Publications

Selected recent publications

OOPSLA 2014 Automated Migration of Build Scripts using Dynamic Analysis and Search-Based Refactoring. [PDF] [Abstract] [BibTeX]
Usenix Security 2014 Z0: An Optimizing Distributing Zero-Knowledge Compiler. [PDF] [Abstract] [BibTeX]
PLDI 2014 Fast: a Transducer-Based Language for Tree Manipulation. [PDF] [Abstract] [BibTeX]
CHI 2014 Let's Do It at My Place? Attitudinal and Behavioral Study of Privacy in Client-Side Personalization. [PDF] [Abstract] [BibTeX]
Usenix Security 2013 Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications. [PDF] [Abstract] [BibTeX]
Usenix Security 2013 Enabling fine-grained permissions for augmented reality applications with recognizers. [PDF] [Abstract] [BibTeX]
PLDI 2013 Verifying Higher-order Programs with the Dijkstra Monad. [PDF] [Abstract] [BibTeX]
POPL 2013 Towards Fully Automatic Placement of Security Sanitizers and Declassifiers. [PDF] [Abstract] [BibTeX]
POPL 2013 Fully Abstract Compilation to JavaScript. [PDF] [Abstract] [BibTeX]
Oakland Security 2012 Rozzle: De-Cloaking Internet Malware. [PDF] [Abstract] [BibTeX]
POPL 2012 Symbolic Finite State Transducers: Algorithms and Applications. [PDF] [Abstract] [BibTeX]
CCS 2011 ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications. [PDF] [Abstract] [BibTeX]
Usenix Security 2011 Zozzle: Low-overhead Mostly Static JavaScript Malware Detection. [PDF] [Abstract] [BibTeX]
Usenix Security 2011 Fast and Precise Sanitizer Analysis With BEK. [PDF] [Abstract] [BibTeX]
Oakland Security 2011 RePriv: Re-Imagining Content Personalization and In-Browser Privacy. [PDF] [Abstract] [BibTeX]
Oakland Security 2011 Verified Security for Browser Extensions. [PDF] [Abstract] [BibTeX]
Oakland Security 2010 ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser. [PDF] [Abstract] [BibTeX]
PLDI 2009 Merlin: Specification Inference for Explicit Information Flow Problems. [PDF] [Abstract] [BibTeX]
CCS 2009 Ripley: Automatically Securing Web 2.0 Applications Through Replicated Execution. [PDF] [Abstract] [BibTeX]
Usenix Security 2009 Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. [PDF] [Abstract] [BibTeX]
Usenix Security 2009 Nozzle: A Defense Against Heap-spraying Code Injection Attacks. [PDF] [Abstract] [BibTeX]

Chronological list

Papers and TRs   | Posters  | Other manuscripts  | Google Scholar

    2014


  • New: Saving Money While Polling with InterPoll using Power Analysis. Benjamin Livshits and Todd Mytkowicz
    Conference on Human Computation & Crowdsourcing (HCOMP 2014), November 2014.

  • New: MoRePriv: Mobile OS Support for Application Personalization and Privacy.
    [PDF] [Abstract] [BibTeX]
    Drew Davidson, Matt Fredrikson, and Benjamin Livshits
    Annual Computer Security Applications Conference (ACSAC), December 2014.

  • New: Automated Migration of Build Scripts using Dynamic Analysis and Search-Based Refactoring. Milos Gligoric, Wolfram Schulte, Chandra Prasad, Danny van Velzen, Iman Narasamdya, Benjamin Livshits
    Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2014), October 2014.

  • New: Z0: An Optimizing Distributing Zero-Knowledge Compiler. Matt Fredrikson and Benjamin Livshits
    USENIX Security Symposium, August 2014.

  • New: I Know It When I See It: Observable Races in JavaScript Applications (Position paper). Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
    Workshop on Dynamic Languages and Applications (DYLA) 2014, , June 2014.

  • New: Web Application Security Special Issue.
    [PDF] [Abstract] [BibTeX]
    Lieven Desmet, Martin Johns, Benjamin Livshits and Andrei Sabelfeld
    Journal of Computer Security, Volume 22, Number 4 / 2014, May 2014.

  • New: Saving Money While Polling with InterPoll using Power Analysis. Benjamin Livshits and Todd Mytkowicz
    Microsoft Research Technical Report MSR-TR-2014-50, April 2014.

