Security API analysis typically only considers a subset of an API’s functions, with results bounded by the number of function calls. Furthermore, attacks involving partial leakag...
We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamperresistant Hardware Security Modules used in the network. We s...
Matteo Centenaro, Riccardo Focardi, Flaminia L. Lu...
—Tracking information flow in dynamic languages remains an important and intricate problem. This paper makes substantial headway toward understanding the main challenges and res...
JavaScript is a popular language for client-side web scripting. It has a dubious reputation among programmers for two reasons. First, many JavaScript programs are written against a...
Early work on security-typed languages required that legal information flows be defined statically. More recently, techniques have been introduced that relax these assumptions a...
Sruthi Bandhakavi, William H. Winsborough, Mariann...