Information flow analysis prevents secret or untrusted data from flowing into public or trusted
sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint …

This paper presents a practical and formal approach to analyze security-centric information
flow policies at the level of the design model. Specifically, we focus on data confidentiality …

The last decade has seen a proliferation of codereuse attacks in the context of web
applications. These attacks stem from Object Injection Vulnerabilities (OIV) enabling attacker …

Web pages aggressively track users for a variety of purposes from targeted advertisements
to enhanced authentication. As browsers move to restrict traditional cookie-based tracking …

Dependency is a prevalent notion in computer science. There have been numerous informal
or formal attempts to define viable syntactic and semantic concepts of dependency in …

Digitalization has revolutionized the automotive industry. Modern cars are equipped with
powerful Internetconnected infotainment systems, comparable to tablets and smartphones …

Recent years have seen a proliferation of research on information flow control. While the
progress has been tremendous, it has also given birth to a bewildering breed of concepts …

Dynamic taint analysis is often used as a defense against low-integrity data in applications
with untrusted user interfaces. An important example is defense against XSS and injection …

Context: Security is a growing concern in many organizations. Industries develo**
software systems plan for security early-on to minimize expensive code refactorings after …

Knowing that a persistent attacker will eventually succeed in gaining a foothold inside the
targeted network despite prevention mechanisms, it is mandatory to perform security …