Research Publications
Technical Reports
Conference & Journal Papers
-
Translating C To Rust: Lessons from a User Study (extended version)
Ruishi Li*, Bo Wang*, Tianyu Li, Prateek Saxena, and Ashish Kundu
Network and Distributed System Security Symposium (NDSS 2025)
[Conference version]
-
Attacking Byzantine Robust Aggregation in High Dimensions
Sarthak Choudhary*, Aashish Kolluri*, and Prateek Saxena
IEEE Symposium on Security and Privacy (IEEE S&P 2024)
[Code]
* A few typographical errors fixed from conference version.
-
Unforgeability in Stochastic Gradient Descent
Teodora Baluta, Ivica Nikolic, Racchit Jain, Divesh Aggarwal, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2023)
[Code]
-
TransMap: Pinpointing Mistakes in Neural Code Translation
Bo Wang, Ruishi Li, Mingkai Li, and Prateek Saxena
Foundations of Software Engineering (ESEC/FSE 2023)
[Code]
-
Capstone: A Capability-based Foundation for Trustless Secure Memory Access
Jason Zhijingcheng Yu, Conrad Watt, Aditya Badole, Trevor Carlson, and Prateek Saxena
Usenix Security Symposium (Usenix Security 2023)
[Code]
-
User-customizable Transpilation for Scripting Languages
Bo Wang, Aashish Kolluri, Ivica Nikolic, Teodora Baluta,and Prateek Saxena
ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA 2023)
[Project Page]
-
Dynamic Binary Translation for SGX Enclaves
Jinhua Cui, Shweta Shinde, Satyaki Sen, Prateek Saxena, and Pinghai Yuan
ACM Transactions on Privacy and Security (TOPS 2022)
[Project Page]
-
LPGNet: Link Private Graph Networks for Node Classification
Aashish Kolluri, Teodora Baluta, Bryan Hooi, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2022)
[Project Page]
-
Membership Inference Attacks and Generalization: A Causal Perspective
Teodora Baluta, Shiqi Shen, S. Hitarth, Shruti Tople, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2022)
[Code]
-
Elasticlave: An Efficient Memory Model for Enclaves
Jason Zhijingcheng Yu, Shweta Shinde, Trevor Carlson, and Prateek Saxena
Usenix Security Symposium (Usenix Security 2022)
[Prototype Code ]
-
FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation
Kaihang Ji, Jun Zeng, Yuancheng Jiang, Zhenkai Liang, Zheng Leong Chua, Prateek Saxena, and Abhik Roychoudhury
Usenix Security Symposium (Usenix Security 2022)
[Prototype Code ]
-
Using Throughput-Centric Byzantine Broadcast to Tolerate Malicious Majority in Blockchains
Ruomu Hou, Haifeng Yu, and Prateek Saxena
IEEE Symposium on Security and Privacy (IEEE S&P 2022)
-
Private Hierarchical Clustering in Federated Networks
Aashish Kolluri, Teodora Baluta, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2021)
[Project Page]
-
SmashEx: Smashing SGX Enclaves Using Exceptions
Jinhua Cui, Jason Zhijingcheng Yu, Shweta Shinde, Prateek Saxena, and Zhiping Cai
ACM Conference on Computer and Communications Security (CCS 2021)
[Project Page]
-
SynGuar: Guaranteeing Generalization in Programming by Example
Bo Wang, Teodora Baluta, Aashish Kolluri, and Prateek Saxena
Foundations of Software Engineering (FSE 2021)
[Code][Interactive Demo]
-
Refined Grey-Box Fuzzing with SIVO
Ivica Nikolic, Radu Mantu, Shiqi Shen, and Prateek Saxena
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2021)
[Project Page]
-
Scalable Quantitative Verification For Deep Neural Networks
Teodora Baluta, Zheng Leong Chua, Kuldeep S. Meel, and Prateek Saxena
International Conference on Software Engineering (ICSE 2021)
[Code][Arxiv version]
-
Localizing Vulnerabilities Statistically From One Exploit
Shiqi Shen, Aashish Kolluri, Zhen Dong, Prateek Saxena, and Abhik Roychoudhury
(To Appear) ACM Asia Conference on Computer and Communications Security
(AsiaCCS 2021)
[Code / Benchmarks]
* Awarded Best Paper.
