Formal approaches to secure compilation: A survey of fully abstract compilation and related work
Secure compilation is a discipline aimed at developing compilers that preserve the security
properties of the source programs they take as input in the target programs they produce as …
properties of the source programs they take as input in the target programs they produce as …
Measuring large-scale social networks with high resolution
This paper describes the deployment of a large-scale study designed to measure human
interactions across a variety of communication channels, with high temporal resolution and …
interactions across a variety of communication channels, with high temporal resolution and …
Language-based information-flow security
A Sabelfeld, AC Myers - IEEE Journal on selected areas in …, 2003 - ieeexplore.ieee.org
Current standard security practices do not provide substantial assurance that the end-to-end
behavior of a computing system satisfies important security policies such as confidentiality …
behavior of a computing system satisfies important security policies such as confidentiality …
Some recipes can do more than spoil your appetite: Analyzing the security and privacy risks of IFTTT recipes
The use of end-user programming, such as if-this-then-that (IFTTT), is becoming increasingly
common. Services like IFTTT allow users to easily create new functionality by connecting …
common. Services like IFTTT allow users to easily create new functionality by connecting …
JSFlow: Tracking information flow in JavaScript and its APIs
JavaScript drives the evolution of the web into a powerful application platform. Increasingly,
web applications combine services from different providers. The script inclusion mechanism …
web applications combine services from different providers. The script inclusion mechanism …
Ghostrider: A hardware-software system for memory trace oblivious computation
This paper presents a new, co-designed compiler and architecture called GhostRider for
supporting privacy preserving computation in the cloud. GhostRider ensures all programs …
supporting privacy preserving computation in the cloud. GhostRider ensures all programs …
Observational determinism for concurrent program security
S Zdancewic, AC Myers - 16th IEEE Computer Security …, 2003 - ieeexplore.ieee.org
Noninterference is a property of sequential programs that is useful for expressing security
policies for data confidentiality and integrity. However, extending noninterference to …
policies for data confidentiality and integrity. However, extending noninterference to …
Multiple facets for dynamic information flow
TH Austin, C Flanagan - Proceedings of the 39th annual ACM SIGPLAN …, 2012 - dl.acm.org
JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …
security problems, including cross-site scripting attacks and malicious advertising code …
Efficient purely-dynamic information flow analysis
TH Austin, C Flanagan - Proceedings of the ACM SIGPLAN Fourth …, 2009 - dl.acm.org
We present a novel approach for efficiently tracking information flow in a dynamically-typed
language such as JavaScript. Our approach is purely dynamic, and it detects problems with …
language such as JavaScript. Our approach is purely dynamic, and it detects problems with …
Permissive dynamic information flow analysis
TH Austin, C Flanagan - Proceedings of the 5th ACM SIGPLAN …, 2010 - dl.acm.org
A key challenge in dynamic information flow analysis is handling implicit flows, where code
conditional on a private variable updates a public variable x. The naive approach of …
conditional on a private variable updates a public variable x. The naive approach of …