Value-dependent noninterference allows the classification of program variables to depend
on the contents of other variables, and therefore is able to express a range of data …

Industries and governments are increasingly compelled by regulations and public pressure
to handle sensitive information responsibly. Regulatory requirements and user expectations …

Shared memory concurrency is pervasive in modern programming, including in systems that
must protect highly sensitive data. Recently, verification has finally emerged as a practical …

Non-interference is a program property that ensures the absence of information leaks. In the
context of programming languages, there exist two common approaches for establishing …

We present SecCSL, a concurrent separation logic for proving expressive, data-dependent
information flow security properties of low-level programs. SecCSL is considerably more …

Language-based information flow control (IFC) tracks dependencies within a program using
sensitivity labels and prohibits public outputs from depending on secret inputs. In particular …

Controlling confidential information in concurrent systems is difficult, due to covert channels
resulting from interaction between threads. This problem is exacerbated if threads share …

It is common to prove by reasoning over source code that programs do not leak sensitive
data. But doing so leaves a gap between reasoning and reality that can only be filled by …

We present a new algorithm for checking probabilistic noninterference in concurrent
programs. The algorithm, named RLSOD, is based on the Low-Security Observational …

The formal specification of privacy goals in symbolic protocol models has proved to be not
quite trivial so far. The most widely used approach in formal methods is based on the static …