Information security can be compromised by leakage via low-level hardware features. One
recently prominent example is cache probing attacks, which rely on timing channels created …

The explosive growth of malware variants poses a major threat to information security.
Traditional anti-virus systems based on signatures fail to classify unknown malware into their …

Part I of this book is a practical introduction to working with the Isabelle proof assistant. It
teaches you how to write functional programs and inductive definitions and how to prove …

A program is defined to be noninterferent if its outputs cannot be influenced by inputs at a
higher security level than their own. Various researchers have demonstrated how this …

JavaScript drives the evolution of the web into a powerful application platform. Increasingly,
web applications combine services from different providers. The script inclusion mechanism …

JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …

Runtime verification is an area of formal methods that studies the dynamic analysis of
execution traces against formal specifications. Typically, the two main activities in runtime …

Tracking information flow in dynamic languages remains an important and intricate problem.
This paper makes substantial headway toward understanding the main challenges and …

We describe a new, dynamic, floating-label approach to language-based information flow
control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a …

Security concerns are widely seen as an obstacle to the adoption of cloud computing
solutions. Information Flow Control (IFC) is a well understood Mandatory Access Control …