-
Robust P2P Primitives Using SGX Enclaves
Yaoqi Jia, Shruti Tople, Tarik Moataz, Deli Gong, Prateek Saxena, and Zhenkai Liang
International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)
-
BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof
Shweta Shinde, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, Prateek Saxena
Usenix Security Symposium (Usenix Security 2020)
[Code / Project Page]
- OHIE: Blockchain Scaling Made Simple
Haifeng Yu, Ivica Nikolic, Ruomu Hou, Prateek Saxena
IEEE
Symposium on Security and Privacy (IEEE S&P 2020)
[Code] [Extended version]
- Quantitative Verification of Neural Networks and Its Security Applications
Teodora Baluta, Shiqi Shen, Shweta Shinde, Kuldeep S. Meel, Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2019)
* Lemma 4.3 has been updated to fix an error
[Code]
- Exploiting the laws of order in smart contracts
Aashish Kolluri, Ivica Nikolic, Ilya Sergey, Aquinas Hobor, Prateek Saxena
(To appear) ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2019)
[Acc Rate: 22.6%][Talk][Code]
- Practical Verifiable In-network Filtering for DDoS defense
Deli Gong, Muoi Tran, Shweta Shinde, Hao Jin, Vyas Sekar, Prateek Saxena, Min Suk Kang
(To appear) IEEE International Conference on Distributed Computing Systems (ICDCS 2019)
[Acc Rate: 19.6%][Code] [Talk]
- One Engine To Serve'em All: Inferring Taint Rules Without Architectural Semantics
Zheng Leong Chua, Yanhao Wang, Teodora Baluta, Prateek Saxena, Zhenkai Liang, Purui Su
Network and Distributed System Security Symposium (NDSS 2019)
[Acc Rate: 17%][Talk][Code]
- Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
Shiqi Shen, Shweta Shinde, Soundarya Ramesh, Abhik Roychoudhury, Prateek Saxena
Network and Distributed System Security Symposium (NDSS 2019)
[Acc Rate: 17%][Talk]
- On the Security of Blockchain Consensus Protocols
Sourav Das, Aashish Kolluri, Prateek Saxena, Haifeng Yu
International
Conference on Information Systems Security (*Invited paper) (ICISS 2018)
- Obscuro: A bitcoin mixer using trusted execution environments
Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, Prateek Saxena
Annual Computer Security Applications Conference (ACSAC 2018)
[Acc Rate: 20%][Talk][Code]
- Finding the greedy, prodigal, and suicidal contracts at scale
Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, Aquinas Hobor
Annual Computer Security Applications Conference (ACSAC 2018)
[Acc Rate: 20%][Talk] [Prototype Tool]
- VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation
Shruti Tople, Soyeon Park, Min Suk Kang, and Prateek Saxena
International Conference on Applied Cryptography and Network Security (ACNS 2018)
[Acc Rate: 21%][Talk]
- Randomized View Reconciliation in Permissionless Distributed Systems
Ruomu Hou, Irvan Jahja, Loi Luu, Prateek Saxena, and Haifeng Yu
IEEE International Conference on Computer Communications (INFOCOM 2018)
[Acc Rate: 19.2%][Talk]
- A Traceability Analysis of Monero’s Blockchain
Amrit Kumar, Clément Fischer, Shruti Tople, and Prateek Saxena
European Symposium on Research in Computer Security (ESORICS 2017)
[Acc Rate: 16%][Talk]
- SmartPool: Practical Decentralized Pooled Mining
Loi Luu, Yaron Velner, Jason Teutsch and Prateek Saxena
Usenix Security Symposium (Usenix Security 2017)
* SmartPool is mining on the Ethereum and Ethereum classic main-net now!
