Marco Pistoia  Marco Pistoia photo         

contact information

Distinguished Research Staff Member, Senior Manager, Master Inventor - Quantum Computing Algorithms and Applications
IBM Thomas J. Watson Research Center, Yorktown Heights, NY USA
  +1dash914dash945dash1263

links


more information

More information:  Personal Web Site


Books

 

  1. Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin.
    • Enterprise Java Security - Building Secure J2EE Applications. ISBN 0321118898. Addison-Wesley. Reading, MA, February 2004.
    • 企业级Java安全性——构建安全的J2EE应用. ISBN 7302097445. Tsinghua University Press. People's Republic of China, March 2006.
  2. Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani.  Java 2 Network Security, Second Edition. ISBN 0130155926. Prentice Hall PTR. Upper Saddle River, NJ, August 1999.

Theses

  1. Marco Pistoia. A Unified Mathematical Model for Stack- and Role-Based Authorization Systems. Ph.D. Dissertation. New York University, Department of Mathematics, New York, New York, USA, May 2005.  Also available as a publication by ProQuest Information and Learning. Ann Arbor, MI, January 2006, ISBN 0542247062.
  2. Marco Pistoia. Reductive Algebraic Groups and Their Representations. M.S. Thesis. University of Rome, Tor Vergata, Department of Mathematics, Rome, Italy, July 1995.

Select Refereed Journal Articles

  1. Peng Liu, Shaohan Hu, Marco Pistoia, Chun-Fu Chen, Jay M. Gambetta.  Stochastic Optimization of Quantum Programs. IEEE Computer 52(6): 58-67 (2019).
  2. Shaohan Hu, Peng Liu, Chun-Fu Chen, Marco Pistoia, Jay M. Gambetta.  Reduction-Based Problem Mapping for Quantum Computing. IEEE Computer 52(6): 47-57 (2019).
  3. Chun-Fu Chen, Quanfu Fan, Marco Pistoia, Gwo Giun Lee.  Efficient Fusion of Sparse and Complementary Convolutions for Object Recognition and Detection. CoRR abs/1808.02167 (2018).
  4. Paul C. Castro, Joseph W. Ligman, Marco Pistoia, John Ponzo, Gegi S. Thomas and Umut Topkara.  Run-time Adaptive Multi-factor Authentication for Mobile Devices.  IBM Journal of Research and Development, Volume 57, Issue 6, November-December 2013.
  5. Paul C. Castro, Joseph W. Ligman, Marco Pistoia, John Ponzo, Gegi S. Thomas, Stephen P. Wood and Mauro Baluda.  Enabling Bring-Your-Own-Device Using Mobile Application Instrumentation.  IBM Journal of Research and Development, Volume 57, Issue 6, November-December 2013.
  6. Dragoş Sbîrlea, Michael G. Burke, Salvatore Guarnieri, Marco Pistoia and Vivek Sarkar.  Automatic Detection of Inter-application Permission Leaks in Android Applications.  IBM Journal of Research and Development, Volume 57, Issue 6, November-December 2013.
  7. Takaaki Tateishi, Marco Pistoia and Omer Tripp. Path- and Index-sensitive String Analysis based on Monadic Second-order Logic.  In Proceedings of ACM Journal on Transactions on Software Engineering and Methodology (TOSEM), Volume 22, Number 4, October 2013.
  8. Shay Artzi, Julian Dolby, Frank Tip and Marco Pistoia.  Fault Localization for Dynamic Web Applications.  IEEE Transactions on Software Engineering (TSE) Journal, Volume 38, Number 2, March - April 2012, pages 314-335.
  9. Marco Pistoia and Úlfar Erlingsson. Programming Languages and Program Analysis for Security: A Three-year Retrospective. ACM SIGPLAN Notices, Volume 43, Number 12, New York, NY, USA, December 2008.
  10. Sharon Shoham, Eran Yahav, Stephen J. Fink, and Marco Pistoia. Static Specification Mining Using Automata-Based Abstractions. IEEE Transactions on Software Engineering (TSE) Journal, Volume 34, Number 5, Piscataway, NJ, USA, September 2008.
  11. Marco Pistoia, Satish Chandra, Stephen Fink, and Eran Yahav. A Survey of Static Analysis Methods for Identifying Security Vulnerabilities in Software Systems. IBM Systems Journal, volume 46, number 2, Armonk, NY, USA, May 2007. International Business Machines Corporation.
  12. Larry Koved, Anthony J. Nadalin, Nataraj Nagaratnam, Marco Pistoia, and Theodore Shrader. Security Challenges for Enterprise Java in an E-business Environment. IBM Systems Journal, volume 40, number 1, pages 130-152, Armonk, NY, USA, January 2001. International Business Machines Corporation.

