Research Publications

Technical Reports

• PODARCH: Protecting Legacy Applications with a Purely Hardware TCB
  Shweta Shinde, Shruti Tople, Deepak Kathayat, and Prateek Saxena
  Technical Report No. NUS-SL-TR-15-01, School of Computing, NUS.
  [Prototype Code & Benchmarks]
• How to verify computation with a rational network
  Sanjay Jain, Prateek Saxena, Frank Stephan, and Jason Teutsch
  Technical Report, arXiv:1606.05917
  

Conference & Journal Papers

• Translating C To Rust: Lessons from a User Study
  Ruishi Li*, Bo Wang*, Tianyu Li, Prateek Saxena, and Ashish Kundu
  Network and Distributed System Security Symposium (NDSS 2025)
  
• Attacking Byzantine Robust Aggregation in High Dimensions
  Sarthak Choudhary*, Aashish Kolluri*, and Prateek Saxena
  IEEE Symposium on Security and Privacy (IEEE S&P 2024)
  [Code]
• Unforgeability in Stochastic Gradient Descent
  Teodora Baluta, Ivica Nikolic, Racchit Jain, Divesh Aggarwal, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2023)
  [Code]
• TransMap: Pinpointing Mistakes in Neural Code Translation
  Bo Wang, Ruishi Li, Mingkai Li, and Prateek Saxena
  Foundations of Software Engineering (ESEC/FSE 2023)
  [Code]
• Capstone: A Capability-based Foundation for Trustless Secure Memory Access
  Jason Zhijingcheng Yu, Conrad Watt, Aditya Badole, Trevor Carlson, and Prateek Saxena
  Usenix Security Symposium (Usenix Security 2023)
  [Code]
• User-customizable Transpilation for Scripting Languages
  Bo Wang, Aashish Kolluri, Ivica Nikolic, Teodora Baluta,and Prateek Saxena
  ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA 2023)
  [Project Page]
• Dynamic Binary Translation for SGX Enclaves
  Jinhua Cui, Shweta Shinde, Satyaki Sen, Prateek Saxena, and Pinghai Yuan
  ACM Transactions on Privacy and Security (TOPS 2022)
  [Project Page]
• LPGNet: Link Private Graph Networks for Node Classification
  Aashish Kolluri, Teodora Baluta, Bryan Hooi, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2022)
  [Project Page]
• Membership Inference Attacks and Generalization: A Causal Perspective
  Teodora Baluta, Shiqi Shen, S. Hitarth, Shruti Tople, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2022)
  [Code]
• Elasticlave: An Efficient Memory Model for Enclaves
  Jason Zhijingcheng Yu, Shweta Shinde, Trevor Carlson, and Prateek Saxena
  Usenix Security Symposium (Usenix Security 2022)
  [Prototype Code ]
• FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation
  Kaihang Ji, Jun Zeng, Yuancheng Jiang, Zhenkai Liang, Zheng Leong Chua, Prateek Saxena, and Abhik Roychoudhury
  Usenix Security Symposium (Usenix Security 2022)
  [Prototype Code ]
• Using Throughput-Centric Byzantine Broadcast to Tolerate Malicious Majority in Blockchains
  Ruomu Hou, Haifeng Yu, and Prateek Saxena
  IEEE Symposium on Security and Privacy (IEEE S&P 2022)
  
• Private Hierarchical Clustering in Federated Networks
  Aashish Kolluri, Teodora Baluta, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2021)
  [Project Page]
• SmashEx: Smashing SGX Enclaves Using Exceptions
  Jinhua Cui, Jason Zhijingcheng Yu, Shweta Shinde, Prateek Saxena, and Zhiping Cai
  ACM Conference on Computer and Communications Security (CCS 2021)
  [Project Page]
• SynGuar: Guaranteeing Generalization in Programming by Example
  Bo Wang, Teodora Baluta, Aashish Kolluri, and Prateek Saxena
  Foundations of Software Engineering (FSE 2021)
  [Code][Interactive Demo]
• Refined Grey-Box Fuzzing with SIVO
  Ivica Nikolic, Radu Mantu, Shiqi Shen, and Prateek Saxena
  Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2021)
  [Project Page]
• Scalable Quantitative Verification For Deep Neural Networks
  Teodora Baluta, Zheng Leong Chua, Kuldeep S. Meel, and Prateek Saxena
  International Conference on Software Engineering (ICSE 2021)
  [Code][Arxiv version]
• Localizing Vulnerabilities Statistically From One Exploit
  Shiqi Shen, Aashish Kolluri, Zhen Dong, Prateek Saxena, and Abhik Roychoudhury
  (To Appear) ACM Asia Conference on Computer and Communications Security (AsiaCCS 2021)
  [Code / Benchmarks]
  * Awarded Best Paper.
• Robust P2P Primitives Using SGX Enclaves
  Yaoqi Jia, Shruti Tople, Tarik Moataz, Deli Gong, Prateek Saxena, and Zhenkai Liang
  International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020)
  
