Engineering Secure Software and Systems: 5th International Symposium, ESSoS 2013, Paris, France, February 27 - March 1, 2013: proceedings.
    [PDF] [Abstract] [BibTeX]
    Jan Jürjens(Editor), Benjamin Livshits (Editor), Riccardo Scandariato (Editor)
    March 2013.

  128. Web Application Security (Dagstuhl Seminar 12401). Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld
    Dagstuhl Reports, February 2013.

  129. Verifying Higher-order Programs with the Dijkstra Monad. Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen and Benjamin Livshits
    Conference on Programming Language Design and Implementation (PLDI), June 2013.

  130. Browser security: appearances can be deceiving.
    [PDF] [Abstract] [BibTeX]
    CACM Staff
    Communications of the ACM, January 2013.

  131. Towards Fully Automatic Placement of Security Sanitizers and Declassifiers. Benjamin Livshits and Stephen Chong
    Symposium on the Principles of Programming Languages (POPL), January 2013.

  132. Fully Abstract Compilation to JavaScript. Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub and Benjamin Livshits
    Symposium on the Principles of Programming Languages (POPL), January 2013.

    2012


  133. FAST: A Transducer-Based Language for Tree Manipulation.
    [PDF] [Abstract] [BibTeX]
    Loris D'Antoni, Margus Veanes, Benjamin Livshits, and David Molnar
    Microsoft Research Technical Report MSR-TR-2012-123, November 2012.

  134. Dynamic Taint Tracking in Managed Runtimes.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2012-114, November 2012.

  135. Data-Parallel String-Manipulating Programs.
    [PDF] [Abstract] [BibTeX]
    Margus Veanes, David Molnar, Todd Mytkowicz, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2012-72, July 2012.

  136. Towards Fully Automatic Placement of Security Sanitizers and Declassifiers.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Stephen Chong
    Harvard University Technical Report TR-03-12, July 2012.

  137. Practical Static Analysis of JavaScript Applications in the Presence of Frameworks and Libraries.
    [PDF] [Abstract] [BibTeX]
    Magnus Madsen, Benjamin Livshits, and Michael Fanning
    Microsoft Research Technical Report MSR-TR-2012-66, July 2012.

  138. MoRePriv: Mobile OS-Wide Application Personalization.
    [PDF] [Abstract] [BibTeX]
    Drew Davidson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2012-50, May 2012.

  139. Private Client-side Profiling with Random Forests and Hidden Markov Models.
    [PDF] [Abstract] [BibTeX]
    George Danezis, Markulf Kohlweiss, Benjamin Livshits, and Alfredo Rial
    Privacy Enhancing Technologies Symposium, July 2012.

  140. Monadic Refinement Types for Verifying JavaScript Programs.
    [PDF] [Abstract] [BibTeX]
    Nikhil Swamy, Joel Weinberger, Juan Chen, Ben Livshits, and Cole Schlesinger
    Microsoft Research Technical Report MSR-TR-2012-37, March 2012.

  141. Rozzle: De-Cloaking Internet Malware. Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    IEEE Symposium on Security and Privacy (Oakland Security), May 2012.

  142. Engineering Secure Software and Systems: 4th International Symposium.
    [PDF] [Abstract] [BibTeX]
    Gilles Barthe (Editor), Ben Livshits (Editor), Riccardo Scandariato (Editor)
    March 2012.

  143. Symbolic Finite State Transducers: Algorithms and Applications. Nikolaj Bjorner, Pieter Hooimeijer, Benjamin Livshits, David Molnar, and Margus Veanes
    Symposium on the Principles of Programming Languages (POPL), January 2012.

    2011


  144. Generating Fast String Manipulating Code Through Transducer Exploration and SIMD Integration.
    [PDF] [Abstract] [BibTeX]
    Margus Veanes, David Molnar, Benjamin Livshits, and Lubomir Litchev
    Microsoft Research Technical Report MSR-TR-2011-124, November 2011.

  145. ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications. Prateek Saxena, David Molnar, and Benjamin Livshits
    Conference on Computer and Communications Security (CCS), November 2011.

  146. Towards Ensuring Client-Side Computational Integrity.
    [PDF] [Abstract] [BibTeX]
    George Danezis and Benjamin Livshits
    Conference on Computer and Communications Security (CCSW), November 2011.

  147. Rozzle: De-Cloaking Internet Malware. Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    Microsoft Research Technical Report MSR-TR-2011-94, August 2011.

  148. Symbolic Finite State Transducers: Algorithms and Applications. Nikolaj Bjorner, Pieter Hooimeijer, Benjamin Livshits, David Molnar, and Margus Veanes
    Microsoft Research Technical Report MSR-TR-2011-85, July 2011.