Select Refereed Conference Papers

  1. Shaohan Hu, Dmitri Maslov, Marco Pistoia, Jay M. Gambetta.  Efficient Circuits for Quantum Search over 2D Square Lattice Architecture. ACM SIGDA Design Automation Conference (DAC) 2019: 236:1-236:2.
  2. Luciano Bello, Marco Pistoia.  ARES: triggering payload of evasive Android malware. ACM/IEEE MOBILESoft 2018: 2-12.
  3. Shaohan Hu, Peng Liu, Chun-Fu Chen, Marco Pistoia.  Automatically solving NP-complete problems on a quantum computer.  ACM/IEEE International Conference on Software Engineering (ICSE) 2018: 258-259.
  4. Chun-Fu Chen, Jinwook Oh, Quanfu Fan, Marco Pistoia.  SC-Conv: Sparse-Complementary Convolution for Efficient Model Utilization on CNNs.  IEEE International Symposium on Multimedia (ISM) 2018: 97-100.
  5. Abdulbaki Aydin, David Piorkowski, Omer Tripp, Pietro Ferrara, Marco Pistoia.  Visual Configuration of Mobile Privacy Policies.  International Conference on Fundamental Approaches to Software Engineering (FASE 2017): 338-355.
  6. Peng Liu, Xiangyu Zhang, Marco Pistoia, Yunhui Zheng, Manoel Marques, Lingfei Zeng.  Automatic text input generation for mobile testing. ACM/IEEE International Conference on Software Engineering (ICSE) 2017: 643-653.
  7. Chun-Fu Chen, Marco Pistoia, Conglei Shi, Paolo Girolami, Joseph W. Ligman, Yong Wang.  UI X-Ray: Interactive Mobile UI Testing Based on Computer Vision.  ACM International Conference on Intelligent User Interfaces (IUI) 2017: 245-255.  Best Paper Award.
  8. David Piorkowski, Sean Penney, Austin Z. Henley, Marco Pistoia, Margaret M. Burnett, Omer Tripp, Pietro Ferrara.  Foraging goes mobile: Foraging while debugging on mobile devices. IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC) 2017: 9-17.  Honorable Mention Award.
  9. Petar Tsankov, Marco Pistoia, Omer Tripp, Martin T. Vechev, Pietro Ferrara.  FASE: functionality-aware security enforcement.  Annual Conference on Computer Security Applications (ACSAC) 2016: 471-483.
  10. David Lubensky, Marco Pistoia, Ching-Yung Lin, Omer Tripp.  Cognitive mobile security. Invited Conference Keynote. ACM/IEEE MOBILESoft 2016: 267-268.
  11. Omer Tripp, Marco Pistoia, Pietro Ferrara, Julia Rubin.  Pinpointing mobile malware using code analysis.  ACM/IEEE MOBILESoft 2016: 275-276.
  12. Joe W. Ligman, Marco Pistoia, Omer Tripp, Gegi Thomas.  Improving design validation of mobile application user interface implementation. ACM/IEEE MOBILESoft 2016: 277-278.
  13. Mauro Baluda, Marco Pistoia, Paul C. Castro, Omer Tripp.  A framework for automatic anomaly detection in mobile applications. ACM/IEEE MOBILESoft 2016: 297-298.
  14. Pietro Ferrara, Omer Tripp, and Marco Pistoia.  Morphdroid: Fine-grained Privacy Verification.  In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles, CA, USA, December 2015.
  15. Marco Pistoia.  Program Analysis for Mobile Application Integrity and Privacy Enforcement. ACM Conference on Computer and Communications Security (CCS) 2015: 1698-1699.
  16. Lucas Brutschy, Pietro Ferrara, Omer Tripp, and Marco Pistoia.  ShamDroid: Gracefully Degrading Functionality in the Presence of Limited Resource Access.  In Proceedings of the 2015 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2015), Pittsburgh, PA, USA, October 2015.
  17. Gianluca Barbon, Agostino Cortesi, Pietro Ferrara, Marco Pistoia, and Omer Tripp.  Privacy Analysis of Android Apps: Implicit Flows and Quantitative Analysis.  In Proceedings of the 14th IFIP International Conference on Computer Information Systems and Industrial Management (CISIM 2015), Warsaw, Poland, September 2015.
  18. Marco Pistoia, Omer Tripp, Pietro Ferrara and Paolina Centonze.  Automatic Detection, Correction and Visualization of Security Vulnerabilities in Mobile Apps.  ACM/IEEE Mobile Development Lifecycle (MobileDeLi 2015), Pittsburgh, PA, USA, October 2015.
  19. Roee Hay, Omer Tripp, and Marco Pistoia.  Dynamic Detection of Inter-application Communication Vulnerabilities in Android.  In Proceedings of the 2015 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2015), Baltimore, MD, USA, July 2015.
  20. Paolina Centonze, Marco Pistoia, and Omer Tripp. Access-rights Analysis in the Presence of Subjects.  In Proceedings of the 29th European Conference on Object Oriented Programming (ECOOP 2015), Prague, Czech Republic, July 2015.
  21. Marco Pistoia, Omer Tripp, Paolina Centonze, and Joseph Ligman.  Labyrinth: Visually Configurable Data-leakage Detection in Mobile Applications.  Invited Paper.  In Proceedings of the 17th IEEE International Conference on Mobile Data Management (MDM 2015), Pittsburgh, PA, USA, June 2015.
  22. Omer Tripp, Marco Pistoia, and Paolina Centonze.  Application- and User-sensitive Privacy Enforcement in Mobile Systems.  ACM/IEEE International Conference on Mobile Software Engineering and Systems (MOBILESoft 2015), Florence, Italy, May 2015.
  23. Agostino Cortesi, Pietro Ferrara, Marco Pistoia, and Omer Tripp. Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications.  In Proceedings of the 16th ACM International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2015), Mumbai, India, January 2015.
  24. Omer Tripp, Salvatore Guarnieri, Marco Pistoia, and Aleksandr Y. Aravkin. ALETHEIA: Improving the Usability of Static Security Analysis.  In Proceedings of the 2014 ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, AZ, USA, November 2014.
  25. Marco Pistoia and Omer Tripp.  Integrating Security, Analytics and Application Management into the Mobile Development Lifecycle.  In Proceedings of the 2nd International Workshop on Mobile Development Lifecycle (MobileDeLi 2014), Portland, OR, USA, October 2014.
  26. Omer Tripp, Pietro Ferrara, and Marco Pistoia.  Hybrid Security Analysis of Web JavaScript Code via Dynamic Partial Evaluation.  In Proceedings of the 2014 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2014), San Jose, CA, USA, July 2014.  Winner of the ACM SIGSOFT Distinguished Paper Award.
