Publications

2015

Niranjan Hasabnis, R. Sekar. Automatic Generation of Assembly to IR Translators Using Compilers. In Workshop on Architectural and Microarchitectural Support for Binary Translation (AMAS-BT), February, 2015.

Niranjan Hasabnis, Qiao Rui, R. Sekar. Checking Correctness of Code Generator Architecture Specifications. In ACM/IEEE International Symposium on Code Generation and Optimization (CGO), February, 2015.

Matthew Hicks, Cynthia Sturton, Samuel T. King, Jonathan M. Smith. SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2015.

2014

John Criswell, Nathan Dautenhahn, Vikram S. Adve. Virtual ghost: protecting applications from hostile operating systems. In ASPLOS 2014.

Warren He, Devdatta Akhawe, Sumeet Jain, Elaine Shi, Dawn Song. ShadowCrypt: Encrypted Web Applications for Everyone. In 21st ACM Conference on Computer and Communications Security (CCS), November 2014.

Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, Dawn Song. Code-Pointer Integrity. In USENIX Operating System Design and Implementation (OSDI), October, 2014.

Wai-Kit Sze, R. Sekar. Comprehensive Integrity Protection for Desktop Linux. In ACM Symposium on Access Control Models and Technologies (SACMAT), June, 2014.

Wai-Kit Sze, Bhuvan Mital, R. Sekar. Towards More Usable Information Flow Policies for Contemporary Operating Systems. In ACM Symposium on Access Control Models and Technologies (SACMAT), June, 2014. Honorable mention for Best paper.

Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song. The Emperor’s New Password Manager: Security Analysis of Web-Based Password Managers. In Proceedings of the 23rd USENIX Security Symposium, August 2014.

Nicholas Carlini, David Wagner. ROP is Still Dangerous: Breaking Modern Defenses. In Proceedings of the 23rd USENIX Security Symposium, August 2014.

Mingwei Zhang, Qiao Rui, Niranjan Hasabnis, R. Sekar. A Platform for Secure Static Binary Instrumentation. In Virtual Execution Environments (VEE), March, 2014.

John Criswell, Nathan Dautenhahn, Vikram S. Adve. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. In IEEE Symposium on Security and Privacy 2014.

Martin Christoph Maas. PHANTOM: Practical Oblivious Computation in a Secure Processor. M.S. Thesis, University of California, Berkeley.

2013

Wai-Kit Sze, R. Sekar. A Portable User-Level Approach for System wide Integrity Protection. In Annual Computer Security Applications Conference (ACSAC) December, 2013.

Daniel Huang, Greg Morrisett. Formalizing the SAFECode Type System. In Proceedings of the Certified Proofs and Programs Conference (CPP ’13), December 2013.

Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanović, John Kubiatowicz, Dawn Song. A High-Performance Oblivious RAM Controller on the Convey HC-2ex Heterogeneous Computing Platform. In 46th Annual IEEE/ACM International Symposium on Microarchitecture, December 2013.

Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari, Elaine Shi, Krste Asanović, John Kubiatowicz, Dawn Song. PHANTOM: Practical Oblivious Computation in a Secure Processor. In ACM Conference on Computer and Communications Security, November 2013.

Chi Yuan Cho, Vijay D’Silva, Dawn Song. Blitz: Compositional Bounded Model Checking for Real-World Programs. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE), November 2013.

Cynthia Sturton, Rohit Sinha, Thurston Dang, Sakshi Jain, Michael McCoyd, Wei Yang Tan, Petros Maniatis, Sanjit Seshia, David Wagner. Symbolic Software Model Validation. In 11th ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2013), October 2013.

Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, and Dawn Song. Hi-CFG: Construction by binary analysis and application to attack polymorphism. In Proceedings of ESORICS, September 2013.

Kevin Zhijie Chen, Noah Johnson, Vijay D’Silva, Shuaifu Dai, Kyle MacNamara, Tom Magrino, Edward XueJun Wu, Martin Rinard, Dawn Song. Contextual Policy Enforcement in Android Applications with Permission Event Graphs. In Network and Distributed System Security Symposium 2013.

Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song. Data-confined HTML5 Applications. In ESORICS, September 2013.

