This paper presents a practical application of language-based information-flow control, namely, a domain-specific web scripting language designed for interfacing with databases. The primary goal is to provide strong enforcement of confidentiality and integrity policies: confidential data can be released only in permitted ways and trustworthy data must result from expected computations or conform to expected patterns. Such security policies are specified in the database layer and statically enforced for the rest of the system in an end-to-end fashion. In contrast with existing web-scripting languages, which provide only ad hoc mechanisms for information security, the scripting language described here uses principles based on the well-studied...
Numerous sensitive databases are breached every year due to bugs in applications. These applications...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
This paper presents a practical application of language-based information-flow control, namely, a do...
Controlling the flow of sensitive data has been widely acknowledged as a critical aspect for securin...
© Springer International Publishing Switzerland 2014. Modern web applications heavily rely on JavaSc...
Over the years, computer systems and applications have grown significantly complex while handling a ...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
We present an approach for dynamic information flow control across the application and database. Our...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Confidentiality and integrity are often treated as dual properties in formal models of information-f...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
In the standard web browser programming model, third-party scripts included in an application execut...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
Recent years have seen a proliferation of research on information flow control. While the progress h...
Numerous sensitive databases are breached every year due to bugs in applications. These applications...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
This paper presents a practical application of language-based information-flow control, namely, a do...
Controlling the flow of sensitive data has been widely acknowledged as a critical aspect for securin...
© Springer International Publishing Switzerland 2014. Modern web applications heavily rely on JavaSc...
Over the years, computer systems and applications have grown significantly complex while handling a ...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
We present an approach for dynamic information flow control across the application and database. Our...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
Confidentiality and integrity are often treated as dual properties in formal models of information-f...
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer...
In the standard web browser programming model, third-party scripts included in an application execut...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
Recent years have seen a proliferation of research on information flow control. While the progress h...
Numerous sensitive databases are breached every year due to bugs in applications. These applications...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...