For over two decades, timing attacks have been an active area of research within applied
cryptography. These attacks exploit cryptosystem or protocol implementations that do not run …

JavaScript drives the evolution of the web into a powerful application platform. Increasingly,
web applications combine services from different providers. The script inclusion mechanism …

JavaScript has become a central technology of the web, but it is also the source of many
security problems, including cross-site scripting attacks and malicious advertising code …

This paper seeks to answer fundamental questions about trade-offs between static and
dynamic security analysis. It has been previously shown that flow-sensitive static information …

We present a novel approach for efficiently tracking information flow in a dynamically-typed
language such as JavaScript. Our approach is purely dynamic, and it detects problems with …

Abstract Information-flow control tracks how information propagates through the program
during execution to make sure that the program handles the information securely. Secure …

We describe a new, dynamic, floating-label approach to language-based information flow
control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a …

We propose a new language-based approach to mitigating timing channels. In this
language, well-typed programs provably leak only a bounded amount of information over …

Decentralized information flow control (DIFC) is a promising model for writing programs with
powerful, end-to-end security guarantees. Current DIFC systems that run on commodity …

Hyperproperties are properties of computational systems that require more than one trace to
evaluate, eg, many information-flow security and concurrency requirements. Where a trace …