Skip to main content
Back to KTH start page

Publications by Musard Balliu

Peer reviewed

Articles

[1]
M. Balliu et al., "Challenges of Producing Software Bill of Materials for Java," IEEE Security and Privacy, vol. 21, no. 6, pp. 12-23, 2023.
[2]
M. Balliu et al., "Friendly Fire : Cross-App Interactions in IoT Platforms," ACM Transactions on Privacy and Security (TOPS), vol. 24, no. 3, pp. 1-40, 2021.
[3]
M. Balliu, I. Bastys and A. Sabelfeld, "Securing IoT Apps," IEEE Security and Privacy, vol. 17, no. 5, pp. 22-29, 2019.
[4]
M. Balliu and I. Mastroeni, "A Weakest Precondition Approach to Robustness," Lecture Notes in Computer Science, vol. 6340, no. PART 1, pp. 261-297, 2010.

Conference papers

[5]
M. Aghvamipanah et al., "Activity Recognition Protection for IoT Trigger-Action Platforms," in Proceedings - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024, 2024, pp. 600-616.
[6]
A. M. Ahmadian, M. Soloviev and M. Balliu, "Disjunctive Policies for Database-Backed Programs," in 2024 IEEE 37TH Computer Security Foundations Symposium, CSF 2024, 2024, pp. 388-402.
[7]
M. Soloviev, M. Balliu and R. Guanciale, "Security Properties through the Lens of Modal Logic," in 2024 IEEE 37th computer security foundations symposium, CSF 2024, 2024, pp. 340-355.
[8]
M. Shcherbakov, P. Moosbrugger and M. Balliu, "Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis," in WWW 2024 - Proceedings of the ACM Web Conference, 2024, pp. 1800-1811.
[9]
M. Shcherbakov, M. Balliu and C.-A. Staicu, "Silent Spring : Prototype Pollution Leads to Remote Code Execution in Node.js," in Proceedings Of The 32Nd Usenix Security Symposium, 2023, pp. 5521-5538.
[10]
M. Balliu et al., "Software Bill of Materials in Java," in SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 2023, pp. 75-76.
[11]
A. M. Ahmadian and M. Balliu, "Dynamic Policies Revisited," in Proceedings - 7th IEEE European Symposium on Security and Privacy, Euro S and P 2022, 2022, pp. 448-466.
[12]
A. Oak et al., "Enclave-Based Secure Programming with JE," in 2021 IEEE SECURE DEVELOPMENT CONFERENCE (SECDEV 2021), 2021.
[13]
A. Oak et al., "Language Support for Secure Software Development with Enclaves," in IEEE Computer Security Foundations Symposium (CSF 2021), 2021.
[14]
M. M. Ahmadpanah et al., "SandTrap : Securing JavaScript-driven Trigger-Action Platforms," in Proceedings Of The 30Th USENIX Security Symposium, 2021, pp. 2899-2916.
[15]
M. M. Ahmadpanah et al., "SandTrap: Securing JavaScript-driven Trigger-Action Platforms," in USENIX Security Symposium (USENIX Security 2021), 2021.
[16]
M. M. Ahmadpanah et al., "Securing Node-RED Applications," in Protocols, Strands, and LogicEssays Dedicated to Joshua Guttman on the Occasion of his 66.66th Birthday, 2021, pp. 1-21.
[17]
M. Birgersson, C. Artho and M. Balliu, "Security-Aware Multi-User Architecture for IoT," in 2021 IEEE 21ST INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY (QRS 2021), 2021, pp. 102-113.
[18]
M. Shcherbakov and M. Balliu, "SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web," in Proceedings of the Network and Distributed System Security Symposium (NDSS 2021), 2021.
[19]
R. M. Tsoupidi, M. Balliu and B. Baudry, "Vivienne : Relational Verification of Cryptographic Implementations in WebAssembly," in Proceedings - 2021 IEEE Secure Development Conference, SecDev 2021, 2021, pp. 94-102.
[20]
I. Bastys et al., "Clockwork : Tracking Remote Timing Attacks," in Proceedings IEEE Computer Security Foundations Symposium, CSF 2020, 2020.
[21]
M. Balliu, M. Merro and M. Pasqua, "Friendly Fire: Cross-App Interactions in IoT Platforms," in https://www.cambridge.org/core/what-we-publish/textbooks#, 2020.
[22]
R. Guanciale, M. Balliu and M. Dam, "InSpectre : Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis," in CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications, 2020.
[23]
C.-A. Staicu et al., "An Empirical Study of Information Flows in Real-World JavaScript," in Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2019, pp. 45-59.
[24]
K. Tuma, M. Balliu and R. Scandariato, "Flaws in Flows : Unveiling Design Flaws via Information Flow Analysis," in Proceedings - 2019 IEEE International Conference on Software Architecture, ICSA 2019, 2019, pp. 191-200.
[25]
M. Guarnieri et al., "Information-Flow Control for Database-backed Applications," in IEEE European Symposium on Security and Privacy (EuroS&P 2019), Stockholm, Sweden, 17-19 June 2019, 2019, pp. 79-94.
[26]
M. Balliu, M. Merro and M. Pasqua, "Securing Cross-App Interactions in IoT Platforms," in 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), 2019, pp. 319-334.
[27]
I. Bastys, M. Balliu and A. Sabelfeld, "If This Then What? Controlling Flows in IoT Apps," in ACM Conference on Computer and Communications Security (CCS’18), 2018.
[28]
M. Balliu, M. Dam and R. Guanciale, "Automating Information Flow Analysis of Low Level Code," in Proceedings of CCS’14, November 3–7, 2014, Scottsdale, Arizona, USA, 2014.
[29]
M. Balliu, "A Logic for Information Flow Analysis of Distributed Programs," in Secure IT Systems : 18th Nordic Conference, NordSec 2013 Ilulissat, Greenland, October 2013 Proceedings, 2013, pp. 84-99.
[30]
M. Balliu, M. Dam and G. Le Guernic, "ENCOVER : Symbolic Exploration for Information Flow Security," in 2012 IEEE 25th Computer Security Foundations Symposium (CSF), 2012, pp. 30-44.
[31]
M. Balliu, M. Dam and G. Le Guernic, "Epistemic Temporal Logic for Information Flow Security," in In proc. of th 4e ACM SIGPLAN workshop on Programming Languages and Analysis for Security, 2011.
[32]
M. Balliu and I. Mastroeni, "A weakest precondition approach to active attacks analysis," in PLAS'09 : Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security, 2009, pp. 59-71.

Non-peer reviewed

Theses

[33]
M. Balliu, "Logics for Information Flow Security:From Specification to Verification," Doctoral thesis Stockholm : KTH Royal Institute of Technology, TRITA-CSC-A, 2014:13, 2014.

Reports

Latest sync with DiVA:
2024-11-19 00:22:12