Learn More
Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and resolving them. We identify language constructs that constitute a core of Java Script: objects, higher-order functions, exceptions, and dynamic code evaluation. The core is powerful(More)
JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web applications combine services from different providers. The script inclusion mechanism routinely turns barebone web pages into full-fledged services built up from third-party code. Such code provides a range of facilities from helper utilities (such as jQuery)(More)
The CALICE collaboration is studying the design of high performance electromagnetic and hadronic calorimeters for future International Linear Collider detectors. For the electromagnetic calorimeter, the current baseline choice is a high granularity sampling calorimeter with tungsten as absorber and silicon detectors as sensitive material. A " physics(More)
Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to secret information are not prevented from leaking this to the world. Information-flow aware analyses track the flow of information through the program to prevent such leakages, but often ignore information flows through covert channels even though they pose(More)
Information-flow control tracks how information propagates through the program during execution to make sure that the program handles the information securely. Secure information flow is comprised of two related aspects: information confidentiality and information integrity — intuitively pertaining to the reading and writing of the information. The(More)
This paper studies the foundations of information-flow security for interactive programs. Previous research assumes that the environment is total, that is, it must always be ready to feed new inputs into programs. However, programs secure under this assumption can leak the presence of input. Such leaks can be magnified to whole-secret leaks in the(More)
Secure integration of third-party code is one of the prime challenges for securing today's web. Recent empirical studies give evidence of pervasive reliance on and excessive trust in third-party JavaScript, with no adequate security mechanism to limit the trust or the extent of its abuse. Information flow control is a promising approach for controlling the(More)
The root cause for <i>confidentiality</i> and <i>integrity</i> attacks against computing systems is insecure <i>information flow</i>. The complexity of modern systems poses a major challenge to secure <i>end-to-end</i> information flow, ensuring that the insecurity of a single component does not render the entire system insecure. While information flow in a(More)
The D0 Collaboration presents first evidence for the production of single top quarks at the Fermilab Tevatron pp[over ] collider. Using a 0.9 fb(-1) dataset, we apply a multivariate analysis to separate signal from background and measure sigma(pp[over ]-->tb+X,tqb+X)=4.9+/-1.4 pb. The probability to measure a cross section at this value or higher in the(More)