Tamara Rezk

CoRR, 2024

On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead).

[BibT_eX]

[DOI]

Davide Davoli

Martin Avanzini

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, 2024

2023

Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-Erasure.

[BibT_eX]

[DOI]

Lesly-Ann Daniel

Sébastien Bardin

ACM Trans. Priv. Secur., May, 2023

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version).

[BibT_eX]

[DOI]

CoRR, 2023

Sound Symbolic Execution via Abstract Interpretation and Its Application to Security.

[BibT_eX]

[DOI]

Ignacio Tiraboschi

Xavier Rival

Proceedings of the Verification, Model Checking, and Abstract Interpretation, 2023

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy.

[BibT_eX]

[DOI]

Proceedings of the 32nd USENIX Security Symposium, 2023

2022

Statically identifying XSS using deep learning.

[BibT_eX]

[DOI]

Héloïse Maurel

Santiago A. Vidal

Sci. Comput. Program., 2022

Comparing the Detection of XSS Vulnerabilities in Node.js and a Multi-tier JavaScript-based Language via Deep Learning.

[BibT_eX]

[DOI]

Héloïse Maurel

Santiago A. Vidal

Proceedings of the 8th International Conference on Information Systems Security and Privacy, 2022

2021

High-Assurance Cryptography in the Spectre Era.

[BibT_eX]

[DOI]

Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

SecureJS compiler: portable memory isolation in JavaScript.

[BibT_eX]

[DOI]

Yoonseok Ko

Manuel Serrano

Proceedings of the SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing, 2021

Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE.

[BibT_eX]

[DOI]

Lesly-Ann Daniel

Sébastien Bardin

Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

2020

High-Assurance Cryptography Software in the Spectre Era.

[BibT_eX]

[DOI]

IACR Cryptol. ePrint Arch., 2020

Strenghtening Content Security Policy via Monitoring and URL Parameters Filtering.

[BibT_eX]

[DOI]

Dolière Francis Somé

Proceedings of the WPES'20: Proceedings of the 19th Workshop on Privacy in the Electronic Society, 2020

Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level.

[BibT_eX]

[DOI]

Lesly-Ann Daniel

Sébastien Bardin

Proceedings of the 2020 IEEE Symposium on Security and Privacy, 2020

Constant-time foundations for the new spectre era.

[BibT_eX]

[DOI]

Sunjay Cauligi

Craig Disselkoen

Klaus von Gleissenthall

Proceedings of the 41st ACM SIGPLAN International Conference on Programming Language Design and Implementation, 2020

Type-Based Declassification for Free.

[BibT_eX]

[DOI]

Minh Ngo

David A. Naumann

Proceedings of the Formal Methods and Software Engineering, 2020

Security Analysis of ElGamal Implementations.

[BibT_eX]

[DOI]

Mohamad El Laz

Benjamin Grégoire

Proceedings of the 17th International Joint Conference on e-Business and Telecommunications, 2020

Clockwork: Tracking Remote Timing Attacks.

[BibT_eX]

[DOI]

Proceedings of the 33rd IEEE Computer Security Foundations Symposium, 2020

2019

Towards Constant-Time Foundations for the New Spectre Era.

[BibT_eX]

[DOI]

Sunjay Cauligi

Craig Disselkoen

Klaus von Gleissenthall

Deian Stefan

CoRR, 2019

Typed-based Relaxed Noninterference for Free.

[BibT_eX]

[DOI]

Minh Ngo

David A. Naumann

CoRR, 2019

2018

A Better Facet of Dynamic Information Flow Control.

[BibT_eX]

[DOI]

Proceedings of the Companion of the The Web Conference 2018 on The Web Conference 2018, 2018

Impossibility of Precise and Sound Termination-Sensitive Security Enforcements.

[BibT_eX]

[DOI]

Minh Ngo

Frank Piessens

Proceedings of the 2018 IEEE Symposium on Security and Privacy, 2018

Secure Programming.

[BibT_eX]

[DOI]

, 2018

2017

Type Abstraction for Relaxed Noninterference (Artifact).

[BibT_eX]

[DOI]

Dagstuhl Artifacts Ser., 2017

On the Content Security Policy Violations due to the Same-Origin Policy.

[BibT_eX]

[DOI]

Dolière Francis Somé

Proceedings of the 26th International Conference on World Wide Web, 2017

Control What You Include! - Server-Side Protection Against Third Party Web Tracking.

[BibT_eX]

[DOI]

Dolière Francis Somé

Proceedings of the Engineering Secure Software and Systems - 9th International Symposium, 2017

Type Abstraction for Relaxed Noninterference.

[BibT_eX]

[DOI]

Proceedings of the 31st European Conference on Object-Oriented Programming, 2017

2016

Mashic compiler: Mashup sandboxing based on inter-frame communication.

[BibT_eX]

[DOI]

J. Comput. Secur., 2016

A Taxonomy of Information Flow Monitors.

