{NAVEX}: Precise and Scalable Exploit Generation for Dynamic Web Applications

A Alhuzali, R Gjomemo, B Eshete, VN Venkatakrishnan – … {USENIX} Security Symposium ({USENIX} Security 18), 2018 [PDF]

DynaMiner: Leveraging Offline Infection Analytics for On-the-Wire Malware Detection

Birhanu Eshete and V.N. Venkatakrishnan
In 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, 2017.[PDF] 

SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data

Md Nahid Hossain, Sadegh M. Milajerdi, Junao Wang, Birhanu Eshete, Rigel Gjomemo, R. Sekar, Scott Stoller, V.N. Venkatakrishnan
In 26th USENIX Security Symposium (SEC), Vancouver, BC, Canada, 2017.[PDF] 

Patching Logic Vulnerabilities for Web Applications using LogicPatcher

Maliheh Monshizadeh, Prasad Naldurg, V.N. Venkatakrishnan
In 6th ACM Conference on Data and Applications Security ( CODASPY), New Orleans, LA, 2016.

Chainsaw: Chained Automated Workflow-Based Exploit Generation

Abeer Alhuzali, Birhanu Eshete, Rigel Gjomemo, V.N. Venkatakrishnan
In 23rd ACM Conference on Computer and Communications Security (ACM CCS), Vienna, Austria , 2016.[PDF] 

Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers

Rigel Gjomemo, Phu H. Phung, Ted Ballou, Kedar Namjoshi, V.N. Venkatakrishnan and Lenore Zuck
In IEEE Conference on Quality, Reliability and Security (QRS), Vienna, Austria, 2016.

EKHunter: A Counter-Offensive Toolkit for Exploit Kit Infiltration

Birhanu Eshete, Abeer Alhuzali, Maliheh Monshizadeh, Phillip Porras, V. N. Venkatakrishnan, Vinod Yegneswaran
In Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2015.[PDF] 

From Verifications to Optimizations

Rigel Gjomemo, Kedar Namjoshi, Phu H. Phung, V.N. Venkatakrishnan, Lenore Zuck
In Verification, Model Checking and and Abstract Interpretation (VMCAI), Mumbai, India, 2015.

Vetting SSL Usage in Applications with SSLINT

Boyuan He, Vaibhav Rastogi, Yinzhi Cao, Yan Chen, V.N. Venkatakrishnan, Runqing Yang, and Zhenrui Zhang
In IEEE Symposium on Security and Privacy (SP), San Jose, CA, 2015.

Practical Exploit Generation for Intent Message Vulnerabilities in Android

Daniele Gallingani, Rigel Gjomemo, V. N. Venkatakrishnan, Stefano Zanero
In ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2015.

MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications

Maliheh Monshizadeh, Prasad Naldurg, V. N. Venkatakrishnan
In ACM Conference on Computer and Communications Security (CCS), Scottsdale, AZ, 2014.

WebWinnow: Leveraging Exploit Kit Workflows to Detect Malicious URLs

Birhanu Eshete, V.N. Venkatakrishnan
In ACM Conference on Data and Application Security and Privacy ( CODASPY), San Antonio, TX, 2014. [PDF] 

DEICS: Data Erasure in Concurrent Software

Kalpana Gondi, A. Prasad Sistla, V.N. Venkatakrishnan
In 19th Nordic Conference on Secure IT Systems (NordSec), Tromso, Norway, 2014. [PDF] 

Between Worlds: Securing Mixed JavaScript/ActionScript Multi-party Web Content

Phu H. Phung, Maliheh Monshizadeh, Meera Sridhar and Kevin Hamlen, V.N. Venkatakrishnan
In IEEE Transactions on Dependable and Secure Computing (TDSC), , 2014.

PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification.

Pratik Narang, Chittaranjan Hota, V. N. Venkatakrishnan
In EURASIP Journal of Information Security (EURASIP), , 2014.

A Threat Table Based Assessment of Information Security in Telemedicine

John C. Pendergrass, Karen Heart, C. Ranganathan, V. N. Venkatakrishnan
In International Journal of Healthcare Information Systems and Informatics ( IJHISI), , 2014.

Minimizing lifetime of sensitive data in concurrent program

Kalpana Gondi, A. Prasad Sistla, V. N. Venkatakrishnan
In ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2014.

Digital Check Forgery Attacks on Client Check Truncation Systems

Rigel Gjomemo, Hafiz Malik, Nilesh Sumb, V. N. Venkatakrishnan, Rashid Ansari
In Financial Cryptography and Data Security (FC), Barbados, 2014.

Automated detection of parameter tampering opportunities and vulnerabilities in web applications

Prithvi Bisht, Timothy L. Hinrichs, Nazari Skrupsky, V. N. Venkatakrishnan
In Journal of Computer Security (JSS), , 2014.

PeerShark: Detecting Peer-to-Peer Botnets by Tracking Conversations

Pratik Narang, Subhajit Ray, Chittaranjan Hota, Venkat Venkatakrishnan
In International Workshop on Cyber Crime (IWCC), San Jose, CA, 2014.

Sensitive Information Disclosure in Amazon Reviews.

Federica Fornaciari, C. Ranganathan, V.N. Venkatakrishnan
In Eighth International Conference on Digital Society (ICDS), Barcelona, Spain, 2014.

A Threat Table based Approach to Telemedicine Secuirity

John C. Pendergrass, Karen Heart, C. Ranganathan, V.N. Venkatakrishnan
In International Conference on Health Information Technology Advancement (HIM), Kalamazoo,MI, 2013.

