Andrei Sabelfeld

at

Projects

2016–2016

FlexCSP - Putting Content Security Policy to work for Practical Web Applications

Andrei Sabelfeld Department of Computer Science and Engineering, Software Technology, Software Technology Group A
Google Ireland Ltd

2015–2018

DecentLP: Robust decentralized location privacy

Andrei Sabelfeld Department of Computer Science and Engineering, Software Technology (Chalmers)
Swedish Research Council (VR)

2013–2017

Programming Language-Based Security To Rescue (PROSECUTOR)

Andrei Sabelfeld Department of Computer Science and Engineering, Software Technology (Chalmers)
EC, Seventh Framework program (FP7)

2012–2016

Data-Driven Secure Business Intelligence (DataBIN)

David Sands Department of Computer Science and Engineering, Software Technology (Chalmers)
Andrei Sabelfeld Department of Computer Science and Engineering, Software Technology (Chalmers)
Peter Damaschke Department of Computer Science and Engineering, Computing Science (Chalmers)
Devdatt Dubhashi Department of Computer Science and Engineering, Computing Science (Chalmers)
Olof Mogren Department of Computer Science and Engineering, Computing Science (Chalmers)
Fredrik Johansson Department of Computer Science and Engineering, Computing Science (Chalmers)
Raul Pardo Jimenez Department of Computer Science and Engineering, Software Technology (Chalmers)
Gerardo Schneider Department of Computer Science and Engineering, Software Technology (Chalmers)
Hamid Ebadi Tavallaei Department of Computer Science and Engineering, Software Technology (Chalmers)
Swedish Foundation for Strategic Research (SSF)

There might be more projects where Andrei Sabelfeld participates, but you have to be logged in as a Chalmers employee to see them.

Publications

2016

Location-enhanced Authentication using the IoT

Ioannis Agadakos, Per A. Hallgren, Georgios Portokalidis et al
Proceedings of the Annual Computer Security Applications Conference (ACSAC)
Conference paper - peer reviewed
2016

MaxPace: Speed-Constrained Location Queries

Per A. Hallgren, Martin Ochoa, Andrei Sabelfeld et al
Proceedings of the IEEE Conference on Communications and Network Security (CNS)
Conference paper - peer reviewed
2016

Javascript sandboxing: Isolating and restricting client-side javascript

Steven Van Acker, Andrei Sabelfeld,
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 9808, p. 32-86
Journal/newspaper article
2016

Explicit Secrecy: A Policy for Taint Tracking

Daniel Schoepe, Musard Balliu, B. C. Pierce et al
1st IEEE European Symposium on Security and Privacy (Euro S&P), Saarbruecken, Germany, Mar 21-24, 2016 , p. 15-30
Conference paper - peer reviewed
2016

Let’s face it: Faceted values for taint tracking

Daniel Schoepe, Musard Balliu, F. Piessens et al
Lecture Notes in Computer Science. 21st European Symposium on Research in Computer Security, ESORICS 2016, Heraklion, Greece, 26-30 September 2016. Vol. 9878 LNCS, 2016, p. 561-580
Conference paper - peer reviewed
2016

Web Application Security using JSFlow

D. Hedin, Andrei Sabelfeld,
2015 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, p. 16-19
Conference paper - non peer reviewed
2016

Information-flow security for JavaScript and its APIs

Daniel Hedin, Luciano Bello, Andrei Sabelfeld et al
Journal of Computer Security. Vol. 24 (2), p. 181-234
Scientific journal article - peer reviewed
2016

JSLINQ: Building secure applications across tiers

Musard Balliu, Benjamin Liebe, Daniel Schoepe et al
6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016; New Orleans; United States; 9 March 2016 through 11 March 2016, p. 307-318
Conference paper - peer reviewed
2016

Data Exfiltration in the Face of CSP

Steven Van Acker, Daniel Hausknecht, Andrei Sabelfeld et al
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, p. 853-864
Conference paper - peer reviewed
2016

Progress-sensitive security for SPARK

W. Rafnsson, D. Garg, Andrei Sabelfeld et al
Lecture Notes in Computer Science: 8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016, London, United Kingdom, 6-8 April 2016. Vol. 9639, p. 20-37
Conference paper - peer reviewed
2016

Secure multi-execution: Fine-grained, declassification-aware, and transparent

W. Rafnsson, Andrei Sabelfeld,
Journal of Computer Security. Vol. 24 (1), p. 39-90
Scientific journal article - peer reviewed
2015

Value Sensitivity and Observable Abstract Values for Information Flow Control

Luciano Bello, Daniel Hedin, Andrei Sabelfeld et al
Lecture Notes in Computer Science. Proceedings of the International Conferences on Logic for Programming, Artificial Intelligence and Reasoning (LPAR). Vol. 9450, p. 63-78
Conference paper - peer reviewed
2015

