Andrei Sabelfeld

Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Black Ostrich: Web Application Scanning with String Solvers.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

Poster: Data Minimization by Construction for Trigger-Action Applications.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

2022

Are chrome extensions compliant with the spirit of least privilege?

[BibT_eX]

[DOI]

Int. J. Inf. Sec., 2022

Practical Data Access Minimization in Trigger-Action Platforms.

[BibT_eX]

[DOI]

Proceedings of the 31st USENIX Security Symposium, 2022

CatNap: Leveraging Generic MPC for Actively Secure Privacy-enhancing Proximity Testing with a Napping Party.

[BibT_eX]

[DOI]

Ivan Oleynikov

Elena Pagnin

Proceedings of the 19th International Conference on Security and Cryptography, 2022

SecWasm: Information Flow Control for WebAssembly.

[BibT_eX]

[DOI]

Proceedings of the Static Analysis - 29th International Symposium, 2022

Hardening the security analysis of browser extensions.

[BibT_eX]

[DOI]

Proceedings of the SAC '22: The 37th ACM/SIGAPP Symposium on Applied Computing, Virtual Event, April 25, 2022

DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication.

[BibT_eX]

[DOI]

Maximilian Algehed

Proceedings of the 8th International Conference on Information Systems Security and Privacy, 2022

Outsourcing MPC Precomputation for Location Privacy.

[BibT_eX]

[DOI]

Ivan Oleynikov

Elena Pagnin

Proceedings of the IEEE European Symposium on Security and Privacy, 2022

No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns.

[BibT_eX]

[DOI]

Proceedings of the Annual Computer Security Applications Conference, 2022

2021

SandTrap: Securing JavaScript-driven Trigger-Action Platforms.

[BibT_eX]

[DOI]

Proceedings of the 30th USENIX Security Symposium, 2021

Black Widow: Blackbox Data-driven Web Scanning.

[BibT_eX]

[DOI]

Giancarlo Pellegrino

Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

Data Privacy in Trigger-Action Systems.

[BibT_eX]

[DOI]

Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

EssentialFP: Exposing the Essence of Browser Fingerprinting.

[BibT_eX]

[DOI]

Alexander Sjösten

Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2021

Nontransitive Policies Transpiled.

[BibT_eX]

[DOI]

Proceedings of the IEEE European Symposium on Security and Privacy, 2021

Securing Node-RED Applications.

[BibT_eX]

[DOI]

Proceedings of the Protocols, Strands, and Logic, 2021

2020

Where are you Bob? Privacy-Preserving Proximity Testing with a Napping Party.

[BibT_eX]

[DOI]

Ivan Oleynikov

Elena Pagnin

IACR Cryptol. ePrint Arch., 2020

Data Privacy in Trigger-Action IoT Systems.

[BibT_eX]

[DOI]

CoRR, 2020

VERONICA: Expressive and Precise Concurrent Information Flow Security (Extended Version with Technical Appendices).

[BibT_eX]

[DOI]

Toby Murray

CoRR, 2020

AutoNav: Evaluation and Automatization of Web Navigation Policies.

[BibT_eX]

[DOI]

Proceedings of the WWW '20: The Web Conference 2020, Taipei, Taiwan, April 20-24, 2020, 2020

VERONICA: Expressive and Precise Concurrent Information Flow Security.

[BibT_eX]

[DOI]

Toby Murray

Proceedings of the 33rd IEEE Computer Security Foundations Symposium, 2020

Clockwork: Tracking Remote Timing Attacks.

[BibT_eX]

[DOI]

Proceedings of the 33rd IEEE Computer Security Foundations Symposium, 2020

HMAC and "Secure Preferences": Revisiting Chromium-Based Browsers Security.

[BibT_eX]

[DOI]

Gerardo Schneider

Proceedings of the Cryptology and Network Security - 19th International Conference, 2020

2019

TOPPool: Time-aware Optimized Privacy-Preserving Ridesharing.

[BibT_eX]

[DOI]

Proc. Priv. Enhancing Technol., 2019

Securing IoT Apps.

[BibT_eX]

[DOI]

Musard Balliu

IEEE Secur. Priv., 2019

On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform.

[BibT_eX]

[DOI]

Jonas Groth

Cristian-Alexandru Staicu

Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, 2019

Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks.

[BibT_eX]

[DOI]

Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

Information-Flow Control for Database-Backed Applications.

[BibT_eX]

[DOI]

Proceedings of the IEEE European Symposium on Security and Privacy, 2019

An Empirical Study of Information Flows in Real-World JavaScript.

[BibT_eX]

[DOI]

Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, 2019

2018

Assuring BetterTimes.

