Marco Pistoia  Marco Pistoia photo       

contact information

IBM Distinguished Researcher, Senior Manager, Master Inventor - Quantum Computing Software, Tools, Extension and Security
IBM Thomas J. Watson Research Center, Yorktown Heights, NY USA
  +1dash914dash945dash1263

links



Refereed Conference Papers
Refereed Journal Articles
Books
Theses
Book Chapters
Refereed Conference Tutorials
Research Reports
Technical Reports

Refereed Conference Papers

  1. Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot and Salvatore Guarnieri. Andromeda: Accurate and Scalable Security Analysis of Web Applications. In proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering (FASE 2013), held as part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2013), Rome, Italy, March 2013, pages 210-225.
  2. Manu Sridharan, Shay Artzi, Marco Pistoia, Salvatore Guarnieri, Omer Tripp and Ryan Berg. Taint Analysis of Framework-based Web Applications. In Proceedings of the 2011 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2011), Portland, OR, USA, October 2011.
  3. Takaaki Tateishi, Marco Pistoia and Omer Tripp. Path- and Index-sensitive String Analysis Based on Monadic Second-order Logic. In Proceedings of the 2011 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2011), Toronto, ON, Canada, July 2011. Winner of the ACM SIGSOFT Distinguished Paper Award.
  4. Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet and Ryan Berg. Saving the World Wide Web from Vulnerable JavaScript. In Proceedings of the 2011 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2011), Toronto, ON, Canada, July 2011.
  5. Nikolai Joukov, Vasily Tarasov, Birgit Pfitzmann, Sergej Chicherin, Marco Pistoia and Takaaki Tateishi. Discovery of Hard-coded External Dependencies in Enterprise Production Environments. In Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011), Dublin, Ireland, May 2011.
  6. Shay Artzi, Julian Dolby, Frank Tip and Marco Pistoia. Directed Test Generation for Effective Fault Localization. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2010), Trento, Italy, July 2010.
  7. Shay Artzi, Julian Dolby, Frank Tip and Marco Pistoia. Practical Fault Localization for Dynamic Web Applications. In Proceedings of the 32nd International Conference on Software Engineering (ICSE 2010), Cape Town, South Africa, May 2010.
  8. Omer Tripp, Marco Pistoia, Stephen J. Fink, Manu Sridharan and Omri Weisman. TAJ: Effective Taint Analysis for Java. In Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation (PLDI 2009), Dublin, Ireland, June 2009.
  9. Emmanuel Geay, Marco Pistoia, Takaaki Tateishi, Barbara Ryder and Julian Dolby. Modular String-Sensitive Permission Analysis with Demand-Driven Precision. In Proceedings of the 31st International Conference on Software Engineering (ICSE 2009), Vancouver, BC, Canada, May 2009.
  10. Paolina Centonze, Robert J. Flynn and Marco Pistoia. Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies. In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, December 2007.
  11. Sharon Shoham, Eran Yahav, Stephen J. Fink and Marco Pistoia. Static Specification Mining Using Automata-Based Abstractions. In Proceedings of the ACM SIGSOFT 2007 International Symposium on Software Testing and Analysis (ISSTA 2007), London, United Kingdom, July 2007. ACM Press.
    Winner of the following recognitions:
    • ACM SIGSOFT Distinguished Paper Award.
    • IBM Research Pat Goldberg Memorial Best Paper Award (3 papers selected out of 130 submissions), IBM Thomas J. Watson Research Center, Hawthorne, NY, USA, July 2008.
    • Invited for publication in the IEEE Transaction on Software Engineering (TSE) Journal, Volume 34, Issue 5, Piscataway, NJ, USA, September 2008.
    • Invited to be extended into a chapter for book Mining Software Specifications: Methodologies and Applications. Data Mining and Knowledge Discovery Book Series by CRC Press. 2011.
  12. Marco Pistoia, Anindya Banerjee and David Naumann. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. In Proceedings of the IEEE Symposium on Security and Privacy 2007, Oakland, CA, May 2007.
  13. Marco Pistoia, Stephen J. Fink, Robert J. Flynn and Eran Yahav. When Role Models Have Flaws: Static Validation of Enterprise Security Policies. In Proceedings of the 29th International Conference on Software Engineering (ICSE 2007), Minneapolis, MN, May 2007.
  14. Paolina Centonze, Gleb Naumovich, Stephen J. Fink and Marco Pistoia. Role-Based Access Control Consistency Validation. In Proceedings of the ACM SIGSOFT 2006 International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, ME, USA, July 2006. ACM Press.
  15. Xiaolan Zhang, Larry Koved, Marco Pistoia, Sam Weber, Trent Jaeger, Guillaume Marceau and Liangzhao Zeng. The Case for Analysis Preserving Language Transformation. In Proceedings of the ACM SIGSOFT 2006 International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, ME, USA, July 2006. ACM Press.
  16. Marco Pistoia, Robert J. Flynn, Larry Koved and Vugranam C. Sreedhar. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In Proceedings of the 19th European Conference on Object-Oriented Programming (ECOOP 2005), pages 362-386, Glasgow, Scotland, UK, July 2005. Springer-Verlag.
  17. Larry Koved, Marco Pistoia and Aaron Kershenbaum. Access Rights Analysis for Java. In Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2002), pages 359-372, Seattle, WA, USA, November 2002. ACM Press.
  18. Magda Mourad, Jonathan Munson, Tamer Nadeem, Giovanni Pacifici, Marco Pistoia and Alaa Youssef. WebGuard: A System for Web Content Protection. In Poster Proceedings of the 10th International World Wide Web Conference (WWW 10), Hong Kong, China, May 2001.