• BesFS: A POSIX Filesystem for Enclaves with a Mechanized Safety Proof
  Shweta Shinde, Shengyi Wang, Pinghai Yuan, Aquinas Hobor, Abhik Roychoudhury, Prateek Saxena
  Usenix Security Symposium (Usenix Security 2020)
  [Code / Project Page]
• OHIE: Blockchain Scaling Made Simple
  Haifeng Yu, Ivica Nikolic, Ruomu Hou, Prateek Saxena
  IEEE Symposium on Security and Privacy (IEEE S&P 2020)
  [Code] [Extended version]
• Quantitative Verification of Neural Networks and Its Security Applications
  Teodora Baluta, Shiqi Shen, Shweta Shinde, Kuldeep S. Meel, Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2019)
  * Lemma 4.3 has been updated to fix an error
  [Code]
• Exploiting the laws of order in smart contracts
  Aashish Kolluri, Ivica Nikolic, Ilya Sergey, Aquinas Hobor, Prateek Saxena
  (To appear) ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2019)
  [Acc Rate: 22.6%][Talk][Code]
• Practical Verifiable In-network Filtering for DDoS defense
  Deli Gong, Muoi Tran, Shweta Shinde, Hao Jin, Vyas Sekar, Prateek Saxena, Min Suk Kang
  (To appear) IEEE International Conference on Distributed Computing Systems (ICDCS 2019)
  [Acc Rate: 19.6%][Code] [Talk]
• One Engine To Serve'em All: Inferring Taint Rules Without Architectural Semantics
  Zheng Leong Chua,  Yanhao Wang, Teodora Baluta,  Prateek Saxena, Zhenkai Liang, Purui Su
  Network and Distributed System Security Symposium (NDSS 2019)
  [Acc Rate: 17%][Talk][Code]
• Neuro-Symbolic Execution: Augmenting Symbolic Execution with Neural Constraints
  Shiqi Shen, Shweta Shinde,  Soundarya Ramesh, Abhik Roychoudhury, Prateek Saxena
  Network and Distributed System Security Symposium (NDSS 2019)
  [Acc Rate: 17%][Talk]
• On the Security of Blockchain Consensus Protocols
  Sourav Das, Aashish Kolluri, Prateek Saxena, Haifeng Yu
  International Conference on Information Systems Security (*Invited paper) (ICISS 2018)
  