[BibT_eX]

[DOI]

J. Comput. Secur., 2018

Tracking Information Flow via Delayed Output - Addressing Privacy in IoT and Emailing Apps.

[BibT_eX]

[DOI]

Frank Piessens

Proceedings of the Secure IT Systems - 23rd Nordic Conference, NordSec 2018, Oslo, Norway, 2018

Information Flow Tracking for Side-Effectful Libraries.

[BibT_eX]

[DOI]

Alexander Sjösten

Proceedings of the Formal Techniques for Distributed Objects, Components, and Systems, 2018

Prudent Design Principles for Information Flow Control.

[BibT_eX]

[DOI]

Frank Piessens

Proceedings of the 13th Workshop on Programming Languages and Analysis for Security, 2018

If This Then What?: Controlling Flows in IoT Apps.

[BibT_eX]

[DOI]

Musard Balliu

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2018

Raising the Bar: Evaluating Origin-wide Security Manifests.

[BibT_eX]

[DOI]

Proceedings of the 34th Annual Computer Security Applications Conference, 2018

2017

Special issue on verified information flow security.

[BibT_eX]

[DOI]

Toby C. Murray

Lujo Bauer

J. Comput. Secur., 2017

Measuring login webpage security.

[BibT_eX]

[DOI]

Proceedings of the Symposium on Applied Computing, 2017

A Principled Approach to Tracking Information Flow in the Presence of Libraries.

[BibT_eX]

[DOI]

Proceedings of the Principles of Security and Trust - 6th International Conference, 2017

Privacy-Preserving Location-Proximity for Mobile Apps.

[BibT_eX]

[DOI]

Proceedings of the 25th Euromicro International Conference on Parallel, 2017

We Are Family: Relating Information-Flow Trackers.

[BibT_eX]

[DOI]

Musard Balliu

Proceedings of the Computer Security - ESORICS 2017, 2017

PrivatePool: Privacy-Preserving Ridesharing.

[BibT_eX]

[DOI]

Claudio Orlandi

Proceedings of the 30th IEEE Computer Security Foundations Symposium, 2017

Discovering Browser Extensions via Web Accessible Resources.

[BibT_eX]

[DOI]

Alexander Sjösten

Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy, 2017

2016

Secure multi-execution: Fine-grained, declassification-aware, and transparent.

[BibT_eX]

[DOI]

J. Comput. Secur., 2016

Information-flow security for JavaScript and its APIs.

[BibT_eX]

[DOI]

Luciano Bello

J. Comput. Secur., 2016

JavaScript Sandboxing: Isolating and Restricting Client-Side JavaScript.

[BibT_eX]

[DOI]

Proceedings of the Foundations of Security Analysis and Design VIII, 2016

Explicit Secrecy: A Policy for Taint Tracking.

[BibT_eX]

[DOI]

Proceedings of the IEEE European Symposium on Security and Privacy, 2016

Progress-Sensitive Security for SPARK.

[BibT_eX]

[DOI]

Deepak Garg

Proceedings of the Engineering Secure Software and Systems - 8th International Symposium, 2016

Let's Face It: Faceted Values for Taint Tracking.

[BibT_eX]

[DOI]

Proceedings of the Computer Security - ESORICS 2016, 2016

JSLINQ: Building Secure Applications across Tiers.

[BibT_eX]

[DOI]

Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy, 2016

MaxPace: Speed-constrained location queries.

[BibT_eX]

[DOI]

Martín Ochoa

Proceedings of the 2016 IEEE Conference on Communications and Network Security, 2016

Data Exfiltration in the Face of CSP.

[BibT_eX]

[DOI]

Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016

Location-enhanced authentication using the IoT: because you cannot be in two places at once.

[BibT_eX]

[DOI]

Georgios Portokalidis

Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016

2015

Web Application Security Using JSFlow.

[BibT_eX]

[DOI]

Proceedings of the 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, 2015

InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol.

[BibT_eX]

[DOI]

Martín Ochoa

Proceedings of the 13th Annual Conference on Privacy, Security and Trust, 2015

BetterTimes - Privacy-Assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields.

[BibT_eX]

[DOI]

Martín Ochoa

Proceedings of the Provable Security, 2015

Value Sensitivity and Observable Abstract Values for Information Flow Control.

[BibT_eX]

[DOI]

Luciano Bello

Proceedings of the Logic for Programming, Artificial Intelligence, and Reasoning, 2015

May I? - Content Security Policy Endorsement for Browser Extensions.

[BibT_eX]

[DOI]

Proceedings of the Detection of Intrusions and Malware, and Vulnerability Assessment, 2015

Understanding and Enforcing Opacity.

[BibT_eX]

[DOI]

Proceedings of the IEEE 28th Computer Security Foundations Symposium, 2015

Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language.

