Daniel Hedin

Learn More
Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of Java Script: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful(More)
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web applications combine services from different providers. The script inclusion mechanism routinely turns barebone web pages into full-fledged services built up from third-party code. Such code provides a range of facilities from helper utilities (such as jQuery)(More)
Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to secret information are not prevented from leaking this to the world. Information-flow aware analyses track the flow of information through the program to prevent such leakages, but often ignore information flows through covert channels even though they pose(More)
In Proc. 13th International Static Analysis Symposium, Seoul, Korea, August 2006. LNCS. © Springer-Verlag Abstract. Cryptographic operations are essential for many security-critical systems. Reasoning about information flow in such systems is challenging because typical (noninterference-based) information-flow definitions allow no flow from secret to public(More)
Secure integration of third-party code is one of the prime challenges for securing today's web. Recent empirical studies give evidence of pervasive reliance on and excessive trust in third-party JavaScript, with no adequate security mechanism to limit the trust or the extent of its abuse. Information flow control is a promising approach for controlling the(More)
V.M. Abazov, B. Abbott, M. Abolins, B. S. Acharya, M. Adams, T. Adams, E. Aguilo, S. H. Ahn, M. Ahsan, G.D. Alexeev, G. Alkhazov, A. Alton,* G. Alverson, G.A. Alves, M. Anastasoaie, L. S. Ancu, T. Andeen, S. Anderson, M. S. Anzelc, M. Aoki, Y. Arnoud, M. Arov, M. Arthaud, A. Askew, B. Åsman, A. C. S. Assis Jesus, O. Atramentov, C. Avila, C. Ay, F. Badaud,(More)
The D0 Collaboration presents first evidence for the production of single top quarks at the Fermilab Tevatron pp[over ] collider. Using a 0.9 fb(-1) dataset, we apply a multivariate analysis to separate signal from background and measure sigma(pp[over ]-->tb+X,tqb+X)=4.9+/-1.4 pb. The probability to measure a cross section at this value or higher in the(More)
A common theoretical assumption in the study of information flow security in Java-like languages is that pointers are opaque - i.e., that the only properties that can be observed of pointers are the objects to which they point, and (at most) their equality. These assumptions often fail in practice. For example, various important operations in Java's(More)
We report observation of the electroweak production of single top quarks in pp[over ] collisions at sqrt[s]=1.96 TeV based on 2.3 fb(-1) of data collected by the D0 detector at the Fermilab Tevatron Collider. Using events containing an isolated electron or muon and missing transverse energy, together with jets originating from the fragmentation of b quarks,(More)
We present an observation for ZZ-->l+l-l'+l'- (l, l'=e or mu) production in p[over]p collisions at a center-of-mass energy of sqrt[s]=1.96 TeV. Using 1.7 fb(-1) of data collected by the D0 experiment at the Fermilab Tevatron Collider, we observe three candidate events with an expected background of 0.14(+0.03)_(-0.02) events. The significance of this(More)