Context: Web applications are trusted by billions of users for performing day-to-day activities.
Accessibility, availability and omnipresence of web applications have made them a prime …

Web applications are one of the most prevalent platforms for information and service
delivery over the Internet today. As they are increasingly used for critical services, web …

Today's smartphone operating systems frequently fail to provide users with visibility into how
third-party applications collect and share their private data. We address these shortcomings …

Online applications are vulnerable to theft of sensitive information because adversaries can
exploit software bugs to gain access to private data, and because curious or malicious …

As defense solutions against control-flow hijacking attacks gain wide deployment, control-
oriented exploits from memory errors become difficult. As an alternative, attacks targeting …

This paper describes context-sensitive fencing (CSF), a microcode-level defense against
multiple variants of Spectre. CSF leverages the ability to dynamically alter the decoding of …

Theft of private information is a significant problem for online applications. For example, a
recent investigation found that at least eight million people's medical records were stolen as …

Software misconfigurations are time-consuming and enormously frustrating to troubleshoot.
In this paper, we show that dynamic information flow analysis helps solve these problems by …

Web applications rely on servers to store and process confidential information. However,
anyone who gains access to the server (eg, an attacker, a curious administrator, or a …

Mistakes in cryptographic software implementations often undermine the strong security
guarantees offered by cryptography. This paper presents a systematic study of cryptographic …