BetterTimes: Privacy-assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields

Per A. Hallgren, Martin Ochoa, Andrei Sabelfeld et al
Lecture Notes in Computer Science - Proceedings of the International Conference on Provable Security (ProvSec), Kanazawa, Japan, November 24-26, 2015. Vol. 9451, p. 291-309
Conference paper - peer reviewed
2015

InnerCircle: A Parallelizable Decentralized Privacy-Preserving Location Proximity Protocol

Per A. Hallgren, Martin Ochoa, Andrei Sabelfeld et al
Proceedings of the International Conference on Privacy, Security and Trust (PST)
Conference paper - peer reviewed
2015

Understanding and Enforcing Opacity

Daniel Schoepe, Andrei Sabelfeld,
28th IEEE Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13 July-17 July. Vol. 2015-September, p. 539-553
Conference paper - peer reviewed
2015

Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language

Daniel Hedin, Luciano Bello, Andrei Sabelfeld et al
28th IEEE Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13-17 July. Vol. 2015-September, p. 351-365
Conference paper - peer reviewed
2015

May I? - Content Security Policy Endorsement for Browser Extensions

Daniel Hausknecht, Jonas Magazinius, Andrei Sabelfeld et al
Lecture Notes in Computer Science - Proceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2015, Milan, Italy, 9-10 July 2015, p. 261-281
Conference paper - peer reviewed
2015

Password meters and generators on the web: From large-scale empirical study to getting it right

Steven Van Acker, Daniel Hausknecht, W. Joosen et al
CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, p. 253-262
Conference paper - peer reviewed
2014

Architectures for Inlining Security Monitors in Web Application

Jonas Magazinius, Daniel Hedin, Andrei Sabelfeld et al
Lecture Notes in Computer Science: 6th International Symposium on Engineering Secure Software and Systems, ESSoS 2014, Munich, Germany, 26-28 February 2014. Vol. 8364, p. 141-160
Conference paper - peer reviewed
2014

JSFlow: Tracking Information Flow in JavaScript and its APIs

Daniel Hedin, Luciano Bello, Andrei Sabelfeld et al
Proceedings of the ACM Symposium on Applied Computing (SAC)
Conference paper - peer reviewed
2014

Compositional Information-flow Security for Interactive Systems

Willard Rafnsson, Andrei Sabelfeld,
27th IEEE Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19-22 July 2014, p. 277-292
Conference paper - peer reviewed
2014

SeLINQ: Tracking information across application-database boundaries

Daniel Schoepe, Daniel Hedin, Andrei Sabelfeld et al
Proceedings of the ACM SIGPLAN International Conference on Functional Programming, ICFP. Vol. 49 (9), p. 25-38
Conference paper - peer reviewed
2013

GlassTube

Per A. Hallgren, Daniel T. Mauritzson, Andrei Sabelfeld et al
PLAS '13 (ACM SIGPLAN workshop on Programming languages and analysis for security). Seattle , WA, USA. June 16-19, 2013. Vol. 8, p. 71-82
Conference paper - peer reviewed
2013

Polyglots: Crossing Origins by Crossing Formats

Jonas Magazinius, Billy Rios, Andrei Sabelfeld et al
ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4-8 November 2013
Conference paper - peer reviewed
2013

Secure multi-execution: Fine-grained, declassification-aware, and transparent

Willard Rafnsson, Andrei Sabelfeld,
Proceedings of the Computer Security Foundations Workshop, p. 33-48
Conference paper - peer reviewed
2013

Securing Class Initialization in Java-like Languages

Willard Rafnsson, K. Nakata, Andrei Sabelfeld et al
IEEE Transactions on Dependable and Secure Computing. Vol. 10 (1), p. 1-13
Scientific journal article - peer reviewed
2012

Securing interactive programs

Willard Rafnsson, Daniel Hedin, Andrei Sabelfeld et al
Proceedings of the Computer Security Foundations Symposium, p. 293-307
Conference paper - peer reviewed
2012

Information-flow security for a core of JavaScript

Daniel Hedin, Andrei Sabelfeld,
Proceedings of the Computer Security Foundations Symposium, p. 3-18
Conference paper - peer reviewed
2012

Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing

Arnar Birgisson, Daniel Hedin, Andrei Sabelfeld et al
LNCS Computer Security -- ESORICS 2012. Vol. 7459, p. 55-72
Scientific journal article - peer reviewed
2012

On-The-Fly Inlining Of Dynamic Security Monitors

Jonas Magazinius, Alejandro Russo, Andrei Sabelfeld et al
Computers & security. Vol. 31 (7), p. 827-843
Scientific journal article - peer reviewed
2011

