Latest News

WWW Paper

January 2025

Our paper on differential measurements of websites in dveloping and developed countries will appear at TheWebConf 2025. Congrats Masud!

NDSS Paper

September 2024

Our paper on analyzing the security risks of the Deno runtime will appear at NDSS 2025. Congrats Abdullah!

ASE Paper

August 2024

Our work studying the security implications of gradual typing will appear at ASE 2024. Congrats Dominic!

CCS Paper

September 2023

Our paper on analyzing the risks incurred by JavaScript bundles will appear at CCS 2023. Congrats Jerry!

USENIX Paper #3

January 2023

Our paper on testing language-based JavaScript sandboxes will appear at USENIX Security 2023. Congrats Abdullah!

ICSE Paper

December 2022

Our paper describing SecBench.js, an executable security benchmark for Node.js, will appear at ICSE 2023. Congrats Masud and Adithya!

USENIX Paper #2

November 2022

Our paper on the dangers of native extensions in scripting languages will appear at USENIX Security 2023.

USENIX Paper #1

July 2022

Our paper studying the relation between prototype pollution and RCE will appear at USENIX Security 2023.

CCS 2021 Paper

September 2021

Our paper on preventing dynamic library compromise in Node.js packages will appear at CCS 2021.

Welcome Abdullah and Masud

February 2021

Abdullah Alhamdan and Masudul Hasan Masud Bhuiyan joined my research group as PhD students. Welcome!

  • NDSS 2025
    Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem
    Abdullah Alhamdan, Cristian-Alexandru Staicu
    (paper)
  • The Web Conference 2025
    Digital Disparities: A Comparative Web Measurement Study Across Economic Boundaries
    Masudul Hasan Masud Bhuiyan, Matteo Varvello, Cristian-Alexandru Staicu, Yasir Zaki
    (paper)
  • EuroS&P 2025
    CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions
    Raoul Scholtes, Soheil Khodayari, Cristian-Alexandru Staicu, Giancarlo Pellegrino
    (paper link will come soon)
  • ASE 2024
    Typed and Confused: Studying the Unexpected Dangers of Gradual Typing
    Dominic Troppmann, Aurore Fass, Cristian-Alexandru Staicu
    (paper)
  • NAACL 2024
    SimSCOOD: Systematic Analysis of Out-of-Distribution Generalization in Fine-tuned Source Code Models
    Hossein Hajipour, Ning Yu, Cristian-Alexandru Staicu, Mario Fritz
    (paper)
  • CCS 2023
    Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications
    Jeremy Rack, Cristian-Alexandru Staicu
    (paper)
  • USENIX Security 2023
    SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes
    Abdullah Alhamdan, Cristian-Alexandru Staicu
    (paper)
  • USENIX Security 2023
    Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages
    Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, Michael Backes
    (paper)
  • USENIX Security 2023
    Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
    Mikhail Shcherbakov, Musard Balliu, Cristian-Alexandru Staicu
    (paper)
  • ICSE 2023
    SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript
    Masudul Hasan Masud Bhuiyan, Adithya Srinivas Parthasarathy, Nikos Vasilakis, Michael Pradel, Cristian-Alexandru Staicu
    (paper)
  • CCS 2021
    Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction
    Nikos Vasilakis, Cristian-Alexandru Staicu, Grigoris Ntousakis, Konstantinos Kallas, Ben Karel, André DeHon, Michael Pradel
    (paper)
  • ICSE 2020
    Extracting Taint Specifications for JavaScript Libraries
    Cristian-Alexandru Staicu, Martin Toldam Torp, Max Schäfer, Anders Møller, Michael Pradel
    (paper, poster)
  • PhD Thesis (2020)
    Enhancing the Security and Privacy of Full-Stack JavaScript Web Applications
    advised by Prof. Dr. Michael Pradel
    (thesis, presentation)
  • USENIX Security 2019
    Leaky Images: Targeted Privacy Attacks in the Web
    Cristian-Alexandru Staicu, Michael Pradel
    (paper)
  • USENIX Security 2019
    Small World with High Risks: A Study of Security Threats in the npm Ecosystem
    Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, Michael Pradel
    (paper, reviewed by The Morning Paper)
  • The Web Conference 2019
    Anything to Hide? Studying Minified and Obfuscated Code in the Web
    Philippe Skolka, Cristian-Alexandru Staicu, Michael Pradel
    (paper, presentation, dataset)
  • PLAS@CCS 2019
    An Empirical Study of Information Flows in Real-World JavaScript
    Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel, Andrei Sabelfeld
    (paper, presentation)
  • USENIX Security 2018
    Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
    Cristian-Alexandru Staicu, Michael Pradel
    (paper, presentation, video, reviewed by Bleeping Computer, Naked Security and TU Darmstadt website)
  • NDSS 2018
    Synode: Understanding and Automatically Preventing Injection Attacks on Node.js
    Cristian-Alexandru Staicu, Michael Pradel, Ben Livshits
    (paper, presentation, video, reviewed by The Morning Paper)
  • ASE 2017
    Saying 'Hi!' Is Not Enough: Mining Inputs for Effective Test Generation
    Luca Della Toffola, Cristian-Alexandru Staicu, Michael Pradel
    (paper)
  • CSUR 2017
    A Survey of Dynamic Analysis and Test Generation for JavaScript
    Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, Cristian-Alexandru Staicu
    (paper)
  • SSBSE 2016
    Search Based Clustering for Protecting Software with Diversified Updates
    Mariano Ceccato, Paolo Falcarin, Alessandro Cabutto, Yosief Weldezghi Frezghi, Cristian-Alexandru Staicu
    (paper)
  • ICSE 2016
    Nomen Est Omen: Exploring and Exploiting Similarities between Argument and Parameter Names
    Hui Liu, Qiurong Liu, Cristian-Alexandru Staicu, Michael Pradel, Yue Luo
    (paper, presentation)
  • PLDI Student Research Competition 2015
    An Empirical Study of Implicit Information Flow
    Cristian-Alexandru Staicu
    (poster, presentation)
  • Master Thesis (2014)
    Evaluation of HIMMO with Long Identifiers, an Extension of the HIMMO Key Establishment Scheme
    work done during an internship at Philips Research Eindhoven, supervised by Dr. Oscar García Morchon and Prof. Dr. Andreas Peter
    (thesis, presentation)
  • Bachelor Thesis (2011)
    SherlockJ - Unealta de Depanarea Statistic a Programelor Java (in Romanian)
    supervised by Prof. Dr. Marius Minea
    (thesis, presentation)