Current machine-learning based software vulnerability detection methods are primarily
conducted at the function-level. However, a key limitation of these methods is that they do …

Permissionless blockchains allow the execution of arbitrary programs (called smart
contracts), enabling mutually untrusted entities to interact without relying on trusted third …

Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …

Static information-flow analysis (especially taint-analysis) is a key technique in software
security, computing where sensitive or untrusted data can propagate in a program. Points-to …

Managing privacy in the IoT presents a significant challenge. We make the case that
information obtained by auditing the flows of data can assist in demonstrating that the …

The Web today is a growing universe of pages and applications teeming with interactive
content. The security of such applications is of the utmost importance, as exploits can have a …

Infrastructure as Code is the practice of automating the provisioning, configuration, and
orchestration of network nodes using code in which variable values such as configuration …

Code similarity is one promising approach to detect vulnerabilities hidden in software
programs. However, due to the complexity and diversity of source code, current methods …

Creating and maintaining an up-to-date set of security rules that match misuses of crypto
APIs is challenging, as crypto APIs constantly evolve over time with new cryptographic …

This paper presents LWeb, a framework for enforcing label-based, information flow policies
in database-using web applications. In a nutshell, LWeb marries the LIO Haskell IFC …