  149. Mining Software Specifications: Methodologies and Applications.
    [PDF] [Abstract] [BibTeX]
    Two contributed book chapters in a book published by Chapman & Hall

  150. Zozzle: Low-overhead Mostly Static JavaScript Malware Detection. Charles Curtsinger, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    USENIX Security Symposium, August 2011.

  151. Fast and Precise Sanitizer Analysis With BEK. Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes
    USENIX Security Symposium, August 2011.

  152. Towards Enforceable Data-Driven Privacy Policies. Matthew Fredrikson, Benjamin Livshits, Somesh Jha, and Drew Davidson
    Web 2.0 Security and Privacy (W2SP), May 2011.

  153. RePriv: Re-Imagining Content Personalization and In-Browser Privacy. Matthew Fredrikson and Benjamin Livshits
    IEEE Symposium on Security and Privacy (Oakland Security), May 2011.

  154. Verified Security for Browser Extensions. Arjun Guha, Matthew Fredrikson, Benjamin Livshits, and Nikhil Swamy
    IEEE Symposium on Security and Privacy (Oakland Security), May 2011.

  155. "NOFUS: Automatically Detecting" + String.fromCharCode(32) + "ObFuSCateD ".toLowerCase() + "JavaScript Code". Scott Kaplan, Benjamin Livshits, Benjamin Zorn, Christian Seifert, and Charles Curtsinger
    Microsoft Research Technical Report MSR-TR-2011-57, May 2011.

  156. Decision Procedures for Composition and Equivalence of Symbolic Finite State Transducers. Margus Veanes, David Molnar, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2011-32, March 2011.

    2010


  157. Verified Security for Browser Extensions. Nikhil Swamy, Benjamin Livshits, Arjun Guha, and Matthew Fredrikson
    Microsoft Research Technical Report MSR-TR-2010-157, November 2010.

  158. Zozzle: Low-overhead Mostly Static JavaScript Malware Detection. Charles Curtsinger, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    Microsoft Research Technical Report MSR-TR-2010-156, January 2010 (updated).

  159. Bek: Modeling Imperative String Operations with Symbolic Transducers. Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes
    Microsoft Research Technical Report MSR-TR-2010-154, November 2010.

  160. ScriptGard: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization. Prateek Saxena, David Molnar, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2010-128, October 2010.

  161. AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications. Emre Kiciman and Benjamin Livshits
    ACM Transactions on The Web, Vol. 4, No. 4, Article 13, September 2010.

  162. RePriv: Re-Envisioning In-Browser Privacy. Matthew Fredrikson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2010-116, August 2010.

  163. Dagstuhl Seminar 09141: Web Application Security (Executive summary). Dan Boneh, Ulfar Erlingsson, Martin Johns, and Benjamin Livshits

  164. Dagstuhl Seminar 09141: Web Application Security (Abstracts Collection). Dan Boneh, Ulfar Erlingsson, Martin Johns, and Benjamin Livshits

  165. Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications. Salvatore Guarnieri and Benjamin Livshits
    USENIX Conference on Web Application Development (WebApps) , June 2010.

  166. JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
    USENIX Conference on Web Application Development (WebApps) , June 2010.

  167. JSZap: Compressing JavaScript Code Martin Burtscher, Benjamin Livshits, Gaurav Sinha, and Benjamin Zorn
    USENIX Conference on Web Application Development (WebApps) , June 2010.

  168. Fluxo: A System for Internet Service Programming by Non-expert Developers. Emre Kiciman, Benjamin Livshits, Madanlal Musuvathi, and Kevin C. Webb
    ACM Symposium on Cloud Computing (SOCC) , June 2010.

  169. Empowering Browser Security for Mobile Devices Using Smart CDNs. Benjamin Livshits and David Molnar
    Workshop on Web 2.0 Security and Privacy (W2SP), May 2010.

  170. Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources. Leo Meyerovich, David Zhu, and Benjamin Livshits
    Workshop on Web 2.0 Security and Privacy (W2SP), May 2010.

  171. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser. Leo Meyerovich and Benjamin Livshits
    IEEE Symposium on Security and Privacy (Oakland Security), May 2010.

  172. JSZap: Compressing JavaScript Code. Martin Burtscher, Benjamin Livshits, Gaurav Sinha, and Benjamin G. Zorn
    Microsoft Research Technical Report MSR-TR-2010-21, March 2010.

  173. JSMeter: Characterizing Real-World Behavior of JavaScript Programs (short version). Paruj Ratanaworabhan, Benjamin Livshits, David Simmons, and Benjamin Zorn
    Microsoft Research Technical Report MSR-TR-2010-8, January 2010.