Limiting Information Leakage in Event-based Communication

Willard Rafnsson, Andrei Sabelfeld,
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, p. (Article no. 4)
Conference paper - peer reviewed
2011

A Perspective on Information-Flow Control

Daniel Hedin, Andrei Sabelfeld,
Proceedings of the 2011 Marktoberdorf Summer School
Conference paper - peer reviewed
2011

Multi-run security

Arnar Birgisson, Andrei Sabelfeld,
Lecture Notes in Computer Science, Proceedings of the European Symposium on Research in Computer Security (ESORICS)
Conference paper - peer reviewed
2011

Decentralized Delimited Release

Jonas Magazinius, Aslan Askarov, Andrei Sabelfeld et al
Lecture Notes in Computer Science. 9th Asian Symposium on Programming Languages and Systems (APLAS). Vol. 7078, p. 220-237
Conference paper - peer reviewed
2011

Capabilities for information flow

Arnar Birgisson, Alejandro Russo, Andrei Sabelfeld et al
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, p. article no. 5
Conference paper - peer reviewed
2010

Securing Class Initialization

Keiko Nakata, Andrei Sabelfeld,
4th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2010; Morioka; Japan; 16 June 2010 through 18 June 2010. Vol. 321, p. 48-62
Conference paper - peer reviewed
2010

On-the-fly inlining of dynamic security monitors

Jonas Magazinius, Alejandro Russo, Andrei Sabelfeld et al
25th IFIP TC 11 International Information Security Conference, SEC 2010; Brisbane QLD; Australia; 20 September 2010 through 23 September 2010. Vol. 330, p. 173-186
Conference paper - peer reviewed
2010

Unifying Facets of Information Integrity

Arnar Birgisson, Alejandro Russo, Andrei Sabelfeld et al
Springer LNCS Proceedings of Sixth International Conference on Information Systems Security. Vol. 6503, p. 48-65
Conference paper - peer reviewed
2010

Security of Multithreaded Programs by Compilation

G. Barthe, T. Rezk, Alejandro Russo et al
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY . Vol. 13 (3)
Scientific journal article - peer reviewed
2010

A lattice-based approach to mashup security

Jonas Magazinius, Aslan Askarov, Andrei Sabelfeld et al
5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010, p. 15-23
Conference paper - peer reviewed
2010

Dynamic vs. Static Flow-Sensitive Security Analysis

Alejandro Russo, Andrei Sabelfeld,
Proceedings of the IEEE Computer Security Foundations Symposium, p. 186-199
Conference paper - peer reviewed
2009

Catch Me If You Can: Permissive Yet Secure Error Handling

Aslan Askarov, Andrei Sabelfeld,
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Conference paper - peer reviewed
2009

Tight Enforcement of Information-Release Policies for Dynamic Languages

Aslan Askarov, Andrei Sabelfeld,
2009 22nd IEEE Computer Security Foundations Symposium, CSF 2009; Port Jefferson, NY; United States; 8 July 2009 through 10 July 2009, p. 43-59
Conference paper - peer reviewed
2009

Declassification: Dimensions and Principles

Andrei Sabelfeld, David Sands,
Journal of Computer Security. Vol. 17 (5), p. 517-548
Scientific journal article - peer reviewed
2009

Implicit flows in malicious and nonmalicious code

Alejandro Russo, Andrei Sabelfeld, Li Keqin et al
Proceedings of the 2009 Marktoberdorf Summer School, IOS Press
Conference paper - peer reviewed
2009

Tracking Information Flow in Dynamic Tree Structures

Alejandro Russo, Andrei Sabelfeld, Andrey Chudnov et al
Lecture Notes in Computer Science: 14th European Symposium on Research in Computer Security, ESORICS 2009; Saint-Malo; France; 21 September 2009 through 23 September 2009, p. 86-103
Conference paper - peer reviewed
2009

Secuirty of Multithreaded Programs by Compilation

Gilles Barthe, Tamara Rezk, Alejandro Russo et al
Special Issue of ACM Transactions on Information and System Security (TISSEC)
Scientific journal article - peer reviewed
2009

Securing Timeout Instructions in Web Applications

Alejandro Russo, Andrei Sabelfeld,
Proceedings of the 22th IEEE Computer Security Foundations Symposium
Conference paper - peer reviewed
2009

From dynamic to static and back: Riding the roller coaster of information-flow control research

Andrei Sabelfeld, Alejandro Russo,
Lecture Notes in Computer Science. 7th International Andrei Ershov Memorial Conference on Perspectives of System Informatics, PSI 2009, Novosibirsk, 15-19 June 2009. Vol. 5947, p. 352-365
Conference paper - peer reviewed
2009

Securing Interaction between Threads and the Scheduler in the Presence of Synchronization

Alejandro Russo, Andrei Sabelfeld,
Journal of Logic and Algebraic Programming. Vol. 78 (7), p. 593-618
Scientific journal article - peer reviewed
2008

Termination-Insensitive Noninterference Leaks More Than Just a Bit.

Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld et al
In Proceedings of the 13th European Symposium on Research in Computer Security, Malaga, Spain, October 2008.. Vol. 5283, p. 333-348
Conference paper - peer reviewed
2008

Cryptographically-Masked Flows

Aslan Askarov, Daniel Hedin, Andrei Sabelfeld et al
Theoretical Computer Science. Vol. 402 (2-3), p. 82-101
Scientific journal article - peer reviewed
2007

Security of Multithreaded Programs by Compilation

Gilles Barthe, Tamara Rezk, Alejandro Russo et al
Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS). Vol. 4734, p. 2-18
Conference paper - peer reviewed
2007

Localized Delimited Release: Combining the What and Where Dimensions of Information Release

Aslan Askarov, Andrei Sabelfeld,
ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, p. 53-60
Conference paper - peer reviewed
2007

Gradual Release: Unifying Declassification, Encryption and Key Release Policies

Aslan Askarov, Andrei Sabelfeld,
Proceedings of the IEEE Symposium on Security and Privacy, p. 207-227
Conference paper - peer reviewed
2007

Closing Internal Timing Channels by Transformation

Alejandro Russo, John Hughes, David Naumann et al
Proceedings of the 11th Annual Asian Computing Science Conference
Conference paper - peer reviewed
2006

Security for Multithreaded Programs under Cooperative Scheduling

Alejandro Russo, Andrei Sabelfeld,
Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, June 27-30, 2006. LNCS, Springer-Verlag.
Conference paper - peer reviewed
2006

Securing Interaction between Threads and the Scheduler

Alejandro Russo, Andrei Sabelfeld,
Proceedings of the 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. IEEE Computer Society Press.
Conference paper - peer reviewed
2006

Enforcing Robust Declassification and Qualified Robustness

Andrew Myers, Andrei Sabelfeld, Steve Zdancewic et al
Journal of Computer Security. Vol. 14 (2), p. 157-196
Scientific journal article - peer reviewed
2006

Cryptographically-Masked Flows

Aslan Askarov, Daniel Hedin, Andrei Sabelfeld et al
Proceedings of the International Static Analysis Symposium, LNCS. Vol. 4134, p. 353-369
Conference paper - peer reviewed
2005

Security-typed languages for implementation of cryptographic protocols: A case study

Aslan Askarov, Andrei Sabelfeld,
Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS' 2005), LNCS. Vol. 3679, p. 197-221
Conference paper - peer reviewed
2005

Proceedings of FCS'05 Workshop on Foundations of Computer Security

Andrei Sabelfeld,
Monograph, book - edited
2005

Dimensions and Principles of Declassification

Andrei Sabelfeld, David Sands,
Proceedings of the 18th IEEE Computer Security Foundations Workshop
Conference paper - peer reviewed
2005

Bridging Language-Based and Process Calculi Security

Riccardo Focardi, Sabina Rossi, Andrei Sabelfeld et al
Proceedings of Foundations of Software Science and Computation Structures (FOSSACS'05),. Vol. LNCS (3441), p. 299-315
Conference paper - peer reviewed
2004

Proceedings of FCS'04 Workshop on Foundations of Computer Security

Andrei Sabelfeld,
Monograph, book - edited
2004

Proceedings of Workshop on Foundations of Computer Security

Andrei Sabelfeld,
Monograph, book - edited
2004

A Model for Delimited Information Release

Andrei Sabelfeld, Andrew Myers,
Lecture Notes in Computer Science. Vol. 3233, p. 174-191
Scientific journal article - peer reviewed
2004

Enforcing Robust Declassification

Andrew Myers, Andrei Sabelfeld, Steve Zdancewic et al
Proceedings of the 17th IEEE Computer Security Foundations Workshop / edited by Riccardo Focardi , p. 172--186
Conference paper - peer reviewed
2001

A Per Model of Secure Information Flow in Sequential Programs

Andrei Sabelfeld, David Sands,
Higher-Order and Symbolic Computation. Vol. 14 (1), p. 59-91
Scientific journal article - peer reviewed
2000

Probabilistic Noninterference for Multi-threaded Programs

Andrei Sabelfeld, David Sands,
Proceedings of the 13th IEEE Computer Security Foundations Workshop, p. 200-214
Conference paper - peer reviewed