[Acc Rate: 16.3%][Project page][Talk]
- Neural Nets Can Learn Function Type Signatures From Binaries
Zheng Leong Chua, Shiqi Shen, Prateek Saxena, Zhenkai Liang
Usenix Security Symposium (Usenix Security 2017)
[Acc Rate: 16.3%][Project page][Talk]
- On the Trade-Offs in Oblivious Execution
Techniques
Shruti Tople and Prateek Saxena
Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017)
[Acc Rate: 26.8%]
- Panoply: Low-TCB Linux Applications With SGX Enclaves
Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena
Network and Distributed System Security Symposium (NDSS 2017)
[Acc Rate: 16.1%] [Project Page]
- AUROR: Defending Against Poisoning Attacks in Collaborative Deep Learning Systems
Shiqi Shen, Shruti Tople, and Prateek Saxena
Annual Computer Security Applications Conference (ACSAC 2016)
[Acc Rate: 22%]
- A Secure Sharding Protocol For Open Blockchains
Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert, Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2016)
* This design is the foundation of the Zilliqa blockchain!
[Acc Rate: 16.5%]
- Making Smart Contracts Smarter
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor
ACM Conference on Computer and Communications Security (CCS 2016)
[Acc Rate: 16.5%][Prototype Code & Benchmarks][Online Discussion]
- The “Web/Local” Boundary Is Fuzzy – A Security Study of Chrome’s Process-based Sandboxing
Yaoqi Jia, Zheng Leong Chua, Hong Hu, Shuo Chen, Prateek Saxena, Zhenkai Liang
ACM Conference on Computer and Communications Security (CCS 2016)
[Acc Rate: 16.5%] [Attack Demos]
- Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation
Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang
Proceedings on Privacy Enhancing Technologies (PETS 2016)
- OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
Yaoqi Jia, Tarik Moataz, Shruti Tople, and Prateek Saxena
Usenix Security Symposium (Usenix Security 2016)
[Acc Rate: 15.5%][Project page][Talk]
- Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks
Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang
IEEE
Symposium on Security and Privacy (IEEE S&P 2016)
[Acc Rate: 13.8%][Project page]
- Preventing Page Faults from Telling your Secrets
Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena
ACM Asia Conference on Computer and Communications Security (AsiaCCS 2016)
[Acc Rate: 20.9%][Talk]
- When Cryptocurrencies Mine Their Own Business
Jason Teutsch, Sanjay Jain and Prateek Saxena
Financial Cryptography and Data Security (FC 2016)
- On Scaling Decentralized Blockchains (A Position Paper)
Kyle Croman, Christian Decker, Ittay Eyal, Adem Efe Gencer, Ari Juels, Ahmed Kosba,
Andrew Miller, Prateek Saxena, Elaine Shi, Emin Gun Sirer, Dawn Song, and Roger Wattenhofer
Workshop on Bitcoin Research (BITCOIN 2016).
- Demystifying Incentives in the Consensus Computer
Loi Luu, Jason Teutsch, Raghav Kulkarni, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2015)
[Acc Rate: 19.8%]
- The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript
Pratik Soni, Enrico Budianto, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2015)
[Acc Rate: 19.8%]
- Identifying Arbitrary Memory Access Vulnerabilities in Privilege-Separated Software
Hong Hu, Zheng Leong Chua, Zhenkai Liang, and Prateek Saxena
European Symposium on Research in Computer Security (ESORICS 2015)
[Acc Rate: 20%]
- Web-to-Application Injection Attacks on Android: Characterization and Detection
Behnaz Hassanshahi, Yaoqi Jia, Roland Yap, Prateek Saxena, and Zhenkai Liang
European Symposium on Research in Computer Security (ESORICS 2015)
[Acc Rate: 20%] [Project page]
- Man-in-the-Browser-Cache: Persisting HTTPS Attacks via Browser Cache Poisoning
Yaoqi Jia, Yue Chen, Xinshu Dong, Prateek Saxena, Jian Mao, and Zhenkai Liang
Journal of Computers and Security
* Thanks to Google and Apple for acknowledging and fixing CVE-2014-7948 and CVE-2015-5907!