Refereed Journal Articles

  1. Takaaki Tateishi, Marco Pistoia and Omer Tripp. Path- and Index-sensitive String Analysis based on Monadic Second-order Logic. To appear in ACM Journal on Transactions on Software Engineering and Methodology (TOSEM), 2013.
  2. Shay Artzi, Julian Dolby, Frank Tip and Marco Pistoia. Fault Localization for Dynamic Web Applications. IEEE Transactions on Software Engineering (TSE) Journal, Volume 38, Number 2, March - April 2012, pages 314-335.
  3. Marco Pistoia and Úlfar Erlingsson. Programming Languages and Program Analysis for Security: A Three-year Retrospective. ACM SIGPLAN Notices, Volume 43, Number 12, New York, NY, USA, December 2008.
  4. Sharon Shoham, Eran Yahav, Stephen J. Fink and Marco Pistoia. Static Specification Mining Using Automata-Based Abstractions. IEEE Transactions on Software Engineering (TSE) Journal, Volume 34, Number 5, Piscataway, NJ, USA, September 2008.
  5. Marco Pistoia, Satish Chandra, Stephen Fink and Eran Yahav. A Survey of Static Analysis Methods for Identifying Security Vulnerabilities in Software Systems. IBM Systems Journal, Volume 46, Number 2, Armonk, NY, USA, May 2007. International Business Machines Corporation.
  6. Marco Pistoia and Francesco Logozzo. Program Analysis for Security and Privacy. In Object-Oriented Technology: ECOOP 2006 Workshop Reader, Final Reports. Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July 2006. Lecture Notes in Computer Science (LNCS), volume 4379. Springer-Verlag.
  7. Larry Koved, Anthony J. Nadalin, Nataraj Nagaratnam, Marco Pistoia and Theodore Shrader. Security Challenges for Enterprise Java in an E-business Environment. IBM Systems Journal, Volume 40, Number 1, Pages 130-152, Armonk, NY, USA, January 2001. International Business Machines Corporation.

Books

  1. Úlfar Erlingsson and Marco Pistoia (editors). Proceedings of the ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security. ISBN 978-1-59593-936-4. Association for Computing Machinery. New York, NY, June 2008.
  2. Marco Pistoia. A Unified Mathematical Model for Stack- and Role-Based Authorization Systems. ISBN 0542247062. ProQuest Information and Learning. Ann Arbor, MI, January 2006.
  3. Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin. 企业级Java安全性——构建安全的J2EE应用. ISBN 7302097445. Tsinghua University Press. People's Republic of China, March 2006.
  4. Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin. Enterprise Java Security - Building Secure J2EE Applications. ISBN 0321118898. Addison-Wesley. Reading, MA, February 2004.
  5. Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani. Java 2 Network Security, Second Edition. ISBN 0130155926. Prentice Hall PTR. Upper Saddle River, NJ, August 1999.
  6. Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani. Java 2 Network Security. ISBN 0738413445. IBM Redbooks. Research Triangle Park, NC, June1999.
  7. Marco Pistoia and Corinne Letilley. IBM WebSphere Performance Pack: Load Balancing with IBM SecureWay Network Dispatcher. ISBN 0738414328. IBM Redbooks. Research Triangle Park, NC, October 1999.
  8. Marco Pistoia and Poh Yee Tiong. IBM WebSphere Performance Pack: Caching and Filtering with IBM Web Traffic Express. ISBN 073841431X. IBM Redbooks. Research Triangle Park, NC, October 1999.
  9. Marco Pistoia, Tom Menner, Catherine Milligan, and Bobby Gia Pham. IBM WebSphere Performance Pack: Web Content Management with AFS Enterprise File System. ISBN 0738414352. IBM Redbooks. Research Triangle Park, NC, October 1999.
  10. Marco Pistoia, Vincenzo Iovine, and Stefano Pischedda. IBM WebSphere Performance Pack Usage and Administration. ISBN 0738412163. IBM Redbooks. Research Triangle Park, NC, November 1998.
  11. Barry Nusbaum, Thomas Liu, Marco Pistoia, and Giancarlo Rochester. Network Computing Framework for e-business Guide. ISBN 0738401072. IBM Redbooks. Research Triangle Park, NC, September 1998.
  12. Marco Pistoia, Kenji Kojima, and Narayan Raghu. Internet Security in the Network Computing Framework. ISBN 0738400653. IBM Redbooks. Research Triangle Park, NC, September 1998.
  13. Barry Nusbaum, Marco Pistoia, Giancarlo Rochester, and Thomas Liu. Network Computing Framework Component Guide. ISBN 0738403954. IBM Redbooks. Research Triangle Park, NC, November 1997.

