English
Related papers

Related papers: Information Flow Control-by-Construction for an Ob…

200 papers

We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type…

Software Engineering · Computer Science 2019-10-01 Steven P. Reiss

Languages with gradual information-flow control combine static and dynamic techniques to prevent security leaks. Gradual languages should satisfy the gradual guarantee: programs that only differ in the precision of their type annotations…

Programming Languages · Computer Science 2024-04-10 Tianyu Chen , Jeremy G. Siek

Information flow type systems enforce the security property of noninterference by detecting unauthorized data flows at compile-time. However, they require precise type annotations, making them difficult to use in practice as much of the…

Programming Languages · Computer Science 2021-02-10 Abhishek Bichhawat , McKenna McCall , Limin Jia

This work's main goal is to understand if Information Flow Control (IFC), a security technique used for discovering leaks in software, could be used to indicate the presence of dynamic semantic conflicts between developers contributions in…

Software Engineering · Computer Science 2024-04-15 Roberto Souto Maior de Barros Filho , Paulo Borba

As AI agents become increasingly autonomous and capable, ensuring their security against vulnerabilities such as prompt injection becomes critical. This paper explores the use of information-flow control (IFC) to provide security guarantees…

Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this…

Cryptography and Security · Computer Science 2014-01-22 Abhishek Bichhawat , Vineet Rajani , Deepak Garg , Christian Hammer

We propose an approach on model checking information flow for imperative language with procedures. We characterize our model with pushdown system, which has a stack of unbounded length that naturally models the execution of procedural…

Cryptography and Security · Computer Science 2010-12-15 Cong Sun , Liyong Tang , Zhong Chen

We demonstrate that traits are a natural way to support correctness-by-construction (CbC) in an existing programming language in the presence of traditional post-hoc verification (PhV). With Correctness-by-Construction, programs are…

Programming Languages · Computer Science 2022-04-13 Tobias Runge , Alex Potanin , Thomas Thüm , Ina Schaefer

It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is…

Logic in Computer Science · Computer Science 2020-10-23 Robert Sison , Toby Murray

Information flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. While past work has proposed information theoretic metrics (e.g., Shannon entropy, min-entropy,…

Cryptography and Security · Computer Science 2010-09-22 Ji Zhu , Mudhakar Srivatsa

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly…

Programming Languages · Computer Science 2013-02-14 Martin Lester , Luke Ong , Max Schaefer

Ensuring compliance with Information Flow Security (IFS) is known to be challenging, especially for concurrent systems with large codebases such as multicore operating system (OS) kernels. Refinement, which verifies that an implementation…

Logic in Computer Science · Computer Science 2025-11-11 Huan Sun , David Sanán , Jingyi Wang , Yongwang Zhao , Jun Sun , Wenhai Wang

Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect control-flow…

Cryptography and Security · Computer Science 2018-12-21 Paul Muntean

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and…

Cryptography and Security · Computer Science 2014-04-09 Thomas Bauereiss , Dieter Hutter

Mobile and IoT applications have greatly enriched our daily life by providing convenient and intelligent services. However, these smart applications have been a prime target of adversaries for stealing sensitive data. It poses a crucial…

Cryptography and Security · Computer Science 2021-06-10 Ning Xi , Chao Chen , Jun Zhang , Cong Sun , Shigang Liu , Pengbin Feng , Jianfeng Ma

Traffic analysis attacks remain a significant problem for online security. Communication between nodes can be observed by network level attackers as it inherently takes place in the open. Despite online services increasingly using encrypted…

Cryptography and Security · Computer Science 2025-07-04 Jeppe Fredsgaard Blaabjerg , Aslan Askarov

Simulink/Stateflow charts are widely used in industry for the specification of control systems, which are often safety-critical. This suggests a need for a formal treatment of such models. In previous work, we have proposed a technique for…

Logic in Computer Science · Computer Science 2011-06-22 Alvaro Miyazawa , Ana Cavalcanti

The enormous amount of code required to design modern hardware implementations often leads to critical vulnerabilities being overlooked. Especially vulnerabilities that compromise the confidentiality of sensitive data, such as cryptographic…

Cryptography and Security · Computer Science 2021-12-23 Lennart M. Reimann , Luca Hanel , Dominik Sisejkovic , Farhad Merchant , Rainer Leupers

Information flow analysis prevents secret or untrusted data from flowing into public or trusted sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint analysis to heavyweight information flow control that…

Cryptography and Security · Computer Science 2019-06-28 Cristian-Alexandru Staicu , Daniel Schoepe , Musard Balliu , Michael Pradel , Andrei Sabelfeld

Formal verification of software and compilers has been used to rule out large classes of security-critical issues, but risk of unintentional information leakage has received much less consideration. It is a key requirement for formal…

Programming Languages · Computer Science 2025-04-23 Owen Conoly , Andres Erbsen , Adam Chlipala