• Obscuro: A bitcoin mixer using trusted execution environments
  Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, Prateek Saxena
  Annual Computer Security Applications Conference (ACSAC 2018)
  [Acc Rate: 20%][Talk][Code]
• Finding the greedy, prodigal, and suicidal contracts at scale
  Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, Aquinas Hobor
  Annual Computer Security Applications Conference (ACSAC 2018)
  [Acc Rate: 20%][Talk] [Prototype Tool]
• VeriCount: Verifiable Resource Accounting Using Hardware and Software Isolation
  Shruti Tople, Soyeon Park, Min Suk Kang, and Prateek Saxena
  International Conference on Applied Cryptography and Network Security (ACNS 2018)
  [Acc Rate: 21%][Talk]
• Randomized View Reconciliation in Permissionless Distributed Systems
  Ruomu Hou, Irvan Jahja, Loi Luu, Prateek Saxena, and Haifeng Yu
  IEEE International Conference on Computer Communications (INFOCOM 2018)
  [Acc Rate: 19.2%][Talk]
• A Traceability Analysis of Monero’s Blockchain
  Amrit Kumar, Clément Fischer, Shruti Tople, and Prateek Saxena
  European Symposium on Research in Computer Security (ESORICS 2017)
  [Acc Rate: 16%][Talk]
• SmartPool: Practical Decentralized Pooled Mining
  Loi Luu, Yaron Velner, Jason Teutsch and Prateek Saxena
  Usenix Security Symposium (Usenix Security 2017)
  * SmartPool is mining on the Ethereum and Ethereum classic main-net now!
  [Acc Rate: 16.3%][Project page][Talk]
• Neural Nets Can Learn Function Type Signatures From Binaries
  Zheng Leong Chua, Shiqi Shen, Prateek Saxena, Zhenkai Liang
  Usenix Security Symposium (Usenix Security 2017)
  [Acc Rate: 16.3%][Project page][Talk]
• On the Trade-Offs in Oblivious Execution Techniques
  Shruti Tople and Prateek Saxena
  Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017)
  [Acc Rate: 26.8%]
• Panoply: Low-TCB Linux Applications With SGX Enclaves
  Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena
  Network and Distributed System Security Symposium (NDSS 2017)
  [Acc Rate: 16.1%] [Project Page]
• AUROR: Defending Against Poisoning Attacks in Collaborative Deep Learning Systems
  Shiqi Shen, Shruti Tople, and Prateek Saxena
  Annual Computer Security Applications Conference (ACSAC 2016)
  [Acc Rate: 22%]
• A Secure Sharding Protocol For Open Blockchains
  Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert, Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2016)
  * This design is the foundation of the Zilliqa blockchain!
  [Acc Rate: 16.5%]
• Making Smart Contracts Smarter
  Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, Aquinas Hobor
  ACM Conference on Computer and Communications Security (CCS 2016)
  [Acc Rate: 16.5%][Prototype Code & Benchmarks][Online Discussion]
• The “Web/Local” Boundary Is Fuzzy – A Security Study of Chrome’s Process-based Sandboxing
  Yaoqi Jia, Zheng Leong Chua, Hong Hu, Shuo Chen, Prateek Saxena, Zhenkai Liang
  ACM Conference on Computer and Communications Security (CCS 2016)
  [Acc Rate: 16.5%] [Attack Demos]
• Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation
  Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang
  Proceedings on Privacy Enhancing Technologies (PETS 2016)
  
• OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
  Yaoqi Jia, Tarik Moataz, Shruti Tople, and Prateek Saxena
  Usenix Security Symposium (Usenix Security 2016)
  [Acc Rate: 15.5%][Project page][Talk]
• Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks
  Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang
  IEEE Symposium on Security and Privacy (IEEE S&P 2016)
  [Acc Rate: 13.8%][Project page]
• Preventing Page Faults from Telling your Secrets 
  Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena
  ACM Asia Conference on Computer and Communications Security  (AsiaCCS 2016)
  [Acc Rate: 20.9%][Talk]
  
• When Cryptocurrencies Mine Their Own Business
  Jason Teutsch, Sanjay Jain and Prateek Saxena
  Financial Cryptography and Data Security (FC 2016)
  
  
• On Scaling Decentralized Blockchains (A Position Paper)
   Kyle Croman, Christian Decker, Ittay Eyal,  Adem Efe Gencer,  Ari Juels, Ahmed Kosba,
  Andrew Miller, Prateek Saxena, Elaine Shi,  Emin Gun Sirer, Dawn Song, and Roger Wattenhofer
  Workshop on Bitcoin Research (BITCOIN 2016).
  
• Demystifying Incentives in the Consensus Computer
  Loi Luu, Jason Teutsch, Raghav Kulkarni, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2015)
  [Acc Rate: 19.8%]
  
• The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript
  Pratik Soni, Enrico Budianto, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2015)
  [Acc Rate: 19.8%]
  
• Identifying Arbitrary Memory Access Vulnerabilities in Privilege-Separated Software
  Hong Hu, Zheng Leong Chua, Zhenkai Liang, and Prateek Saxena
  European Symposium on Research in Computer Security (ESORICS 2015)
  [Acc Rate: 20%]
• Web-to-Application Injection Attacks on Android: Characterization and Detection
  Behnaz Hassanshahi, Yaoqi Jia, Roland Yap, Prateek Saxena, and Zhenkai Liang
  European Symposium on Research in Computer Security (ESORICS 2015)
  [Acc Rate: 20%] [Project page]
  
• Man-in-the-Browser-Cache: Persisting HTTPS Attacks via Browser Cache Poisoning
  Yaoqi Jia, Yue Chen, Xinshu Dong, Prateek Saxena, Jian Mao, and Zhenkai Liang
  Journal of Computers and Security
  * Thanks to Google and Apple for acknowledging and fixing CVE-2014-7948 and CVE-2015-5907!
  
