*
Quick Links|Home|Worldwide
Microsoft*
Search for

Ben Livshits is a researcher at Microsoft Research (MSR) in Redmond, WA. His old Stanford homepage will relocate here pretty soon. Also see his photography portfolio site Oberon Imaging.

We are looking for Ph.D. interns to work on research projects in the area of Web 2.0 development. Contact me for details.

Projects

News:

  • New: Volta: Developing Distributed Application by Recompiling.
    [PDF] [Abstract] [BibTeX]
    Dragos Manolescu, Brian Beckman, and Benjamin Livshits
    IEEE Software, October 2008.

  • New: Spectator: Detection and Containment of JavaScript Worms.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Weidong Cui
    USENIX Annual Technical Conference, June 2008.

  • New: Securing Web Applications with Static and Dynamic Information Flow Tracking.
    [PDF] [Abstract] [BibTeX]
    Monica S. Lam, Michael Martin, Benjamin Livshits, and John Whaley
    In Workshop on Partial Evaluation and Program Manipulation (keynote address), January 2008.

  • Doloto: Code Splitting for Network-Bound Web 2.0 Applications. Benjamin Livshits and Emre Kiciman
    Microsoft Research Technical Report MSR-TR-2007-159, December 2007.

  • Code Splitting for Network Bound Web 2.0 Applications. Benjamin Livshits and Chen Ding
    Microsoft Research Technical Report MSR-TR-2007-101, August 2007.

  • Spectator: Detection and Containment of JavaScript Worms. Benjamin Livshits and Weidong Cui
    Microsoft Research Technical Report MSR-TR-2007-55, July 2007.

  • AjaxScope: a Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications. Emre Kiciman and Benjamin Livshits
    In Symposium of Operating System Principles (SOSP 2007), Stevenson, Washington, October 2007.

  • Using Web Application Construction Frameworks To Protect Against Code Injection Attacks. Benjamin Livshits and Ulfar Erlingsson
    In Workshop on Programming Languages and Analysis for Security (PLAS 2007), San Diego, California, June 2007.

  • Towards Security By Construction For Web 2.0 Applications.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Ulfar Erlingsson
    In Workshop on Web 2.0 Security and Privacy (W2SP 2007), May 2007.

  • End-to-end Web Application Security. Ulfar Erlingsson, Benjamin Livshits, and Yinglian Xie
    In Workshop on Hot Topics in Operating Systems (HotOS XI), San Diego, California, May 2007.

  • DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
    [PDF] [Abstract] [BibTeX]
    Benjamin Livshits and Thomas Zimmermann
    extended version of the FSE'05 paper currently under submission, February 2007.

  • Improving Software Security with Precise Static and Runtime Analysis. Benjamin Livshits, Doctoral dissertation
    Stanford University, Stanford, California, December, 2006.

  • Mining Additions of Method Calls in ArgoUML. Thomas Zimmerman, Silvia Breu, Christian Lindig, and Benjamin Livshits.
    In International Workshop on Mining Software Repositories Challenge, Shanghai, China, May, 2006.

  • Reflection Analysis for Java. Benjamin Livshits, John Whaley and Monica S. Lam
    In Third Asian Symposium on Programming Languages and Systems, Tsukuba, Japan, November, 2005.

  • Finding Application Errors and Security Flaws Using PQL: a Program Query Language. Michael Martin, Benjamin Livshits, and Monica S. Lam
    In 20th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, San Diego, California, October 2005.

  • DynaMine: Finding Common Error Patterns by Mining Software Revision Histories. Benjamin Livshits and Thomas Zimmermann
    In ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2005), Lisbon, Portugal, September 2005.

  • Defining a Set of Common Benchmarks for Web Application Security. Benjamin Livshits
    Position paper on Stanford SecuriBench for the Workshop on Defining the State of the Art in Software Security Tools, Baltimore, August 2005.

  • Finding Security Vulnerabilities in Java Applications with Static Analysis. Benjamin Livshits and Monica S. Lam
    In Proceedings of the Usenix Security Symposium, Baltimore, Maryland, August 2005.

  • Locating Matching Method Calls by Mining Revision History Data. Benjamin Livshits and Thomas Zimmermann
    In Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, June 2005.

  • Context-Sensitive Program Analysis as Database Queries. Monica S. Lam, John Whaley, Benjamin Livshits, Michael Martin, Dzintars Avots, Michael Carbin, Christopher Unkel.
    In Proceedings of Principles of Database Systems (PODS), Baltimore, Maryland, June 2005.

  • Improving Software Security with a C Pointer Analysis. Dzintars Avots, Michael Dalton, Benjamin Livshits, Monica S. Lam.
    In Proceedings of the 27th International Conference on Software Engineering (ICSE), May 2005

  • Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using Lightweight Static Analysis. Benjamin Livshits
    In Eclipsecon '05 Research Exchange, March 2005.
    I maintain a page devoted to Checklipse, the tool described in the paper.

  • Finding Security Errors in Java Applications Using Lightweight Static Analysis. Benjamin Livshits.
    In Annual Computer Security Applications Conference, Work-in-Progress Report, November 2004.

  • Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs. Benjamin Livshits and Monica S. Lam
    In Proceedings of the 11th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, September 2003.

  • SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities. Benjamin Livshits, Michael Martin, and Monica S. Lam
    A technical report, which describes the runtime system for vulnerability protection first described in the OOPSLA '05 paper.

