hi
I received a PhD in Spring 2014 from the Computer Science division at UC Berkeley, where I was advised by the Dawn Song. I am currently the head of security at Figma. Before that, I was at Dropbox where I worked on anti-abuse, account security, application and infrastructure security and sometimes blogged. My LinkedIn has more details of my professional experience. I am also an editor of the Sub Resource Integrity (friendlier introduction) and the Suborigins specifications.
During school, I have interned at Mozilla, Microsoft (MSRC), Yahoo! Labs and Microsoft Research. I have a Bachelor's degree in Computer Science from BITS Pilani. On the web, you can find me on Twitter, Github, and LinkedIn. In my spare time, I volunteer at Asha for Education. Please consider donating! I also have a very hard to pronounce name, so most people prefer to call me Dev.
The best way to contact me is over email: evil@berkeley.edu.
research
I am interested in security, reliability, abuse of software. Most of my research has focussed on web applications and SaaS software.
- SoK: Hate, Harassment, and the Changing Landscape of Online Abuse pdf
-
Kurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, Gianluca Stringhini.
IEEE Symposium on Security and Privacy (IEEE S&P 2021). - Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers pdf
-
M Freyberger, W He, D Akhawe, ML Mazurek, P Mittal
PETS 2018. - pASSWORD tYPOS and How to Correct Them Securely pdf
-
Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, Thomas Ristenpart
37th IEEE Symposium on Security and Privacy, San Jose, CA 2016. - ShadowCrypt : Encrypted Web Applications for Everyone pdf slides
-
Warren He, Devdatta Akhawe, Sumeet Jain, Elaine Shi, Dawn Song
21st ACM Conference on Computer and Communications Security, Scottsdale, 2014. - Clickjacking Revisited: A Perceptual View of UI Security pdf
-
Devdatta Akhawe, Warren He, Zhiwei Li, Reza Moazzezi, Dawn Song
8th Usenix Workshop on Offensive Technologies, San Diego, 2014. - The Emperor's New Password Manager: Security Analysis of Web-based Password Managers pdf
-
Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song
Usenix Security Symposium, San Diego, 2014. - Data-confined HTML5 Applications pdf
-
Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
European Symposium on Research in Computer Security (ESORICS), London, 2013. -
Alice in Warningland:
A Large-Scale Field Study of Browser Security Warning Effectiveness pdf slides -
Devdatta Akhawe, Adrienne Porter Felt
Usenix Security Symposium, Washington DC, 2013. - An Empirical Study of Vulnerability Rewards Programs pdf slides
-
Matthew Finifter, Devdatta Akhawe, David Wagner
Usenix Security Symposium, Washington DC, 2013. - Here's My Cert, So Trust Me, Maybe? Understanding TLS Errors on the Web pdf slides
-
Devdatta Akhawe, Johanna Amann, Matthias Vallentin, Robin Sommer
World Wide Web Conference (WWW), Rio De Janerio, 2013. - How to Ask for Permission pdf slides
-
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, David Wagner
Hot Topics in Security (HotSec), Bellevue 2012. - Privilege Separation for HTML5 Applications pdf slides
-
Devdatta Akhawe, Prateek Saxena, Dawn Song
21st Usenix Security Symposium, Bellevue 2012. - Product Labels for Mobile Application Markets pdf slides
-
Devdatta Akhawe, Matthew Finifter
Mobile Security Technologies, San Francisco 2012. - A Systematic Analysis of XSS Sanitization in Web Application Frameworks pdf slides
-
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Dawn Song
16th European Symposium on Research in Computer Security (ESORICS), Leuven 2011. -
Do You Know Where Your Data Are?
Secure Data Capsules for Deployable Data Protection pdf slides -
Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
13th Workshop on Hot Topics in Operating Systems (HotOS), Napa 2011. - Towards a Formal Foundation of Web Security pdf slides
-
Devdatta Akhawe, Adam Barth, Peifung Eric Lam, John Mitchell, Dawn Song
23rd IEEE Computer Security Foundations Symposium (CSF), Edinburgh 2010. - A Symbolic Execution Framework for JavaScript pdf slides
-
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song
31st IEEE Symposium on Security and Privacy, Oakland 2010.
Winner of AT&T Best Applied Security Research Paper award at CSAW - The Emperor’s New API: On the (In)Secure Usage of New Client Side Primitives pdf slides
-
Steve Hanna, Richard Shin, Devdatta Akhawe, Prateek Saxena, Arman Boehm, Dawn Song
4th Web 2.0 Security and Privacy Workshop, Oakland 2010.
etc
I have been hacking over a simple tool to check for common errors in academic writing. If you use it, I would appreciate feedback/comments/patches.
I was czaring the Security Reading Group at Berkeley. Kevin is now in charge.
The Web Security model project I worked on is now opensource.
Kaluza, a tool I worked on, is now available to play with online. During this work, I also wrote a tool to convert Perl compatible regular expressions to the Hampi string solver input format. It is now part of the Hampi codebase.