This paper presents a practical application of language-based information-flow control, namely, a domain-specific web scripting language designed for interfacing with databases. The primary goal is to provide strong enforcement of confidentiality and integrity policies: confidential data can be released only in permitted ways and trustworthy data must result from expected computations or conform to expected patterns. Such security policies are specified in the database layer and statically enforced for the rest of the system in an end-to-end fashion. In contrast with existing web-scripting languages, which provide only ad hoc mechanisms for information security, the scripting language described here uses principles based on the well-studied...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
Information-flow control is an important element in computer system security, and there has been sig...
This paper presents a practical application of language-based information-flow control, namely, a do...
Controlling the flow of sensitive data has been widely acknowledged as a critical aspect for securin...
We present an approach for dynamic information flow control across the application and database. Our...
© Springer International Publishing Switzerland 2014. Modern web applications heavily rely on JavaSc...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Over the years, computer systems and applications have grown significantly complex while handling a ...
Confidentiality and integrity are often treated as dual properties in formal models of information-f...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
In the standard web browser programming model, third-party scripts included in an application execut...
Numerous sensitive databases are breached every year due to bugs in applications. These applications...
Recent years have seen a proliferation of research on information flow control. While the progress h...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
Information-flow control is an important element in computer system security, and there has been sig...
This paper presents a practical application of language-based information-flow control, namely, a do...
Controlling the flow of sensitive data has been widely acknowledged as a critical aspect for securin...
We present an approach for dynamic information flow control across the application and database. Our...
© Springer International Publishing Switzerland 2014. Modern web applications heavily rely on JavaSc...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Over the years, computer systems and applications have grown significantly complex while handling a ...
Confidentiality and integrity are often treated as dual properties in formal models of information-f...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
In the standard web browser programming model, third-party scripts included in an application execut...
Numerous sensitive databases are breached every year due to bugs in applications. These applications...
Recent years have seen a proliferation of research on information flow control. While the progress h...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
Information-flow control is an important element in computer system security, and there has been sig...