Livshits, Ben - Microsoft Research

• REPRIV: Re-Imagining Content Personalization and In-Browser Privacy Matthew Fredrikson
• SCRIPTGARD: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization
• REPRIV: Re-Envisioning In-Browser Privacy Matthew Fredrikson Benjamin Livshits
• Verified Security for Browser Extensions Nikhil Swamy Benjamin Livshits Arjun Guha Matthew Fredrikson
• Ripley: Automatically Securing Web 2.0 Applications Through Replicated Execution
• GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code
• Merlin: Specification Inference for Explicit Information Flow Problems
• Nozzle: A Defense Against Heap-spraying Code Injection Attacks
• Ripley: Automatically Securing Distributed Web Applications
• 0 74 0 -74 5 9 / 0 8 / $ 2 5 . 0 0 2 0 0 8 I E E E September/October 2008 I E E E S o f t wa r E 53 focussoftware development tools
• Towards Security by Construction for Web 2.0 Applications Benjamin Livshits and Ulfar Erlingsson
• End-to-end Web Application Security Ulfar Erlingsson Benjamin Livshits
• DynaMine: Finding Common Error Patterns by Mining Software Revision Histories
• IMPROVING SOFTWARE SECURITY PRECISE STATIC AND RUNTIME ANALYSIS
• Mining Additions of Method Calls in ArgoUML Thomas Zimmermann1
• Reflection Analysis for Java Benjamin Livshits, John Whaley, and Monica S. Lam
• Locating Matching Method Calls by Mining Revision History Data Benjamin Livshits
• Finding Memory Leaks in Java with JDeveloper
• scan[] free[] forward(root_set);
• SECURING WEB 2.0 APPLICATIONS THROUGH REPLICATED EXECUTION
• Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code
• Fluxo: Simple Service Compiler Emre Kiciman, Ben Livshits, Madanlal Musuvathi
• Improving the Responsiveness of Internet Services with Automa7c Cache Placement
• Ben Livshits and Weidong Cui Microsoft Research
• AjaxScope: Remotely Monitoring Client-side Web-App Behavior
• Ben Livshits and lfar Erlingsson Microsoft Research
• Benjamin Livshits and Monica S. Lam 1. PHPList Admin Page SQL Injection Vulnerability
• & 3 3 ' 3 ! ! histories patterns
• Tracking Pointers with Path and Context Sensitivity
• DynaMine: Finding Common Error Patterns by Mining Software Revision Histories
• JSZap: Compressing JavaScript Code Martin Burtscher
• Reflection Analysis for Java Benjamin Livshits John Whaley
• A Defense Against Heap-spraying Code Injection Attacks
• Using Web Application Construction Frameworks to Protect Against Code Injection Attacks
• Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using
• Finding Security Vulnerabilities in Java Applications with Static Analysis
• Ben Livshits and Emre Kiciman Microsoft Research
• Ben Livshits and lfar Erlingsson Microsoft Research
• Spectator: Detection and Containment of JavaScript Worms
• Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications
• Runtime Protection and Recovery from Web Application Vulnerabilities
• CatchAndRetry: Extending Exceptions to Handle Distributed System Failures and Recovery
• GULFSTREAM: Staged Static Analysis for Streaming JavaScript Applications
• Finding Security Errors inFinding Security Errors in Java ApplicationsJava Applications
• AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications
• CONSCRIPT: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser
• SQL injections jgap freetts gruntspud jedit columba jfreechart
• Finding Common Error Patterns by Mining Software Revision Histories
• Finding Security Vulnerabilities
• JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications
• Finding Security Violations by Using Precise Source-
• NOZZLE: A Defense Against Heap-spraying Code Injection Attacks
• Ben Livshits and Emre Kiciman Microsoft Research
• GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies
• Specification Inference for Explicit Information Flow Problems Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani
• 2005-05-16: JGS-Portal Multiple Cross-Site Scripting and SQL Injection Vulnerabilities 2005-05-16: WoltLab Burning Board Verify_email Function SQL Injection Vulnerability
• Zozzle: Low-overhead Mostly Static JavaScript Malware Detection Charles Curtsinger Benjamin Livshits and Benjamin Zorn Christian Seifert
• Turning Eclipse Against Itself: Improving the Quality
• Finding Application Errors and Security Flaws Using PQL
• Verified Security for Browser Extensions Brown University
• Securing Web Applications with Static and Dynamic Information Flow Tracking
• Findings Security Errors in Java Applications Using Lightweight Static Analysis
• Finding Application Errors and Security Flaws Using PQL: a Program Query Language
• BEK: Re-Envisioning In-Browser Privacy Pieter Hooimeijer University of Virginia
• Short Paper: Improving the Responsiveness of Internet Services with Automatic Cache Placement
• Spectator: Detection and Containment of JavaScript Worms Benjamin Livshits Weidong Cui
• Rozzle: De-Cloaking Internet Malware Clemens Kolbitsch Benjamin Livshits and Benjamin Zorn Christian Seifert
• ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications
• Symbolic Finite State Transducers: Algorithms and Applications
• Fast and Precise Sanitizer Analysis with BEK Pieter Hooimeijer
• ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection Charlie Curtsinger
• Generating Fast String Manipulating Code Through Transducer Exploration and SIMD Integration
• Rozzle: De-Cloaking Internet Malware Clemens Kolbitsch
• Symbolic Finite State Transducers: Algorithms and Applications