• Automatic Generation of Data-Oriented Exploits
  Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang
  Usenix Security Symposium (Usenix Security 2015)
  [Acc Rate: 16%] [Attack Benchmarks]
  
• M2R: Enabling Stronger Privacy in MapReduce Computation
  Anh Dinh, Prateek Saxena, Chang Ee-chien, Chungwang Zhang, and Beng Chin Ooi
  Usenix Security Symposium (Usenix Security 2015)
  [Acc Rate: 16%]
  
• Auto-Patching DOM-based XSS At Scale
  Inian Parameshwaran, Enrico Budianto, Shweta Shinde, Hung Dang, Atul Sadhu, and Prateek Saxena
  Foundations of Software Engineering (FSE 2015)
  [Acc Rate: 25.4%] [Tool] [Tool Paper] [Website / Benchmarks]
  
• On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining
  Loi Luu, Ratul Saha, Inian Parameshwaran, Prateek Saxena, Aquinas Hobor
  Computer Security Foundations Symposium (CSF 2015)
  
• AutoCSP: Automatically Retrofitting CSP to Web Applications
  Mattia Fazzini, Prateek Saxena, and Alessandro Orso
  International Conference on Software Engineering (ICSE 2015)
  [Acc Rate: 18.5%] [Code & Project Page]
  
• A Look at Targeted Attacks Through the Lense of an NGO
  Stevens Le Blond, Adina Uritesc, Cedric Gilbert, Zheng Leong Chua, Prateek Saxena, and Engin Kirda
  Usenix Security Symposium (Usenix Security 2014)
  [Acc Rate: 19%] [Dataset (pw protected)]
  * News Coverage: Slashdot, Ars Technica
  
• You Can't Be Me: Enabling Trusted Paths & User Sub-Origins in Web Browsers
  Enrico Budianto, Yaoqi Jia, Xinshu Dong, Prateek Saxena, and Zhenkai Liang
  Research in Attacks, Intrusions and Defenses (RAID 2014)
  [Acc Rate: 19.5%] [Project Page]
  
• A Model Counter for Constraints Over Unbounded Strings
  Loi Luu, Shweta Shinde, Prateek Saxena and Brian Demsky
  ACM International Symposium on Programming Language Design and Implementation (PLDI 2014)
  [Acc Rate: 18.1%] [Code, Datasets & Project Page]
  
• DroidVault: A Trusted Data Vault for Android Devices
  Xiaolei Li, Hong Hu, Guangdong Bai, Yaoqi Jia, Zhenkai Liang, and Prateek Saxena
  Intl. Conference on Engineering of Complex Computer Systems (ICECCS 2014)
  * Awarded Best Paper.
• I Know Where You've Been: Geo-Inference Attacks via the Browser Cache
  Yaoqi Jia, Xinshu Dong, Zhenkai Liang and Prateek Saxena
  Web 2.0 Security and Privacy 2014 (W2SP 2014)
  * Awarded Best Paper.
  * News coverage:  Dailydot, Gizmodo, Techspot, TechExplore.
• Protecting Sensitive Web Content from Client-side Vulnerabilities with CRYPTONs
  Xinshu Dong, Zhaofeng Chen, Hossein Siadati, Shruti Tople, Prateek Saxena, and Zhenkai Liang
  ACM Conference on Computer and Communications Security (CCS 2013)
  [Acc Rate: 19.8%]
  
• AutoCrypt: Enabling Homomorphic Computation on Servers To Protect Sensitive Web Content
  Shruti Tople, Shweta Shinde, Zhaofeng Chen, and Prateek Saxena
  ACM Conference on Computer and Communications Security (CCS 2013)
  [Acc Rate: 19.8%] [Code, Datasets & Project page]
  
• The Curse of 140 Characters: Evaluating The Efficacy of SMS Spam Detection on Android
  Akshay Narayan and Prateek Saxena
  ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices( SPSM 2013)
  [Acc Rate: 24%]
  
• A Quantitative Evaluation of Privilege Separation in Web Browser Designs
  Xinshu Dong, Hong Hu, Prateek Saxena, and Zhenkai Liang
  European Symposium on Research in Computer Security (ESORICS 2013)
  [Acc Rate: 17.8%]
  
