In this article, we survey the most common attacks against web sessions, that is, attacks that
target honest web browser users establishing an authenticated session with a trusted web …

Runtime verification is an area of formal methods that studies the dynamic analysis of
execution traces against formal specifications. Typically, the two main activities in runtime …

Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal
are based on the OpenID Connect protocol. This protocol enables so-called relying parties …

The large amount of third-party packages available in fast-moving software ecosystems,
such as Node. js/npm, enables attackers to compromise applications by pushing malicious …

Browser extensions are small JavaScript, CSS and HTML programs that run inside the
browser with special privileges. These programs, often written by third parties, operate on …

Motivation Scientists increasingly rely on intelligent information systems to help them in their
daily tasks, in particular for managing research objects, like publications or datasets. The …

We develop the first language-based, Privacy by Design approach that provides support for
a rich class of privacy policies. The policies are user-defined, rather than programmer …

Browser extensions provide a powerful platform to enrich browsing experience. At the same
time, they raise important security questions. From the point of view of a website, some …

Some of the most dangerous web attacks, such as Cross-Site Scripting and sql injection,
exploit vulnerabilities in web applications that may accept and process data of uncertain …

Smartphone users often use private and enterprise data with untrusted third party
applications. The fundamental lack of secrecy guarantees in smartphone OSes, such as …