  • New: PriVaricator: Deceiving Fingerprinters with Little White Lies. Nick Nikiforakis, Wouter Joosen, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2014-26, February 2014.

  • New: I Know It When I See It: Observable Races in JavaScript Applications (Position paper). Erdal Mutlu, Serdar Tasiran, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2014-29, February 2014.

  • New: Z0: An Optimizing Distributing Zero-Knowledge Compiler. Matt Fredrikson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2014-27 (updated version of MSR-TR-2013-43), February 2014.

  • New: Least Privilege Rendering in a 3D Web Browser. John Vilk, David Molnar, Eyal Ofek, Chris Rossbach, Benjamin Livshits, Alexander Moshchuk, Helen J. Wang, and Ran Gal
    Microsoft Research Technical Report MSR-TR-2014-25, February 2014.

  • Fast: a Transducer-Based Language for Tree Manipulation. Loris D'Antoni, Margus Veanes, Benjamin Livshits and David Molnar
    Conference on Programming Language Design and Implementation (PLDI), June 2014.

  • In Defense of Probabilistic Static Analysis. Benjamin Livshits and Shuvendu Lahiri
    Workshop on Probabilistic and Approximate Computing (APPROX), June 2014.

  • InterPoll: Crowd-Sourced Internet Polls (Done Right). Benjamin Livshits and Todd Mytkowicz
    Microsoft Research Technical Report MSR-TR-2014-3, January 2014.

  • Let's Do It at My Place? Attitudinal and Behavioral Study of Privacy in Client-Side Personalization. Alfred Kobsa, Bart Knijnenburg, and Benjamin Livshits
    CHI Conference on Human Factors in Computing Systems Proceedings (CHI'14), April 2014.

    2013


  • Program Boosting or Crowd-Sourcing for Correctness. Robert Cochran, Loris D'Antoni, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2013-94, September 2013.

  • Practical Static Analysis of JavaScript Applications in the Presence of Frameworks and Libraries. Magnus Madsen, Benjamin Livshits, and Michael Fanning
    Foundations of Software Engineering (FSE), August 2013.

  • Enabling fine-grained permissions for augmented reality applications with recognizers. Suman Jana, David Molnar, Alexander Moshchuk, Alan Dunn, Benjamin Livshits, Helen J. Wang, Eyal Ofek
    USENIX Security Symposium, August 2013.

  • Automatic Mediation of Privacy-Sensitive Resource Access in Smartphone Applications.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Jaeyeon Jung
    USENIX Security Symposium, August 2013.

  • Z0: An Optimizing Distributing Zero-Knowledge Compiler. Matthew Fredrikson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2013-43, April 2013.

  • Operating System Support For Augmented Reality Applications. Loris D'Antoni, Alan Dunn, Suman Jana, Tadayoshi Kohno, Benjamin Livshits, David Molnar, Alex Moshchuk, Eyal Ofek, Franziska Roesner, Scott Saponas, Margus Veanes, and Helen J. Wang
    HotOS, May 2013.

  • Engineering Secure Software and Systems: 5th International Symposium, ESSoS 2013, Paris, France, February 27 - March 1, 2013: proceedings.
    [PDF] [Abstract] [BibTeX]
    Jan Jürjens(Editor), Benjamin Livshits (Editor), Riccardo Scandariato (Editor)
    March 2013.

  • Web Application Security (Dagstuhl Seminar 12401). Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld
    Dagstuhl Reports, February 2013.

  • Verifying Higher-order Programs with the Dijkstra Monad. Nikhil Swamy, Joel Weinberger, Cole Schlesinger, Juan Chen and Benjamin Livshits
    Conference on Programming Language Design and Implementation (PLDI), June 2013.

  • Browser security: appearances can be deceiving.
    [PDF] [Abstract] [BibTeX]
    CACM Staff
    Communications of the ACM, January 2013.

  • Towards Fully Automatic Placement of Security Sanitizers and Declassifiers. Benjamin Livshits and Stephen Chong
    Symposium on the Principles of Programming Languages (POPL), January 2013.

  • Fully Abstract Compilation to JavaScript. Cedric Fournet, Nikhil Swamy, Juan Chen, Pierre-Evariste Dagand, Pierre-Yves Strub and Benjamin Livshits
    Symposium on the Principles of Programming Languages (POPL), January 2013.