- Automatic Generation of Data-Oriented Exploits
Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang
Usenix Security Symposium (Usenix Security 2015)
[Acc Rate: 16%] [Attack Benchmarks]
-
M2R: Enabling Stronger Privacy in MapReduce Computation
Anh Dinh, Prateek Saxena, Chang Ee-chien, Chungwang Zhang, and Beng Chin Ooi
Usenix Security Symposium (Usenix Security 2015)
[Acc Rate: 16%]
-
Auto-Patching DOM-based XSS At Scale
Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, and Prateek Saxena
Foundations of Software Engineering (FSE 2015)
[Acc Rate: 25.4%] [Tool] [Tool Paper] [Website / Benchmarks]
- On Power Splitting Games in Distributed Computation:
The Case of Bitcoin Pooled Mining
Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena, Aquinas Hobor
Computer Security Foundations Symposium (CSF 2015)
- AutoCSP: Automatically Retrofitting CSP to Web Applications
Mattia Fazzini, Prateek Saxena, and Alessandro Orso
International Conference on Software Engineering (ICSE 2015)
[Acc Rate: 18.5%] [Code & Project Page]
-
A Look at Targeted Attacks Through the Lense of an NGO
Stevens Le Blond, Adina Uritesc, Cedric Gilbert, Zheng Leong Chua, Prateek Saxena, and Engin Kirda
Usenix Security Symposium (Usenix Security 2014)
[Acc Rate: 19%] [Dataset (pw protected)]
* News Coverage: Slashdot, Ars Technica
- You Can't Be Me: Enabling Trusted Paths & User Sub-Origins in Web Browsers
Enrico Budianto, Yaoqi Jia, Xinshu Dong, Prateek Saxena, and Zhenkai Liang
Research in Attacks, Intrusions and Defenses (RAID 2014)
[Acc Rate: 19.5%] [Project Page]
- A Model Counter for Constraints Over Unbounded Strings
Loi Luu, Shweta Shinde, Prateek Saxena and Brian Demsky
ACM International Symposium on Programming Language Design and Implementation (PLDI 2014)
[Acc Rate: 18.1%] [Code, Datasets & Project Page]
- DroidVault: A Trusted Data Vault for Android Devices
Xiaolei Li, Hong Hu, Guangdong Bai, Yaoqi Jia, Zhenkai Liang, and Prateek Saxena
Intl. Conference on Engineering of Complex Computer Systems
(ICECCS 2014)
* Awarded Best Paper.
- I Know Where You've Been: Geo-Inference Attacks via the Browser Cache
Yaoqi Jia, Xinshu Dong, Zhenkai Liang and Prateek Saxena
Web 2.0 Security and Privacy 2014 (W2SP 2014)
* Awarded Best Paper.
* News coverage: Dailydot, Gizmodo, Techspot, TechExplore.
- Protecting Sensitive Web Content from
Client-side Vulnerabilities with CRYPTONs
Xinshu Dong, Zhaofeng Chen, Hossein Siadati, Shruti Tople, Prateek Saxena, and Zhenkai Liang
ACM Conference on Computer and Communications Security
(CCS 2013)
[Acc Rate: 19.8%]
-
AutoCrypt: Enabling Homomorphic Computation on Servers To Protect Sensitive Web Content
Shruti Tople, Shweta Shinde, Zhaofeng Chen, and Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2013)
[Acc Rate: 19.8%] [Code, Datasets & Project page]
-
The Curse of 140 Characters: Evaluating The Efficacy of
SMS Spam Detection on Android
Akshay Narayan and Prateek Saxena
ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices( SPSM 2013)
[Acc Rate: 24%]
-
A Quantitative Evaluation of Privilege Separation in Web Browser Designs
Xinshu Dong, Hong Hu, Prateek Saxena, and Zhenkai Liang
European Symposium on Research in Computer Security (ESORICS 2013)
[Acc Rate: 17.8%]
-
Data-confined HTML5 Applications
Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
European Symposium on Research in Computer Security (ESORICS 2013)
[Acc Rate: 17.8%]
-
AUTHSCAN: Automatic Extraction of Web Authentication Protocols
from Implementations
Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong
Network and Distributed System Security Symposium (NDSS 2013)
[Acc Rate: 18.8%]
-
Privilege Separation in HTML5 Applications
Devdatta Akhawe, Prateek Saxena, Dawn Song
Usenix
Security Symposium (Usenix Security 2012) , August 2012
* See Dropbox's deployment of the proposed privilege separation.
* This research has influenced the design of Google Store Apps.
[Project Page] [Acc Rate: 19.4%]
-
Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers
Mike Samuel, Prateek Saxena, Dawn Song
ACM Conference on Computer and Communications
Security (CCS 2011) , October 2011.
* Auto-sanitization developed in this work now protects Google+.
