Noninterference through secure multi-execution
D Devriese, F Piessens - 2010 IEEE Symposium on Security …, 2010 - ieeexplore.ieee.org
A program is defined to be noninterferent if its outputs cannot be influenced by inputs at a
higher security level than their own. Various researchers have demonstrated how this …
higher security level than their own. Various researchers have demonstrated how this …
Multiple facets for dynamic information flow
TH Austin, C Flanagan - Proceedings of the 39th annual ACM SIGPLAN …, 2012 - dl.acm.org
JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …
security problems, including cross-site scripting attacks and malicious advertising code …
Dynamic vs. static flow-sensitive security analysis
A Russo, A Sabelfeld - 2010 23rd IEEE Computer Security …, 2010 - ieeexplore.ieee.org
This paper seeks to answer fundamental questions about trade-offs between static and
dynamic security analysis. It has been previously shown that flow-sensitive static information …
dynamic security analysis. It has been previously shown that flow-sensitive static information …
An empirical study of privacy-violating information flows in JavaScript web applications
The dynamic nature of JavaScript web applications has given rise to the possibility of privacy
violating information flows. We present an empirical study of the prevalence of such flows on …
violating information flows. We present an empirical study of the prevalence of such flows on …
Information-flow security for a core of JavaScript
D Hedin, A Sabelfeld - 2012 IEEE 25th Computer Security …, 2012 - ieeexplore.ieee.org
Tracking information flow in dynamic languages remains an important and intricate problem.
This paper makes substantial headway toward understanding the main challenges and …
This paper makes substantial headway toward understanding the main challenges and …
FlowFox: a web browser with flexible and precise information flow control
We present FlowFox, the first fully functional web browser that implements a precise and
general information flow control mechanism for web scripts based on the technique of …
general information flow control mechanism for web scripts based on the technique of …
A perspective on information-flow control
D Hedin, A Sabelfeld - Software safety and security, 2012 - ebooks.iospress.nl
Abstract Information-flow control tracks how information propagates through the program
during execution to make sure that the program handles the information securely. Secure …
during execution to make sure that the program handles the information securely. Secure …
Permissive dynamic information flow analysis
TH Austin, C Flanagan - Proceedings of the 5th ACM SIGPLAN …, 2010 - dl.acm.org
A key challenge in dynamic information flow analysis is handling implicit flows, where code
conditional on a private variable updates a public variable x. The naive approach of …
conditional on a private variable updates a public variable x. The naive approach of …
SessionShield: Lightweight protection against session hijacking
The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security problem
in the field of Web applications. One of the main attack vectors used in connection with XSS …
in the field of Web applications. One of the main attack vectors used in connection with XSS …
Verification of information flow and access control policies with dependent types
We present Relational Hoare Type Theory (RHTT), a novel language and verification system
capable of expressing and verifying rich information flow and access control policies via …
capable of expressing and verifying rich information flow and access control policies via …