Theses

 

  1. Marco Pistoia. A Unified Mathematical Model for Stack- and Role-Based Authorization Systems. Ph.D. Dissertation. Polytechnic Institute of New York University, Department of Mathematics, Brooklyn, NY, USA, May 2005.
  2. Marco Pistoia. Reductive Algebraic Groups and Their Representations. M.S. Thesis. University of Rome, Tor Vergata, Department of Mathematics, Rome, Italy, July 1995.

Book Chapters

  1. Eran Yahav, Sharon Shoham, Stephen Fink and Marco Pistoia. Static Specification Mining Using Automata-Based Abstractions. Chapter in book Mining Software Specifications: Methodologies and Applications. Data Mining and Knowledge Discovery Book Series by CRC Press. March 2011.
  2. Murhammer, M., and O. Atakan, S. Bretz, L. Pugh, K. Suzuki, D. Wood. TCP/IP Tutorial and Technical Overview. ISBN 0130201308. Prentice Hall PTR. Upper Saddle River, NJ, December 1998.
  3. Carstensen, J., and H. Chen, D. Marker, D. Cornell, P. Zikopoulos. Linux for WebSphere and DB2 Servers. ISBN 0738414468. IBM Redbooks. Research Triangle Park, NC, October 1999.
  4. Sadtler, C., and J. Chambers, A. Schuldhaus. Load Balancing for eNetwork Communications Servers. ISBN 0738412945. IBM Redbooks. Research Triangle Park, NC, April 1999.
  5. Ferrari, J., and R. De Waele, H.P. Hippenstiel, M. Stingl. Guarding the Gates Using the IBM eNetwork Firewall V3.3 for Windows NT. ISBN 0738413623. IBM Redbooks. Research Triangle Park, NC, July 1999.
  6. Chung, D., and C. Emmerich, R. Priffer, B. Weiser, V. Mraz. Highly Available IBM eNetwork Firewall Using HACMP or eNetwork Dispatcher. ISBN 0738413607. Research Triangle Park, NC. IBM Redbooks, July 1999.
  7. Ueno, K., and T. Alcott, J. Carlson, A. Dunshea, H. Kitzhofer, Y. Hayakawa, F. Mogus, C.D. Wordsworth. WebSphere V3 Performance Tuning Guide. ISBN 0738415987. IBM Redbooks. Research Triangle Park, NC, March 2000.
  8. Nusbaum, B., and U. Loeser, A.R. San Jose. Publishing Tools in the Network Computing Framework. ISBN 0738403067. IBM Redbooks. Research Triangle Park, NC, April 1998.
  9. Fox, D. and L. Sarem. Using the Nways 2220 Performance Tools. ISBN 0738412341. IBM Redbooks. Research Triangle Park, NC, December 1998.