  174. Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications. Benjamin Livshits and Salvatore Guarnieri
    Microsoft Research Technical Report MSR-TR-2010-4, January 2010.

    2009


  175. JSMeter: Characterizing Real-World Behavior of JavaScript Programs. Paruj Ratanaworabhan, Benjamin Livshits, David Simmons, and Benjamin Zorn
    Microsoft Research Technical Report MSR-TR-2009-173, December 2009.

  176. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser. Benjamin Livshits and Leo Meyerovich
    Microsoft Research Technical Report MSR-TR-2009-158, February 2009.

  177. Ripley: Automatically Securing Web 2.0 Applications Through Replicated Execution. K. Vikram, Abhishek Prateek, and Benjamin Livshits
    Conference on Computer and Communications Security (CCS), November 2009.

  178. CatchAndRetry: Extending Exceptions to Handle Distributed System Failures and Recovery. Emre Kiciman, Benjamin Livshits, and Madanlal Musuvathi
    Programming Languages and Operating Systems (PLOS), October 2009.

  179. Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. Salvatore Guarnieri and Benjamin Livshits
    USENIX Security Symposium, August 2009.

  180. Nozzle: A Defense Against Heap-spraying Code Injection Attacks. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
    USENIX Security Symposium, August 2009.

  181. Fluxo: A Simple Service Compiler. Emre Kiciman, Benjamin Livshits, and Madanlal Musuvathi
    Workshop on Hot Topics in Operating Systems, HotOS 2009, May 2009.

  182. Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. Benjamin Livshits and Salvatore Guarnieri
    Microsoft Research Technical Report MSR-TR-2009-16, February 2009.

  183. Merlin: Specification Inference for Explicit Information Flow Problems. Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani, and Anindya Banerjee
    Conference on Programming Language Design and Implementation (PLDI) 2009, June 2009.

  184. Improving the Responsiveness of Interactive Internet Services with Automatic Cache Placement. Alex Rasmussen, Emre Kiciman, Benjamin Livshits, Madanlal Musuvathi
    European Conference on Computer Systems (EuroSys) 2009, March 2009.

    2008


  185. Merlin: Specification Inference for Explicit Information Flow Problems. Anindya Banerjee, Benjamin Livshits, Aditya V. Nori, and Sriram K. Rajamani
    Microsoft Research Technical Report MSR-TR-2008-xxx, December 2008.

  186. Nozzle: A Defense Against Heap-spraying Code Injection Attacks. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
    Microsoft Research Technical Report MSR-TR-2008-176, November 2008.

  187. Ripley: Automatically Securing Distributed Web Applications Through Replicated Execution. Benjamin Livshits, Abhishek Prateek, and K. Vikram
    Microsoft Research Technical Report MSR-TR-2008-174, November 2008.

  188. Doloto: Code Splitting for Network-Bound Web 2.0 Applications. Benjamin Livshits and Emre Kiciman
    Foundations of Software Engineering (FSE), November 2008.

  189. Volta: Developing Distributed Applications by Recompiling. Dragos Manolescu, Brian Beckman, and Benjamin Livshits
    IEEE Software, October 2008.

  190. Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui
    USENIX Annual Technical Conference, June 2008.

  191. Securing Web Applications with Static and Dynamic Information Flow Tracking. Monica S. Lam, Michael Martin, Benjamin Livshits, and John Whaley
    In Workshop on Partial Evaluation and Program Manipulation, January 2008.

    2007


  192. Doloto: Code Splitting for Network-Bound Web 2.0 Applications. Benjamin Livshits and Emre Kiciman
    Microsoft Research Technical Report MSR-TR-2007-159, December 2007.

  193. AjaxScope: a Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications. Emre Kiciman and Benjamin Livshits
    In Symposium of Operating System Principles (SOSP 2007), Stevenson, Washington, October 2007.

  194. Code Splitting for Network Bound Web 2.0 Applications. Benjamin Livshits and Chen Ding
    Microsoft Research Technical Report MSR-TR-2007-101, August 2007.

  195. Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui
    Microsoft Research Technical Report MSR-TR-2007-55, July 2007.

  196. Using Web Application Construction Frameworks To Protect Against Code Injection Attacks. Benjamin Livshits and Ulfar Erlingsson
    In Workshop on Programming Languages and Analysis for Security (PLAS 2007), San Diego, California, June 2007.

  197. Towards Security By Construction For Web 2.0 Applications.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Ulfar Erlingsson
    In Workshop on Web 2.0 Security and Privacy (W2SP 2007), May 2007.