Talk
[ Project Page ]
[Acc Rate: 13.9%]
-
SCRIPTGARD: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications
Prateek Saxena, David Molnar and Benjamin Livshits
ACM
Confrence on Computer and Communications Security (CCS 2011) 2011.
Talk
[Project Page]
[Acc Rate: 13.9%]
-
Fast and Precise Sanitizer Analysis with BEK
Pieter Hooimeijer, Ben Livshits, David Molnar, Prateek Saxena, Margus Veanes.
(* Authors listed alphabetically by last name)
20th
Usenix Security Symposium (Usenix Security 2011), August 2011.
* Try BEK online!
[Project
Page]
[Acc Rate:17.2%]
-
A Systematic Analysis of XSS Sanitization in Web Application Frameworks
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin, Dawn Song
European Symposium on Research in Computer Security
(ESORICS 2011), September 2011.
[Project Page]
[Acc Rate:21.2%]
-
A Symbolic Execution Framework for JavaScript
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song.
31st IEEE
Symposium on Security and Privacy (IEEE S&P 2010), May 2010.
* Kaluza, our new string decision procedure, is now available.
* This work has been awarded the AT&T Best Applied Security Research Paper Award 2010.
Talk
[Project Page]
[Acc Rate: 11%]
-
FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
Prateek Saxena, Steve Hanna, Pongsin Poosankam, Dawn Song.
17th Annual
Network and Distributed System Security Symposium (NDSS 2010), Feb 2010.
Talk
[Project Page]
[Acc Rate: 15.4%]
-
Protecting Browsers from Extension Vulnerabilities
Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman.
17th Annual
Network and Distributed System Security Symposium (NDSS 2010), Feb 2010.
* Available as the Google Chrome Extension Platform
[Project Page]
[Acc Rate: 15.4%]
-
The Emperors New APIs: On the (In)Secure Usage of New Client Side Primitives
Steve Hanna, Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena, Dawn Song.
4th Web
Security and Privacy Workshop (W2SP 2010), Oakland, May 2010.
[Project Page]
[Acc Rate: 41%]
-
Loop-Extended Symbolic Execution on Binary Programs
Prateek Saxena, Pongsin Poosankam, Stephen McCamant, Dawn Song.
International Symposium on Software Testing and Analysis (ISSTA 2009), July 2009.
(Supercedes TR No. UCB/EECS-2009-34, EECS Department UC, Berkeley).
(Benchmarks Available at the LESE Project Page)
Talk
[Project Page]
[Acc Rate: 27%]
-
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
Yacin Nadji, Prateek Saxena and Dawn Song.
Network and Distributed System Security Symposium (NDSS 2009), February 2009
Talk
[Project Page]
[Acc Rate: 11.6%]
-
On the Limits of Information Flow Techniques for Malware Analysis and Containment
Lorenzo Cavallaro, Prateek Saxena, R. Sekar.
Detection of Intrusions and Malware & Vulnerability
Assessment (DIMVA 2008), July 2008.
[Acc Rate: 31%]
-
Efficient fine-grained binary instrumentation with applications to taint-tracking
Prateek Saxena, R. Sekar, Varun Puranik.
International Symposium on Code Generation and
Optimization (CGO 2008), April 2008.
[Acc Rate: 31%]
-
BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min
Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, Prateek
Saxena.
International
Conference on Information Systems Security (*Invited paper) (ICISS 2008), December 2008.
Theses & Technical Reports
-
Systematic Techniques for Finding and Preventing Script Injection Vulnerabilities
Prateek Saxena.
PhD Dissertation, Computer Science Division, EECS, University of California Berkeley, July 2012.
* Outstanding Doctoral Research Award ( David
J. Sakrison Memorial Prize ), EECS Department, UC Berkeley, 2012.
-
Static Binary Analysis And Transformation For Sandboxing Untrusted Plugins
MS Thesis, Computer Science, Stony Brook University, August 2008.
-
A Practical Technique for Containment of Untrusted Plug-ins
Prateek Saxena, R. Sekar, Mithun Iyer, Varun Puranik.
Technical Report at Secure Systems Lab, Stony Brook University, August 2008.
Last modified: Thu Aug 16 22:25:32 SGT 2012