    2012


  • FAST: A Transducer-Based Language for Tree Manipulation.
    [PDF] [Abstract] [BibTeX]
    Loris D'Antoni, Margus Veanes, Benjamin Livshits, and David Molnar
    Microsoft Research Technical Report MSR-TR-2012-123, November 2012.

  • Dynamic Taint Tracking in Managed Runtimes.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2012-114, November 2012.

  • Data-Parallel String-Manipulating Programs.
    [PDF] [Abstract] [BibTeX]
    Margus Veanes, David Molnar, Todd Mytkowicz, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2012-72, July 2012.

  • Towards Fully Automatic Placement of Security Sanitizers and Declassifiers.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Stephen Chong
    Harvard University Technical Report TR-03-12, July 2012.

  • Practical Static Analysis of JavaScript Applications in the Presence of Frameworks and Libraries.
    [PDF] [Abstract] [BibTeX]
    Magnus Madsen, Benjamin Livshits, and Michael Fanning
    Microsoft Research Technical Report MSR-TR-2012-66, July 2012.

  • MoRePriv: Mobile OS-Wide Application Personalization.
    [PDF] [Abstract] [BibTeX]
    Drew Davidson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2012-50, May 2012.

  • Private Client-side Profiling with Random Forests and Hidden Markov Models.
    [PDF] [Abstract] [BibTeX]
    George Danezis, Markulf Kohlweiss, Benjamin Livshits, and Alfredo Rial
    Privacy Enhancing Technologies Symposium, July 2012.

  • Monadic Refinement Types for Verifying JavaScript Programs.
    [PDF] [Abstract] [BibTeX]
    Nikhil Swamy, Joel Weinberger, Juan Chen, Ben Livshits, and Cole Schlesinger
    Microsoft Research Technical Report MSR-TR-2012-37, March 2012.

  • Rozzle: De-Cloaking Internet Malware. Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    IEEE Symposium on Security and Privacy (Oakland Security), May 2012.

  • Engineering Secure Software and Systems: 4th International Symposium.
    [PDF] [Abstract] [BibTeX]
    Gilles Barthe (Editor), Ben Livshits (Editor), Riccardo Scandariato (Editor)
    March 2012.

  • Symbolic Finite State Transducers: Algorithms and Applications. Nikolaj Bjorner, Pieter Hooimeijer, Benjamin Livshits, David Molnar, and Margus Veanes
    Symposium on the Principles of Programming Languages (POPL), January 2012.

    2011


  • Generating Fast String Manipulating Code Through Transducer Exploration and SIMD Integration.
    [PDF] [Abstract] [BibTeX]
    Margus Veanes, David Molnar, Benjamin Livshits, and Lubomir Litchev
    Microsoft Research Technical Report MSR-TR-2011-124, November 2011.

  • ScriptGard: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications. Prateek Saxena, David Molnar, and Benjamin Livshits
    Conference on Computer and Communications Security (CCS), November 2011.

  • Towards Ensuring Client-Side Computational Integrity.
    [PDF] [Abstract] [BibTeX]
    George Danezis and Benjamin Livshits
    Conference on Computer and Communications Security (CCSW), November 2011.

  • Rozzle: De-Cloaking Internet Malware. Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    Microsoft Research Technical Report MSR-TR-2011-94, August 2011.

  • Symbolic Finite State Transducers: Algorithms and Applications. Nikolaj Bjorner, Pieter Hooimeijer, Benjamin Livshits, David Molnar, and Margus Veanes
    Microsoft Research Technical Report MSR-TR-2011-85, July 2011.

  • Mining Software Specifications: Methodologies and Applications.
    [PDF] [Abstract] [BibTeX]
    Two contributed book chapters in a book published by Chapman & Hall

  • Zozzle: Low-overhead Mostly Static JavaScript Malware Detection. Charles Curtsinger, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    USENIX Security Symposium, August 2011.

  • Fast and Precise Sanitizer Analysis With BEK. Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes
    USENIX Security Symposium, August 2011.

  • Towards Enforceable Data-Driven Privacy Policies. Matthew Fredrikson, Benjamin Livshits, Somesh Jha, and Drew Davidson
    Web 2.0 Security and Privacy (W2SP), May 2011.

  • RePriv: Re-Imagining Content Personalization and In-Browser Privacy. Matthew Fredrikson and Benjamin Livshits
    IEEE Symposium on Security and Privacy (Oakland Security), May 2011.

  • Verified Security for Browser Extensions. Arjun Guha, Matthew Fredrikson, Benjamin Livshits, and Nikhil Swamy
    IEEE Symposium on Security and Privacy (Oakland Security), May 2011.