  198. End-to-end Web Application Security. Ulfar Erlingsson, Benjamin Livshits, and Yinglian Xie
    In Workshop on Hot Topics in Operating Systems (HotOS XI), San Diego, California, May 2007.

  199. DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Thomas Zimmermann
    extended version of the FSE'05 paper currently under submission, February 2007.

    2006


  200. Improving Software Security with Precise Static and Runtime Analysis. Benjamin Livshits, Doctoral dissertation
    Stanford University, Stanford, California, December, 2006.

  201. Mining Additions of Method Calls in ArgoUML. Thomas Zimmerman, Silvia Breu, Christian Lindig, and Benjamin Livshits.
    In International Workshop on Mining Software Repositories Challenge, Shanghai, China, May, 2006.

    2005


  202. Reflection Analysis for Java. Benjamin Livshits, John Whaley, and Monica S. Lam
    A technical report, which represents an extended version of the paper below.

  203. Reflection Analysis for Java. Benjamin Livshits, John Whaley and Monica S. Lam
    In Third Asian Symposium on Programming Languages and Systems, Tsukuba, Japan, November, 2005.

  204. SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities. Benjamin Livshits, Michael Martin, and Monica S. Lam
    A technical report, which describes the runtime system for vulnerability protection first described in the OOPSLA '05 paper.

  205. Finding Application Errors and Security Flaws Using PQL: a Program Query Language. Michael Martin, Benjamin Livshits, and Monica S. Lam
    In 20th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, San Diego, California, October 2005.

  206. DynaMine: Finding Common Error Patterns by Mining Software Revision Histories. Benjamin Livshits and Thomas Zimmermann
    In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2005), Lisbon, Portugal, September 2005.

  207. Defining a Set of Common Benchmarks for Web Application Security. Benjamin Livshits
    Position paper on Stanford SecuriBench for the Workshop on Defining the State of the Art in Software Security Tools, Baltimore, August 2005.

  208. Finding Security Vulnerabilities in Java Applications with Static Analysis. Benjamin Livshits and Monica S. Lam
    A technical report, which represents an extended version of the paper above.

  209. Finding Security Vulnerabilities in Java Applications with Static Analysis. Benjamin Livshits and Monica S. Lam
    In Proceedings of the Usenix Security Symposium, Baltimore, Maryland, August 2005.

  210. Locating Matching Method Calls by Mining Revision History Data. Benjamin Livshits and Thomas Zimmermann
    In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, June 2005.

  211. Context-Sensitive Program Analysis as Database Queries. Monica S. Lam, John Whaley, Benjamin Livshits, Michael Martin, Dzintars Avots, Michael Carbin, Christopher Unkel.
    In Proceedings of Principles of Database Systems (PODS), Baltimore, Maryland, June 2005.

  212. Improving Software Security with a C Pointer Analysis. Dzintars Avots, Michael Dalton, Benjamin Livshits, Monica S. Lam.
    In Proceedings of the 27th International Conference on Software Engineering (ICSE), May 2005

  213. Turning Eclipse Against Itself: Improving the Quality of Eclipse Plugins. Benjamin Livshits
    A technical report, which is an extended version of the paper above.

  214. Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using Lightweight Static Analysis. Benjamin Livshits
    In Eclipsecon '05 Research Exchange, March 2005.
    I maintain a page devoted to Checklipse, the tool described in the paper.

    2004 and before


  215. Finding Security Errors in Java Applications Using Lightweight Static Analysis. Benjamin Livshits.
    In Annual Computer Security Applications Conference, Work-in-Progress Report, November 2004.

  216. Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs. Benjamin Livshits and Monica S. Lam
    In Proceedings of the 11th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, September 2003.

Posters

Top of page

Unpublished Manuscripts

Top of page
  • Looking for Memory Leaks. Benjamin Livshits
    An article on detecting memory leaks in Java for Oracle Developer Network as part of the Mastering J2EE Application Development Series, 2005.

  • Unsupervised Web Page Clustering.
    [PDF]
    Paul Ruhlen, Husrev Tolga Ilhan, and Benjamin Livshits.
    Report for a project in natural language processing at Stanford (CS 224N), Spring 2000.

  • Applications of Cache-conscious Data Layout to Copying Garbage Collection.
    [PDF]
    Benjamin Livshits and David Louie.
    Report for a graduate project in compilers (CS 612) at Cornell University, May 1999.

  • Mostly copying garbage collector (MCC) for Java.
    [PDF]
    Benjamin Livshits.
    MCC for Java, Undergraduate final project at Cornell, May 1999.

Top of page