2024
Metadata Privacy Beyond Tunneling for Instant Messaging.
Proceedings of the 9th IEEE European Symposium on Security and Privacy, 2024
2023
VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A.
Proc. ACM Program. Lang., 2023
OblivIO: Securing Reactive Programs by Oblivious Execution with Bounded Traffic Overheads.
Proceedings of the 36th IEEE Computer Security Foundations Symposium, 2023
2022
To Signal or Not to Signal? Layering Traffic Analysis Resistance on Secure Instant Messaging.
CoRR, 2022
With a Little Help from My Friends: Transport Deniability for Instant Messaging.
CoRR, 2022
2021
Nontransitive Policies Transpiled.
Proceedings of the IEEE European Symposium on Security and Privacy, 2021
Towards Language-Based Mitigation of Traffic Analysis Attacks.
Proceedings of the 34th IEEE Computer Security Foundations Symposium, 2021
2020
Reconciling progress-insensitive noninterference and declassification.
Proceedings of the 33rd IEEE Computer Security Foundations Symposium, 2020
2019
A Dependently Typed Library for Static Information-Flow Control in Idris.
Proceedings of the Principles of Security and Trust - 8th International Conference, 2019
Static Enforcement of Security in Runtime Systems.
Proceedings of the 32nd IEEE Computer Security Foundations Symposium, 2019
2018
Compositional Non-interference for Concurrent Programs via Separation and Framing.
Proceedings of the Principles of Security and Trust - 7th International Conference, 2018
2017
From Trash to Treasure: Timing-Sensitive Garbage Collection.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017
2015
Cryptographic Enforcement of Language-Based Information Erasure.
Proceedings of the IEEE 28th Computer Security Foundations Symposium, 2015
Hybrid Monitors for Concurrent Noninterference.
Proceedings of the IEEE 28th Computer Security Foundations Symposium, 2015
2014
Declarative Policies for Capability Control.
Proceedings of the IEEE 27th Computer Security Foundations Symposium, 2014
2012
Sharing Mobile Code Securely with Information Flow Control.
Proceedings of the IEEE Symposium on Security and Privacy, 2012
Language-based control and mitigation of timing channels.
Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, 2012
Learning is Change in Knowledge: Knowledge-Based Security for Dynamic Policies.
Proceedings of the 25th IEEE Computer Security Foundations Symposium, 2012
Precise enforcement of progress-sensitive security.
Proceedings of the ACM Conference on Computer and Communications Security, 2012
2011
Attacker Control and Impact for Confidentiality and Integrity
Log. Methods Comput. Sci., 2011
Predictive mitigation of timing channels in interactive systems.
Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011
Decentralized Delimited Release.
Proceedings of the Programming Languages and Systems - 9th Asian Symposium, 2011
2010
A Semantic Framework for Declassification and Endorsement.
Proceedings of the Programming Languages and Systems, 2010
A lattice-based approach to mashup security.
Proceedings of the 5th ACM Symposium on Information, 2010
Predictive black-box mitigation of timing channels.
Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010
2009
Policies and Mechanisms for Securing Information Release.
PhD thesis, 2009
Catch me if you can: permissive yet secure error handling.
Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, 2009
Tight Enforcement of Information-Release Policies for Dynamic Languages.
Proceedings of the 22nd IEEE Computer Security Foundations Symposium, 2009
2008
Cryptographically-masked flows.
Theor. Comput. Sci., 2008
Termination-Insensitive Noninterference Leaks More Than Just a Bit.
Proceedings of the Computer Security, 2008
2007
Gradual Release: Unifying Declassification, Encryption and Key Release Policies.
Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 2007
Localized delimited release: combining the what and where dimensions of information release.
Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security, 2007
2005
Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study.
Proceedings of the Computer Security, 2005