English
Related papers

Related papers: Cocoon: Static Information Flow Control in Rust

200 papers

Existing language-based information-flow control (IFC) tools face a fundamental tension: Denning-style systems that track explicit and implicit flows at the variable level typically require compiler modifications, while more coarse-grained…

Programming Languages · Computer Science 2026-04-17 Jeffrey C. Ching , Quan Zhou , Danfeng Zhang

Static information flow control (IFC) systems provide the ability to restrict data flows within a program, enabling vulnerable functionality or confidential data to be statically isolated from unsecured data or program logic. Despite the…

Programming Languages · Computer Science 2022-10-25 Hemant Gouni , Jonathan Aldrich

Many important security problems in JavaScript, such as browser extension security, untrusted JavaScript libraries and safe integration of mutually distrustful websites (mash-ups), may be effectively addressed using an efficient…

Programming Languages · Computer Science 2015-01-20 Stefan Heule , Deian Stefan , Edward Z. Yang , John C. Mitchell , Alejandro Russo

In security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after…

Cryptography and Security · Computer Science 2022-08-05 Tobias Runge , Alexander Kittelmann , Marco Servetto , Alex Potanin , Ina Schaefer

Noninterference guarantees that an attacker cannot infer secrets by interacting with a program. Information flow control (IFC) type systems assert noninterference by tracking the level of information learned (pc) and disallowing…

Programming Languages · Computer Science 2024-07-31 Farzaneh Derakhshan , Stephanie Balzer , Yue Yao

We present Clio, an information flow control (IFC) system that transparently incorporates cryptography to enforce confidentiality and integrity policies on untrusted storage. Clio insulates developers from explicitly manipulating keys and…

Cryptography and Security · Computer Science 2017-08-30 Lucas Waye , Pablo Buiras , Owen Arden , Alejandro Russo , Stephen Chong

Websites today routinely combine JavaScript from multiple sources, both trusted and untrusted. Hence, JavaScript security is of paramount importance. A specific interesting problem is information flow control (IFC) for JavaScript. In this…

Cryptography and Security · Computer Science 2014-01-22 Abhishek Bichhawat , Vineet Rajani , Deepak Garg , Christian Hammer

This work's main goal is to understand if Information Flow Control (IFC), a security technique used for discovering leaks in software, could be used to indicate the presence of dynamic semantic conflicts between developers contributions in…

Software Engineering · Computer Science 2024-04-15 Roberto Souto Maior de Barros Filho , Paulo Borba

Protection of confidential data is an important security consideration of today's applications. Of particular concern is to guard against unintentional leakage to a (malicious) observer, who may interact with the program and draw inference…

Logic in Computer Science · Computer Science 2024-07-03 Bas van den Heuvel , Farzaneh Derakhshan , Stephanie Balzer

This tutorial provides a complete and homogeneous account of the latest advances in fine- and coarse-grained dynamic information-flow control (IFC) security. Since the 70s, the programming language and the operating system communities have…

Programming Languages · Computer Science 2022-08-30 Marco Vassena , Alejandro Russo , Deepak Garg , Vineet Rajani , Deian Stefan

Statically analyzing information flow, or how data influences other data within a program, is a challenging task in imperative languages. Analyzing pointers and mutations requires access to a program's complete source. However, programs…

Programming Languages · Computer Science 2022-03-17 Will Crichton , Marco Patrignani , Maneesh Agrawala , Pat Hanrahan

Languages with gradual information-flow control combine static and dynamic techniques to prevent security leaks. Gradual languages should satisfy the gradual guarantee: programs that only differ in the precision of their type annotations…

Programming Languages · Computer Science 2024-04-10 Tianyu Chen , Jeremy G. Siek

All modern web browsers - Internet Explorer, Firefox, Chrome, Opera, and Safari - have a core rendering engine written in C++. This language choice was made because it affords the systems programmer complete control of the underlying…

Programming Languages · Computer Science 2015-05-28 Brian Anderson , Lars Bergstrom , David Herman , Josh Matthews , Keegan McAllister , Manish Goregaokar , Jack Moffitt , Simon Sapin

Correct concurrent programs are difficult to write; when multiple threads mutate shared data, they may lose writes, corrupt data, or produce erratic program behavior. While many of the data-race issues with concurrency can be avoided by the…

Distributed, Parallel, and Cluster Computing · Computer Science 2019-04-30 Aditya Saligrama , Andrew Shen , Jon Gjengset

Rust is a promising programming language that focuses on concurrency, usability, and security. It is used in production code by major industry players and got recommended by government bodies. Rust provides strong security guarantees…

Cryptography and Security · Computer Science 2025-05-06 David Paaßen , Jens-Rene Giesen , Lucas Davi

Information Flow Control (IFC) is a collection of techniques for ensuring a no-write-down no-read-up style security policy known as noninterference. Traditional methods for both static and dynamic IFC suffer from untenable numbers of false…

Cryptography and Security · Computer Science 2020-05-27 Maximilian Algehed , Cormac Flanagan

We introduce Cargo Scan, the first interactive program analysis tool designed to help developers audit third-party Rust code. Real systems written in Rust rely on thousands of transitive dependencies. These dependencies are as dangerous in…

Programming Languages · Computer Science 2026-02-09 Lydia Zoghbi , David Thien , Ranjit Jhala , Deian Stefan , Caleb Stanford

We present Labeled Input Output in F* (LIO*), a verified framework that enforces information flow control (IFC) policies developed in F* and automatically extracted to C. Inspired by LIO, we encapsulated IFC policies into effects, but using…

Cryptography and Security · Computer Science 2020-04-29 Jean-Joseph Marty , Lucas Franceschino , Jean-Pierre Talpin , Niki Vazou

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks.…

Software Engineering · Computer Science 2026-01-21 Jialun Zhang , Merve Gulmez , Thomas Nyman , Gang Tan

Rust programming language is gaining popularity rapidly in building reliable and secure systems due to its security guarantees and outstanding performance. To provide extra functionalities, the Rust compiler introduces Rust unstable…

Software Engineering · Computer Science 2023-10-27 Chenghao Li , Yifei Wu , Wenbo Shen , Zichen Zhao , Rui Chang , Chengwei Liu , Yang Liu , Kui Ren
‹ Prev 1 2 3 10 Next ›