Presentations

Invited University Lectures, Seminars, and Courses

1. Marco Pistoia. Security for Web Languages. University Lecture. Scripting Languages Course G22.3033-002, Summer 2008. New York University, New York, NY, July 2008. Invited by Prof. Martin Hirzel.
   
2. Marco Pistoia. A Language for Information Flow: Dynamic Information Tracking in Multiple Interdependent Dimensions. University Seminar. Security and Privacy Day at Stony Brook University, Stony Brook, NY, May 2008. Invited by Prof. Radu Sion and Prof. Scott Stoller. Joint work with Avraham Shinnar and Anindya Banerjee.
   
3. Marco Pistoia. Application Security. University Graduate Course CS 9163. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, Spring 2008 Semester (January-May 2008). Invited by Prof. Nasir Memon.
   
4. Marco Pistoia. A Unified Access-Control and Information-Flow Security Model for Dynamic Tracking of Multiple, Interdependent Dimensions of Information. University Seminar. Tohoku University, Sendai, Japan, August 2007. Invited by Prof. Eijiro Sumii.
   
5. Marco Pistoia. Program Analysis for Access Control and Information Flow. University Seminar. National Institute of Informatics, Tokyo, Japan, August 2007. Invited by Prof. Katsuhisa Maruyama.
   
6. Marco Pistoia. Application Security. University Graduate Course CS 9163. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, Fall 2007 Semester (August-December 2007). Invited by Prof. Nasir Memon.
   
7. Marco Pistoia. Application Security. University Graduate Course CS 9164. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, Summer 2007 Semester (May-August 2007). Invited by Prof. Nasir Memon.
   
8. Marco Pistoia. Writing Secure Code for Today’s Web Application Security. University Seminar. New York State Center for Advanced Technology in Telecommunications (CATT). Brooklyn, NY, May 2007. Host: Prof. Nasir Memon.
   
9. Marco Pistoia. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. University Seminar. Stevens Institute of Technology, Computer Science Department, Hoboken, NJ, USA, May 2007. Host: Prof. David Naumann.
   
10. Marco Pistoia, Anindya Banerjee, and David Naumann. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. Research Seminar. IBM Programmin Languages Day 2007, IBM Thomas J. Watson Research Center, Hawthorne, NY, USA, May 2007.
    
11. Marco Pistoia. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. University Seminar. Center for Research on Computation and Society (CRCS), Harvard University, Cambridge, MA, USA, March 2007. Host: Prof. Greg Morrisett.
    
12. Marco Pistoia. Static Analysis for Role-Based Access Control Policy Validation. University Seminar. University of Maryland, Electrical and Computer Engineering Department, College Park, MD, USA, March 2007. Host: Prof. Michael Hicks.
    
13. Marco Pistoia. Static Analysis for Role-Based Access Control Policy Validation. University Seminar. Programming Languages Research Group (PROLANGS), Rutgers University, Piscataway, NJ, USA, February 2007. Host: Prof. Barbara Ryder.
    
14. Marco Pistoia. Application Security. University Graduate Course CS 9164. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, Spring 2007 Semester (January-May 2007). Invited by Prof. Nasir Memon.
    
15. Ted Habeck, Larry Koved, and Marco Pistoia. IBM Security Workbench Development for Java. University Seminar. Stevens/IBM/Columbia Security and Privacy Day. IBM Thomas J. Watson Research Center, Hawthorne, NY, November 2006.
    
16. Marco Pistoia. Role-Based Access Control Consistency Validation. University Seminar. Stevens Institute of Technology, Computer Science Department, Hoboken, NJ, USA, May 2006. Host: Prof. David Naumann.
    
17. Marco Pistoia. A Unified Static Analysis Model for Stack- and Role-Based Authorization Systems. University Seminar. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, USA, March 2006. Host: Prof. Robert J. Flynn.
    
18. Marco Pistoia, Ted Habeck, and Larry Koved. IBM Security Workbench Development Environment for Java. University Seminar. Stevens/IBM/Columbia Security and Privacy Day. Stevens Institute of Technology, Hoboken, NJ, USA, November 2005.
    
19. Marco Pistoia. Using Static Program Analysis for Stack-Inspection- and Role-Based Access Control Systems Security. University Seminar. École Normale Supérieure, Paris, France, October 2005. Host: Prof. Patrick Cousot.
    
20. Marco Pistoia. Java Security. University Seminar. New York State Center for Advanced Technology in Telecommunications (CATT). Brooklyn, NY, April 2001. Host: Prof. Shivendra Panwar.
    
21. Marco Pistoia. J2SE and J2EE Security. Invited University Lecture. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, March 2004. Host: Prof. Nasir Memon.
    
22. Marco Pistoia. Java and Operating System Security. University Lecture. Polytechnic University, Department of Computer Science, Hawthorne, NY, December 2000. Host: Prof. Robert J. Flynn.
    
23. Marco Pistoia. Java 2 Network Security. University Lecture. Polytechnic University, Department of Computer and Information Science, Brooklyn, NY, November 2000. Host: Prof. Phyllis Frankl.
    
24. Marco Pistoia. Java 2 Security. University Graduate Course CS919. Polytechnic University, Department of Computer and Information Science, Hawthorne, NY, Fall 2000 Semester (September-December 2000). Invited by Prof. Robert J. Flynn.
    
25. Marco Pistoia. Java 2 Security Fundamentals. Seminar. Java and XML Summit 2000, University of Texas, Austin, TX, February 2000.

Conference Presentations

1. Marco Pistoia. Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies. Twenty-third Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, FL, December 2007.
   
