Refereed Journal Articles
CANDID: Dynamic Candidate Evaluations for Automatic Prevention of SQL Injection Attacks
ACM Transactions on Information and System Security (TISSEC) Volume 13, Issue 2, February 2010 with P. Madhusudan and V.N. Venkatakrishnan |
BIBTEX |
Refereed Conference Papers
Don’t Repeat Yourself: Automatically Synthesizing Client-side Validation Code for Web Applications
Demo paper in 3rd Usenix Conference on Web Application Development (WEBAPPS'2012) Boston, MA, USA, Jun 2012 with Nazari Skrupsky, Maliheh Monshizadeh, Timothy Hinrichs, V.N. Venkatakrishnan, and Lenore Zuck |
||||||
SWIPE: Eager Erasure of Sensitive Data in Large Scale Systems Software
2nd ACM Conference on Data and Application Security and Privacy (CODASPY'2012) San Antonio, TX, USA, Feb 2012 Acceptance rate: 21 out of 113 submissions, 18% with Kalpana Gondi, Praveen Venkatachari, A. Prasad Sistla and V.N. Venkatakrishnan |
BIBTEX | |||||
WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction. 18th ACM Conference on Computer and Communications Security (CCS'2011) Chicago, IL, USA, Oct 2011. Acceptance rate: 60 out of 429 submissions, 14% with Timothy Hinrichs, Nazari Skrupsky, and V.N. Venkatakrishnan |
BIBTEX | PPT | DEMO | |||
Strengthening XSRF Defenses for Legacy Web Applications Using Whitebox Analysis and Transformation 6th International Conference on Information Systems Security (ICISS'2010) Gandhinagar, Gujarat, India, Dec 2010 Acceptance rate: 14 out of 51 submissions, 27% with Michelle Zhou and V.N. Venkatakrishnan |
BIBTEX | |||||
NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications. 17th ACM Conference on Computer and Communications Security (CCS'2010) Chicago, IL, USA, Oct 2010. Acceptance rate: 55 out of 320 submissions, 17%. with Timothy Hinrichs, Nazari Skrupsky, Radoslaw Bobrowicz and V.N. Venkatakrishnan Chosen among the 10 nationwide finalists for the 2010 ATT Award for Best Applied Security Research paper. |
BIBTEX | PPT | ||||
Automatically Preparing Safe SQL Queries. 14th Financial Cryptography and Data Security Conference (FC'2010) Canary Islands, Spain, Jan 25-28, 2010. Acceptance rate: 19 out of 130 submissions, 14.6% with A. Prasad Sistla and V.N. Venkatakrishnan
|
BIBTEX | PPT | DEMO | |||
TAPS: Automatically Preparing Safe SQL Queries. Poster paper in 17th ACM Conference on Computer and Communications Security (CCS'2010) Chicago, IL, USA, Oct 2010. [Acceptance rate: 44 out of 69 submissions, 64%] |
BIBTEX | |||||
XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'2008) Paris, France, Jul 10-11, 2008. [Acceptance rate: 13 out of 42 submissions, 31%] with V.N. Venkatakrishnan |
BIBTEX | PPT | ||||
CANDID: Preventing SQL Injection Attacks using Dynamic Candidate Evaluations 14th ACM Conference on Computer and Communications Security (CCS'2007) Alexandria, Virginia, November 2007. [Acceptance rate: 55 out of 302 submissions, 18%]. with Sruthi Bandhakavi, P. Madhusudan, and V.N. Venkatakrishnan |
BIBTEX |
Refereed Workshop Papers
Analysis of Hypertext Markup Isolation Techniques for XSS Prevention Web 2.0 Security and Privacy Workshop (W2SP'2008) Oakland, California, May 22, 2008. [Acceptance rate: 14 out of 45 submissions, 31%] with Mike Ter Louw and V.N. Venkatakrishnan |
BIBTEX |
Invited Papers
WebAppArmor: A Framework for Preventing Web-based Attacks 6th International Conference on Information Systems Security (ICISS'2010) Gandhinagar, Gujarat, India, December 2010 with V.N. Venkatakrishnan, Mike Ter-Louw, Michelle Zhou, Kalpana Gondi and K.T. Ganesh. |
Book Chapters
Formal Methods in Web Application Security Encyclopedia of Cryptography and Security, 2nd Ed., 2011. Editors: Henk C.A. van Tilborg and Sushil Jajodia. with V.N. Venkatakrishnan. |
Patents
- Apparatus for Enhancing Web Application Security and Method Therfor
(US Patent Number: 20120192280)
with A. Prasad Sistla and V.N. Venkatakrishnan
- Techniques to Automatically Construct Parameter Tampering Attacks
(filed to US Patent Office)
with Nazari Skruspky, Timothy Hinrichs and V.N. Venkatakrishnan
Other Publications
Ideas published at www.ip.com- Designing a secure SDK
- A greedy algorithm for optimization of queue based systems
- Bluetooth based WiFi Access Point management