Photo of Matt Finifter by Steve Hanna




Matthew S. Finifter

{my initials}@uber.com


Background

I received my PhD in Spring 2013 from the Computer Science Division at UC Berkeley, where I was advised by David Wagner. My dissertation is available for your perusal. I used to work at Twitter. Now I work at Uber.

My research is in computer security, and tends to focus primarily on software security. My research has taken steps toward:

Please see this visual representation of the topics my research has covered.


Publications

An Empirical Study of Vulnerability Rewards Programs.
Matthew Finifter, Devdatta Akhawe, and David Wagner.
In Proceedings of the 22nd USENIX Security Symposium, August 14-16, 2013.

An Empirical Study on the Effectiveness of Security Code Review.
Anne Edmundson, Brian Holtkamp, Emanuel Rivera, Matthew Finifter, Adrian Mettler, and David Wagner.
In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS 2013), February 27 - March 1, 2013.

How to Ask for Permission.
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner.
In Proceedings of the 7th USENIX Workshop on Hot Topics in Security (HotSec 2012), August 7, 2012.

Jigsaw: Efficient, Low-effort Mashup Isolation.
James Mickens and Matthew Finifter.
In Proceedings of the 3rd USENIX Conference on Web Application Development (WebApps 2012), June 13, 2012.

Product Labels for Mobile Application Markets. Short paper.
Devdatta Akhawe and Matthew Finifter.
In Proceedings of the Mobile Security Technologies Workshop (MoST 2012), May 24, 2012.

A Survey of Mobile Malware in the Wild.
Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steve Hanna, and David Wagner.
In Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2011), October 17, 2011.

A Systematic Analysis of XSS Sanitization in Web Application Frameworks.
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin and Dawn Song.
In Proceedings of the European Symposium on Research in Computer Security (ESORICS 2011), September 12-14, 2011.

Exploring the Relationship Between Web Application Development Tools and Security.
Matthew Finifter and David Wagner.
In Proceedings of the 2nd USENIX Conference on Web Application Development (WebApps 2011), June 15-16, 2011.

Diesel: Applying Privilege Separation to Database Access. Short paper.
A. Porter Felt, Matthew Finifter, Joel Weinberger, and David Wagner.
In Proceedings of the 6th ACM Symposium on Information, Computer, and Communications Security (AsiaCCS 2011), March 22-24, 2011.

Preventing Capability Leaks in Secure JavaScript Subsets.
Matthew Finifter, Joel Weinberger, and Adam Barth.
In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS 2010), February 28-March 3, 2010.

Verifiable Functional Purity in Java.
Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner.
In Proceedings of the 15th ACM Conference on Computer and Communication Security (CCS 2008), October 27-31, 2008.


Talks

Jigsaw: Efficient, Low-effort Mashup Isolation.
Presented at WebApps 2012 on June 13, 2012.

Exploring the Relationship Between Web Application Development Tools and Security.
Presented at WebApps 2011 on June 15, 2011.

Diesel: Applying Privilege Separation to Database Access.
Presented at AsiaCCS 2011 on March 23, 2011.

The Influence of Programming Language and Framework on
Application Security.
Presented at Mini-Metricon 5.5 on February 14, 2011.

Preventing Capability Leaks in Secure JavaScript Subsets.
Presented at NDSS on March 3, 2010.


Teaching


Coursework