English
Related papers

Related papers: Generalizing Permissive-Upgrade in Dynamic Informa…

200 papers

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet

Noninterference offers a rigorous end-to-end guarantee for secure propagation of information. However, real-world systems almost always involve security requirements that change during program execution, making noninterference inapplicable.…

Cryptography and Security · Computer Science 2021-09-17 Peixuan Li , Danfeng Zhang

Large Language Models (LLMs) are rapidly becoming commodity components of larger software systems. This poses natural security and privacy problems: poisoned data retrieved from one component can change the model's behavior and compromise…

We adopt an information-theoretic framework to analyze the generalization behavior of the class of iterative, noisy learning algorithms. This class is particularly suitable for study under information-theoretic metrics as the algorithms are…

Machine Learning · Computer Science 2023-07-20 Ibrahim Issa , Amedeo Roberto Esposito , Michael Gastpar

This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an…

Programming Languages · Computer Science 2017-06-22 Peixuan Li , Danfeng Zhang

Languages with gradual information-flow control combine static and dynamic techniques to prevent security leaks. Gradual languages should satisfy the gradual guarantee: programs that only differ in the precision of their type annotations…

Programming Languages · Computer Science 2024-04-10 Tianyu Chen , Jeremy G. Siek

Static analysis tools typically address the problem of excessive false positives by requiring programmers to explicitly annotate their code. However, when faced with incomplete annotations, many analysis tools are either too conservative,…

Programming Languages · Computer Science 2021-07-16 Sam Estep , Jenna Wise , Jonathan Aldrich , Éric Tanter , Johannes Bader , Joshua Sunshine

Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of…

Cryptography and Security · Computer Science 2015-07-23 Pablo Buiras , Deian Stefan , Alejandro Russo

Information-flow control systems often enforce progress-insensitive noninterference, as it is simple to understand and enforce. Unfortunately, real programs need to declassify results and endorse inputs, which noninterference disallows,…

Cryptography and Security · Computer Science 2025-07-29 Ethan Cecchetti

Real-world applications routinely make authorization decisions based on dynamic computation. Reasoning about dynamically computed authority is challenging. Integrity of the system might be compromised if attackers can improperly influence…

Cryptography and Security · Computer Science 2021-04-22 Owen Arden , Anitha Gollamudi , Ethan Cecchetti , Stephen Chong , Andrew C. Myers

Security policies are naturally dynamic. Reflecting this, there has been a growing interest in studying information-flow properties which change during program execution, including concepts such as declassification, revocation, and…

Cryptography and Security · Computer Science 2015-01-13 Bart van Delft , Sebastian Hunt , David Sands

Data leakage is a well-known problem in machine learning. Data leakage occurs when information from outside the training dataset is used to create a model. This phenomenon renders a model excessively optimistic or even useless in the real…

Programming Languages · Computer Science 2024-08-07 Filip Drobnjaković , Pavle Subotić , Caterina Urban

A program is non-interferent if it leaks no secret information to an observable output. However, non-interference is too strict in many practical cases and quantitative information flow (QIF) has been proposed and studied in depth.…

Cryptography and Security · Computer Science 2019-10-23 Bao Trung Chu , Kenji Hashimoto , Hiroyuki Seki

Maintaining confidential information control in software is a persistent security problem where failure means secrets can be revealed via program behaviors. Information flow control techniques traditionally have been based on static or…

Software Engineering · Computer Science 2021-08-30 Ibrahim Mesecan , Daniel Blackwell , David Clark , Myra B. Cohen , Justyna Petke

We consider the problem of specifying and proving the security of non-trivial, concurrent programs that intentionally leak information. We present a method that decomposes the problem into (a) proving that the program only leaks information…

Cryptography and Security · Computer Science 2023-09-08 Toby Murray , Mukesh Tiwari , Gidon Ernst , David A. Naumann

Information flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. While past work has proposed information theoretic metrics (e.g., Shannon entropy, min-entropy,…

Cryptography and Security · Computer Science 2010-09-22 Ji Zhu , Mudhakar Srivatsa

The paper studies dynamic information flow security policies in an automaton-based model. Two semantic interpretations of such policies are developed, both of which generalize the notion of TA-security [van der Meyden ESORICS 2007] for…

Cryptography and Security · Computer Science 2016-01-21 Sebastian Eggert , Ron van der Meyden

Static analyses make the increasingly tenuous assumption that all source code is available for analysis; for example, large libraries often call into native code that cannot be analyzed. We propose a points-to analysis that initially makes…

Programming Languages · Computer Science 2017-11-10 Osbert Bastani , Lazaro Clapp , Saswat Anand , Rahul Sharma , Alex Aiken

Large language models are often adapted through parameter efficient fine tuning, but current release practices provide weak assurances about what data were used and how updates were computed. We present Verifiable Fine Tuning, a protocol…

Cryptography and Security · Computer Science 2025-12-30 Hasan Akgul , Daniel Borg , Arta Berisha , Amina Rahimova , Andrej Novak , Mila Petrov

This paper considers the problem of designing a continuous-time dynamical system that solves a constrained nonlinear optimization problem and makes the feasible set forward invariant and asymptotically stable. The invariance of the feasible…

Optimization and Control · Mathematics 2024-08-27 Ahmed Allibhoy , Jorge Cortés
‹ Prev 1 2 3 10 Next ›