[BibT_eX]

[DOI]

Luciano Bello

Proceedings of the IEEE 28th Computer Security Foundations Symposium, 2015

Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting It Right.

[BibT_eX]

[DOI]

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, 2015

2014

Preface.

[BibT_eX]

[DOI]

J. Comput. Secur., 2014

JSFlow: tracking information flow in JavaScript and its APIs.

[BibT_eX]

[DOI]

Proceedings of the Symposium on Applied Computing, 2014

SeLINQ: tracking information across application-database boundaries.

[BibT_eX]

[DOI]

Proceedings of the 19th ACM SIGPLAN international conference on Functional programming, 2014

Architectures for Inlining Security Monitors in Web Applications.

[BibT_eX]

[DOI]

Proceedings of the Engineering Secure Software and Systems - 6th International Symposium, 2014

Compositional Information-Flow Security for Interactive Systems.

[BibT_eX]

[DOI]

Proceedings of the IEEE 27th Computer Security Foundations Symposium, 2014

2013

Securing Class Initialization in Java-like Languages.

[BibT_eX]

[DOI]

Keiko Nakata

IEEE Trans. Dependable Secur. Comput., 2013

GlassTube: a lightweight approach to web application integrity.

[BibT_eX]

[DOI]

Daniel T. Mauritzson

Proceedings of the 2013 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2013

Polyglots: crossing origins by crossing formats.

[BibT_eX]

[DOI]

Billy K. Rios

Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, 2013

2012

A Perspective on Information-Flow Control.

[BibT_eX]

[DOI]

Proceedings of the Software Safety and Security - Tools for Analysis and Verification, 2012

Web Application Security (Dagstuhl Seminar 12401).

[BibT_eX]

[DOI]

Dagstuhl Reports, 2012

On-the-fly inlining of dynamic security monitors.

[BibT_eX]

[DOI]

Comput. Secur., 2012

Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing.

[BibT_eX]

[DOI]

Proceedings of the Computer Security - ESORICS 2012, 2012

Securing Interactive Programs.

[BibT_eX]

[DOI]

Proceedings of the 25th IEEE Computer Security Foundations Symposium, 2012

Information-Flow Security for a Core of JavaScript.

[BibT_eX]

[DOI]

Proceedings of the 25th IEEE Computer Security Foundations Symposium, 2012

2011

Limiting information leakage in event-based communication.

[BibT_eX]

[DOI]

Proceedings of the 2011 Workshop on Programming Languages and Analysis for Security, 2011

Capabilities for information flow.

[BibT_eX]

[DOI]

Proceedings of the 2011 Workshop on Programming Languages and Analysis for Security, 2011

Multi-run Security.

[BibT_eX]

[DOI]

Proceedings of the Computer Security - ESORICS 2011, 2011

Decentralized Delimited Release.

[BibT_eX]

[DOI]

Proceedings of the Programming Languages and Systems - 9th Asian Symposium, 2011

2010

Implicit flows in malicious and nonmalicious code.

[BibT_eX]

[DOI]

Keqin Li

Proceedings of the Logics and Languages for Reliability and Security, 2010

Security of multithreaded programs by compilation.

[BibT_eX]

[DOI]

ACM Trans. Inf. Syst. Secur., 2010

Preface.

[BibT_eX]

[DOI]

J. Comput. Secur., 2010

Securing Class Initialization.

[BibT_eX]

[DOI]

Keiko Nakata

Proceedings of the Trust Management IV - 4th IFIP WG 11.11 International Conference, 2010

Unifying Facets of Information Integrity.

[BibT_eX]

[DOI]

Proceedings of the Information Systems Security - 6th International Conference, 2010

Dynamic vs. Static Flow-Sensitive Security Analysis.

[BibT_eX]

[DOI]

Proceedings of the 23rd IEEE Computer Security Foundations Symposium, 2010

A lattice-based approach to mashup security.

[BibT_eX]

[DOI]

Proceedings of the 5th ACM Symposium on Information, 2010

2009

Securing interaction between threads and the scheduler in the presence of synchronization.

[BibT_eX]

[DOI]

J. Log. Algebraic Methods Program., 2009

Declassification: Dimensions and principles.

[BibT_eX]

[DOI]

J. Comput. Secur., 2009

Catch me if you can: permissive yet secure error handling.

[BibT_eX]

[DOI]

Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, 2009

Tracking Information Flow in Dynamic Tree Structures.

[BibT_eX]

[DOI]

Andrey Chudnov

Proceedings of the Computer Security, 2009

From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research.

[BibT_eX]

[DOI]

Proceedings of the Perspectives of Systems Informatics, 2009

Securing Timeout Instructions in Web Applications.

