Add to ORKGAbstract. We present a hybrid approach to information flow security where security violations are detected at execution time. We track se-cure values and secure locations at run time to prevent problems such as password disclosure in C programs. This analysis is safe in the presence of pointer aliasing. Such problems are hard to solve using static analysis (or lead to many false positives). Our technique works on programs with annotations that identify values and locations that need to be secure. We instrument the annotated program with statements that capture rel-evant information flow with assertions that detect any violation. This instrumentation does not interfere with the safe assignment of values to variables in the program. The instr...
C and JavaScript are widely-used languages for writing security-sensitive software, despite their in...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
We present a simple architectural mechanism called dynamic information flow tracking that can signif...
We present a simple architectural mechanism called dynamic information flow tracking that can signif...
We present a new approach for tracking programs ’ use of data through arbitrary calculations, to det...
We present a simple architectural mechanism called dynamicinformation flow tracking that can signifi...
We present a new approach for tracking programs' use of data througharbitrary calculations, to deter...
Sensitive information is a crucial asset for both individuals and companies. Since it is processed i...
We present an information flow monitoring mechanism for sequential programs. The monitor executes a ...
Tracking information flow in dynamic languages remains an open challenge. It might seem natural to a...
We present an information flow monitoring mechanism for sequential programs. The monitor executes a ...
Tracking information flow in dynamic languages remains an open challenge. It might seem natural to a...
International audienceInformation flow analysis models the propagation of data through a software sy...
Existing security models require that information of a given security level be prevented from “leaki...
C and JavaScript are widely-used languages for writing security-sensitive software, despite their in...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
We present a simple architectural mechanism called dynamic information flow tracking that can signif...
We present a simple architectural mechanism called dynamic information flow tracking that can signif...
We present a new approach for tracking programs ’ use of data through arbitrary calculations, to det...
We present a simple architectural mechanism called dynamicinformation flow tracking that can signifi...
We present a new approach for tracking programs' use of data througharbitrary calculations, to deter...
Sensitive information is a crucial asset for both individuals and companies. Since it is processed i...
We present an information flow monitoring mechanism for sequential programs. The monitor executes a ...
Tracking information flow in dynamic languages remains an open challenge. It might seem natural to a...
We present an information flow monitoring mechanism for sequential programs. The monitor executes a ...
Tracking information flow in dynamic languages remains an open challenge. It might seem natural to a...
International audienceInformation flow analysis models the propagation of data through a software sy...
Existing security models require that information of a given security level be prevented from “leaki...
C and JavaScript are widely-used languages for writing security-sensitive software, despite their in...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...
A common attack point in a program is the input exposed to the user. The adversary crafts a maliciou...