Prateek Saxena picture

Prateek Saxena

PhD Student
Computer Science Division
University of California, Berkeley
725 Soda Hall
Email: prateeks at cs dot berkeley dot edu
CV: PDF
Google Scholar Page

Hi, I am a graduate student at UC Berkeley since Fall 2007. I am advised by Dawn Song.
I am interested in computer security, program analysis, formal methods and operating systems.
I am actively involved in two umbrella research projects at Berkeley: BitBlaze and Webblaze
Prior to joining Berkeley, I worked with R. Sekar during my MS at Stony Brook University.

News!

09/19: Check out our blog on Google Chrome Extensions vulnerabilities!
08/2011: Won the Symantec Intern Showcase competition 2011. Yipee!
02/2011: I am thrilled to receive the the Symantec Research Graduate Fellowship 2011.
10/2010: Our work on JavaScript symbolic execution was awarded the AT&T Award for Best Applied Security Research Paper 2010.

Refereed Papers

Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers
Mike Samuel, Prateek Saxena, Dawn Song
To Appear at the ACM Conference on Computer and Communications Security (CCS) 2011.
* Auto-sanitization developed in this work now protects Google+.

PDF Talk Acc Rate: 13.9%
SCRIPTGARD: Automatic Context-Sensitive Sanitization for Large-Scale Legacy Web Applications
Prateek Saxena, David Molnar and Benjamin Livshits
To Appear at the ACM Confrence on Computer and Communications Security (CCS) 2011.

PDF Talk Acc Rate: 13.9%
A Systematic Analysis of XSS Sanitization in Web Application Frameworks
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin, Dawn Song
To Appear at the European Symposium on Research in Computer Security (ESORICS), September 2011.

PDF Acc Rate: 23%
Fast and Precise Sanitizer Analysis with BEK
Pieter Hooimeijer, Ben Livhsits, David Molnar, Prateek Saxena, Margus Veanes.
(* Authors listed alphabeltically by last name)
To Appear at the 20th Usenix Security Symposium (Usenix Security), August 2011.
* Try BEK online!

PDF Acc Rate:17.2%
A Symbolic Execution Framework for JavaScript
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song.
In Proceedings of the 31st IEEE Symposium on Security and Privacy (Oakland), May 2010.
* Kaluza, our new string decision procedure, is now available.
* This work has been awarded the AT&T Best Applied Security Research Paper Award 2010

PDF Talk Acc Rate: 11%
FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications
Prateek Saxena, Steve Hanna, Pongsin Poosankam, Dawn Song.
In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS), Feb 2010.

PDF Talk Acc Rate: 15.4%
Protecting Browsers from Extension Vulnerabilities
Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman.
In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS), Feb 2010.

PDF Acc Rate: 15.4%
The Emperors New APIs: On the (In)Secure Usage of New Client Side Primitives
Steve Hanna, Richard Shin, Devdatta Akhawe, Arman Boehm, Prateek Saxena, Dawn Song
In Proceedings of the 4th Web 2.0 Security and Privacy Workshop (W2SP), Oakland, May 2010.

PDF Acc Rate: 41%
Loop-Extended Symbolic Execution on Binary Programs
Prateek Saxena, Pongsin Poosankam, Stephen McCamant, Dawn Song.
In Proceedings of International Symposium on Software Testing and Analysis (ISSTA), July 2009.
(Supercedes TR No. UCB/EECS-2009-34, EECS Department UC, Berkeley).
(Benchmarks Available at the LESE Project Page)

PDF Talk Acc Rate: 27%
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
Yacin Nadji, Prateek Saxena and Dawn Song.
In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), February 2009

PDF Talk Acc Rate: 11.6%
On the Limits of Information Flow Techniques for Malware Analysis and Containment
Lorenzo Cavallaro, Prateek Saxena, R. Sekar.
In Proceedings of the Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 2008.

PDF Acc Rate: 31%
Efficient fine-grained binary instrumentation with applications to taint-tracking
Prateek Saxena, R. Sekar, Varun Puranik.
In Proceedings of the International Symposium on Code Generation and Optimization (CGO), April 2008.

PDF Acc Rate: 31%
BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, Prateek Saxena.
In Proc. of International Conference on Information Systems Security (*Invited paper) (ICISS), December 2008.

PDF

Technical Reports

A Practical Technique for Containment of Untrusted Plug-ins
Prateek Saxena, R. Sekar, Mithun Iyer, Varun Puranik.
Technical Report at Secure Systems Lab, Stony Brook University, August 2008.

PDF
BEK: Modeling Imperative String Operations with Symbolic Transducers
Pieter Hooimeijer, Ben Livhsits, David Molnar, Prateek Saxena, Margus Veanes.
(* Authors alphabeltically listed)
Technical Report MSR-TR-2010-154, 26 November 2010 (Superceedes MSR-TR-2010-96).
PDF

My Calendar