English
Related papers

Related papers: A Permission-Dependent Type System for Secure Info…

200 papers

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly…

Programming Languages · Computer Science 2013-02-14 Martin Lester , Luke Ong , Max Schaefer

We formalize a new type system for Elixir, a dynamically typed functional programming language of growing popularity that runs on the Erlang virtual machine. Our system combines gradual typing with semantic subtyping to enable precise,…

Programming Languages · Computer Science 2025-09-30 Giuseppe Castagna , Guillaume Duboc

We present a type theory combining both linearity and dependency by stratifying typing rules into a level for logics and a level for programs. The distinction between logics and programs decouples their semantics, allowing the type system…

Programming Languages · Computer Science 2025-10-08 Qiancheng Fu , Hongwei Xi

Android apps cooperate through message passing via intents. However, when apps do not have identical sets of privileges inter-app communication (IAC) can accidentally or maliciously be misused, e.g., to leak sensitive information contrary…

Software Engineering · Computer Science 2023-05-09 Abhishek Tiwari , Sascha Groß , Christian Hammer

We present a taxonomy and an algebra for attack patterns on component-based operating systems. In a multilevel security scenario, where isolation of partitions containing data at different security classifications is the primary security…

Cryptography and Security · Computer Science 2014-03-06 Michael Hanspach , Jörg Keller

Vulnerability of Frontier language models to misuse and jailbreaks has prompted the development of safety measures like filters and alignment training in an effort to ensure safety through robustness to adversarially crafted prompts. We…

Cryptography and Security · Computer Science 2024-10-31 David Glukhov , Ziwen Han , Ilia Shumailov , Vardan Papyan , Nicolas Papernot

The login functionality, being the gateway to app usage, plays a critical role in both user experience and application security. As Android apps increasingly incorporate login functionalities, they support a variety of authentication…

Software Engineering · Computer Science 2025-02-14 Zixu Zhou , Rufeng Chen , Junfeng Chen , Yepang Liu , Lili Wei

Developers are increasingly integrating Language Models (LMs) into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input…

Cryptography and Security · Computer Science 2025-05-14 Muhammad Ibrahim , Gűliz Seray Tuncay , Z. Berkay Celik , Aravind Machiry , Antonio Bianchi

Explainable systems expose information about why certain observed effects are happening to the agents interacting with them. We argue that this constitutes a positive flow of information that needs to be specified, verified, and balanced…

Logic in Computer Science · Computer Science 2025-09-24 Bernd Finkbeiner , Hadar Frenkel , Julian Siber

In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after…

Cryptography and Security · Computer Science 2022-08-05 Tobias Runge , Alexander Kittelmann , Marco Servetto , Alex Potanin , Ina Schaefer

While extremely valuable to achieve advanced functions, mobile phone sensors can be abused by attackers to implement malicious activities in Android apps, as experimentally demonstrated by many state-of-the-art studies. There is hence a…

Cryptography and Security · Computer Science 2022-01-19 Xiaoyu Sun , Xiao Chen , Kui Liu , Sheng Wen , Li Li , John Grundy

Graded type systems, such as the one underlying the Granule programming language, allow various different properties of a program's behaviour to be tracked via annotating types with additional information, which we call grades. One example…

Programming Languages · Computer Science 2024-10-23 Danielle Marshall , Dominic Orchard

Noninterference offers a rigorous end-to-end guarantee for secure propagation of information. However, real-world systems almost always involve security requirements that change during program execution, making noninterference inapplicable.…

Cryptography and Security · Computer Science 2021-09-17 Peixuan Li , Danfeng Zhang

Type systems provide software developers immediate feedback about a subset of correctness properties of their programs. IDE integrations often take advantage of type systems to present errors, suggest completions and even improve…

Programming Languages · Computer Science 2022-07-14 Alcides Fonseca , Guilherme Espada

All formalizations of session types rely on linear types for soundness as session-typed communication channels must change their type at every operation. Embedded language implementations of session types follow suit. They either rely on…

Programming Languages · Computer Science 2023-03-03 Peter Thiemann

Android users are increasingly concerned with the privacy of their data and security of their devices. To improve the security awareness of users, recent automatic techniques produce security-centric descriptions by performing program…

Cryptography and Security · Computer Science 2020-08-27 Tingmin Wu , Lihong Tang , Rongjunchen Zhang , Sheng Wen , Cecile Paris , Surya Nepal , Marthie Grobler , Yang Xiang

The proliferation of ubiquitous computing requires energy-efficient as well as secure operation of modern processors. Side channel attacks are becoming a critical threat to security and privacy of devices embedded in modern computing…

Cryptography and Security · Computer Science 2019-07-11 Nikhil Chawla , Arvind Singh , Monodeep Kar , Saibal Mukhopadhyay

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control…

Programming Languages · Computer Science 2021-03-04 Sandip Ghosal , R. K. Shyamasundar

Deadlocks occur in concurrent programs as a consequence of cyclic resource acquisition between threads. In this paper we present a novel type system that guarantees deadlock freedom for a language with references, unstructured locking…

Programming Languages · Computer Science 2011-10-20 Prodromos Gerakios , Nikolaos Papaspyrou , Konstantinos Sagonas

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be…

Logic in Computer Science · Computer Science 2016-02-12 Silvia Ghilezan , Svetlana Jakšić , Jovanka Pantović , Jorge A. Pérez , Hugo Torres Vieira