Refereed Conference Tutorials

  1. Marco Pistoia. Program Analysis and Programming Languages for Security. Invited Conference Tutorial. Tutorial Proceedings of the Ninth International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2008). San Francisco, CA, January 2008.
  2. Marco Pistoia, Ted Habeck and Larry Koved. Enabling Java 2 Runtime Security with Eclipse Plug-ins. Conference Tutorial. OSGi Developer Forum and World Congress. Paris, France, October 2005.
  3. Marco Pistoia. Java Security. Invited Conference Tutorial. Tutorial Proceedings of IEEE INFOCOM 2002. New York, NY, June 2002.
  4. Larry Koved, Anthony Nadalin and Marco Pistoia. Understanding the Java 2 Platform, Standard Edition (J2SE) Privileged Code: A Practical Approach. Conference Tutorial. Proceedings of Sun Microsystems’ JavaOne 2002 Conference. San Francisco, CA, March 2002.
  5. Larry Koved, Marco Pistoia and Aaron Kershenbaum. Understanding Java 2 Security Permissions for the Java 2 Platform: A Practical Approach. Conference Tutorial. In Proceedings of Sun Microsystems’ JavaOne 2001 Conference. San Francisco, CA, June 2001.
  6. Marco Pistoia. Java 2 Security. Technical Tutorial. Proceedings of International Conference for Java Developers 2001. New York, NY, February 2001.
  7. Marco Pistoia. Security in Java 2. Conference Tutorial. Tutorial Proceedings of the Association for Computing Machinery (ACM) Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2000) Conference. Minneapolis, MN, October 2000.
  8. Marco Pistoia. The New Java Security Model and Its Future Directions. Conference Tutorial. Proceedings of Colorado Software Summit 2000. Keystone, CO, October 2000.
  9. Marco Pistoia. An In-depth Look at Java Security. Conference Tutorial. Proceedings of the International Conference for Java Technology 2000. Santa Clara, CA, September 2000.
  10. Marco Pistoia. Java 2 Platform Security and Its Future Directions. Conference Tutorial. Proceedings of Sun Microsystems’ JavaOne 2000 Conference. San Francisco, CA, June 2000.
  11. Marco Pistoia. Java 2 Security Fundamentals. Technical Tutorial. Proceedings of the O'Reilly Conference on Java – Enterprise Java. Santa Clara, CA, March 2000.

Research Reports

  1. Shay Artzi, Julian Dolby, Frank Tip and Marco Pistoia. Directed Test Generation for Improved Fault Localization. IBM Research Report RC24989. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, May 2010. International Business Machines Corporation.
  2. Nikolai Joukov, Vasily Tarasov, Birgit Pfitzmann, Sergej Chicherin, Marco Pistoia and Takaaki Tateishi. Discovery of Hard-coded External Dependencies in Enterprise Production Environments. IBM Research Report RC24979. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, April 2010. International Business Machines Corporation.
  3. Ted Habeck, Larry Koved and Marco Pistoia. SWORD4J: Security WORkbench Development Environment 4 Java. IBM Research Report RC24554. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, May 2008. International Business Machines Corporation.
  4. Avraham Shinnar, Marco Pistoia, and Anindya Banerjee. A Language for Information Flow: Dynamic Information Tracking in Multiple Interdependent Dimensions. IBM Research Report RC24541. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, April 2008. International Business Machines Corporation.
  5. Marco Pistoia, Stephen J. Fink, Robert J. Flynn and Eran Yahav. When Role Models Have Flaws: Static Validation of Enterprise Security Policies. IBM Research Report RC24056. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, September 2006. International Business Machines Corporation.
  6. Paolina Centonze, Gleb Naumovich, Stephen J. Fink and Marco Pistoia. Role-Based Access Control Consistency Validation. IBM Research Report RC23876. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, February 2006. International Business Machines Corporation.
  7. Marco Pistoia and Robert J. Flynn. Interprocedural Analysis for Automatic Evaluation of Role-Based Access Control Policies. IBM Research Report RC23846. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, December 2005. International Business Machines Corporation.
  8. Marco Pistoia, Robert J. Flynn and Vugranam C. Sreedhar. Static Evaluation of Role-Based Access Control Policies in Distributed Component-Based Systems. IBM Research Report RC23836. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, December 2005. International Business Machines Corporation.
  9. Larry Koved, Aaron Kershenbaum and Marco Pistoia. Access Rights Analysis for Java. IBM Research Report RC22224. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, October 2001. International Business Machines Corporation.
  10. Magda Mourad, Jonathan Munson, Tamer Nadeem, Giovanni Pacifici, Marco Pistoia and Alaa Youssef. WebGuard: A System for Web Content Protection. IBM Research Report RC21944. IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, November 2000. International Business Machines Corporation.

Technical Reports

  1. Marco Pistoia and David Safford. Java Security Antipatterns (And the Top-Ten Guidelines to Avoid Them). Anti-Patterns: Exchanging Painful Lessons Learned, IBM Academy of Technology Conference, October 2005.
  2. Marco Pistoia. Caching and Filtering to Manage Internet Traffic and Bandwidth Demand. IBM Redpaper. International Technical Support Organization. REDP0003. Research Triangle Park, NC, January 1999.
  3. Marco Pistoia. Web Caching and Filtering with IBM WebSphere Performance Pack. IBM Redpaper. International Technical Support Organization. REDP0009. Research Triangle Park, NC, March 1999.