English
Related papers

Related papers: SNITCH: Dynamic Dependent Information Flow Analysi…

200 papers
Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V

Rising device use and third-party IP integration in semiconductors raise security concerns. Unauthorized access, fault injection, and privacy invasion are potential threats from untrusted actors. Different security techniques have been…

Cryptography and Security · Computer Science 2023-11-20 Geraldine Shirley Nicholas , Dhruvakumar Vikas Aklekar , Bhavin Thakar , Fareena Saqib
Towards a Flow- and Path-Sensitive Information Flow Analysis: Technical Report

This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an…

Programming Languages · Computer Science 2017-06-22 Peixuan Li , Danfeng Zhang
Confidentiality enforcement by hybrid control of information flows

An information owner, possessing diverse data sources, might want to offer information services based on these sources to cooperation partners and to this end interact with these partners by receiving and sending messages, which the owner…

Cryptography and Security · Computer Science 2017-07-27 Joachim Biskup , Cornelia Tadros , Jaouad Zarouali
Towards Immediate Feedback for Security Relevant Code in Development Environments

Nowadays, the correct use of cryptography libraries is essential to ensure the necessary information security in different kinds of applications. A common practice in software development is the use of static application security testing…

Software Engineering · Computer Science 2022-07-08 Markus Haug Ana Cristina Franco Da Silva , Stefan Wagner
Jif: Language-based Information-flow Security in Java

In this report, we examine Jif, a Java extension which augments the language with features related to security. Jif adds support for security labels to Java's type system such that the developer can specify confidentiality and integrity…

Programming Languages · Computer Science 2014-12-31 Kyle Pullicino
Using Information Flow to estimate interference between developers same method contributions

This work's main goal is to understand if Information Flow Control (IFC), a security technique used for discovering leaks in software, could be used to indicate the presence of dynamic semantic conflicts between developers contributions in…

Software Engineering · Computer Science 2024-04-15 Roberto Souto Maior de Barros Filho , Paulo Borba
Liquid Information Flow Control

We present Lifty, a domain-specific language for data-centric applications that manipulate sensitive data. A Lifty programmer annotates the sources of sensitive data with declarative security policies, and the language statically and…

Programming Languages · Computer Science 2020-07-02 Nadia Polikarpova , Deian Stefan , Jean Yang , Shachar Itzhaky , Travis Hance , Armando Solar-Lezama
Tool-Supported Architecture-Based Data Flow Analysis for Confidentiality

Through the increasing interconnection between various systems, the need for confidential systems is increasing. Confidential systems share data only with authorized entities. However, estimating the confidentiality of a system is complex,…

Software Engineering · Computer Science 2023-08-04 Felix Schwickerath , Nicolas Boltz , Sebastian Hahner , Maximilian Walter , Christopher Gerking , Robert Heinrich
Static Information Flow Control Made Simpler

Static information flow control (IFC) systems provide the ability to restrict data flows within a program, enabling vulnerable functionality or confidential data to be statically isolated from unsecured data or program logic. Despite the…

Programming Languages · Computer Science 2022-10-25 Hemant Gouni , Jonathan Aldrich
Precise, Dynamic Information Flow for Database-Backed Applications

We present an approach for dynamic information flow control across the application and database. Our approach reduces the amount of policy code required, yields formal guarantees across the application and database, works with existing…

Programming Languages · Computer Science 2016-04-26 Jean Yang , Travis Hance , Thomas H. Austin , Armando Solar-Lezama , Cormac Flanagan , Stephen Chong
Secure Serverless Computing Using Dynamic Information Flow Control

The rise of serverless computing provides an opportunity to rethink cloud security. We present an approach for securing serverless systems using a novel form of dynamic information flow control (IFC). We show that in serverless…

Programming Languages · Computer Science 2018-02-27 Kalev Alpernas , Cormac Flanagan , Sadjad Fouladi , Leonid Ryzhyk , Mooly Sagiv , Thomas Schmitz , Keith Winstein
LLM-IFT: LLM-Powered Information Flow Tracking for Secure Hardware

As modern hardware designs grow in complexity and size, ensuring security across the confidentiality, integrity, and availability (CIA) triad becomes increasingly challenging. Information flow tracking (IFT) is a widely-used approach to…

Cryptography and Security · Computer Science 2025-04-10 Nowfel Mashnoor , Mohammad Akyash , Hadi Kamali , Kimia Azar
A Novel Approach to Identify Security Controls in Source Code

Secure by Design has become the mainstream development approach ensuring that software systems are not vulnerable to cyberattacks. Architectural security controls need to be carefully monitored over the software development life cycle to…

Software Engineering · Computer Science 2023-07-13 Ahmet Okutan , Ali Shokri , Viktoria Koscinski , Mohamad Fazelinia , Mehdi Mirakhorli
A Brief Review on Some Architectures Providing Support for DIFT

Dynamic Information Flow Tracking (DIFT) is a technique to track potential security vulnerabilities in software and hardware systems at run time. The last fifteen years have seen a lot of research work on DIFT, including both hardware-based…

Cryptography and Security · Computer Science 2019-11-14 Ali Jahanshahi
Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications

Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence…

Cryptography and Security · Computer Science 2023-04-25 Jan Wichelmann , Florian Sieck , Anna Pätschke , Thomas Eisenbarth
Reasoning about inter-procedural security requirements in IoT applications

The importance of information security dramatically increased and will further grow due to the shape and nature of the modern computing industry. Software is published at a continuously increasing pace. The Internet of Things and security…

Cryptography and Security · Computer Science 2022-05-10 Mattia Paccamiccio , Leonardo Mostarda
An Empirical Study of Information Flows in Real-World JavaScript

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld
Will Dependency Conflicts Affect My Program's Semantics?

Java projects are often built on top of various third-party libraries. If multiple versions of a library exist on the classpath, JVM will only load one version and shadow the others, which we refer to as dependency conflicts. This would…

Software Engineering · Computer Science 2020-06-16 Ying Wang , Rongxin Wu , Chao Wang , Ming Wen , Yepang Liu , Shing-Chi Cheung , Hai Yu , Chang Xu , Zhiliang Zhu
SILENT: A New Lens on Statistics in Software Timing Side Channels

Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown [42], Spectre [37], and…

Cryptography and Security · Computer Science 2025-04-29 Martin Dunsche , Patrick Bastian , Marcel Maehren , Nurullah Erinola , Robert Merget , Nicolai Bissantz , Holger Dette , Jörg Schwenk
Continuous Flow Analysis to Detect Security Problems

We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type…

Software Engineering · Computer Science 2019-10-01 Steven P. Reiss
‹ Prev 1 2 3 10 Next ›