• About
  • About the Department
  • Contact
  • Directions
  • Partners
  • Rooms
  • Systems & Software
  • Conduit
  • News
  • Events
  • Blog
• People
  • Our Community
  • Faculty
  • Staff
  • Grad Students
  • Ugrad Students
  • Alums
  • Directory
• Research
  • Research Links
  • Areas
  • Publications
• Degrees
  • Degree Programs
  • Doctoral
  • Masters
  • Undergrad
  • Programs
  • Miscellaneous
• Courses
  • Course List
  • Schedule
  • Sections
  • TA Program

The 44th IPP Symposium

Finding Malware on a Web Scale

Ben Livshits, Microsoft Research

Over the last several years, JavaScript malware has emerged as one of the most popular ways to deliver drive-by attacks to unsuspecting users through the browser. This talk covers recent Microsoft Research experiences with finding JavaScript malware on the web. Over the past several years, we have developed analysis and detection tools that eventually transitioned into the Bing search engine. Our tools are now used daily to find and black-list thousands of malicious web sites. This talk will focus on interesting interplay between static and runtime analysis and cover what it takes to migrate research ideas into real-world products.

Ben Livshits is a researcher at Microsoft Research and an affiliate professor at the University of Washington. Originally from St. Petersburg, Russia, he received a bachelor's degree in Computer Science and Math from Cornell University in 1999, and his M.S. and Ph.D. in Computer Science from Stanford University in 2002 and 2006, respectively. Dr. Livshits' research interests include application of sophisticated static and dynamic analysis techniques to finding errors in programs.

Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security, CCS, SOSP, ICSE, FSE, and many other venues. He is known for his work in software reliability and especially tools to improve software security, with a primary focus on approaches to finding buffer overruns in C programs and a variety of security vulnerabilities (cross-site scripting, SQL injections, etc.) in Web-based applications. He is the author of several dozen academic papers and patents. Lately he has been focusing on how Web 2.0 application and browser reliability, performance, and security can be improved through a combination of static and runtime techniques.