  • "NOFUS: Automatically Detecting" + String.fromCharCode(32) + "ObFuSCateD ".toLowerCase() + "JavaScript Code". Scott Kaplan, Benjamin Livshits, Benjamin Zorn, Christian Seifert, and Charles Curtsinger
    Microsoft Research Technical Report MSR-TR-2011-57, May 2011.

  • Decision Procedures for Composition and Equivalence of Symbolic Finite State Transducers. Margus Veanes, David Molnar, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2011-32, March 2011.

    2010


  • Verified Security for Browser Extensions. Nikhil Swamy, Benjamin Livshits, Arjun Guha, and Matthew Fredrikson
    Microsoft Research Technical Report MSR-TR-2010-157, November 2010.

  • Zozzle: Low-overhead Mostly Static JavaScript Malware Detection. Charles Curtsinger, Benjamin Livshits, Benjamin Zorn, and Christian Seifert
    Microsoft Research Technical Report MSR-TR-2010-156, January 2010 (updated).

  • Bek: Modeling Imperative String Operations with Symbolic Transducers. Pieter Hooimeijer, Benjamin Livshits, David Molnar, Prateek Saxena, and Margus Veanes
    Microsoft Research Technical Report MSR-TR-2010-154, November 2010.

  • ScriptGard: Preventing Script Injection Attacks in Legacy Web Applications with Automatic Sanitization. Prateek Saxena, David Molnar, and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2010-128, October 2010.

  • AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications. Emre Kiciman and Benjamin Livshits
    ACM Transactions on The Web, Vol. 4, No. 4, Article 13, September 2010.

  • RePriv: Re-Envisioning In-Browser Privacy. Matthew Fredrikson and Benjamin Livshits
    Microsoft Research Technical Report MSR-TR-2010-116, August 2010.

  • Dagstuhl Seminar 09141: Web Application Security (Executive summary). Dan Boneh, Ulfar Erlingsson, Martin Johns, and Benjamin Livshits

  • Dagstuhl Seminar 09141: Web Application Security (Abstracts Collection). Dan Boneh, Ulfar Erlingsson, Martin Johns, and Benjamin Livshits

  • Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications. Salvatore Guarnieri and Benjamin Livshits
    USENIX Conference on Web Application Development (WebApps) , June 2010.

  • JSMeter: Comparing the Behavior of JavaScript Benchmarks with Real Web Applications. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
    USENIX Conference on Web Application Development (WebApps) , June 2010.

  • JSZap: Compressing JavaScript Code Martin Burtscher, Benjamin Livshits, Gaurav Sinha, and Benjamin Zorn
    USENIX Conference on Web Application Development (WebApps) , June 2010.

  • Fluxo: A System for Internet Service Programming by Non-expert Developers. Emre Kiciman, Benjamin Livshits, Madanlal Musuvathi, and Kevin C. Webb
    ACM Symposium on Cloud Computing (SOCC) , June 2010.

  • Empowering Browser Security for Mobile Devices Using Smart CDNs. Benjamin Livshits and David Molnar
    Workshop on Web 2.0 Security and Privacy (W2SP), May 2010.

  • Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources. Leo Meyerovich, David Zhu, and Benjamin Livshits
    Workshop on Web 2.0 Security and Privacy (W2SP), May 2010.

  • ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser. Leo Meyerovich and Benjamin Livshits
    IEEE Symposium on Security and Privacy (Oakland Security), May 2010.

  • JSZap: Compressing JavaScript Code. Martin Burtscher, Benjamin Livshits, Gaurav Sinha, and Benjamin G. Zorn
    Microsoft Research Technical Report MSR-TR-2010-21, March 2010.

  • JSMeter: Characterizing Real-World Behavior of JavaScript Programs (short version). Paruj Ratanaworabhan, Benjamin Livshits, David Simmons, and Benjamin Zorn
    Microsoft Research Technical Report MSR-TR-2010-8, January 2010.

  • Gulfstream: Incremental Static Analysis for Streaming JavaScript Applications. Benjamin Livshits and Salvatore Guarnieri
    Microsoft Research Technical Report MSR-TR-2010-4, January 2010.

    2009


  • JSMeter: Characterizing Real-World Behavior of JavaScript Programs. Paruj Ratanaworabhan, Benjamin Livshits, David Simmons, and Benjamin Zorn
    Microsoft Research Technical Report MSR-TR-2009-173, December 2009.

  • ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser. Benjamin Livshits and Leo Meyerovich
    Microsoft Research Technical Report MSR-TR-2009-158, February 2009.

  • Ripley: Automatically Securing Web 2.0 Applications Through Replicated Execution. K. Vikram, Abhishek Prateek, and Benjamin Livshits
    Conference on Computer and Communications Security (CCS), November 2009.

  • CatchAndRetry: Extending Exceptions to Handle Distributed System Failures and Recovery. Emre Kiciman, Benjamin Livshits, and Madanlal Musuvathi
    Programming Languages and Operating Systems (PLOS), October 2009.

  • Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. Salvatore Guarnieri and Benjamin Livshits
    USENIX Security Symposium, August 2009.

  • Nozzle: A Defense Against Heap-spraying Code Injection Attacks. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
    USENIX Security Symposium, August 2009.

  • Fluxo: A Simple Service Compiler. Emre Kiciman, Benjamin Livshits, and Madanlal Musuvathi
    Workshop on Hot Topics in Operating Systems, HotOS 2009, May 2009.

  • Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. Benjamin Livshits and Salvatore Guarnieri
    Microsoft Research Technical Report MSR-TR-2009-16, February 2009.

  • Merlin: Specification Inference for Explicit Information Flow Problems. Benjamin Livshits, Aditya V. Nori, Sriram K. Rajamani, and Anindya Banerjee
    Conference on Programming Language Design and Implementation (PLDI) 2009, June 2009.

  • Improving the Responsiveness of Interactive Internet Services with Automatic Cache Placement. Alex Rasmussen, Emre Kiciman, Benjamin Livshits, Madanlal Musuvathi
    European Conference on Computer Systems (EuroSys) 2009, March 2009.

    2008


  • Merlin: Specification Inference for Explicit Information Flow Problems. Anindya Banerjee, Benjamin Livshits, Aditya V. Nori, and Sriram K. Rajamani
    Microsoft Research Technical Report MSR-TR-2008-xxx, December 2008.

  • Nozzle: A Defense Against Heap-spraying Code Injection Attacks. Paruj Ratanaworabhan, Benjamin Livshits, and Benjamin Zorn
    Microsoft Research Technical Report MSR-TR-2008-176, November 2008.

  • Ripley: Automatically Securing Distributed Web Applications Through Replicated Execution. Benjamin Livshits, Abhishek Prateek, and K. Vikram
    Microsoft Research Technical Report MSR-TR-2008-174, November 2008.

  • Doloto: Code Splitting for Network-Bound Web 2.0 Applications. Benjamin Livshits and Emre Kiciman
    Foundations of Software Engineering (FSE), November 2008.

  • Volta: Developing Distributed Applications by Recompiling. Dragos Manolescu, Brian Beckman, and Benjamin Livshits
    IEEE Software, October 2008.

  • Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui
    USENIX Annual Technical Conference, June 2008.

  • Securing Web Applications with Static and Dynamic Information Flow Tracking. Monica S. Lam, Michael Martin, Benjamin Livshits, and John Whaley
    In Workshop on Partial Evaluation and Program Manipulation, January 2008.

    2007


  • Doloto: Code Splitting for Network-Bound Web 2.0 Applications. Benjamin Livshits and Emre Kiciman
    Microsoft Research Technical Report MSR-TR-2007-159, December 2007.

  • AjaxScope: a Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications. Emre Kiciman and Benjamin Livshits
    In Symposium of Operating System Principles (SOSP 2007), Stevenson, Washington, October 2007.

  • Code Splitting for Network Bound Web 2.0 Applications. Benjamin Livshits and Chen Ding
    Microsoft Research Technical Report MSR-TR-2007-101, August 2007.

  • Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui
    Microsoft Research Technical Report MSR-TR-2007-55, July 2007.

  • Using Web Application Construction Frameworks To Protect Against Code Injection Attacks. Benjamin Livshits and Ulfar Erlingsson
    In Workshop on Programming Languages and Analysis for Security (PLAS 2007), San Diego, California, June 2007.

  • Towards Security By Construction For Web 2.0 Applications.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Ulfar Erlingsson
    In Workshop on Web 2.0 Security and Privacy (W2SP 2007), May 2007.

  • End-to-end Web Application Security. Ulfar Erlingsson, Benjamin Livshits, and Yinglian Xie
    In Workshop on Hot Topics in Operating Systems (HotOS XI), San Diego, California, May 2007.

  • DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Thomas Zimmermann
    extended version of the FSE'05 paper currently under submission, February 2007.

    2006


  • Improving Software Security with Precise Static and Runtime Analysis. Benjamin Livshits, Doctoral dissertation
    Stanford University, Stanford, California, December, 2006.

  • Mining Additions of Method Calls in ArgoUML. Thomas Zimmerman, Silvia Breu, Christian Lindig, and Benjamin Livshits.
    In International Workshop on Mining Software Repositories Challenge, Shanghai, China, May, 2006.

    2005


  • Reflection Analysis for Java. Benjamin Livshits, John Whaley, and Monica S. Lam
    A technical report, which represents an extended version of the paper below.

  • Reflection Analysis for Java. Benjamin Livshits, John Whaley and Monica S. Lam
    In Third Asian Symposium on Programming Languages and Systems, Tsukuba, Japan, November, 2005.

  • SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities. Benjamin Livshits, Michael Martin, and Monica S. Lam
    A technical report, which describes the runtime system for vulnerability protection first described in the OOPSLA '05 paper.

  • Finding Application Errors and Security Flaws Using PQL: a Program Query Language. Michael Martin, Benjamin Livshits, and Monica S. Lam
    In 20th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, San Diego, California, October 2005.

  • DynaMine: Finding Common Error Patterns by Mining Software Revision Histories. Benjamin Livshits and Thomas Zimmermann
    In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2005), Lisbon, Portugal, September 2005.

  • Defining a Set of Common Benchmarks for Web Application Security. Benjamin Livshits
    Position paper on Stanford SecuriBench for the Workshop on Defining the State of the Art in Software Security Tools, Baltimore, August 2005.

  • Finding Security Vulnerabilities in Java Applications with Static Analysis. Benjamin Livshits and Monica S. Lam
    A technical report, which represents an extended version of the paper above.

  • Finding Security Vulnerabilities in Java Applications with Static Analysis. Benjamin Livshits and Monica S. Lam
    In Proceedings of the Usenix Security Symposium, Baltimore, Maryland, August 2005.

  • Locating Matching Method Calls by Mining Revision History Data. Benjamin Livshits and Thomas Zimmermann
    In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, June 2005.

  • Context-Sensitive Program Analysis as Database Queries. Monica S. Lam, John Whaley, Benjamin Livshits, Michael Martin, Dzintars Avots, Michael Carbin, Christopher Unkel.
    In Proceedings of Principles of Database Systems (PODS), Baltimore, Maryland, June 2005.

  • Improving Software Security with a C Pointer Analysis. Dzintars Avots, Michael Dalton, Benjamin Livshits, Monica S. Lam.
    In Proceedings of the 27th International Conference on Software Engineering (ICSE), May 2005

  • Turning Eclipse Against Itself: Improving the Quality of Eclipse Plugins. Benjamin Livshits
    A technical report, which is an extended version of the paper above.

  • Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using Lightweight Static Analysis. Benjamin Livshits
    In Eclipsecon '05 Research Exchange, March 2005.
    I maintain a page devoted to Checklipse, the tool described in the paper.

    2004 and before


  • Finding Security Errors in Java Applications Using Lightweight Static Analysis. Benjamin Livshits.
    In Annual Computer Security Applications Conference, Work-in-Progress Report, November 2004.

  • Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs. Benjamin Livshits and Monica S. Lam
    In Proceedings of the 11th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, September 2003.

Posters

Top of page

Unpublished Manuscripts

Top of page
  • Looking for Memory Leaks. Benjamin Livshits
    An article on detecting memory leaks in Java for Oracle Developer Network as part of the Mastering J2EE Application Development Series, 2005.

  • Unsupervised Web Page Clustering.
    [PDF]
    Paul Ruhlen, Husrev Tolga Ilhan, and Benjamin Livshits.
    Report for a project in natural language processing at Stanford (CS 224N), Spring 2000.

  • Applications of Cache-conscious Data Layout to Copying Garbage Collection.
    [PDF]
    Benjamin Livshits and David Louie.
    Report for a graduate project in compilers (CS 612) at Cornell University, May 1999.

  • Mostly copying garbage collector (MCC) for Java.
    [PDF]
    Benjamin Livshits.
    MCC for Java, Undergraduate final project at Cornell, May 1999.

Top of page