Emerging IoT programming frameworks enable building apps that compute on sensitive
data produced by smart homes and wearables. However, these frameworks only support …

Modern extensible web platforms like Facebook and Yammer depend on third-party
software to offer a rich experience to their users. Unfortunately, users running a third-party …

Optimized hardware for propagating and checking software-programmable metadata tags
can achieve low runtime overhead. We generalize prior work on hardware tagging by …

The rise of serverless computing provides an opportunity to rethink cloud security. We
present an approach for securing serverless systems using a novel form of dynamic …

Modern web applications are conglomerations of JavaScript written by multiple authors:
application developers routinely incorporate code from third-party libraries, and mashup …

Information-Flow Control (IFC) is a well-established approach for allowing untrusted code to
manipulate sensitive data without disclosing it. IFC is typically enforced via type systems and …

An operating system kernel written in the Rust language would have extremely fine-grained
isolation boundaries, have no memory leaks, and be safe from a wide range of security …

Dijkstra monads enable a dependent type theory to be enhanced with support for specifying
and verifying effectful code via weakest preconditions. Together with their closely related …

Smartphone users often use private and enterprise data with untrusted third party
applications. The fundamental lack of secrecy guarantees in smartphone OSes, such as …

Currently, when a security analyst discovers a vulnerability in critical software system, they
must navigate a fraught dilemma: immediately disclosing the vulnerability to the public could …