English
Related papers

Related papers: Liquid Information Flow Control

200 papers

Although message-based (business) application integration is based on orchestrated message flows, current modeling languages exclusively cover (parts of) the control flow, while under-specifying the data flow. Especially for more…

Databases · Computer Science 2020-08-11 Daniel Ritter , Jan Broß

Large Language Models (LLMs) have demonstrated remarkable capabilities across various domains. However, their potential to generate harmful responses has raised significant societal and regulatory concerns, especially when manipulated by…

Cryptography and Security · Computer Science 2025-06-17 Advait Yadav , Haibo Jin , Man Luo , Jun Zhuang , Haohan Wang

We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a…

Programming Languages · Computer Science 2017-09-28 Hongxu Chen , Alwen Tiu , Zhiwu Xu , Yang Liu

Automated management requires decomposing high-level user requests, such as intents, to an abstraction that the system can understand and execute. This is challenging because even a simple intent requires performing a number of ordered…

Distributed, Parallel, and Cluster Computing · Computer Science 2024-02-16 Kristina Dzeparoska , Jieyu Lin , Ali Tizghadam , Alberto Leon-Garcia

Pythonic code is idiomatic code that follows guiding principles and practices within the Python community. Offering performance and readability benefits, Pythonic code is claimed to be widely adopted by experienced Python developers, but…

Safely integrating third-party code in applications while protecting the confidentiality of information is a long-standing problem. Pure functional programming languages, like Haskell, make it possible to enforce lightweight…

Programming Languages · Computer Science 2019-04-18 Simon Gregersen , Søren Eller Thomsen , Aslan Askarov

We propose patching for large language models (LLMs) like software versions, a lightweight and modular approach for addressing safety vulnerabilities. While vendors release improved LLM versions, major releases are costly, infrequent, and…

Artificial Intelligence · Computer Science 2026-04-28 Huzaifa Arif , Keerthiram Murugesan , Ching-Yun Ko , Pin-Yu Chen , Payel Das , Alex Gittens

The use of Large Language Models (LLMs) for autonomous code generation is gaining attention in emerging technologies. As LLM capabilities expand, they offer new possibilities such as code refactoring, security enhancements, and legacy…

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control…

Programming Languages · Computer Science 2021-03-04 Sandip Ghosal , R. K. Shyamasundar

Access control policies are vital for securing modern cloud computing, where organizations must manage access to sensitive data across thousands of users in distributed system settings. Cloud administrators typically write and update…

Distributed, Parallel, and Cluster Computing · Computer Science 2026-02-02 Bethel Hall , Owen Ungaro , William Eiers

Building deployment-ready LLM agents requires complex orchestration of tools, data sources, and control flow logic, yet existing systems tightly couple agent logic to specific programming languages and deployment models. We present a…

Software Engineering · Computer Science 2025-12-24 Ivan Daunis

Command-line interface (CLI) fuzzing tests programs by mutating both command-line options and input file contents, thus enabling discovery of vulnerabilities that only manifest under specific option-input combinations. Prior works of CLI…

Cryptography and Security · Computer Science 2026-03-16 Momoko Shiraishi , Yinzhi Cao , Takahiro Shinagawa

Quantitative information flow (QIF) is traditionally defined as the expected value of information leakage over all feasible program runs and it fails to identify vulnerable programs where only limited number of runs leak large amount of…

Cryptography and Security · Computer Science 2019-05-14 Bao Trung Chu , Kenji Hashimoto , Hiroyuki Seki

In the standard web browser programming model, third-party scripts included in an application execute with the same privilege as the application's own code. This leaves the application's confidential data vulnerable to theft and leakage by…

Cryptography and Security · Computer Science 2023-05-09 Abhishek Bichhawat , Vineet Rajani , Jinank Jain , Deepak Garg , Christian Hammer

Programmers regularly use strings to encode many types of data, such as Unix file paths, URLs, and email addresses, that are conceptually different. However, existing mainstream programming languages use a unified string type to represent…

Software Engineering · Computer Science 2025-01-22 Fengmin Zhu , Andreas Zeller

We propose a flow-insensitive analysis that prunes out portions of code which are irrelevant to a specified set of data-flow paths. Our approach is fast and scalable, in addition to being able to generate a certificate as an audit for the…

Programming Languages · Computer Science 2018-08-06 Mohamed Nassim Seghir

We describe a type system for a platform called the General Intensional Programming System (GIPSY), designed to support intensional programming languages built upon intensional logic and their imperative counter-parts for the intensional…

Logic in Computer Science · Computer Science 2009-12-21 Serguei A. Mokhov , Joey Paquet

Noninterference guarantees that an attacker cannot infer secrets by interacting with a program. Information flow control (IFC) type systems assert noninterference by tracking the level of information learned (pc) and disallowing…

Programming Languages · Computer Science 2024-07-31 Farzaneh Derakhshan , Stephanie Balzer , Yue Yao

In this study, we evaluated the capability of Large Language Models (LLMs), particularly OpenAI's GPT-4, in detecting software vulnerabilities, comparing their performance against traditional static code analyzers like Snyk and Fortify. Our…

Software Engineering · Computer Science 2023-08-22 David Noever

Cedar is a new authorization policy language designed to be ergonomic, fast, safe, and analyzable. Rather than embed authorization logic in an application's code, developers can write that logic as Cedar policies and delegate access…