- CCS 2023 (to appear)
Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications
Jeremy Rack, Cristian-Alexandru Staicu
(paper)
- USENIX Security 2023
SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes
Abdullah Alhamdan, Cristian-Alexandru Staicu
(paper)
- USENIX Security 2023
Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages
Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, Michael Backes
(paper)
- USENIX Security 2023
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
Mikhail Shcherbakov, Musard Balliu, Cristian-Alexandru Staicu
(paper)
- ICSE 2023
SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript
Masudul Hasan Masud Bhuiyan, Adithya Srinivas Parthasarathy, Nikos Vasilakis, Michael Pradel, Cristian-Alexandru Staicu
(paper)
- CCS 2021
Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction
Nikos Vasilakis, Cristian-Alexandru Staicu, Grigoris Ntousakis, Konstantinos Kallas, Ben Karel, André DeHon, Michael Pradel
(paper)
- ICSE 2020
Extracting Taint Specifications for JavaScript Libraries
Cristian-Alexandru Staicu, Martin Toldam Torp, Max Schäfer, Anders Møller, Michael Pradel
(paper, poster)
- PhD Thesis (2020)
Enhancing the Security and Privacy of Full-Stack JavaScript Web Applications
advised by Prof. Dr. Michael Pradel
(thesis, presentation)
- USENIX Security 2019
Leaky Images: Targeted Privacy Attacks in the Web
Cristian-Alexandru Staicu, Michael Pradel
(paper)
- USENIX Security 2019
Small World with High Risks: A Study of Security Threats in the npm Ecosystem
Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, Michael Pradel
(paper, reviewed by The Morning Paper)
- The Web Conference 2019
Anything to Hide? Studying Minified and Obfuscated Code in the Web
Philippe Skolka, Cristian-Alexandru Staicu, Michael Pradel
(paper, presentation, dataset)
- PLAS@CCS 2019
An Empirical Study of Information Flows in Real-World JavaScript
Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel, Andrei Sabelfeld
(paper, presentation)
- USENIX Security 2018
Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers
Cristian-Alexandru Staicu, Michael Pradel
(paper, presentation, video, reviewed by Bleeping Computer, Naked Security and TU Darmstadt website)
- NDSS 2018
Synode: Understanding and Automatically Preventing Injection Attacks on Node.js
Cristian-Alexandru Staicu, Michael Pradel, Ben Livshits
(paper, presentation, video, reviewed by The Morning Paper)
- ASE 2017
Saying 'Hi!' Is Not Enough: Mining Inputs for Effective Test Generation
Luca Della Toffola, Cristian-Alexandru Staicu, Michael Pradel
(paper)
- CSUR 2017
A Survey of Dynamic Analysis and Test Generation for JavaScript
Esben Andreasen, Liang Gong, Anders Møller, Michael Pradel, Marija Selakovic, Koushik Sen, Cristian-Alexandru Staicu
(paper)
- SSBSE 2016
Search Based Clustering for Protecting Software with Diversified Updates
Mariano Ceccato, Paolo Falcarin, Alessandro Cabutto, Yosief Weldezghi Frezghi, Cristian-Alexandru Staicu
(paper)
- ICSE 2016
Nomen Est Omen: Exploring and Exploiting Similarities between Argument and Parameter Names
Hui Liu, Qiurong Liu, Cristian-Alexandru Staicu, Michael Pradel, Yue Luo
(paper, presentation)
- PLDI Student Research Competition 2015
An Empirical Study of Implicit Information Flow
Cristian-Alexandru Staicu
(poster, presentation)
- Master Thesis (2014)
Evaluation of HIMMO with Long Identifiers, an Extension of the HIMMO Key Establishment Scheme
work done during an internship at Philips Research Eindhoven, supervised by Dr. Oscar García Morchon and Prof. Dr. Andreas Peter
(thesis, presentation)
- Bachelor Thesis (2011)
SherlockJ - Unealta de Depanarea Statistic a Programelor Java (in Romanian)
supervised by Prof. Dr. Marius Minea
(thesis, presentation)