[BibT_eX]

[DOI]

Proceedings of the 22nd IEEE Computer Security Foundations Symposium, 2009

Tight Enforcement of Information-Release Policies for Dynamic Languages.

[BibT_eX]

[DOI]

Proceedings of the 22nd IEEE Computer Security Foundations Symposium, 2009

2008

Cryptographically-masked flows.

[BibT_eX]

[DOI]

Theor. Comput. Sci., 2008

Termination-Insensitive Noninterference Leaks More Than Just a Bit.

[BibT_eX]

[DOI]

Proceedings of the Computer Security, 2008

2007

Gradual Release: Unifying Declassification, Encryption and Key Release Policies.

[BibT_eX]

[DOI]

Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 2007

Localized delimited release: combining the what and where dimensions of information release.

[BibT_eX]

[DOI]

Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, 2007

07091 Abstracts Collection - Mobility, Ubiquity and Security.

[BibT_eX]

[DOI]

Proceedings of the Mobility, Ubiquity and Security, 25.02. - 02.03.2007, 2007

07091 Executive Summary - Mobility, Ubiquity and Security.

[BibT_eX]

[DOI]

Proceedings of the Mobility, Ubiquity and Security, 25.02. - 02.03.2007, 2007

Dimensions of Declassification in Theory and Practice.

[BibT_eX]

[DOI]

Proceedings of the Advances in Computer Science, 2007

2006

Enforcing Robust Declassification and Qualified Robustness.

[BibT_eX]

[DOI]

Steve Zdancewic

J. Comput. Secur., 2006

Security for Multithreaded Programs Under Cooperative Scheduling.

[BibT_eX]

[DOI]

Proceedings of the Perspectives of Systems Informatics, 2006

Securing Interaction between Threads and the Scheduler.

[BibT_eX]

[DOI]

Proceedings of the 19th IEEE Computer Security Foundations Workshop, 2006

Closing Internal Timing Channels by Transformation.

[BibT_eX]

[DOI]

Proceedings of the Advances in Computer Science, 2006

2005

"Language-Based Security".

[BibT_eX]

[DOI]

Martín Abadi

Greg Morrisett

J. Funct. Program., 2005

Bridging Language-Based and Process Calculi Security.

[BibT_eX]

[DOI]

Riccardo Focardi

Sabina Rossi

Proceedings of the Foundations of Software Science and Computational Structures, 2005

Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study.

[BibT_eX]

[DOI]

Proceedings of the Computer Security, 2005

Dimensions and Principles of Declassification.

[BibT_eX]

[DOI]

Proceedings of the 18th IEEE Computer Security Foundations Workshop, 2005

2004

Enforcing Robust Declassification.

[BibT_eX]

[DOI]

Steve Zdancewic

Proceedings of the 17th IEEE Computer Security Foundations Workshop, 2004

2003

Language-based information-flow security.

[BibT_eX]

[DOI]

IEEE J. Sel. Areas Commun., 2003

A Unifying Approach to the Security of Distributed and Multi-Threaded Programs.

[BibT_eX]

[DOI]

Heiko Mantel

J. Comput. Secur., 2003

A Model for Delimited Information Release.

[BibT_eX]

[DOI]

Proceedings of the Software Security, 2003

Confidentiality for Multithreaded Programs via Bisimulation.

[BibT_eX]

[DOI]

Proceedings of the Perspectives of Systems Informatics, 2003

03411 Abstracts Collection - Language Based Security.

[BibT_eX]

[DOI]

Proceedings of the Language-Based Security, 5.-10. October 2003, 2003

03411 Final Report - Language Based Security.

[BibT_eX]

[DOI]

Proceedings of the Language-Based Security, 5.-10. October 2003, 2003

2002

Securing Communication in a Concurrent Language.

[BibT_eX]

[DOI]

Heiko Mantel

Proceedings of the Static Analysis, 9th International Symposium, 2002

2001

A Per Model of Secure Information Flow in Sequential Programs.

[BibT_eX]

[DOI]

High. Order Symb. Comput., 2001

The Impact of Synchronisation on Secure Information Flow in Concurrent Programs.

[BibT_eX]

[DOI]

Proceedings of the Perspectives of System Informatics, 2001

A Generic Approach to the Security of Multi-Threaded Programs.

[BibT_eX]

[DOI]

Heiko Mantel

Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), 2001

2000

Probabilistic Noninterference for Multi-Threaded Programs.

[BibT_eX]

[DOI]

Proceedings of the 13th IEEE Computer Security Foundations Workshop, 2000

1997

Simple Semantic Analysis Problems for Functional Programs.

[BibT_eX]

[DOI]

Viktor K. Sabelfeld