Industries and governments are increasingly compelled by regulations and public pressure
to handle sensitive information responsibly. Regulatory requirements and user expectations …

Hyperproperties generalize ordinary properties by expressing relations among multiple
executions of a system. Self–composition has been used to reduce verifying that a system …

Securing database-backed applications requires tracking information across the application
program and the database together, since securing each component in isolation may still …

Information flow policies are often dynamic, the security concerns of a program will typically
change during execution to reflect security-relevant events. A key challenge is how to best …

Attackers can steal sensitive user information from web pages via third-party scripts. Prior
work shows that secure multi-execution (SME) with declassification is useful for mitigating …

To prevent applications from leaking users' private data to attackers, researchers have
developed runtime information flow control (IFC) mechanisms. Most existing approaches are …

Information flow control and dynamic policies is a difficult relationship yet to be fully
understood. While dynamic policies are a natural choice in many real-world applications that …

Abstract Social Network Services (SNS) have changed the way people communicate,
bringing many benefits but also new concerns. Privacy is one of them. We present a …

Scripts on webpages could steal sensitive user data. Much work has been done, both in
modeling and implementation, to enforce information flow control (IFC) of webpages to …

We introduce a framework for reasoning about the security of computer systems using modal
logic. This framework is sufficiently expressive to capture a variety of known security …