[BibT_eX]

[DOI]

Proceedings of the Principles of Security and Trust - 5th International Conference, 2016

Spot the Difference: Secure Multi-execution and Multiple Facets.

[BibT_eX]

[DOI]

Proceedings of the Computer Security - ESORICS 2016, 2016

On Access Control, Capabilities, Their Equivalence, and Confused Deputy Attacks.

[BibT_eX]

[DOI]

Vineet Rajani

Deepak Garg

Proceedings of the IEEE 29th Computer Security Foundations Symposium, 2016

2015

Modular Monitor Extensions for Information Flow Security in JavaScript.

[BibT_eX]

[DOI]

José Fragoso Santos

Ana Gualdina Almeida Matos

Ana Almeida Matos

Proceedings of the Trustworthy Global Computing - 10th International Symposium, 2015

Hybrid Typing of Secure Information Flow in a JavaScript-Like Language.

[BibT_eX]

[DOI]

Proceedings of the Trustworthy Global Computing - 10th International Symposium, 2015

2014

An Information Flow Monitor for a Core of DOM - Introducing References and Live Primitives.

[BibT_eX]

[DOI]

José Fragoso Santos

Proceedings of the Trustworthy Global Computing - 9th International Symposium, 2014

An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript.

[BibT_eX]

[DOI]

José Fragoso Santos

Proceedings of the ICT Systems Security and Privacy Protection, 2014

Stateful Declassification Policies for Event-Driven Programs.

[BibT_eX]

[DOI]

Proceedings of the IEEE 27th Computer Security Foundations Symposium, 2014

2013

A certified lightweight non-interference Java bytecode verifier.

[BibT_eX]

[DOI]

David Pichardie

Math. Struct. Comput. Sci., 2013

2012

Reasoning about Web Applications: An Operational Semantics for HOP.

[BibT_eX]

[DOI]

ACM Trans. Program. Lang. Syst., 2012

Mashic Compiler: Mashup Sandboxing Based on Inter-frame Communication.

[BibT_eX]

[DOI]

Zhengqin Luo

Proceedings of the 25th IEEE Computer Security Foundations Symposium, 2012

2011

Secure information flow by self-composition.

[BibT_eX]

[DOI]

Pedro R. D'Argenio

Math. Struct. Comput. Sci., 2011

Automated Code Injection Prevention for Web Applications.

[BibT_eX]

[DOI]

Zhengqin Luo

Manuel Serrano

Proceedings of the Theory of Security and Applications - Joint Workshop, 2011

Information-flow types for homomorphic encryptions.

[BibT_eX]

[DOI]

Cédric Fournet

Jérémy Planul

Mariangiola Dezani-Ciancaglini

Proceedings of the 18th ACM Conference on Computer and Communications Security, 2011

2010

Security of multithreaded programs by compilation.

[BibT_eX]

[DOI]

ACM Trans. Inf. Syst. Secur., 2010

Robustness Guarantees for Anonymity.

[BibT_eX]

[DOI]

Proceedings of the 23rd IEEE Computer Security Foundations Symposium, 2010

Session Types for Access and Information Flow Control.

[BibT_eX]

[DOI]

Sara Capecchi

Ilaria Castellani

Proceedings of the CONCUR 2010 - Concurrency Theory, 21th International Conference, 2010

2009

Certificate translation for optimizing compilers.

[BibT_eX]

[DOI]

ACM Trans. Program. Lang. Syst., 2009

A security-preserving compiler for distributed programs: from information-flow policies to cryptographic mechanisms.

[BibT_eX]

[DOI]

Cédric Fournet

Gurvan Le Guernic

Proceedings of the 2009 ACM Conference on Computer and Communications Security, 2009

2008

Cryptographically sound implementations for typed information-flow security.

[BibT_eX]

[DOI]

Cédric Fournet

Proceedings of the 35th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2008

Tractable Enforcement of Declassification Policies.

[BibT_eX]

[DOI]

Salvador Cavadini

Proceedings of the 21st IEEE Computer Security Foundations Symposium, 2008

2007

Security types preserving compilation.

[BibT_eX]

[DOI]

Amitabh Basu

Comput. Lang. Syst. Struct., 2007

2006

Deriving an Information Flow Checker and Certifying Compiler for Java.

[BibT_eX]

[DOI]

David A. Naumann

Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P 2006), 2006

2005

Preventing Timing Leaks Through Transactional Branching Instructions.

[BibT_eX]

[DOI]

Martijn Warnier

Proceedings of the Third Workshop on Quantitative Aspects of Programming Languages, 2005

Non-interference for a JVM-like language.

[BibT_eX]

[DOI]

Proceedings of TLDI'05: 2005 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation, 2005

Proof Obligations Preserving Compilation.

[BibT_eX]

[DOI]

Ando Saabas

Proceedings of the Formal Aspects in Security and Trust, Third International Workshop, 2005

2004

Security Types Preserving Compilation: (Extended Abstract).

[BibT_eX]

[DOI]

Amitabh Basu