English
Related papers

Related papers: Information Flow Control in WebKit's JavaScript By…

200 papers

Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient…

Programming Languages · Computer Science 2015-01-20 Stefan Heule , Deian Stefan , Edward Z. Yang , John C. Mitchell , Alejandro Russo

Static information flow control (IFC) systems provide the ability to restrict data flows within a program, enabling vulnerable functionality or confidential data to be statically isolated from unsecured data or program logic. Despite the…

Programming Languages · Computer Science 2022-10-25 Hemant Gouni , Jonathan Aldrich

The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC). We show that in serverless…

Programming Languages · Computer Science 2018-02-27 Kalev Alpernas , Cormac Flanagan , Sadjad Fouladi , Leonid Ryzhyk , Mooly Sagiv , Thomas Schmitz , Keith Winstein

Protection of confidential data is an important security consideration of today's applications. Of particular concern is to guard against unintentional leakage to a (malicious) observer, who may interact with the program and draw inference…

Logic in Computer Science · Computer Science 2024-07-03 Bas van den Heuvel , Farzaneh Derakhshan , Stephanie Balzer

This work's main goal is to understand if Information Flow Control (IFC), a security technique used for discovering leaks in software, could be used to indicate the presence of dynamic semantic conflicts between developers contributions in…

Software Engineering · Computer Science 2024-04-15 Roberto Souto Maior de Barros Filho , Paulo Borba

The cloud model's dependence on massive parallelism and resource sharing exacerbates the security challenge of timing side-channels. Timing Information Flow Control (TIFC) is a novel adaptation of IFC techniques that may offer a way to…

Cryptography and Security · Computer Science 2012-05-18 Bryan Ford

This tutorial provides a complete and homogeneous account of the latest advances in fine- and coarse-grained dynamic information-flow control (IFC) security. Since the 70s, the programming language and the operating system communities have…

Programming Languages · Computer Science 2022-08-30 Marco Vassena , Alejandro Russo , Deepak Garg , Vineet Rajani , Deian Stefan

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld

Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming…

Programming Languages · Computer Science 2024-03-20 Ada Lamba , Max Taylor , Vincent Beardsley , Jacob Bambeck , Michael D. Bond , Zhiqiang Lin

Information Flow Control (IFC) is a collection of techniques for ensuring a no-write-down no-read-up style security policy known as noninterference. Traditional methods for both static and dynamic IFC suffer from untenable numbers of false…

Cryptography and Security · Computer Science 2020-05-27 Maximilian Algehed , Cormac Flanagan

In today's machine learning (ML) models, any part of the training data can affect the model output. This lack of control for information flow from training data to model output is a major obstacle in training models on sensitive data when…

In this paper we present the design and implementation of Flow, a fast and precise type checker for JavaScript that is used by thousands of developers on millions of lines of code at Facebook every day. Flow uses sophisticated type…

Programming Languages · Computer Science 2017-08-31 Avik Chaudhuri , Panagiotis Vekris , Sam Goldman , Marshall Roch , Gabriel Levi

Mobile and IoT applications have greatly enriched our daily life by providing convenient and intelligent services. However, these smart applications have been a prime target of adversaries for stealing sensitive data. It poses a crucial…

Cryptography and Security · Computer Science 2021-06-10 Ning Xi , Chao Chen , Jun Zhang , Cong Sun , Shigang Liu , Pengbin Feng , Jianfeng Ma

In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after…

Cryptography and Security · Computer Science 2022-08-05 Tobias Runge , Alexander Kittelmann , Marco Servetto , Alex Potanin , Ina Schaefer

In the standard web browser programming model, third-party scripts included in an application execute with the same privilege as the application's own code. This leaves the application's confidential data vulnerable to theft and leakage by…

Cryptography and Security · Computer Science 2023-05-09 Abhishek Bichhawat , Vineet Rajani , Jinank Jain , Deepak Garg , Christian Hammer

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly…

Programming Languages · Computer Science 2013-02-14 Martin Lester , Luke Ong , Max Schaefer

Quantitative Information Flow (QIF) provides a robust information-theoretical framework for designing secure systems with minimal information leakage. While previous research has addressed the design of such systems under hard constraints…

Cryptography and Security · Computer Science 2024-11-18 Andreas Athanasiou , Konstantinos Chatzikokolakis , Catuscia Palamidessi

Browser fingerprinting enables persistent cross-site user tracking via subtle techniques that often evade conventional defenses or cause website breakage when script-level blocking countermeasures are applied. Addressing these challenges…

Cryptography and Security · Computer Science 2025-09-15 Pouneh Nikkhah Bahrami , Dylan Cutler , Igor Bilogrevic

We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing…

Programming Languages · Computer Science 2016-04-26 Jean Yang , Travis Hance , Thomas H. Austin , Armando Solar-Lezama , Cormac Flanagan , Stephen Chong

Language-based information flow control (IFC) enables reasoning about and enforcing security policies in decentralized applications. While information flow properties are relatively extensional and compositional, designing expressive…

Programming Languages · Computer Science 2025-07-18 Silei Ren , Coşku Acay , Andrew C. Myers
‹ Prev 1 2 3 10 Next ›