Information security can be compromised by leakage via low-level hardware features. One
recently prominent example is cache probing attacks, which rely on timing channels created …

Information flow policies are confidentiality policies that control information leakage through
program execution. A common way to enforce secure information flow is through information …

Runtime verification is an area of formal methods that studies the dynamic analysis of
execution traces against formal specifications. Typically, the two main activities in runtime …

JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …

This paper seeks to answer fundamental questions about trade-offs between static and
dynamic security analysis. It has been previously shown that flow-sensitive static information …

Abstract Information flow control (IFC) checks whether a program can leak secret data to
public ports, or whether critical computations can be influenced from outside. But many IFC …

Abstract Information-flow control tracks how information propagates through the program
during execution to make sure that the program handles the information securely. Secure …

We describe a new, dynamic, floating-label approach to language-based information flow
control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a …

We propose an approach to quantify interference in a simple imperative language that
includes a loo** construct. In this paper we focus on a particular case of this definition of …

A key challenge in dynamic information flow analysis is handling implicit flows, where code
conditional on a private variable updates a public variable x. The naive approach of …