  27. Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot and Salvatore Guarnieri. Andromeda: Accurate and Scalable Security Analysis of Web Applications. In proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering (FASE 2013), held as part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2013), Rome, Italy, March 2013, pages 210-225.
  28. Manu Sridharan, Shay Artzi, Marco Pistoia, Salvatore Guarnieri, Omer Tripp, and Ryan Berg: Taint Analysis of Framework-based Web Applications.  In Proceedings of the 2011 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2011), Portland, OR, USA, October 2011.
  29. Takaaki Tateishi, Marco Pistoia, and Omer Tripp.  Path- and Index-sensitive String Analysis Based on Monadic Second-order Logic.  In Proceedings of the 2011 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2011), Toronto, ON, Canada, July 2011.  Winner of the ACM SIGSOFT Distinguished Paper Award.
  30. Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet and Ryan Berg.  Saving the World Wide Web from Vulnerable JavaScript. In Proceedings of the 2011 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2011), Toronto, ON, Canada, July 2011.
  31. Nikolai Joukov, Vasily Tarasov, Birgit Pfitzmann, Sergej Chicherin, Marco Pistoia, and Takaaki Tateishi.  Discovery of Hard-coded External Dependencies in Enterprise Production Environments.  In Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011), Dublin, Ireland, May 2011.
  32. Shay Artzi, Julian Dolby, Frank Tip, and Marco Pistoia.  Directed Test Generation for Effective Fault Localization.  In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2010), Trento, Italy, July 2010.
  33. Shay Artzi, Julian Dolby, Frank Tip, and Marco Pistoia. Practical Fault Localization for Dynamic Web Applications.  In Proceedings of the 32nd International Conference on Software Engineering (ICSE 2010), Cape Town, South Africa, May 2010.
  34. Omer Tripp, Marco Pistoia, Stephen J. Fink, Manu Sridharan, and Omri Weisman. TAJ: Effective Taint Analysis for Java.  In Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation (PLDI 2009), Dublin, Ireland, June 2009.
  35. Emmanuel Geay, Marco Pistoia, Takaaki Tateishi, Barbara Ryder, and Julian Dolby. Modular String-Sensitive Permission Analysis with Demand-Driven Precision.  In Proceedings of the 31st International Conference on Software Engineering (ICSE 2009), Vancouver, BC, Canada, May 2009.
  36. Marco Pistoia. Program Analysis and Programming Languages for Security.  Proceedings of the Ninth International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2008). San Francisco, CA, January 2008.
  37. Paolina Centonze, Robert J. Flynn, and Marco Pistoia. Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies. In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, December 2007.
  38. Sharon Shoham, Eran Yahav, Stephen J. Fink, and Marco Pistoia. Static Specification Mining Using Automata-Based Abstractions. In Proceedings of the ACM SIGSOFT 2007 International Symposium on Software Testing and Analysis (ISSTA 2007), London, United Kingdom, July 2007. ACM Press.  Winner of the following recognitions:
    • ACM SIGSOFT Distinguished Paper Award.
    • IBM Research Pat Goldberg Memorial Best Paper Award (3 papers selected out of 130 submissions), IBM Thomas J. Watson Research Center, Hawthorne, NY, USA, July 2008.
    • Invited for publication in the IEEE Transaction on Software Engineering (TSE) Journal, Volume 34, Issue 5, Piscataway, NJ, USA, September 2008.
    • Invited to be extended into a chapter for book Mining Software Specifications: Methodologies and Applications.  Data Mining and Knowledge Discovery Book Series by CRC Press.  2011.
  39. Marco Pistoia, Anindya Banerjee, and David Naumann. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. In Proceedings of the IEEE Symposium on Security and Privacy 2007, Oakland, CA, May 2007.
  40. Marco Pistoia, Stephen J. Fink, Robert J. Flynn, and Eran Yahav. When Role Models Have Flaws: Static Validation of Enterprise Security Policies. In Proceedings of the 29th International Conference on Software Engineering (ICSE 2007), Minneapolis, MN, May 2007.
  41. Marco Pistoia and Francesco Logozzo. Program Analysis for Security and Privacy. In Object-Oriented Technology: ECOOP 2006 Workshop Reader, Final Reports. Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July 2006.  Lecture Notes in Computer Science (LNCS), volume 4379. Springer-Verlag.
  42. Paolina Centonze, Gleb Naumovich, Stephen J. Fink and Marco Pistoia. Role-Based Access Control Consistency Validation. In Proceedings of the ACM SIGSOFT 2006 International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, ME, USA, July 2006. ACM Press.
  43. Xiaolan Zhang, Larry Koved, Marco Pistoia, Sam Weber, Trent Jaeger, Guillaume Marceau and Liangzhao Zeng. The Case for Analysis Preserving Language Transformation. In Proceedings of the ACM SIGSOFT 2006 International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, ME, USA, July 2006. ACM Press.
  44. Marco Pistoia, Robert J. Flynn, Larry Koved, and Vugranam C. Sreedhar. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In Proceedings of the 19th European Conference on Object-Oriented Programming (ECOOP 2005), pages 362-386, Glasgow, Scotland, UK, July 2005. Springer-Verlag.
  45. Larry Koved, Marco Pistoia, and Aaron Kershenbaum. Access Rights Analysis for Java. In Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2002), pages 359-372, Seattle, WA, USA, November 2002. ACM Press.
  46. Magda Mourad, Jonathan Munson, Tamer Nadeem, Giovanni Pacifici, Marco Pistoia, and Alaa Youssef. WebGuard: A System for Web Content Protection. In Poster Proceedings of the 10th International World Wide Web Conference (WWW 10), Hong Kong, China, May 2001.
 

