JavaScript has become a central technology of the web, but it is also the source of many security problems, including cross-site scripting attacks and malicious advertising code. ...
It is well recognized that JavaScript can be exploited to launch browser-based security attacks. We propose to battle such attacks using program instrumentation. Untrusted JavaScr...
Dachuan Yu, Ajay Chander, Nayeem Islam, Igor Serik...
This paper presents a language in which information flow is securely controlled by a type system, yet the security class of data can vary dynamically. Information flow policies ...
The core problem in risk analysis - determining exploitable paths between attackers and system assets is essentially a problem of determining information flow. It is relatively st...
Abstract. We propose a new type discipline for the -calculus in which secure information flow is guaranteed by static type checking. Secrecy levels are assigned to channels and are...