Andrei Sabelfeld
Showing 117 publications
CodeX: Contextual Flow Tracking for Browser Extensions
FakeX: A Framework for Detecting Fake Reviews of Browser Extensions
Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS
LazyTAP: On-Demand Data Minimization for Trigger-Action Applications
Black Ostrich: Web Application Scanning with String Solvers
Poster: Data Minimization by Construction for Trigger-Action Applications
Practical Data Access Minimization in Trigger-Action Platforms
Outsourcing MPC Precomputation for Location Privacy
DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication
Are chrome extensions compliant with the spirit of least privilege?
No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
SecWasm: Information Flow Control for WebAssembly
Hardening the security analysis of browser extensions
EssentialFP: Exposing the Essence of Browser Fingerprinting
Data privacy in trigger-action systems
Securing Node-RED Applications
SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Black widow: Blackbox data-driven web scanning
Nontransitive Policies Transpiled
Where are you bob? privacy-preserving proximity testing with a napping party
AutoNav: Evaluation and Automatization of Web Navigation Policies
VERONICA: Expressive and Precise Concurrent Information Flow Security
Clockwork: Tracking Remote Timing Attacks
HMAC and “secure preferences”: Revisiting chromium-based browsers security
Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
An empirical study of information flows in real-world Javascript
Information-flow control for database-backed applications
On the road with third-party apps: Security analysis of an in-vehicle app platform
Raising the bar: Evaluating origin-wide security manifests
Prudent Design Principles for Information Flow Control
Information Flow Tracking for Side-Effectful Libraries
Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
If This Then What? Controlling Flows in IoT Apps
We are family: Relating information-flow trackers
Measuring login webpage security
Discovering Browser Extensions via Web Accessible Resources
Privacy-Preserving Location-Proximity for Mobile Apps
PrivatePool: Privacy-Preserving Ridesharing
Special issue on verified information flow security
MaxPace: Speed-Constrained Location Queries
A Principled Approach to Tracking Information Flow in the Presence of Libraries
Welcome Message from the Program Committee Chairs EuroS&P 2017
Secure multi-execution: Fine-grained, declassification-aware, and transparent
Progress-sensitive security for SPARK
Explicit Secrecy: A Policy for Taint Tracking
Information-flow security for JavaScript and its APIs
Location-enhanced authentication using the IoT because you cannot be in two places at once
Data Exfiltration in the Face of CSP
JSLINQ: Building secure applications across tiers
Location-enhanced Authentication using the IoT
Javascript sandboxing: Isolating and restricting client-side javascript
Let’s face it: Faceted values for taint tracking
Web Application Security using JSFlow
Value Sensitivity and Observable Abstract Values for Information Flow Control
Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language
InnerCircle: A Parallelizable Decentralized Privacy-Preserving Location Proximity Protocol
May I? - Content Security Policy Endorsement for Browser Extensions
Password meters and generators on the web: From large-scale empirical study to getting it right
Understanding and Enforcing Opacity
Compositional Information-flow Security for Interactive Systems
SeLINQ: Tracking information across application-database boundaries
JSFlow: Tracking Information Flow in JavaScript and its APIs
Architectures for Inlining Security Monitors in Web Application
Secure multi-execution: Fine-grained, declassification-aware, and transparent
Securing Class Initialization in Java-like Languages
Polyglots: Crossing Origins by Crossing Formats
Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing
On-The-Fly Inlining Of Dynamic Security Monitors
Information-flow security for a core of JavaScript
Capabilities for information flow
Decentralized Delimited Release
Limiting Information Leakage in Event-based Communication
A Perspective on Information-Flow Control
On-the-fly inlining of dynamic security monitors
A lattice-based approach to mashup security
Dynamic vs. Static Flow-Sensitive Security Analysis
Security of Multithreaded Programs by Compilation
Unifying Facets of Information Integrity
Implicit flows in malicious and nonmalicious code
Securing Interaction between Threads and the Scheduler in the Presence of Synchronization
Secuirty of Multithreaded Programs by Compilation
Catch Me If You Can: Permissive Yet Secure Error Handling
From dynamic to static and back: Riding the roller coaster of information-flow control research
Tight Enforcement of Information-Release Policies for Dynamic Languages
Declassification: Dimensions and Principles
Tracking Information Flow in Dynamic Tree Structures
Securing Timeout Instructions in Web Applications
Termination-Insensitive Noninterference Leaks More Than Just a Bit.
Cryptographically-Masked Flows
Closing Internal Timing Channels by Transformation
Gradual Release: Unifying Declassification, Encryption and Key Release Policies
Localized Delimited Release: Combining the What and Where Dimensions of Information Release
Security of Multithreaded Programs by Compilation
Security for Multithreaded Programs under Cooperative Scheduling
Enforcing Robust Declassification and Qualified Robustness
Securing Interaction between Threads and the Scheduler
Cryptographically-Masked Flows
Bridging Language-Based and Process Calculi Security
Dimensions and Principles of Declassification
Proceedings of FCS'05 Workshop on Foundations of Computer Security
Secure Implementation of Cryptographic Protocols: A Case Study of Mutual Distrust
Security-typed languages for implementation of cryptographic protocols: A case study
Proceedings of FCS'04 Workshop on Foundations of Computer Security
A Model for Delimited Information Release
Enforcing Robust Declassification
A Per Model of Secure Information Flow in Sequential Programs
Probabilistic Noninterference for Multi-threaded Programs
Download publication list
You can download this list to your computer.
Filter and download publication list
As logged in user (Chalmers employee) you find more export functions in MyResearch.
You may also import these directly to Zotero or Mendeley by using a browser plugin. These are found herer:
Zotero Connector
Mendeley Web Importer
The service SwePub offers export of contents from Research in other formats, such as Harvard and Oxford in .RIS, BibTex and RefWorks format.
Showing 11 research projects
SEBRA: SEcuring BRowser Extensions by Information Flow Analysis
Mint: Minimizing Code and Data in Complex Systems”
PrinSec: Principled Security for Emerging Application Domains
FlowShield: Securing Web Applications by Information Flow Tracking
WebSec: Securing Web-driven Systems
WASP - Security for Autonomous Systems
FlexCSP - Putting Content Security Policy to work for Practical Web Applications
AppFlow: Putting Information Flow Control to Work
DecentLP: Robust decentralized location privacy
Programming Language-Based Security To Rescue (PROSECUTOR)
Data-Driven Secure Business Intelligence (DataBIN)