Mingwei Zhang, R. Sekar. Control Flow Integrity for COTS Binaries. In 22nd USENIX Security Symposium, August 2013. Best paper award.

Matthew Finifter, Devdatta Akhawe, David Wagner. An Empirical Study of Vulnerability Rewards Programs. In 22nd USENIX Security Symposium, August 2013.

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. Practical Control Flow Integrity and Randomization for Binary Executables. In IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, and Laszlo Szekeres. Protecting Function Pointers in Binary. In ACM Symposium on Information, Computer and Communications Security (ASIACCS), May, 2013.

Yan Huang, Jonathan Katz, and David Evans. Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose. In 33rd International Cryptology Conference (CRYPTO), August 2013. [ePrint]

Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization. In 22nd USENIX Security Symposium, August 2013.

Tianhao Tong and David Evans, GuarDroid: A Trusted Path for Password Entry. In Mobile Security Technologies (MoST), San Francisco, CA, 23 May 2013. [PDF]

Laszlo Szekeres, Mathias Payer, Tao Wei, R. Sekar. SoK: Eternal War in Memory. In IEEE Symposium on Security & Privacy, May 2013.

Samee Zahur and David Evans, Circuit Structures for Improving Efficiency of Security and Privacy Tools. In 34th IEEE Symposium on Security and Privacy, San Francisco, CA, 19-22 May 2013. [PDF]

N. Honarmand, N. Dautenhahn, J. Torrellas, S.T. King, G. Pokam and C. Pereira, Cyrus: Unintrusive Application-Level Record-Replay for Replay Parallelism, in Proceedings of the Symposium on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2013.

Haohui Mai, Edgar Pek, Hui Xue, Samuel T. King, and P. Madhusudan, Verifying Security Invariants in ExpressOS, in Proceedings of the Symposium on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2013.

2012

Yan Huang. Practical Secure Two-Party Computation. Ph.D. thesis, University of Virginia Computer Science.

Neil Zhenqiang Gong, Wenchang Xu, Ling Huang, Prateek Mittal, Emil Stefanov, Vyas Sekar, Dawn Song. Evolution of Social-Attribute Networks: Measurements, Modeling, and Implications using Google+. In ACM/USENIX Internet Measurement Conference (IMC), November 2012.

Rohit Sinha, Cynthia Sturton, Petros Maniatis, Sanjit A. Seshia, and David Wagner. Verification with Small and Short Worlds. In Formal Methods in Computer-Aided Design (FMCAD) 2012. October 2012.

Ralf Sasse, Samuel T. King, Jose Meseguer, and Shuo Tang. IBOS: A Correct-By-Construction Modular Browser, In Proceedings of the International Symposium on Formal Aspects of Component Software (FACS), Mountain View, CA, September 2012.

Devdatta Akhawe, Prateek Saxena, Dawn Song. Privilege Separation in HTML5 Applications. In Usenix Security, August 2012.

Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Elaine Shi, Eric Love, Dawn Song, Krste Asanovic. Context-centric Security, In Proceedings of the 7th USENIX Workshop on Hot Topics in Security (HotSec 2012), Bellevue, WA. August 2012.

Neil Zhenqiang Gong, Ameet Talwalkar, Lester Mackey, Ling Huang, Eui Chul Richard Shin, Emil Stefanov, Elaine (Runting) Shi, Dawn Song. Jointly Predicting Links and Inferring Attributes using a Social-Attribute Network (SAN). In Proceedings of The 6th Social Network Mining and Analysis Workshop (SNA-KDD), August 2012.

Lorenzo Martignoni, Pongsin Poosankam, Matei Zaharia, Jun Han, Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig, Scott Shenker, and Ion Stoica. Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems, Proceedings of the USENIX Annual Technical Conference (ATC 2012), Boston, MA. June 2012.

Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, Edward Gan. RockSalt: better, faster, stronger SFI for the x86, Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI’12). ACM, June 2012.

Haohui Mai, Shuo Tang, Samuel T. King, Calin Cascaval, and Pablo Montesinos. A Case for Parallelizing Web Pages, Proceedings of 4th USENIX Workshop on Hot Topics in Parallelism (HotPar 2012), Berkeley, CA, June 2012.

