English
Related papers

Related papers: A Permission-Dependent Type System for Secure Info…

200 papers

We propose an approach on model checking information flow for imperative language with procedures. We characterize our model with pushdown system, which has a stack of unbounded length that naturally models the execution of procedural…

Cryptography and Security · Computer Science 2010-12-15 Cong Sun , Liyong Tang , Zhong Chen

Android Permission Model and Application (app) analysis has consistently remained the focus of the investigation of research groups and stakeholders of the Android ecosystem since it was launched in 2008. Even though the Android smartphone…

Cryptography and Security · Computer Science 2026-01-05 Rajendra Kumar Solanki , Vijay Laxmi , Manoj Singh Gaur

Android embodies security mechanisms at both OS and application level. In this platform application security is built primarily upon a system of permissions which specify restrictions on the operations a particular process can perform. The…

Programming Languages · Computer Science 2017-09-13 Gustavo Betarte , Juan Campo , Felipe Gorostiaga , Carlos Luna

Many important security properties can be formulated in terms of flows of tainted data, and improved taint analysis tools to prevent such flows are of critical need. Most existing taint analyses use whole-program static analysis, leading to…

Programming Languages · Computer Science 2025-05-02 Nima Karimipour , Kanak Das , Manu Sridharan , Behnaz Hassanshahi

Due to Android's open source feature and low barriers to entry for developers, millions of developers and third-party organizations have been attracted into the Android ecosystem. However, over 90 percent of mobile malware are found…

Cryptography and Security · Computer Science 2019-06-26 Bin Zhao

The Windows Vista operating system implements an interesting model of multi-level integrity. We observe that in this model, trusted code can be blamed for any information-flow attack; thus, it is possible to eliminate such attacks by static…

Cryptography and Security · Computer Science 2008-12-18 Avik Chaudhuri , Prasad Naldurg , Sriram Rajamani

Modern language models have enabled the development of agentic systems that achieve strong performance on reasoning-intensive tasks. Unfortunately, this has come with a security cost; these systems are vulnerable to prompt injection, a…

Cryptography and Security · Computer Science 2026-05-12 Dennis Jacob , Emad Alghamdi , Zhanhao Hu , Basel Alomair , David Wagner

Safely integrating third-party code in applications while protecting the confidentiality of information is a long-standing problem. Pure functional programming languages, like Haskell, make it possible to enforce lightweight…

Programming Languages · Computer Science 2019-04-18 Simon Gregersen , Søren Eller Thomsen , Aslan Askarov

Information-flow security typing statically preserves confidentiality by enforcing noninterference. To address the practical need of selective and flexible declassification of confidential information, several approaches have developed a…

Programming Languages · Computer Science 2019-10-15 Raimil Cruz , Éric Tanter

Noninterference guarantees that an attacker cannot infer secrets by interacting with a program. Information flow control (IFC) type systems assert noninterference by tracking the level of information learned (pc) and disallowing…

Programming Languages · Computer Science 2024-07-31 Farzaneh Derakhshan , Stephanie Balzer , Yue Yao

Due to the amount of data that smartphone applications can potentially access, platforms enforce permission systems that allow users to regulate how applications access protected resources. If users are asked to make security decisions too…

Cryptography and Security · Computer Science 2015-04-16 Primal Wijesekera , Arjun Baokar , Ashkan Hosseini , Serge Egelman , David Wagner , Konstantin Beznosov

Noninterference is a popular semantic security condition because it offers strong end-to-end guarantees, it is inherently compositional, and it can be enforced using a simple security type system. Unfortunately, it is too restrictive for…

Cryptography and Security · Computer Science 2021-01-14 Ethan Cecchetti , Andrew C. Myers , Owen Arden

In stream-based programming, data sources are abstracted as a stream of values that can be manipulated via callback functions. Stream-based programming is exploding in popularity, as it provides a powerful and expressive paradigm for…

Software Engineering · Computer Science 2018-08-10 Benno Stein , Lazaro Clapp , Manu Sridharan , Bor-Yuh Evan Chang

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras,…

Creating good type error messages for constraint-based type inference systems is difficult. Typical type error messages reflect implementation details of the underlying constraint-solving algorithms rather than the specific factors leading…

Programming Languages · Computer Science 2024-02-21 Ishan Bhanuka , Lionel Parreaux , David Binder , Jonathan Immanuel Brachthäuser

Can we use the flow of information to understand type systems? I present two familiar type systems in pursuit of an `Information Aware' style, using information effects to reveal data flow and help in implementing them. I also calculate a…

Programming Languages · Computer Science 2024-12-24 Philippa Cowderoy

Information-flow security type systems ensure confidentiality by enforcing noninterference: a program cannot leak private data to public channels. However, in practice, programs need to selectively declassify information about private data.…

Programming Languages · Computer Science 2019-11-13 Raimil Cruz , Éric Tanter

Information flow control type systems statically restrict the propagation of sensitive data to ensure end-to-end confidentiality. The property to be shown is noninterference, asserting that an attacker cannot infer any secrets from made…

Programming Languages · Computer Science 2021-04-30 Farzaneh Derakhshan , Stephanie Balzer , Limin Jia

Through the increasing interconnection between various systems, the need for confidential systems is increasing. Confidential systems share data only with authorized entities. However, estimating the confidentiality of a system is complex,…

Software Engineering · Computer Science 2023-08-04 Felix Schwickerath , Nicolas Boltz , Sebastian Hahner , Maximilian Walter , Christopher Gerking , Robert Heinrich

The proper use of Android app permissions is crucial to the success and security of these apps. Users must agree to permission requests when installing or running their apps. Despite official Android platform documentation on proper…

Cryptography and Security · Computer Science 2025-08-05 Ali Alkinoon , Trung Cuong Dang , Ahod Alghuried , Abdulaziz Alghamdi , Soohyeon Choi , Manar Mohaisen , An Wang , Saeed Salem , David Mohaisen