English
Related papers

Related papers: Information Flow Control in WebKit's JavaScript By…

200 papers

The enormous amount of code required to design modern hardware implementations often leads to critical vulnerabilities being overlooked. Especially vulnerabilities that compromise the confidentiality of sensitive data, such as cryptographic…

Cryptography and Security · Computer Science 2021-12-23 Lennart M. Reimann , Luca Hanel , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

Information flow analysis has largely ignored the setting where the analyst has neither control over nor a complete model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the…

Cryptography and Security · Computer Science 2014-05-13 Michael Carl Tschantz , Amit Datta , Anupam Datta , Jeannette M. Wing

We present Labeled Input Output in F* (LIO*), a verified framework that enforces information flow control (IFC) policies developed in F* and automatically extracted to C. Inspired by LIO, we encapsulated IFC policies into effects, but using…

Cryptography and Security · Computer Science 2020-04-29 Jean-Joseph Marty , Lucas Franceschino , Jean-Pierre Talpin , Niki Vazou

Achieving situational awareness is a challenging process in current HTTPS-dominant web traffic. In this paper, we propose a new approach to encrypted web traffic monitoring. First, we design a method for correlating host-based and network…

Cryptography and Security · Computer Science 2022-06-23 Stanislav Špaček , Petr Velan , Pavel Čeleda , Daniel Tovarňák

Today, considerable Internet traffic is sent from the datacenter and heads for users. The characteristics of connections served by servers in datacenters are usually diverse and varied over time, with continuous upgrades in network…

Networking and Internet Architecture · Computer Science 2018-10-23 Kefan Chen , Danfeng Shan , Xiaohui Luo , Tong Zhang , Yajun Yang , Ya Zhao , Fengyuan Ren

The JavaScript programming language, which began as a simple scripting language for the Web, has become ubiquitous, spanning desktop, mobile, and server applications. This increase in usage has made JavaScript an attractive target for…

Cryptography and Security · Computer Science 2024-10-29 José Miguel Moreno , Narseo Vallina-Rodriguez , Juan Tapiador

In this thesis we consider the problem of information hiding in the scenarios of interactive systems, statistical disclosure control, and refinement of specifications. We apply quantitative approaches to information flow in the first two…

Cryptography and Security · Computer Science 2012-02-14 Mário S. Alvim

Practitioners of secure information flow often face a design challenge: what is the right semantic treatment of leaks via termination? On the one hand, the potential harm of untrusted code calls for strong progress-sensitive security. On…

Programming Languages · Computer Science 2020-05-12 Johan Bay , Aslan Askarov

Safely integrating third-party code in applications while protecting the confidentiality of information is a long-standing problem. Pure functional programming languages, like Haskell, make it possible to enforce lightweight…

Programming Languages · Computer Science 2019-04-18 Simon Gregersen , Søren Eller Thomsen , Aslan Askarov

The introduction of smart contract functionality marks the advent of the blockchain 2.0 era, enabling blockchain technology to support digital currency transactions and complex distributed applications. However, many smart contracts have…

Cryptography and Security · Computer Science 2026-01-16 Hongli Peng , Xiaoqi Li , Wenkai Li

Information flow security is classically formulated in terms of the absence of illegal information flows, with respect to a security setting consisting of a single flow policy that specifies what information flows should be permitted in the…

Programming Languages · Computer Science 2019-01-09 Ana Almeida Matos , Jan Cederquist

This paper addresses the critical challenge of access control in modern supply chains, which operate across multiple independent and competing organizations. Existing access control is static and centralized, unable to adapt to insider…

Cryptography and Security · Computer Science 2026-02-10 Sadegh Sohani , Salar Ghazi , Farnaz Kamranfar , Sahar Pilehvar Moakhar , Mohammad Allahbakhsh , Haleh Amintoosi , Kaiwen Zhang

Many websites import large JavaScript (JS) libraries to customize and enhance user experiences. Our data shows that many JS libraries are only partially utilized during a page load, and therefore, contain superfluous code that is never…

Networking and Internet Architecture · Computer Science 2020-03-18 Utkarsh Goel , Moritz Steiner

The decentralized and unregulated nature of cryptocurrencies, combined with their monetary value, has made them a vehicle for various illicit activities. One such activity is cryptojacking, an attack that uses stolen computing resources to…

Cryptography and Security · Computer Science 2025-05-06 Tanapoom Sermchaiwong , Jiasi Shen

The development of a real-time web application often starts with a feature-driven approach allowing to quickly react to users feedbacks. However, this approach poorly scales in performance. Yet, the user-base can increase by an order of…

Programming Languages · Computer Science 2015-12-23 Etienne Brodu , Stéphane Frénot , Frédéric Oblé

JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely…

Cryptography and Security · Computer Science 2025-12-17 Dongchao Zhou , Lingyun Ying , Huajun Chai , Dongbin Wang

Scores of compilers produce JavaScript, enabling programmers to use many languages on the Web, reuse existing code, and even use Web IDEs. Unfortunately, most compilers inherit the browser's compromised execution model, so long-running…

Programming Languages · Computer Science 2018-04-17 Samuel Baxter , Rachit Nigam , Joe Gibbs Politz , Shriram Krishnamurthi , Arjun Guha

Quantitative information flow (QIF) is traditionally defined as the expected value of information leakage over all feasible program runs and it fails to identify vulnerable programs where only limited number of runs leak large amount of…

Cryptography and Security · Computer Science 2019-05-14 Bao Trung Chu , Kenji Hashimoto , Hiroyuki Seki

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by…

Cryptography and Security · Computer Science 2020-09-22 Adrian Herrera

Iterative learning control (ILC) is capable of improving the tracking performance of repetitive control systems by utilizing data from past iterations. The aim of this paper is to achieve both task flexibility, which is often achieved by…

Systems and Control · Electrical Eng. & Systems 2024-03-05 Max van Haren , Kentaro Tsurumoto , Masahiro Mae , Lennart Blanken , Wataru Ohnishi , Tom Oomen