Securing database-backed applications requires tracking information across the application program and the database together, since securing each component in isolation may still result in an overall insecure system. Current research extends language-based techniques with models capturing the database’s behavior. This research, however, relies on simplistic database models, which ignore security-relevant features that may leak sensitive information. We propose a novel security monitor for database-backed applications. Our monitor tracks fine-grained dependencies between variables and database tuples by leveraging database theory concepts like disclosure lattices and query determinacy. It also accounts for a realistic database model that sup...
We present PIDGIN, a program analysis and understanding tool that enables the specification and enfo...
Information systems are widespread and used by anyone with computing devices as well as corporation...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Securing database-backed applications requires tracking information across the application program a...
The root cause for confidentiality and integrity attacks against computing systems is insecure infor...
In this work, we extend language-based information-flow security analysis to the case of database ap...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
SQL injection and cross-site scripting are two of the most common security vulnerabilities that plag...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
As more and more sensitive data is handled by software, itstrustworthiness becomes an increasingly i...
We present an approach for dynamic information flow control across the application and database. Our...
We present an information flow monitoring mechanism for sequential programs. The monitor executes a ...
This thesis explores information-flow tracking technologies and their applicability on industrial-sc...
Data-intensive applications as popularised by cloud computing raise many security challenges, due to...
Dynamic information flow control is a promising technique for ensuringconfidentiality and integrity ...
We present PIDGIN, a program analysis and understanding tool that enables the specification and enfo...
Information systems are widespread and used by anyone with computing devices as well as corporation...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Securing database-backed applications requires tracking information across the application program a...
The root cause for confidentiality and integrity attacks against computing systems is insecure infor...
In this work, we extend language-based information-flow security analysis to the case of database ap...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
SQL injection and cross-site scripting are two of the most common security vulnerabilities that plag...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
As more and more sensitive data is handled by software, itstrustworthiness becomes an increasingly i...
We present an approach for dynamic information flow control across the application and database. Our...
We present an information flow monitoring mechanism for sequential programs. The monitor executes a ...
This thesis explores information-flow tracking technologies and their applicability on industrial-sc...
Data-intensive applications as popularised by cloud computing raise many security challenges, due to...
Dynamic information flow control is a promising technique for ensuringconfidentiality and integrity ...
We present PIDGIN, a program analysis and understanding tool that enables the specification and enfo...
Information systems are widespread and used by anyone with computing devices as well as corporation...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...