Javascript zero: Real javascript and zero side-channel attacks
Modern web browsers are ubiquitously used by billions of users, connecting them to the
world wide web. From the other side, web browsers do not only provide a unified interface …
world wide web. From the other side, web browsers do not only provide a unified interface …
User-controlled privacy: taint, track, and control
We develop the first language-based, Privacy by Design approach that provides support for
a rich class of privacy policies. The policies are user-defined, rather than programmer …
a rich class of privacy policies. The policies are user-defined, rather than programmer …
An empirical study of information flows in real-world javascript
Information flow analysis prevents secret or untrusted data from flowing into public or trusted
sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint …
sinks. Existing mechanisms cover a wide array of options, ranging from lightweight taint …
Tainted Secure Multi-Execution to Restrict Attacker Influence
Attackers can steal sensitive user information from web pages via third-party scripts. Prior
work shows that secure multi-execution (SME) with declassification is useful for mitigating …
work shows that secure multi-execution (SME) with declassification is useful for mitigating …
Compositional information flow monitoring for reactive programs
To prevent applications from leaking users' private data to attackers, researchers have
developed runtime information flow control (IFC) mechanisms. Most existing approaches are …
developed runtime information flow control (IFC) mechanisms. Most existing approaches are …
Brigadier: A Datalog-based IAST framework for Node. js Applications
The NODE. JS runtime, in combination with Node Package Manager (NPM), is a popular
ecosystem for building server-side web applications. Both JavaScript's flexible and dynamic …
ecosystem for building server-side web applications. Both JavaScript's flexible and dynamic …
Knowledge-based security of dynamic secrets for reactive programs
Scripts on webpages could steal sensitive user data. Much work has been done, both in
modeling and implementation, to enforce information flow control (IFC) of webpages to …
modeling and implementation, to enforce information flow control (IFC) of webpages to …
Information Flow Control for Dynamic Reactive Systems
MK McCall - 2023 - search.proquest.com
It is common for reactive systems like web services to collect personal information and/or
perform sensitive tasks, making information flow control (IFC) in these applications …
perform sensitive tasks, making information flow control (IFC) in these applications …
Restricting Attacker Influence in Reactive Programs with Dynamic Secrets
MK McCall, A Bichhawat, L Jia - kilthub.cmu.edu
Prior work has established that the attacker should not be allowed to influence what is
declassified or when declassification occurs. Meanwhile, other work looks at protecting …
declassified or when declassification occurs. Meanwhile, other work looks at protecting …
[图书][B] Flexible information-flow control
D Schoepe - 2018 - search.proquest.com
As more and more sensitive data is handled by software, its trustworthiness becomes an
increasingly important concern. This thesis presents work on ensuring that information …
increasingly important concern. This thesis presents work on ensuring that information …