About Me                         Current Research                           Publications                          Selected Talks

---

About Me

---

Hi, I am Ankur Taly, Research Scientist in the Security Research group at Google. Prior to joining Google, I was a PhD candidate in the Dept. of Computer Science at Stanford University, advised by Prof. John C. Mitchell. Before coming to Stanford, I spent four wonderful years at Indian Institute of Technology (IIT), Bombay where I completed my B.Tech in Computer Science and Engg.

Email: ataly AT stanford.edu

Research Interests: Formal Methods in general. Currently,

• Applications of: Logic, Programming Language Theory, Constraint Solving,...
• To: Web Security, Hybrid Systems, Program Verification, Synthesis,...

Curriculum Vitae: PDF

Recent:

• I am now a Research Scientist in the Security Research group at Google.
• My MSR internship work (with Patrice Godefroid) on automated synthesis of processor instruction encodings got accepted at PLDI'12!
• 3rd place at the AT&T Best Applied Security Paper Award competition, for the API Confinement paper (published at S&P 2011)
• Interned at MSR Redmond with Patrice Godefroid during June-Sept 2011 and worked on automated synthesis of symbolic instruction encodings from I/O samples
• My Encapsulation Analysis paper got into S&P 2011
• Interned at Google with the Caja group from June-Sept 2010
• Received the 2010 Google Phd Fellowship in Language Security
• Passed the Theory Quals: worked on Separation Logic, see report

I am no longer the coordinator of the Stanford Security Seminar. Kindly send an email to Joe Zimmerman if you would like to give a talk.

---

PC Participation

---

HOTSPOT 2013, PLAS 2013, POST 2014
Please consider submitting a paper to these venues.

---

Research Themes

---

• Securing Bearer-Token based Authorization frameworks (at Google)
• Semantics for JavaScript
  • A small-step style operational semantics for SES_light subset of ES5-strict based JavaScript Click Here (based on 5th edition of ECMA-262 spec)
  • A small-step style operational semantics for ES3 based JavaScript Click Here (based on 3rd edition of ECMA-262 spec)


• Javascript Sandboxing (with Prof. John C. Mitchell and Dr. Sergio Maffeis): This work revolves around designing and analyzing provably-secure language-based mechanisms for sandboxing untrusted JavaScript


• Hybrid Systems Verification (with Dr. Ashish Tiwari): This work revolves around formulating deductive techniques for synthesis and verification of hybrid systems. My current problem is to formulate a sound and complete rule for safety verification of continuous dynamical systems.

---

Publications

---

• Language-based security, Web Security


• Automated Analysis of Security-critical JavaScript APIs - Ankur Taly, Ulfar Erlingsson, Mark S. Miller, John C. Mitchell, Jasvir Nagra
  Accepted at IEEE Security & Privacy (Oakland conference) 2011 PDF


• Object Capabilities and Isolation of Untrusted Web Applications- Sergio Maffeis, John C. Mitchell, Ankur Taly
  Proc. of IEEE Security & Privacy (Oakland conference) 2010 PDF


• Isolating JavaScript with Filters, Rewriting, and Wrappers - Sergio Maffeis, John C. Mitchell, Ankur Taly
  Proc. of ESORICS 2009 PDF


• Run-Time Enforcement of Secure JavaScript Subsets - Sergio Maffeis, John C. Mitchell, Ankur Taly
  W2SP 2009 PDF


• Language based Isolation of Untrusted JavaScript - Sergio Maffeis, Ankur Taly
  Proc. of CSF 2009 PDF


• An Operational Semantics for JavaScript - Sergio Maffeis, John C. Mitchell, Ankur Taly
  Proc. of APLAS 2008 PDF


• Static Analysis, Verification, Synthesis


• Automated Synthesis of Symbolic Instruction Encodings from I/O samples -Patrice Godefroid, Ankur Taly
  Proc. of PLDI 2012 PDF


• Synthesizing Switching Logic using Constraint Solving - Ankur Taly, Ashish Tiwari, Sumit Gulwani
  Journal on Software Tools for Technology Transfer (STTT 2011) Springer Link


• Switching Logic Synthesis for Reachability- Ankur Taly, Ashish Tiwari
  Proc. of EMSOFT 2010 PDF


• Deductive Verification of Continuous Dynamical Systems - Ankur Taly, Ashish Tiwari
  Proc. of FSTTCS 2009 PDF


• Synthesizing Switching Logic using Constraint Solving - Ankur Taly, Ashish Tiwari, Sumit Gulwani
  Proc. of VMCAI 2009 PDF


• Static Analysis by Policy Iteration on Relational domains - Stephane Gaubert, Eric Goubault, Ankur Taly, Sarah Zennou
  Proc. of ESOP 2007 PDF


• Efficient Symbolic Reachability of Networks of Transition Systems - Sudeep Juvekar, Ankur Taly, Varun Kanade, Supratik Chakraborty
  Proc. of General Motors Workshop on Next Generation Design and Verification Methodologies for Distributed Embedded Control Systems, Bangalore (2007) PDF

---

Selected Talks

---

• Automated Analysis of Security-critical JavaScript APIs - May'11, IEEE SSP, Oakland, USA PPT


• Object Capabilities and Isolation of Untrusted Web Applications - May'10, IEEE SSP, Oakland, USA PDF


• Separation Logic and the Mashup Isolation Problem - April'10, Stanford, USA PDF


• Deductive Verification of Continuous Dynamical Systems - Dec'09, FSTTCS, Kanpur, India PDF


• Isolating JavaScript with Filters, Rewriting, and Wrappers - Dec'09, Microsoft Research Bangalore, India PDF


• Language based Isolation of Untrusted JavaScript - July'09, CSF, Port Jefferson, USA PDF


• Run-time Enforcement of Secure JavaScript Subsets - May'09, W2SP, Oakland, USA PDF


• Synthesizing Switching Logic using Constraint Solving - Jan'09, VMCAI, Savannah, USA PDF


• An Operational Semantics for JavaScript - Dec'08, APLAS, Bangalore, India PDF


• Static Analysis by Policy Iteration on Relational domains - Mar'07, ESOP, Braga, Portugal PDF

---

---