Ownership types were devised nearly 15 years ago to provide a stronger notion of protection
to object-oriented programming languages. Rather than simply protecting the fields of an …

Current standard security practices do not provide substantial assurance that the end-to-end
behavior of a computing system satisfies important security policies such as confidentiality …

Information flow policies are confidentiality policies that control information leakage through
program execution. A common way to enforce secure information flow is through information …

Security remains a major roadblock to universal acceptance of the Web for many kinds of
transactions, especially since the recent sharp increase in remotely exploitable …

We show how some classical static analyses for imperative programs, and the optimizing
transformations which they enable, may be expressed and proved correct using elementary …

Noninterference is a property of sequential programs that is useful for expressing security
policies for data confidentiality and integrity. However, extending noninterference to …

We present a novel approach for efficiently tracking information flow in a dynamically-typed
language such as JavaScript. Our approach is purely dynamic, and it detects problems with …

This paper presents a type-based information flow analysis for a call-by-value λ-calculus
equipped with references, exceptions and let-polymorphism, which we refer to as ML. The …

Much work on security-typed languages lacks a satisfactory account of intentional
information release. In the context of confidentiality, a typical security guarantee provided by …

This paper presents a type-based information flow analysis for a call-by-value λ-calculus
equipped with references, exceptions and let-polymorphism, which we refer to as Core ML …