PUBLICATIONS


NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications [PDF]
Abeer Alhuzali, Rigel, Gjomemo, Birhanu Eshete, V.N. Venkatakrishnan
In 27th USENIX Security Symposium (SEC), Baltimore, MD, USA, 2018.

DynaMiner: Leveraging Offline Infection Analytics for On-the-Wire Malware Detection [PDF]
Birhanu Eshete and V.N. Venkatakrishnan
In 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, 2017.

SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data [PDF]
Md Nahid Hossain, Sadegh M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott Stoller, V.N. Venkatakrishnan
In 26th USENIX Security Symposium (SEC), Vancouver, BC, Canada, 2017.

Patching Logic Vulnerabilities for Web Applications using LogicPatcher
Maliheh Monshizadeh, Prasad Naldurg, V.N. Venkatakrishnan
In 6th ACM Conference on Data and Applications Security ( CODASPY), New Orleans, LA, 2016.

Chainsaw: Chained Automated Workflow-Based Exploit Generation [PDF]
Abeer Alhuzali, Birhanu Eshete, Rigel Gjomemo, V.N. Venkatakrishnan
In 23rd ACM Conference on Computer and Communications Security (ACM CCS), Vienna, Austria , 2016.

Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers
Rigel Gjomemo, Phu H. Phung, Ted Ballou, Kedar Namjoshi, V.N. Venkatakrishnan and Lenore Zuck
In IEEE Conference on Quality, Reliability and Security (QRS), Vienna, Austria, 2016.

EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration [PDF]
Birhanu Eshete, Abeer Alhuzali, Maliheh Monshizadeh, Phillip Porras, V. N. Venkatakrishnan, Vinod Yegneswaran
In Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2015.

From Verifications to Optimizations
Rigel Gjomemo, Kedar Namjoshi, Phu H. Phung, V.N. Venkatakrishnan, Lenore Zuck
In Verification, Model Checking and and Abstract Interpretation (VMCAI), Mumbai, India, 2015.

Vetting SSL Usage in Applications with SSLINT
Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V.N. Venkatakrishnan, Runqing Yang, and Zhenrui Zhang
In IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2015.

Practical Exploit Generation for Intent Message Vulnerabilities in Android
Daniele Gallingani, Rigel Gjomemo, V. N. Venkatakrishnan, Stefano Zanero
In ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2015.

MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications
Maliheh Monshizadeh, Prasad Naldurg, V. N. Venkatakrishnan
In ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ, 2014.

WebWinnow: Leveraging Exploit Kit Workflows to Detect Malicious URLs [PDF]
Birhanu Eshete, V.N. Venkatakrishnan
In ACM Conference on Data and Application Security and Privacy ( CODASPY), San Antonio, TX, 2014.

DEICS: Data Erasure in Concurrent Software [PDF]
Kalpana Gondi, A. Prasad Sistla, V.N. Venkatakrishnan
In 19th Nordic Conference on Secure IT Systems (NordSec), Tromso, Norway, 2014.

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-party Web Content
Phu H. Phung, Maliheh Monshizadeh, Meera Sridhar and Kevin Hamlen, V.N. Venkatakrishnan
In IEEE Transactions on Dependable and Secure Computing (TDSC), , 2014.

PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification.
Pratik Narang, Chittaranjan Hota, V. N. Venkatakrishnan
In EURASIP Journal of Information Security (EURASIP), , 2014.

A Threat Table Based Assessment of Information Security in Telemedicine
John C. Pendergrass, Karen Heart, C. Ranganathan, V. N. Venkatakrishnan
In International Journal of Healthcare Information Systems and Informatics ( IJHISI), , 2014.

Minimizing lifetime of sensitive data in concurrent programs
Kalpana Gondi, A. Prasad Sistla, V. N. Venkatakrishnan
In ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2014.

Digital Check Forgery Attacks on Client Check Truncation Systems
Rigel Gjomemo, Hafiz Malik, Nilesh Sumb, V. N. Venkatakrishnan, Rashid Ansari
In Financial Cryptography and Data Security (FC), Barbados, 2014.

Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Prithvi Bisht, Timothy L. Hinrichs, Nazari Skrupsky, V. N. Venkatakrishnan
In Journal of Computer Security (JSS), , 2014.

PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations
Pratik Narang, Subhajit Ray, Chittaranjan Hota, Venkat Venkatakrishnan
In International Workshop on Cyber Crime (IWCC), San Jose, CA, 2014.

Sensitive Information Disclosure in Amazon Reviews.
Federica Fornaciari, C. Ranganathan, V.N. Venkatakrishnan
In Eighth International Conference on Digital Society (ICDS), Barcelona, Spain, 2014.

A Threat Table based Approach to Telemedicine Secuirity
John C. Pendergrass, Karen Heart, C. Ranganathan, V.N. Venkatakrishnan
In International Conference on Health Information Technology Advancement (HIM), Kalamazoo,MI, 2013.

SafeScript: JavaScript transformation for policy enforcement
Mike Ter Louw, Phu H. Phung, Rohini Krishnamurti, V.N. Venkatkrishnan
In 18th Nordic Conference on Secure IT Systems (NordSec), Illulisat, Greenlan, 2013.

WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications
Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, Lenore Zuck
In ASE Science Journal (Vol. 1, Issue 3, pp. 121-136), , 2012.

Don't Repeat Yourself: Automatically Synthesizing Client-side Validation
Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, Lenore Zuck
In Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, and Lenore Zuck (WebApps), Boston, MA, 2012.

SWIPE: Eager Erasure of Sensitive Data in Large Scale Systems Software
Kalpana Gondi, Prithvi Bisht, Praveen Venkatachari, A. Prasad Sistla, V.N. Venkatakrishnan
In 2nd ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2012.

WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction [PDF]
Prithvi Bisht, Tim Hinrichs, Nazario Skrupsky, V.N. Venkatakrishnan
In 18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, 2011.

CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations
Prithvi Bisht, P. Madhusudan, V.N. Venkatakrishnan
In ACM Transactions on Information and Systems Security ( TISSEC), Volume 13, Issue 2, 2010.

Strengthening XSRF Defenses for Legacy Web Applications Using White-box Analysis and Transformation
Michelle Zhou, Prithvi Bisht, V.N. Venkatakrishnan
In 6th International Conference on Information Systems Security ( ICISS), Gandhinagar, India, 2010.

WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications
Prithvi Bisht, Mike Ter Louw, Michelle Zhou,Kalpana Gondi and Karthik Thotta Ganesh, V.N. Venkatakrishnan
In 6th International Conference on Information Systems Security (ICISS), Gandhinagar, India, 2010.

NoTamper: Automatically Detecting Parameter Tampering Vulnerabilities in Web Applications [PDF]
Prithvi Bisht, Timothy Hinrichs, Nazario Skrupsky, Radoslaw Bobrowicz, V.N. Venkatakrishnan
In ACM Conference on Computer and Communications Security (CCS), Chicago, IL, 2010.

AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements [PDF]
Mike Ter Louw, Karthik Thotta Ganesh, V.N. Venkatakrishnan
In USENIX Security Symposium (SEC), Washington D.C, 2010.

Automatically Preparing Safe SQL Queries [PDF]
Prithvi Bisht, A. Prasad Sistla, V.N. Venkatakrishnan
In Financial Cryptography and Data Security (FC), Tenerife, Spain, 2010.

Alcatraz: An Isolation Environment for Experimenting with Untrusted Software
Zhenkai Liang, Weiqin Sun, R. Sekar, V.N. Venkatakrishnan
In ACM Transactions on Information and Systems Security (TISSEC), Volume 12, Issue 3, 2009.

BluePrint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers [PDF]
Mike Ter Louw, V.N. Venkatakrishnan
In IEEE Symposium on Security and Privacy (S&P), Oakland, CA, 2009.

Enhancing web browser security against malware extensions
Mike Ter Louw, Jin Soon Lim, V.N. Venkatakrishnan
In Journal in Computer Virology (JCV), Volume 4, Number 3, 2008.

Preventing Information Leaks Through Shadow Executions [PDF]
Roberto Capizzi, Antonio Longo, A. Prasad Sistla, V.N. Venkatakrishnan
In 24th ACSA Computer Applications Security Conference (ACSAC), Anaheim, CA, 2008.

XSS-Guard: Precise Dynamic Prevention of Cross-Site Scripting Attacks
Prithvi Bisht, V.N. Venkatakrishnan
In Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Paris, France, 2008.

Expanding Malware Defense by Securing Software Installations
Weiqing Sun, R. Sekar, Zhenkai Liang, V.N. Venkatakrishnan
In Fifth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Paris, France, 2008.

Analysis of Hypertext Isolation Techniques for XSS Prevention
Mike Ter Louw, Prithvi Bisht, V.N. Venkatakrishnan
In Workshop on Web 2.0 Security and Privacy (W2SP), Oakland, CA, 2008.

CMV: Automatic Verification of Complete Mediation for Java Virtual Machines [PDF]
A. Prasad Sistla, Michelle Zhou, Hilary Branske, V.N. Venkatakrishnan
In 3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Tokyo, Japan, 2008.

CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations [PDF]
South Bandhakavi, Prithvi Bisht, P. Madhusudan, V.N. Venkatakrishnan
In 14th ACM Conference on Computer and Communications Security (CSS), Alexandria, VA, 2007.

Extensible Web Browser Security [PDF]
Mike Ter Louw, Jin Soon Lim, V.N. Venkatakrishnan
In Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Luzerne, Switzerland, 2007.

A Comparative Study of Three Random Password Generators
Michael Leonhard, V.N. Venkatakrishnan
In IEEE Conference on Information Technology (EIT), Chicago, IL, 2007.

Data Sandboxing: A Technique for Enforcing Confidentiality Policies [PDF]
T. Khatiwala, R. Swaminathan, V.N. Venkatakrishnan
In 22nd Annual ACSA Computer Applications Security Conference (ACSAC), Miami, FL, 2006.

Provably Correct Runtime Enforcement of Non-interference Policies [PDF]
V.N. Venkatakrishnan, W. Xu, D.C. DuVarney, R. Sekar
In 8th International Conference on Information and Communications Security (ICICS), Raleigh, NC, 2006.