Learn More
We present a method to support the gradual evolution of secure scripts by formalizing an extension of the simply-typed lambda calculus that provides information flow constructs. These constructs allow initially insecure programs to evolve via targeted refactoring and to provide dynamic information flow guarantees via casts, as well as static information(More)
The potential for unexpected interference between threads makes multithreaded programming notoriously difficult. Programmers use a variety of synchronization idioms such as locks and barriers to restrict where interference may actually occur. Unfortunately, the resulting actual interference points are typically never documented and must be manually(More)
Although JavaScript is an important part of Web 2.0, it has historically been a major source of security holes. Code from malicious advertisers and cross-site-scripting (XSS) attacks are particularly pervasive problems. In this paper, we explore dynamic information flow to prevent the loss of confidential information from malicious JavaScript code. In(More)
  • 1