JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …

This paper seeks to answer fundamental questions about trade-offs between static and
dynamic security analysis. It has been previously shown that flow-sensitive static information …

We present FlowFox, the first fully functional web browser that implements a precise and
general information flow control mechanism for web scripts based on the technique of …

Tracking information flow in dynamic languages remains an important and intricate problem.
This paper makes substantial headway toward understanding the main challenges and …

Abstract Information-flow control tracks how information propagates through the program
during execution to make sure that the program handles the information securely. Secure …

A key challenge in dynamic information flow analysis is handling implicit flows, where code
conditional on a private variable updates a public variable x. The naive approach of …

This paper studies the problem of securing information release in dynamic languages. We
propose (i) an intuitive framework for information-release policies expressing both what can …

Historically, dynamic techniques are the pioneers of the area of information flow in the 70's.
In their seminal work, Denning and Denning suggest a static alternative for information-flow …

Recently, much progress has been made on achieving information-flow security via secure
multi-execution. Secure multi-execution (SME) is an elegant way to enforce security by …

This paper explores the problem of tracking information flow in dynamic tree structures.
Motivated by the problem of manipulating the Document Object Model (DOM) trees by …