Maliheh Monshizadeh
I am a postdoctoral research associate in the Department of Computer Science at the University of Wisconsin-Madison. I finished my PhD at UIC under supervision of Professor Venkatakrishnan. My research interests involve automatic detection of vulnerabilities and synthesis of security patches using static and dynamic software analysis techniques.
Education
- PhD in Computer Science, University of Illinois at Chicago, Aug. 2011 - 2016.
- MSc in Information Technology, Sharif University of Technology, Tehran, Iran, 2011.
- BSc in Software Engineering, Shahid Beheshti University, Tehran, Iran, 2008.
Research Interests
- Web Application Security
- Program Analysis
- Programming Languages
- Model Checking
- Compilers Design
Publications
- Maliheh Monshizadeh. Inferring Specifications for Web Application Security. Doctoral Dissertation. 2017.
- Maliheh Monshizadeh, Prasad Naldurg, V. N. Venkatakrishnan. Patching Logic Vulnerabilities for Web Applications using LogicPatcher. To appear in the Proceedings of The 6th ACM Conference on Data and Application Security and Privacy (CODASPY) 2016, New Orleans, LA, 2016.
- Birhanu Eshete, Abeer Alhuzali, Maliheh Monshizadeh, V. N. Venkatakrishnan, Phil Porras, Vinod Yegneswaran. EKHUNTER: A Counter-Offensive Toolkit for Exploit Kit Infiltration. The 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California.
- Maliheh Monshizadeh, Prasad Naldurg, V. N. Venkatakrishnan. MACE - Detecting Privilege Escalation Vulnerabilities in Web Applications. In Proceedings of 21st ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, AZ, 2014. [Slides]
- Phu H. Phung, Maliheh Monshizadeh, Meera Sridhar, Kevin W. Hamlen, and V.N. Venkatakrishnan. Between Worlds: Securing Mixed JavaScript/ActionScript Multi-party Web Content. In IEEE Transactions on Dependable and Secure Computing. Aug. 2014.
- Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck. "WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications". In ASE Science Journal Vol. 1, Issue 3, pp. 121-136, Dec. 2012. [PDF]
- Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck. "Don't Repeat Yourself: Automatically Synthesizing Client-side Validation". In The Third USENIX Conference on Web Application Development (WebApps'12), Boston, MA. June, 2012.
Academic Experience
- Research Assistant, Systems and Internet Security Laboratory, UIC, Fall 2011 – 2016.
- Teaching Assistant, Advanced Network Security – Spring 2011.
- Teaching Assistant, Computer Networks – Spring 2011.
- Teaching Assistant, Computer Networks – Fall 2010.
- Research Assistant, Natural Language Processing Laboratory – Winter 2009-Winter 2010.
- Teaching Assistant, Computer Networks – Fall 2008.
- Teaching Assistant, Computer Networks – Spring 2008.