• Data-confined HTML5 Applications
  Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
  European Symposium on Research in Computer Security (ESORICS 2013)
  [Acc Rate: 17.8%]
  
• AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations
  Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong
  Network and Distributed System Security Symposium (NDSS 2013)
  [Acc Rate: 18.8%]
  
• Privilege Separation in HTML5 Applications
  Devdatta Akhawe, Prateek Saxena, Dawn Song
  Usenix Security Symposium (Usenix Security 2012) , August 2012
  * See Dropbox's deployment of the proposed privilege separation.
  * This research has influenced the design of Google Store Apps.
  [Project Page]   [Acc Rate: 19.4%]
  
• Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers
  Mike Samuel, Prateek Saxena, Dawn Song
  ACM Conference on Computer and Communications Security (CCS 2011) , October 2011.
  * Auto-sanitization developed in this work now protects Google+.
  Talk    [ Project Page ]    [Acc Rate: 13.9%]
  
• SCRIPTGARD: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications
  Prateek Saxena, David Molnar and Benjamin Livshits
  ACM Confrence on Computer and Communications Security (CCS 2011) 2011.
  Talk    [Project Page]     [Acc Rate: 13.9%]
• Fast and Precise Sanitizer Analysis with BEK
  Pieter Hooimeijer, Ben Livshits, David Molnar, Prateek Saxena, Margus Veanes.
  (* Authors listed alphabetically by last name)
  20th Usenix Security Symposium (Usenix Security 2011), August 2011.
  * Try BEK online!
  [Project Page]     [Acc Rate:17.2%]    
• A Systematic Analysis of XSS Sanitization in Web Application Frameworks
  Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin, Dawn Song
  European Symposium on Research in Computer Security (ESORICS 2011), September 2011.
  [Project Page]     [Acc Rate:21.2%]   
• A Symbolic Execution Framework for JavaScript
  Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song.
  31st IEEE Symposium on Security and Privacy (IEEE S&P 2010), May 2010.
  * Kaluza, our new string decision procedure, is now available.
  * This work has been awarded the AT&T Best Applied Security Research Paper Award 2010.
  Talk    [Project Page]     [Acc Rate: 11%]
• FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
  Prateek Saxena, Steve Hanna, Pongsin Poosankam, Dawn Song.
  17th Annual Network and Distributed System Security Symposium (NDSS 2010), Feb 2010.
  Talk    [Project Page]     [Acc Rate: 15.4%]
• Protecting Browsers from Extension Vulnerabilities
  Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman.
  17th Annual Network and Distributed System Security Symposium (NDSS 2010), Feb 2010.
  * Available as the Google Chrome Extension Platform
  [Project Page]     [Acc Rate: 15.4%]
• The Emperors New APIs: On the (In)Secure Usage of New Client Side Primitives
  Steve Hanna, Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena, Dawn Song.
  4th Web Security and Privacy Workshop (W2SP 2010), Oakland, May 2010.
  [Project Page]     [Acc Rate: 41%]
• Loop-Extended Symbolic Execution on Binary Programs
  Prateek Saxena, Pongsin Poosankam, Stephen McCamant, Dawn Song.
  International Symposium on Software Testing and Analysis (ISSTA 2009), July 2009.
  (Supercedes TR No. UCB/EECS-2009-34, EECS Department UC, Berkeley).
  (Benchmarks Available at the LESE Project Page)
  Talk    [Project Page]     [Acc Rate: 27%]
• Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
  Yacin Nadji, Prateek Saxena and Dawn Song.
  Network and Distributed System Security Symposium (NDSS 2009), February 2009
  Talk    [Project Page]     [Acc Rate: 11.6%]
  
• On the Limits of Information Flow Techniques for Malware Analysis and Containment
  Lorenzo Cavallaro, Prateek Saxena, R. Sekar.
  Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2008), July 2008.
  [Acc Rate: 31%]
  
• Efficient fine-grained binary instrumentation with applications to taint-tracking
  Prateek Saxena, R. Sekar, Varun Puranik.
  International Symposium on Code Generation and Optimization (CGO 2008), April 2008.
  [Acc Rate: 31%]
  
• BitBlaze: A New Approach to Computer Security via Binary Analysis
  Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, Prateek Saxena.
  International Conference on Information Systems Security (*Invited paper) (ICISS 2008), December 2008.