Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …

JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …

We present a novel approach for efficiently tracking information flow in a dynamically-typed
language such as JavaScript. Our approach is purely dynamic, and it detects problems with …

Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …

Abstract Information-flow control tracks how information propagates through the program
during execution to make sure that the program handles the information securely. Secure …

A key challenge in dynamic information flow analysis is handling implicit flows, where code
conditional on a private variable updates a public variable x. The naive approach of …

Information security has a challenge to address: enabling information-flow controls with
expressive information release (or declassification) policies. Existing approaches tend to …

With the rapid increase in cloud services collecting and using user data to offer personalized
experiences, ensuring that these services comply with their privacy policies has become a …

We describe the security verification of OpenTitan. We illustrate how information flow
tracking turns human knowledge of assets and security requirements into formal security …

This paper provides a way to specify expressive declassification policies, in particular, when,
what, and where policies that include conditions under which downgrading is allowed …