We show that fine-grained and coarse-grained dynamic information-flow control (IFC) systems are equally expressive. To this end, we mechanize two mostly standard languages, one with a fine-grained dynamic IFC system and the other with a coarse-grained dynamic IFC system, and prove a semantics-preserving translation from each language to the other. In addition, we derive the standard security property of non-interference of each language from that of the other, via our verified translation. This result addresses a longstanding open problem in IFC: whether coarse-grained dynamic IFC techniques are less expressive than fine-grained dynamic IFC techniques (they are not!). The translations also stand to have important implications on the usabili...
Abstract. Many important security problems in JavaScript, such as browser extension security, untrus...
This thesis explores information-flow tracking technologies and their applicability on industrial-sc...
Abstract—Existing designs for fine-grained, dynamic information-flow control assume that it is accep...
This tutorial provides a complete and homogeneous account of the latestadvances in fine- and coarse-...
Language-based information flow control (IFC) tracks dependencies within a program using sensitivity...
Language-based information flow control (IFC) aims to provide guarantees about information propagati...
Information Flow Control (IFC) is a form of dependence analysis that tracks and prohibits dependence...
We describe a language-based, dynamic information flow control (IFC) system called LIO. Our system p...
Dynamic updating of information-flow policies Applications that manipulate sensitive information sho...
Historically, dynamic techniques are the pioneers of the area of informationflow in the 70’s. In the...
Applications that manipulate sensitive information should ensure end-to-end security by satisfying t...
Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable se...
Many important security problems in JavaScript, such asbrowser extension security, untrusted JavaScr...
This paper seeks to answer fundamental questionsabout trade-offs between static and dynamic security...
Information flow control is central to computer security. The objective of information flow control ...
Abstract. Many important security problems in JavaScript, such as browser extension security, untrus...
This thesis explores information-flow tracking technologies and their applicability on industrial-sc...
Abstract—Existing designs for fine-grained, dynamic information-flow control assume that it is accep...
This tutorial provides a complete and homogeneous account of the latestadvances in fine- and coarse-...
Language-based information flow control (IFC) tracks dependencies within a program using sensitivity...
Language-based information flow control (IFC) aims to provide guarantees about information propagati...
Information Flow Control (IFC) is a form of dependence analysis that tracks and prohibits dependence...
We describe a language-based, dynamic information flow control (IFC) system called LIO. Our system p...
Dynamic updating of information-flow policies Applications that manipulate sensitive information sho...
Historically, dynamic techniques are the pioneers of the area of informationflow in the 70’s. In the...
Applications that manipulate sensitive information should ensure end-to-end security by satisfying t...
Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable se...
Many important security problems in JavaScript, such asbrowser extension security, untrusted JavaScr...
This paper seeks to answer fundamental questionsabout trade-offs between static and dynamic security...
Information flow control is central to computer security. The objective of information flow control ...
Abstract. Many important security problems in JavaScript, such as browser extension security, untrus...
This thesis explores information-flow tracking technologies and their applicability on industrial-sc...
Abstract—Existing designs for fine-grained, dynamic information-flow control assume that it is accep...