  • Reflection Analysis for Java. Benjamin Livshits, John Whaley, and Monica S. Lam
    A technical report, which represents an extended version of the paper above.

  • Turning Eclipse Against Itself: Improving the Quality of Eclipse Plugins. Benjamin Livshits
    A technical report, which is an extended version of the paper above.

  • Finding Security Vulnerabilities in Java Applications with Static Analysis. Benjamin Livshits and Monica S. Lam
    A technical report, which represents an extended version of the paper above.


  • New: AjaxScope: Remotely Monitoring Client-side Web-App Behavior. (slides by Emre Kiciman)
    [PPT] [PDF]
    Emre Kiciman and Benjamin Livshits.
    In Symposium of Operating System Principles (SOSP 2007), October 2007.

  • New: Using Web Application Construction Frameworks to Protect Against Code Injection Attacks.
    [PPT] [PDF]
    Benjamin Livshits and Ulfar Erlingsson.
    In Workshop on Programming Languages and Analysis for Security (PLAS 2007), June 2007.

  • New: Towards Security by Construction for Web 2.0 Applications.
    [PPT] [PDF]
    Benjamin Livshits and Ulfar Erlingsson.
    In Web 2.0 Security & Privacy 2007, May 2007.

  • Finding Application Errors and Security Flaws Using PQL: A Program Query Language.
    [PPT] [PDF]
    Michael Martin, Benjamin Livshits, and Monica Lam.
    In Dagstugl seminar on Runtime Verification (07011), January 2007.

  • Reflection Analysis for Java.
    [PPT] [PDF]
    Benjamin Livshits, John Whaley, and Monica S. Lam
    In Third Asian Symposium on Programming Languages and Systems, Tsukuba, Japan, November, 2005.

  • Finding Application Errors and Security Flaws Using PQL: a Program Query Language.
    [PPT] [PDF]
    Michael Martin, Benjamin Livshits, and Monica S. Lam
    In 20th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, San Diego, California, October 2005 (slides and presentation by Michael Martin).

  • DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
    [PPT] [PDF]
    Benjamin Livshits and Thomas Zimmermann
    In ACM SIGSOFT Symposium on the Foundations of Software Engineering, Lisbon, Portugal, September 2005 (slides and presentation by Thomas Zimmermann).

  • Finding Security Vulnerabilities in Java Applications with Static Analysis.
    [PPT] [PDF]
    Benjamin Livshits and Monica Lam.
    In Usenix Security Symposium, Baltimore, Maryland, August 2005.

  • DynaMine: Finding Common Error Patterns by Mining Software Revision Histories.
    [PPT] [PDF]
    Benjamin Livshits and Thomas Zimmermann.
    In Dagstugl seminar 05261, June 2005.

  • Locating Matching Method Calls by Mining Revision History Data.
    [PPT] [PDF]
    Benjamin Livshits and Thomas Zimmermann
    In the Workshop on the Evaluation of Software Defect Detection Tools, Chicago, Illinois, June 2005.

  • Using Static Analysis to Find Input Validation Errors in Java Programs.
    [PPT] [PDF]
    Benjamin Livshits and Monica S. Lam.
    In Stanford 7th Annual Security Workshop, May 2005.

  • Turning Eclipse Against Itself: Finding Errors in Eclipse Sources.
    [PPT] [PDF]
    Benjamin Livshits.
    In Eclipsecon '05 Research Exchange, March 2005.

  • Finding Security Errors in Java Applications Using Lightweight Static Analysis.
    [PPT] [PDF]
    Benjamin Livshits.
    Work-in-Progress Report, Annual Computer Security Applications Conference, November 2004.

  • Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs.
    [PPT] [PDF]
    Benjamin Livshits and Monica S. Lam
    11th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, September 2003.

  • Finding Security Violations by Using Precise Source-level Analysis.
    [PPT] [PDF]
    Benjamin Livshits and Monica S. Lam
    In Stanford 5th Annual Security Workshop, May 2003.

  • Static and Runtime Solutions for Web Application Vulnerabilities.
    [PPT] [PDF]
    Benjamin Livshits.
    A Poster Presented at a Trust Event, April 2006.

  • Using Eclipse to Detect Security Errors in Web Applications.
    [PPT] [PDF]
    Benjamin Livshits.
    A Poster Presented at Eclipsecon '05, March 2005.


  • Looking for Memory Leaks.
    [PDF]
    Benjamin Livshits
    An article on detecting memory leaks in Java for Oracle Developer Network as part of the Mastering J2EE Application Development Series, 2005.

  • Unsupervised Web Page Clustering.
    [PDF]
    Paul Ruhlen, Husrev Tolga Ilhan, and Benjamin Livshits.
    Report for a project in natural language processing at Stanford (CS 224N), Spring 2000.

  • Applications of Cache-conscious Data Layout to Copying Garbage Collection.
    [PDF]
    Benjamin Livshits and David Louie.
    Report for a graduate project in compilers (CS 612) at Cornell University, May 1999.

  • Mostly copying garbage collector (MCC) for Java.
    [PDF]
    Benjamin Livshits.
    MCC for Java, Undergraduate final project at Cornell, May 1999.

Copyright notice: The copyrights for journal and conference proceedings papers generally belong to the publisher of the journal or proceedings. All papers may be downloaded for personal or research purposes only. These works may not be reposted without the explicit permission of the copyright holders.

©2008 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement