• Publications
  • Influence
Language-based information-flow security
TLDR
In this paper, we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information flow policies. Expand
  • 2,027
  • 141
  • PDF
Probabilistic noninterference for multi-threaded programs
TLDR
We present a probability-sensitive confidentiality specification-a form of probabilistic noninterference-for a small multi-threaded programming language with dynamic thread creation. Expand
  • 343
  • 36
  • PDF
A Model for Delimited Information Release
TLDR
This paper introduces a new security property, delimited release, an end-to-end guarantee that declassification cannot be exploited to construct laundering attacks. Expand
  • 218
  • 28
  • PDF
Declassification: Dimensions and principles
TLDR
We provide a road map of the main directions of current research, by classifying the basic goals according to what information is released, who releases information, where in the systeminformation is released and when information can be released. Expand
  • 256
  • 26
  • PDF
Gradual Release: Unifying Declassification, Encryption and Key Release Policies
TLDR
Information security has a challenge to address: enabling information-flow controls with expressive information release (or declassification) policies. Expand
  • 151
  • 21
  • PDF
Dynamic vs. Static Flow-Sensitive Security Analysis
TLDR
We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. Expand
  • 184
  • 20
  • PDF
Information-Flow Security for a Core of JavaScript
TLDR
We develop a dynamic type system for enforcing secure information flow for core features of JavaScript: objects, higher-order functions, exceptions, and dynamic code evaluation. Expand
  • 142
  • 20
  • PDF
Dimensions and principles of declassification
TLDR
We provide a road map of the main directions of current research, by classifying the basic goals according to what information is released, who releases information, where in the system information isreleased, and when information can be released. Expand
  • 301
  • 19
  • PDF
Termination-Insensitive Noninterference Leaks More Than Just a Bit
TLDR
In this paper we develop a definition of termination-insensitive noninterference suitable for reasoning about programs with outputs. Expand
  • 193
  • 19
  • PDF
Tight Enforcement of Information-Release Policies for Dynamic Languages
TLDR
We propose an intuitive and general framework for reasoning about information-release policies for expressing both what (with policies with respect to both the values of the initial memory and the values freshly received on input) can be released by an application and where in the code this release may take place. Expand
  • 139
  • 19
  • PDF
...
1
2
3
4
5
...