Sciweavers

ESORICS
2011
Springer
13 years 2 days ago
A Systematic Analysis of XSS Sanitization in Web Application Frameworks
While most research on XSS defense has focused on techniques for securing existing applications and re-architecting browser mechanisms, sanitization remains the industry-standard d...
Joel Weinberger, Prateek Saxena, Devdatta Akhawe, ...
ESORICS
2011
Springer
13 years 2 days ago
A Light-Weight Solution to Preservation of Access Pattern Privacy in Un-trusted Clouds
Abstract. Cloud computing is a new computing paradigm that is gaining increased popularity. More and more sensitive user data are stored in the cloud. The privacy of users’ acces...
Ka Yang, Jinsheng Zhang, Wensheng Zhang, Daji Qiao
CSFW
2011
IEEE
13 years 4 days ago
A Statistical Test for Information Leaks Using Continuous Mutual Information
—We present a statistical test for detecting information leaks in systems with continuous outputs. We use continuous mutual information to detect the information leakage from tri...
Tom Chothia, Apratim Guha
CSFW
2011
IEEE
13 years 4 days ago
Security for Key Management Interfaces
—We propose a much-needed formal definition of security for cryptographic key management APIs. The advantages of our definition are that it is general, intuitive, and applicabl...
Steve Kremer, Graham Steel, Bogdan Warinschi
CSFW
2011
IEEE
13 years 4 days ago
Modular Protections against Non-control Data Attacks
—This paper introduces YARRA, a conservative extension to C to protect applications from non-control data attacks. YARRA programmers specify their data integrity requirements by ...
Cole Schlesinger, Karthik Pattabiraman, Nikhil Swa...
CSFW
2011
IEEE
13 years 4 days ago
The Complexity of Quantitative Information Flow Problems
—In this paper, we investigate the computational complexity of quantitative information flow (QIF) problems. Information-theoretic quantitative relaxations of noninterference (b...
Pavol Cerný, Krishnendu Chatterjee, Thomas ...
CSFW
2011
IEEE
13 years 4 days ago
Dynamic Enforcement of Knowledge-Based Security Policies
—This paper explores the idea of knowledge-based security policies, which are used to decide whether to answer queries over secret data based on an estimation of the querier’s ...
Piotr Mardziel, Stephen Magill, Michael Hicks, Mud...
CSFW
2011
IEEE
13 years 4 days ago
Formal Analysis of Protocols Based on TPM State Registers
—We present a Horn-clause-based framework for analysing security protocols that use platform configuration registers (PCRs), which are registers for maintaining state inside the...
Stéphanie Delaune, Steve Kremer, Mark Dermo...
CSFW
2011
IEEE
13 years 4 days ago
Local Memory via Layout Randomization
—Randomization is used in computer security as a tool to introduce unpredictability into the software infrastructure. In this paper, we study the use of randomization to achieve ...
Radha Jagadeesan, Corin Pitcher, Julian Rathke, Ja...