Prashanth Mohan, Abhradeep Thakurta, Elaine Shi, Dawn Song, David E. Culler. GUPT: Privacy Preserving Data Analysis Made Easy. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), Scottsdale, AZ. May 2012.

Yan Huang, Jonathan Katz, and David Evans. Quid-Pro-Quo-tocols: Strengthening Semi-Honest Protocols with Dual Execution. Proceedings of 33rd IEEE Symposium on Security and Privacy (Oakland 2012), San Francisco, CA, May 2012.

Riccardo Pelizzi and R. Sekar. Protection, Usability and Improvements in Reflected XSS Filters. ACM Symposium on Information, Computer and Communications Security (ASIACCS), May 2012.

Niranjan Hasabnis, Ashish Misra and R. Sekar. Light-weight Bounds Checking. ACM/IEEE International Symposium on Code Generation and Optimization (CGO), April 2012.

Yan Huang, David Evans, and Jonathan Katz. Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? Proceedings of 19th Network and Distributed Security Symposium (NDSS 2012), San Diego, CA, February 2012.

Hui Xue, Nathan Dautenhahn, and Samuel T. King, Using Replicated Execution for a More Secure and Reliable Web Browser, Proceedings of the 2012 Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2012.

Emil Stefanov, Elaine Shi, Dawn Song. Towards Practical Oblivious RAM. In Proceedings of the 2012 Network and Distributed System Security Symposium (NDSS), San Diego, CA. February 2012.

2011

Yan Huang, Chih-hao Shen, David Evans, Jonathan Katz, and abhi shelat. Efficient Secure Computation with Garbled Circuits. Invited paper for Seventh International Conference on Information Systems Security (ICISS 2011), Jadavpur University, Kolkata, India, 15-19 December 2011.

Riccardo Pelizzi and R. Sekar. A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications.
Annual Computer Security Applications Conference (ACSAC), December, 2011.

Lorenzo Cavallaro and R. Sekar. Taint-Enhanced Anomaly Detection. International Conference on Information Systems Security (ICISS) December, 2011.

Mike Samuel, Prateek Saxena, and Dawn Song. Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers. Proceedings of 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL, October 2011.

Shuo Tang, Nathan Dautenhahn, and Samuel T. King. Fortifying Web-Based Applications Automatically. Proceedings of 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL, October 2011.

Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. Proceedings of 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL, October 2011.

Yikan Chen and David Evans. Auditing Information Leakage for Distance Metrics. Proceedings of Third IEEE Conference on Privacy, Security, Risk and Trust, Boston, MA, 9-11 October 2011.

Yuchen Zhou and David Evans. Protecting Private Web Content from Embedded Scripts. European Symposium on Research in Computer Security (ESORICS 2011), September 2011.

Murph Finnicum, Samuel T. King.  Building Secure Robot Applications.  Proceedings of the 2011 Usenix Workshop on Hot Topics in Security (HotSec).  August 2011

Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. Proceedings of the 2011 Usenix Workshop on Hot Topics in Security (HotSec).  August 2011

Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel T. King. Debugging the Data Plane with Anteater. Proceedings of the ACM SIGCOMM, August 2011.

Yan Huang, David Evans, Jonathan Katz, Lior Malka. Faster Secure Two-Party Computation Using Garbled Circuits. 20th USENIX Security Symposium, August 2011.

Cynthia Sturton, Matthew Hicks, David Wagner, Samuel T. King. Defeating UCI: Building Stealthy and Malicious Hardware. Proceedings of the 2011 IEEE Symposium on Security and Privacy, May 2011.

Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, and Dawn Song. Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection. 13th Workshop on Hot Topics in Operating Systems (HotOS), May 2011.

Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, David Evans. GuardRails: A Data-Centric Web Application Security Framework. 2nd USENIX Conference on Web Application Development (WebApps ’11), June 2011.

Jean-Baptiste Tristan, Paul Govereau, Greg Morrisett. Evaluating Translation Validation for LLVM. Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI), June 2011.

Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Dawn Song, Petros Maniatis. Path-exploration lifting: hi-fi tests for lo-fi emulators. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). March 2012.

