Refereed Publications
-
Verifying Higher-order Programs with the Dijkstra Monad . To Appear in Proc. of Programming Language Design and Implementation (PLDI), 2013.
-
A Systematic Analysis of XSS Sanitization in Web Application Frameworks. Proc. of 16th European Symposium on Research in Computer Security (ESORICS), 2011.ESORICS presentation slides (with notes).
-
Towards Client-side HTML Security Policies. Proc. of the Workshop on Hot Topics in Security (HotSec), 2011.HotSec presentation slides (with notes).
-
Diesel: Applying Privilege Separation to Database Access. In Proc. of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011.
-
Preventing Capability Leaks in Secure JavaScript Subsets. In Proc. of Network and Distributed System Security Symposium (NDSS), 2010.Visit the project page for code and more information.
-
Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense. In Proc. of USENIX Security Symposium, 2009.Visit the project page for code and more information.USENIX presentation slides (with notes).
-
Composition with Consistent Updates for Abstract State Machines. In Proc. of the International ASM Workshop, 2007.
Non-Refereed Papers
-
Thesis: Analysis and Enforcement of Web Application Security Policies. University of California, Berkeley, Thesis, 2012.
-
Monadic Refinement Types for Verifying JavaScript Programs. Microsoft Research Technical Report, 2012.
-
ASM Relational Transducer Security Policies. Brown University Technical Report CS-06-12, 2006.