2. Marco Pistoia. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. IEEE Symposium on Security and Privacy 2007, Oakland, CA, May 2007.
   
3. Marco Pistoia. When Role Models Have Flaws: Static Validation of Enterprise Security Policies. 29th International Conference on Software Engineering (ICSE 2007), Minneapolis, MN, May 2007.
   
4. Ted Habeck, Larry Koved, and Marco Pistoia. Security Workbench Development for Java (SWORD4J). Conference demonstration. ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Application (OOPSLA 2006), Portland, OR, October 2006.
   
5. Paolina Centonze, Gleb Naumovich, Stephen J. Fink, and Marco Pistoia. Role-Based Access Control Consistency Validation. Conference presentation. ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, ME, July 2006.
   
6. Marco Pistoia. Static Analysis for Stack-Inspection and Role-Based Access Control Systems. Keynote. Program Analysis for Safety and Security Workshop Discussion (PASSWORD 2006), co-located with the 20th European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July 2006.
   
7. Francesco Logozzo and Marco Pistoia. Challenges in Static and Dynamic Analysis for Security. Talk. Program Analysis for Safety and Security Workshop Discussion (PASSWORD 2006), co-located with the 20th European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July 2006.
   
8. Ted Habeck, Larry Koved, and Marco Pistoia. Addressing Security in the Eclipse Core Runtime (RCP): Issues and Roadmap. EclipseCon 2006, Santa Clara, CA, March 2006.
   
9. Marco Pistoia, Ted Habeck, and Lawrence Koved. Security WORkbench Developer environment For Java. EclipseWorld. New York, NY, August 2005.
   
10. Marco Pistoia, Ted Habeck, and Larry Koved. Enabling Java 2 Runtime Security with Eclipse Plug-ins. OSGi Developer Forum and World Congress. Paris, France, October 2005.
    
11. Marco Pistoia, Robert J. Flynn, Larry Koved, and Vugranam C. Sreedhar. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. ECOOP 2005, Glasgow, Scotland, UK, July 2005.
    
12. Marco Pistoia. Java Security. Invited Conference Tutorial. Tutorial Proceedings of IEEE INFOCOM 2002. New York, NY, June 2002.
    
13. Marco Pistoia. Security in Java 2. Conference Tutorial. Tutorial Proceedings of the Association for Computing Machinery (ACM) Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2000) Conference. Minneapolis, MN, October 2000.
    
14. Koved, L., and M. Pistoia, A. Kershenabum. Access Rights Analysis for Java. Conference Presentation. Proceedings of the Association for Computing Machinery (ACM) Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA) 2002 Conference. Seattle, WA, November 2002.
    
15. Larry Koved, Darrell Reimer, David W. Coleman, Robert D. Johnson, Aaron Kershenbaum, George Leeman, Marco Pistoia, Vivek Sarkar, Kavitha Srinivas, Sara Porat, Tal Cohen, Vitaly Feldman, Marina Biberstein, Matt Hogstrom, Carolyn Norton, Tim Francis, and Scott Rich. Saber: Performance Optimization and Enforcement of J2EE Best Practices. Presented at the IBM Academy Conference on Performance Engineering. Toronto, Canada, May 2002.
    
16. Pistoia, Marco. Understanding Java 2 Security Permissions: A Practical Approach. Technical Presentation. Proceedings of IBM developerWorks Live! Conference. San Francisco, CA, May 2002.
    
17. Koved, L., and A. Nadalin, M. Pistoia. Understanding the Java: 2 Platform, Standard Edition (J2SE) Privileged Code: A Practical Approach. Technical Presentation. Proceedings of Sun Microsystems’ JavaOne 2002 Conference. San Francisco, CA, March 2002.
    
18. Koved, L., and M. Pistoia. Understanding Java 2 Security Permissions: A Practical Approach. Technical Presentation. Proceedings of the IBM Solutions 2001 Conference. San Francisco, CA, August 2001.
    
19. Mourad, M., and J. Munson, T. Nadeem, G. Pacifici, M. Pistoia, A. Youssef. Document Protection in VOTEC. Technical Presentation. International Conference on Information/Communication in Asia. Kitakyushu, Japan, July 2001.
    
20. Kershenbaum, A., and L. Koved, M. Pistoia. Understanding Java 2 Security Permissions for the Java 2 Platform: A Practical Approach, Technical Presentation, in Proceedings of Sun Microsystems’ JavaOne 2001 Conference. San Francisco, CA, June 2001.
    
21. Koved, L., and A. Kershenbaum, M. Pistoia. Permission Analysis for the Java 2 Platform. Technical Presentation. IEEE Symposium on Security and Privacy. Oakland, NY, May 2001.
    
22. Pistoia, Marco. The New Java Security Model and Its Future Directions. Technical Presentation. Proceedings of Colorado Software Summit 2000. Keystone, CO, October 2000.
    
23. Pistoia, Marco. Introduction to Java 2 Security. Technical Presentation. Proceedings of the IBM SecureWorld Conference. Orlando, FL, October 2000.
    
24. Pistoia, Marco. An In-Depth Look at Java Security. Technical Presentation. Proceedings of the International Conference for Java Technology 2000. Santa Clara, CA, September 2000.
    
25. Pistoia, Marco. Introduction to Java 2 Security - The Architecture, and Advanced Java 2 Security - Configuration, Security API, Cryptography, and Reverse Engineering. Technical Presentations. Proceedings of the IBM Solutions 2000 Conference. Las Vegas, NV, August 2000.
    
26. Pistoia, Marco. Java 2 Platform Security and Its Future Directions. Technical Presentation. Proceedings of Sun Microsystems’ JavaOne 2000 Conference. San Francisco, CA, June 2000.