Refereed Conference Tutorials

  1. Marco Pistoia.  Program Analysis for Privacy of Mobile Applications.  Conference Tutorial.  Tutorial Proceedings of the 2015 Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles, CA, USA, December 2015.
  2. Marco Pistoia.  Program Analysis for Mobile Application Integrity.  In Tutorial proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, CO, USA, October 2015.
  3. Marco Pistoia. Program Analysis and Programming Languages for Security. Invited Conference Tutorial. Tutorial Proceedings of the Ninth International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2008). San Francisco, CA, January 2008.
  4. Marco Pistoia. Java Security. Invited Conference Tutorial. Tutorial Proceedings of IEEE INFOCOM 2002. New York, NY, June 2002.
  5. Marco Pistoia. Security in Java 2. Conference Tutorial. Tutorial Proceedings of the Association for Computing Machinery (ACM) Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2000) Conference. Minneapolis, MN, October 2000.

Book Chapters

  1. Marco Pistoia, Omer Tripp, Pietro Ferrara and David Lubensky.   Combining Program Analysis and Machine Learning to Enforce Mobile Application Security.  Chapter in book Mobile Application Development, Usability, and Security, IGI Global, 2016.
  2. Eran Yahav, Sharon Shoham, Stephen Fink and Marco Pistoia.  Static Specification Mining Using Automata-Based Abstractions.  Chapter in book Mining Software Specifications: Methodologies and Applications.  Data Mining and Knowledge Discovery Book Series by CRC Press.  March 2011.
  3. Murhammer, M., and O. Atakan, S. Bretz, L. Pugh, K. Suzuki, D. Wood. TCP/IP Tutorial and Technical Overview. ISBN 0130201308. Prentice Hall PTR. Upper Saddle River, NJ, December 1998.