Send email Copy Email Address
© Tobias Ebelshäuser
Faculty

Cristian-Alexandru Staicu

Research Group
Empirical & Behavioral Security Program Analysis Software Engineering Software Security Software Testing

Email

Address

Kaiserstraße 21
66386 St. Ingbert (Germany)

Further Information

Short Bio

Dr. Cristian Staicu is a tenure-track faculty at CISPA. He completed his PhD in the Software Lab group at TU Darmstadt, Germany under the supervision of Michael Pradel. Prior to that, he obtained his Master's from EIT Digital, a European double degree Master's program. Concretely, he studied one year at the University of Twente, Netherlands and one year at University of Trento, Italy. He obtained his Bachelor's degree in Computer Engineering from Politehnica University of Timișoara, Romania. His core research interest is in system security, at the intersection of software/web security, software engineering and programming languages. One of the central goals of his research group is to directly contribute to the open-source ecosystem: either by building tools that can be used by practitioners or by uncovering security vulnerabilities in real systems/projects.

CV: Last stations

Since 2020
Tenure-track Faculty at CISPA Helmholtz Center for Information Security
2014 - 2020
Research Assistant / PhD Student TU Darmstadt, Germany
2018 - 2018
Research Intern Semmle Inc Oxford (now GitHub), UK
2012 - 2014
Master Student at EIT Digital Master School; University of Trento, Italy / University of Twente, Netherlands

Publications by Cristian-Alexandru Staicu

Year 2025

2025-02-23

Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem

Conference / Medium

Network and Distributed System Security Symposium (NDSS)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page

Year 2024

2024-11-01

Typed and Confused: Studying the Unexpected Dangers of Gradual Typing

Conference / Medium

Automated Software Engineering Conference (ASE)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2024-10-27

A Generalized Approach for Solving Web Form Constraints

Conference / Medium

Automated Software Engineering Conference (ASE)

Tags
Threat Detection and Defenses
Authors
Full Paper Visit Detail Page

Year 2023

2023-11-15

Jack-in-the-box: An Empirical Study of JavaScript Bundling on the Web and its Security Implications

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2023-08

SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2023-08

Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2023-05-01

SecBench.js: An Executable Security Benchmark Suite for Server-Side JavaScript

Conference / Medium

International Conference on Software Engineering (ICSE)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2023

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

Conference / Medium

Usenix Security Symposium (USENIX-Security)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page

Year 2021

2021-11-12

Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction

Conference / Medium

ACM Conference on Computer and Communications Security (CCS)

Tags
Empirical & Behavioral Security
Authors
Full Paper Visit Detail Page
2021-09-17

SampleFix: Learning to Generate Functionally Diverse Fixes

Conference / Medium

International Workshop on Machine Learning in Software Engineering in conjuncture with ECML PKDD ()
Communications in Computer and Information Science

Tags
Trustworthy Information Processing
Authors
Full Paper Visit Detail Page