Web applications are one of the most prevalent platforms for information and service
delivery over the Internet today. As they are increasingly used for critical services, web …

Current standard security practices do not provide substantial assurance that the end-to-end
behavior of a computing system satisfies important security policies such as confidentiality …

Taint-style vulnerabilities are a persistent problem in software development, as the recently
discovered" Heart bleed" vulnerability strikingly illustrates. In this class of vulnerabilities …

Android is a popular mobile-device platform developed by Google. Android's application
model is designed to encourage applications to share their code and data with other …

The recent discovery of the Spectre and Meltdown attacks represents a watershed moment
not just for the field of Computer Security, but also of Programming Languages. This paper …

Web applications are one of the most prevalent platforms for information and services
delivery over Internet today. As they are increasingly used for critical services, web …

JavaScript drives the evolution of the web into a powerful application platform. Increasingly,
web applications combine services from different providers. The script inclusion mechanism …

Polyglot is an extensible compiler framework that supports the easy creation of compilers for
languages similar to Java, while avoiding code duplication. The Polyglot framework is useful …

Computing systems often deliberately release (or declassify) sensitive information. A
principal security concern for systems permitting information release is whether this release …

This paper seeks to answer fundamental questions about trade-offs between static and
dynamic security analysis. It has been previously shown that flow-sensitive static information …