SafeScript: JavaScript transformation for policy enforcement

Mike Ter Louw, Phu H. Phung, Rohini Krishnamurti, V.N. Venkatkrishnan
In 18th Nordic Conference on Secure IT Systems (NordSec), Illulisat, Greenlan, 2013.

WAVES: Automatic Synthesis of Client-side Validation Code for Web Applications

Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, Lenore Zuck
In ASE Science Journal (Vol. 1, Issue 3, pp. 121-136), , 2012.

Don't Repeat Yourself: Automatically Synthesizing Client-side Validation

Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, V.N. Venkatakrishnan, Lenore Zuck
In Nazari Skrupsky, Maliheh Monshizadeh, Prithvi Bisht, Timothy Hinrichs, and Lenore Zuck (WebApps), Boston, MA, 2012.

SWIPE: Eager Erasure of Sensitive Data in Large Scale Systems Software

Kalpana Gondi, Prithvi Bisht, Praveen Venkatachari, A. Prasad Sistla, V.N. Venkatakrishnan
In 2nd ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, 2012.

WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction

Prithvi Bisht, Tim Hinrichs, Nazario Skrupsky, V.N. Venkatakrishnan
In 18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, 2011.[PDF]

CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations

Prithvi Bisht, P. Madhusudan, V.N. Venkatakrishnan
In ACM Transactions on Information and Systems Security ( TISSEC), Volume 13, Issue 2, 2010.

Strengthening XSRF Defenses for Legacy Web Applications Using White-box Analysis and Transformation

Michelle Zhou, Prithvi Bisht, V.N. Venkatakrishnan
In 6th International Conference on Information Systems Security ( ICISS), Gandhinagar, India, 2010.

WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications

Prithvi Bisht, Mike Ter Louw, Michelle Zhou,Kalpana Gondi and Karthik Thotta Ganesh, V.N. Venkatakrishnan
In 6th International Conference on Information Systems Security (ICISS), Gandhinagar, India, 2010.

NoTamper: Automatically Detecting Parameter Tampering Vulnerabilities in Web Applications

Prithvi Bisht, Timothy Hinrichs, Nazario Skrupsky, Radoslaw Bobrowicz, V.N. Venkatakrishnan
In ACM Conference on Computer and Communications Security (CCS), Chicago, IL, 2010.[PDF]

AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements

Mike Ter Louw, Karthik Thotta Ganesh, V.N. Venkatakrishnan
In USENIX Security Symposium (SEC), Washington D.C, 2010.[PDF]

Automatically Preparing Safe SQL Queries

Prithvi Bisht, A. Prasad Sistla, V.N. Venkatakrishnan
In Financial Cryptography and Data Security (FC), Tenerife, Spain, 2010.[PDF]

Alcatraz: An Isolation Environment for Experimenting with Untrusted Software

Zhenkai Liang, Weiqin Sun, R. Sekar, V.N. Venkatakrishnan
In ACM Transactions on Information and Systems Security (TISSEC), Volume 12, Issue 3, 2009.

BluePrint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers

Mike Ter Louw, V.N. Venkatakrishnan
In IEEE Symposium on Security and Privacy (S&P), Oakland, CA, 2009.[PDF]

Enhancing web browser security against malware extensions

Mike Ter Louw, Jin Soon Lim, V.N. Venkatakrishnan
In Journal in Computer Virology (JCV), Volume 4, Number 3, 2008.

Preventing Information Leaks Through Shadow Executions

Roberto Capizzi, Antonio Longo, A. Prasad Sistla, V.N. Venkatakrishnan
In 24th ACSA Computer Applications Security Conference (ACSAC), Anaheim, CA, 2008. [PDF]

XSS-Guard: Precise Dynamic Prevention of Cross-Site Scripting Attacks

Prithvi Bisht, V.N. Venkatakrishnan
In Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Paris, France, 2008.

Expanding Malware Defense by Securing Software Installations

Weiqing Sun, R. Sekar, Zhenkai Liang, V.N. Venkatakrishnan
In Fifth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Paris, France, 2008.

Analysis of Hypertext Isolation Techniques for XSS Prevention

Mike Ter Louw, Prithvi Bisht, V.N. Venkatakrishnan
In Workshop on Web 2.0 Security and Privacy (W2SP), Oakland, CA, 2008.

CMV: Automatic Verification of Complete Mediation for Java Virtual Machines

A. Prasad Sistla, Michelle Zhou, Hilary Branske, V.N. Venkatakrishnan
In 3rd ACM Symposium on Information, Computer and Communications Security (ASIACCS), Tokyo, Japan, 2008. [PDF]

CANDID: Preventing SQL Injection Attacks Using Dynamic Candidate Evaluations

South Bandhakavi, Prithvi Bisht, P. Madhusudan, V.N. Venkatakrishnan
In 14th ACM Conference on Computer and Communications Security (CSS), Alexandria, VA, 2007.[PDF]

Extensible Web Browser Security

Mike Ter Louw, Jin Soon Lim, V.N. Venkatakrishnan
In Fourth GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), Luzerne, Switzerland, 2007.[PDF]

A Comparative Study of Three Random Password Generators

Michael Leonhard, V.N. Venkatakrishnan
In IEEE Conference on Information Technology (EIT), Chicago, IL, 2007.

Data Sandboxing: A Technique for Enforcing Confidentiality Policies

T. Khatiwala, R. Swaminathan, V.N. Venkatakrishnan
In 22nd Annual ACSA Computer Applications Security Conference (ACSAC), Miami, FL, 2006.[PDF]

Provably Correct Runtime Enforcement of Non-interference Policies

V.N. Venkatakrishnan, W. Xu, D.C. DuVarney, R. Sekar
In 8th International Conference on Information and Communications Security (ICICS), Raleigh, NC, 2006.[PDF]