Matthew Finifter (original) (raw)
Background
I received my PhD in Spring 2013 from theComputer Science Division at UC Berkeley, where I was advised by David Wagner. My dissertation is available for your perusal. I used to work at Twitter, and then at Uber. Now I work at Figma.
My research is in computer security, and tends to focus primarily on software security. My research has taken steps toward:
- Designing, implementing, and evaluating developer-facing tools intended to aid secure software development.
- Preventing and mitigating web application vulnerabilities.
- Understanding the unique requirements of mobile application security, and developing security systems accordingly.
- Gathering and analyzing datasets in order to better understand existing security systems, tools, and processes.
Please see this visual representation of the topics my research has covered.
Publications
An Empirical Study of Vulnerability Rewards Programs.
Matthew Finifter,Devdatta Akhawe, andDavid Wagner.
In Proceedings of the22nd USENIX Security Symposium, August 14-16, 2013.
- Slides from Devdatta's talk at USENIX Security 2013
- BibTeX entry
An Empirical Study on the Effectiveness of Security Code Review.
Anne Edmundson, Brian Holtkamp, Emanuel Rivera, Matthew Finifter,Adrian Mettler, andDavid Wagner.
In Proceedings of theInternational Symposium on Engineering Secure Software and Systems (ESSoS 2013), February 27 - March 1, 2013.
- Slides from Annie's talk at ESSoS 2013
- BibTeX entry
How to Ask for Permission.
Adrienne Porter Felt,Serge Egelman, Matthew Finifter,Devdatta Akhawe, and David Wagner.
In Proceedings of the7th USENIX Workshop on Hot Topics in Security (HotSec 2012), August 7, 2012.
- Slides from Adrienne's talk at HotSec 2012
- BibTeX entry
Jigsaw: Efficient, Low-effort Mashup Isolation.
James Mickens and Matthew Finifter.
In Proceedings of the3rd USENIX Conference on Web Application Development (WebApps 2012), June 13, 2012.
- Slides (including notes) from my talk at WebApps 2012
- BibTeX entry
Product Labels for Mobile Application Markets. Short paper.
Devdatta Akhawe and Matthew Finifter.
In Proceedings of theMobile Security Technologies Workshop (MoST 2012), May 24, 2012.
- Slides (including notes) from Devdatta's talk at MoST 2012
- BibTeX entry
A Survey of Mobile Malware in the Wild.
Adrienne Porter Felt, Matthew Finifter,Erika Chin,Steve Hanna, and David Wagner.
In Proceedings of theACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), October 17, 2011.
- Slides from Adrienne's talk at SPSM 2011
- BibTeX entry
A Systematic Analysis of XSS Sanitization in Web Application Frameworks.
Joel Weinberger,Prateek Saxena,Devdatta Akhawe, Matthew Finifter, Richard Shin andDawn Song.
In Proceedings of theEuropean Symposium on Research in Computer Security (ESORICS 2011), September 12-14, 2011.
- Slides from Joel's talk at ESORICS 2011
- BibTeX entry
- Technical report
Exploring the Relationship Between Web Application Development Tools and Security.
Matthew Finifter andDavid Wagner.
In Proceedings of the2nd USENIX Conference on Web Application Development (WebApps 2011), June 15-16, 2011.
- Slides (including notes) from my talk at WebApps 2011
- BibTeX entry
Diesel: Applying Privilege Separation to Database Access. Short paper.
A. Porter Felt, Matthew Finifter,Joel Weinberger, andDavid Wagner.
In Proceedings of the6th ACM Symposium on Information, Computer, and Communications Security (AsiaCCS 2011), March 22-24, 2011.
- Slides and notes from my talk at AsiaCCS 2011
- BibTeX entry
- Technical report
Preventing Capability Leaks in Secure JavaScript Subsets.
Matthew Finifter,Joel Weinberger, andAdam Barth.
In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS 2010), February 28-March 3, 2010.
- Slides and notes from my talk at NDSS 2010
- BibTeX entry
- Project web site
Verifiable Functional Purity in Java.
Matthew Finifter,Adrian Mettler,Naveen Sastry, andDavid Wagner.
In Proceedings of the 15th ACM Conference on Computer and Communication Security (CCS 2008), October 27-31, 2008.
- Slides from Adrian's talk at CCS 2008
- BibTeX entry
- Project web site
Talks
Jigsaw: Efficient, Low-effort Mashup Isolation.
Presented at WebApps 2012 on June 13, 2012.
Exploring the Relationship Between Web Application Development Tools and Security.
Presented at WebApps 2011 on June 15, 2011.
Diesel: Applying Privilege Separation to Database Access.
Presented at AsiaCCS 2011 on March 23, 2011.
The Influence of Programming Language and Framework on
Application Security.
Presented at Mini-Metricon 5.5 on February 14, 2011.
Preventing Capability Leaks in Secure JavaScript Subsets.
Presented at NDSS on March 3, 2010.