Runtime verification is an area of formal methods that studies the dynamic analysis of
execution traces against formal specifications. Typically, the two main activities in runtime …

An operating system kernel written in the Rust language would have extremely fine-grained
isolation boundaries, have no memory leaks, and be safe from a wide range of security …

Noninterference is a popular semantic security condition because it offers strong end-to-end
guarantees, it is inherently compositional, and it can be enforced using a simple security …

In security-typed programming languages, types statically enforce noninterference between
potentially conspiring values, such as the arguments and results of functions. But to adopt …

This paper presents LWeb, a framework for enforcing label-based, information flow policies
in database-using web applications. In a nutshell, LWeb marries the LIO Haskell IFC …

This research report gives a high-level technical overview of avenues that can be used to
attack applications that use Software Guard Extensions as a privacy enhancing technology …

Web applications are governed by privacy policies, but developers lack practical
abstractions to ensure that their code actually abides by these policies. This leads to …

Statically analyzing information flow, or how data influences other data within a program, is a
challenging task in imperative languages. Analyzing pointers and mutations requires access …

We present Storm, a web framework that allows developers to build MVC applications with
compile-time enforcement of centrally specified data-dependent security policies. Storm …

We introduce SecWasm, the first general purpose information-flow control system for
WebAssembly (Wasm), thus extending the safety guarantees offered by Wasm with …