Yan Huang, Lior Malka, David Evans, and Jonathan Katz. Efficient Privacy-Preserving Biometric Identification. Proceedings of the 2011 Network and Distributed System Security Symposium, February 2011.

2010

Shuo Tang, Haohui Mai, and Samuel T. King. Trust and Protection in the Illinois Browser Operating System. Proceedings of the 2010 Symposium on Operating Systems Design and Implementation (OSDI), October 2010.

J.Siefers, G.Tan, and G.Morrisett. Robusta: Taming the native beast of the JVM. 17th ACM Conference on Computer and Communications Security (CCS), November 2010.

Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, Marianne Winslett. VEX: Vetting Browser Extensions For Security Vulnerabilities. Proceedings of 2010 USENIX Security Symposium, August 2010.

Heng Yin, Pongsin Poosankam, Steve Hanna, Dawn Song. HookScout: Proactive Binary-Centric Hook Detection.  Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2010.

Devdatta Akhawe, Adam Barth, Peifung Lam, John C. Mitchell, Dawn Song. Towards a Formal Foundation of Web Security. 2010 IEEE Computer Security Foundations Symposium, July 2010.

Steve Hanna, Richard Shin, Devdatta Akhawe, Arman Boehm, Dawn Song. The Emperor’s New API: On the (In)Secure Usage of New Client Side Primitives. Web 2.0 Security and Privacy, May 2010.

Matthew Hicks, Murph Finnicum, Samuel T. King, Milo M. K. Martin, Jonathan M. Smith. Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically. 2010 IEEE Symposium on Security and Privacy (Oakland), May 2010.

C. Y. Cho, J. Caballero, C. Grier, V. Paxson, D. Song. Insights from the Inside: A View of Botnet Management from Infiltration. Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET 2010), April 2010.

Shuo Tang, Chris Grier, Onur Aciicmez, Samuel T. King. Alhambra: A system for creating, enforcing and testing browser security policies. Proceedings of 19th International Word Wide Web Conference (WWW2010), Raleigh, NC, April 2010.

Adam Barth, A. Porter Felt, Prateek Saxena, Aaron Boodman. Protecting Browsers from Extension Vulnerabilities. NDSS 2010, February 2010.

Matthew Finifter, Joel Weinberger, Adam Barth. Preventing Capability Leaks in Secure JavaScript Subsets. NDSS 2010, February 2010.

Adam Barth, Benjamin I. P. Rubinstein, Mukund Sundararajan, John C. Mitchell, Dawn Song, Peter Bartlett. A Learning-Based Approach to Reactive Security. Proceedings of Financial Cryptography and Data Security ’10. Fourteenth International Conference. January 2010.

2009

Anh M. Nguyen, Nabil Schear, HeeDong Jung, Apeksha Godiyal, Sam T. King, Hai Nguyen. MAVMM: A Lightweight and Purpose-Built VMM for Malware Analysis. ACSAC 2009, December 2009.

Lixin Li, Jim Just, and R. Sekar. Online Signature Generation for Windows Systems. Annual Computer Security Applications Conference (ACSAC), December 2009.

Juan Caballero, Pongsin Poosankam, Christian Kreibich, Dawn Song. Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering. Proceedings of the 16th ACM Conference on Computer and Communication Security, November 2009.

Juan Caballero, Zhenkai Liang, Pongsin Poosankam, Dawn Song. Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration. Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2009.

Prateek Saxena, Pongsin Poosankam, Stephen McCamant, Dawn Song. Loop-Extended Symbolic Execution on Binary Programs. Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), July 2009.

Alok Tongaonkar, R. Sekar and Sreenaath Vasudevan. Fast Packet Classification using Condition Factorization. Applied Cryptography and Network Security (ACNS), June 2009.

James Newsome, Stephen McCamant, Dawn Song. Measuring Channel Capacity to Distinguish Undue Influence. Proceedings of the Fourth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), June 2009.

Adam Barth, Juan Caballero, Dawn Song. Secure Content Sniffing for Web Browsers or How to Stop Papers from Reviewing Themselves. Proceedings of the IEEE Symposium on Security and Privacy, May 2009.