devdatta akhawe  beta


I received a PhD in Spring 2014 from the Computer Science division at UC Berkeley, where I was advised by the Dawn Song. I am currently an engineer at Dropbox where I sometimes blog. I am also an editor of the Sub Resource Integrity (friendlier introduction) and the Suborigins specifications.

In the past, I have interned at Mozilla, Microsoft (MSRC), Yahoo! Labs and Microsoft Research. I have a Bachelor's degree in Computer Science from BITS Pilani. On the web, you can find me on Twitter, Github, and LinkedIn. In my spare time, I volunteer at Asha for Education. Please consider donating! I also have a very hard to pronounce name.

The best way to contact me is over email:


I am interested in security and reliability of software. Most of my research has focussed on web application security.

pASSWORD tYPOS and How to Correct Them Securely  
Rahul Chatterjee, Anish Athalye, Devdatta Akhawe, Ari Juels, Thomas Ristenpart
37th IEEE Symposium on Security and Privacy, San Jose, CA 2016.
ShadowCrypt : Encrypted Web Applications for Everyone   pdf   slides
Warren He, Devdatta Akhawe, Sumeet Jain, Elaine Shi, Dawn Song
21st ACM Conference on Computer and Communications Security, Scottsdale, 2014.
Clickjacking Revisited: A Perceptual View of UI Security   pdf
Devdatta Akhawe, Warren He, Zhiwei Li, Reza Moazzezi, Dawn Song
8th Usenix Workshop on Offensive Technologies, San Diego, 2014.
The Emperor's New Password Manager: Security Analysis of Web-based Password Managers   pdf
Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song
Usenix Security Symposium, San Diego, 2014.
Data-confined HTML5 Applications   pdf
Devdatta Akhawe, Frank Li, Warren He, Prateek Saxena, Dawn Song
European Symposium on Research in Computer Security (ESORICS), London, 2013.
Alice in Warningland:
A Large-Scale Field Study of Browser Security Warning Effectiveness   pdf   slides
Devdatta Akhawe, Adrienne Porter Felt
Usenix Security Symposium, Washington DC, 2013.
An Empirical Study of Vulnerability Rewards Programs   pdf   slides
Matthew Finifter, Devdatta Akhawe, David Wagner
Usenix Security Symposium, Washington DC, 2013.
Here's My Cert, So Trust Me, Maybe? Understanding TLS Errors on the Web   pdf   slides
Devdatta Akhawe, Bernhard Amann, Matthias Vallentin, Robin Sommer
World Wide Web Conference (WWW), Rio De Janerio, 2013.
How to Ask for Permission   pdf   slides
Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, David Wagner
Hot Topics in Security (HotSec), Bellevue 2012.
Privilege Separation for HTML5 Applications   pdf   slides
Devdatta Akhawe, Prateek Saxena, Dawn Song
21st Usenix Security Symposium, Bellevue 2012.
Product Labels for Mobile Application Markets   pdf   slides
Devdatta Akhawe, Matthew Finifter
Mobile Security Technologies, San Francisco 2012.
A Systematic Analysis of XSS Sanitization in Web Application Frameworks   pdf   slides
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Dawn Song
16th European Symposium on Research in Computer Security (ESORICS), Leuven 2011.
Do You Know Where Your Data Are?
Secure Data Capsules for Deployable Data Protection   pdf   slides
Petros Maniatis, Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song
13th Workshop on Hot Topics in Operating Systems (HotOS), Napa 2011.
Towards a Formal Foundation of Web Security   pdf   slides
Devdatta Akhawe, Adam Barth, Peifung Eric Lam, John Mitchell, Dawn Song
23rd IEEE Computer Security Foundations Symposium (CSF), Edinburgh 2010.
A Symbolic Execution Framework for JavaScript   pdf   slides
Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song
31st IEEE Symposium on Security and Privacy, Oakland 2010.
Winner of AT&T Best Applied Security Research Paper award at CSAW
The Emperor’s New API: On the (In)Secure Usage of New Client Side Primitives   pdf   slides
Steve Hanna, Richard Shin, Devdatta Akhawe, Prateek Saxena, Arman Boehm, Dawn Song
4th Web 2.0 Security and Privacy Workshop, Oakland 2010.


I have been hacking over a simple tool to check for common errors in academic writing. If you use it, I would appreciate feedback/comments/patches.

I was czaring the Security Reading Group at Berkeley. Kevin is now in charge.

The Web Security model project I worked on is now opensource.

Kaluza, a tool I worked on, is now available to play with online. During this work, I also wrote a tool to convert Perl compatible regular expressions to the Hampi string solver input format. It is now part of the Hampi codebase.