Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal
are based on the OpenID Connect protocol. This protocol enables so-called relying parties …

We present FlowFox, the first fully functional web browser that implements a precise and
general information flow control mechanism for web scripts based on the technique of …

Tracking information flow in dynamic languages remains an important and intricate problem.
This paper makes substantial headway toward understanding the main challenges and …

Websites today routinely combine JavaScript from multiple sources, both trusted and
untrusted. Hence, JavaScript security is of paramount importance. A specific interesting …

In the last few years, many security researchers proposed to endow the web platform with
more rigorous foundations, thus allowing for a precise reasoning on web security issues …

Session cookies constitute one of the main attack targets against client authentication on the
Web. To counter these attacks, modern web browsers implement native cookie protection …

We observe a rapid growth of web-based applications every day. These applications are
executed in the web browser, where they interact with a variety of information belonging to …

Recently, much progress has been made on achieving information-flow security via secure
multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by …

IoT platforms enable users to connect various smart devices and online services via reactive
apps running on the cloud. These apps, often developed by third-parties, perform simple …

To enforce non-interference, both Secure Multi-Execution (SME) and Multiple Facets (MF)
rely on the introduction of multi-executions. The attractiveness of these techniques is that …