Matthew S. Finifter

Background

I am a 4th year doctoral student in the Computer Science Department at UC Berkeley, advised by David Wagner. I am partially funded by an NSF Graduate Research Fellowship.

My research focuses on how the software development process influences the security of the resulting software. I am also interested in security metrics and web security.

Publications

A Survey of Mobile Malware in the Wild.
Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner.
In Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), October 17, 2011.

• Slides from Adrienne's talk at SPSM 2011
• BibTeX entry

A Systematic Analysis of XSS Sanitization in Web Application Frameworks.
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin and Dawn Song.
In Proceedings of the European Symposium on Research in Computer Security (ESORICS 2011), September 12-14, 2011.

• Slides from Joel's talk at ESORICS 2011
• BibTeX entry
• Technical report

Exploring the Relationship Between Web Application Development Tools and Security.
Matthew Finifter and David Wagner.
In Proceedings of the 2nd USENIX Conference on Web Application Development (WebApps 2011), June 15-16, 2011.

• Slides (including notes) from my talk at WebApps 2011
• BibTeX entry

Diesel: Applying Privilege Separation to Database Access. Short paper.
A. Porter Felt, Matthew Finifter, Joel Weinberger, and David Wagner.
In Proceedings of the 6th ACM Symposium on Information, Computer, and Communications Security (AsiaCCS 2011), March 22-24, 2011.

• Slides and notes from my talk at AsiaCCS 2011
• BibTeX entry
• Technical report

Preventing Capability Leaks in Secure JavaScript Subsets.
Matthew Finifter, Joel Weinberger, and Adam Barth.
In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS 2010), February 28-March 3, 2010.

• Slides and notes from my talk at NDSS 2010
• BibTeX entry
• Project web site

Verifiable Functional Purity in Java.
Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
In Proceedings of the 15th ACM Conference on Computer and Communication Security (CCS 2008), October 27-31, 2008.

• Slides from Adrian's talk at CCS 2008
• BibTeX entry
• Project web site

Technical Reports

An Empirical Analysis of XSS Sanitization in Web Application Frameworks.
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin, and Dawn Song.

Diesel: Applying Privilege Separation to Database Access.
Adrienne Porter Felt, Matthew Finifter, Joel Weinberger, and David Wagner.

Talks

Exploring the Relationship Between Web Application Development Tools and Security.
Presented at WebApps 2011 on June 15, 2011.

• Slides (including notes)

Diesel: Applying Privilege Separation to Database Access.
Presented at AsiaCCS 2011 on March 23, 2011.

• Slides
• Notes

The Influence of Programming Language and Framework on
Application Security.
Presented at Mini-Metricon 5.5 on February 14, 2011.

• Slides
• Notes

Preventing Capability Leaks in Secure JavaScript Subsets.
Presented at NDSS on March 3, 2010.

• Slides
• Notes

Teaching

• CS61BL, Data Structures and Programming Methodology. Spring 2011.
  • Student evaluations of my teaching
• CS161, Computer Security. Spring 2010.
  • Student evaluations of my teaching

Coursework

• Fall 2010
  • INFO 271B. Quantitative Research Methods.
• Spring 2010
  • CS 263. Design and Analysis of Programming Languages.
  • CS 301. Teaching Techniques for Computer Science.
• Fall 2009
  • INFO 237. Intellectual Property Law for the Information Industries.
  • INFO 290. Surveillance, Sousveillance, Coveillance, and Dataveillance.
• Spring 2009
  • CS 276. Cryptography.
  • CS 294-28. Internet/Network Security.
  • CS 294-32. Dynamic Program Analysis, Testing, and Debugging.
• Fall 2008
  • CS 261. Computer Security.
  • CS 262A. Advanced Topics in Computer Systems.