Faculty

Cristian-Alexandru Staicu

Empirical & Behavioral Security Program Analysis Software Engineering Software Security Software Testing

Email

Address

Kaiserstraße 21
66386 St. Ingbert (Germany)

Further Information

Short Bio

Dr. Cristian Staicu is a tenure-track faculty at CISPA. He completed his PhD in the Software Lab group at TU Darmstadt, Germany under the supervision of Michael Pradel. Prior to that, he obtained his Master's from EIT Digital, a European double degree Master's program. Concretely, he studied one year at the University of Twente, Netherlands and one year at University of Trento, Italy. He obtained his Bachelor's degree in Computer Engineering from Politehnica University of Timișoara, Romania. His core research interest is in system security, at the intersection of software/web security, software engineering and programming languages. One of the central goals of his research group is to directly contribute to the open-source ecosystem: either by building tools that can be used by practitioners or by uncovering security vulnerabilities in real systems/projects.

CV: Last stations

Since 2020: Tenure-track Faculty at CISPA Helmholtz Center for Information Security
2014 - 2020: Research Assistant / PhD Student TU Darmstadt, Germany
2018 - 2018: Research Intern Semmle Inc Oxford (now GitHub), UK
2012 - 2014: Master Student at EIT Digital Master School; University of Trento, Italy / University of Twente, Netherlands

Publications by Cristian-Alexandru Staicu

Year 2023

2023-11-15

Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

2023-08

SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Full Paper Visit Detail Page

2023-08

Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Cristian-Alexandru Staicu
Sazzadur Rahaman
Ágnes Kiss
Michael Backes

Full Paper Visit Detail Page

2023-05-01

SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript

Conference / Medium

International Conference on Software Engineering (ICSE)

Tags

Empirical & Behavioral Security

Authors

Masudul Hasan Masud Bhuiyan
Adithya Srinivas Parthasarathy
Nikos Vasilakis
Michael Pradel
Cristian-Alexandru Staicu

Full Paper Visit Detail Page

2023

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags

Empirical & Behavioral Security

Authors

Mikhail Shcherbakov
Musard Balliu
Cristian-Alexandru Staicu

Full Paper Visit Detail Page

Year 2021

2021-11-12

Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)

Tags

Threat Detection and Defenses Empirical & Behavioral Security

Authors

Nikos Vasilakis
Cristian-Alexandru Staicu
Grigoris Ntousakis
Konstantinos Kallas
Ben Karel
André DeHon
Michael Pradel

Full Paper Visit Detail Page

2021-09-17

SampleFix: Learning to Generate Functionally Diverse Fixes

chapter

Communications in Computer and Information Science

Tags

Trustworthy Information Processing

Authors

Full Paper Visit Detail Page