Andrei Sabelfeld

Showing 112 publications
LazyTAP: On-Demand Data Minimization for Trigger-Action Applications
SecWasm: Information Flow Control for WebAssembly
Are chrome extensions compliant with the spirit of least privilege?
No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns
Practical Data Access Minimization in Trigger-Action Platforms
Outsourcing MPC Precomputation for Location Privacy
Hardening the security analysis of browser extensions
Data privacy in trigger-action systems
EssentialFP: Exposing the Essence of Browser Fingerprinting
Nontransitive Policies Transpiled
DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication
SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Securing Node-RED Applications
Black widow: Blackbox data-driven web scanning
Where are you bob? privacy-preserving proximity testing with a napping party
VERONICA: Expressive and Precise Concurrent Information Flow Security
HMAC and “secure preferences”: Revisiting chromium-based browsers security
Clockwork: Tracking Remote Timing Attacks
AutoNav: Evaluation and Automatization of Web Navigation Policies
Information-flow control for database-backed applications
On the road with third-party apps: Security analysis of an in-vehicle app platform
An empirical study of information flows in real-world Javascript
Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps
Information Flow Tracking for Side-Effectful Libraries
Prudent Design Principles for Information Flow Control
Raising the bar: Evaluating origin-wide security manifests
If This Then What? Controlling Flows in IoT Apps
We are family: Relating information-flow trackers
Welcome Message from the Program Committee Chairs EuroS&P 2017
Special issue on verified information flow security
Measuring login webpage security
PrivatePool: Privacy-Preserving Ridesharing
MaxPace: Speed-Constrained Location Queries
Privacy-Preserving Location-Proximity for Mobile Apps
A Principled Approach to Tracking Information Flow in the Presence of Libraries
Discovering Browser Extensions via Web Accessible Resources
Web Application Security using JSFlow
Javascript sandboxing: Isolating and restricting client-side javascript
Location-enhanced authentication using the IoT because you cannot be in two places at once
Data Exfiltration in the Face of CSP
Secure multi-execution: Fine-grained, declassification-aware, and transparent
Progress-sensitive security for SPARK
Let’s face it: Faceted values for taint tracking
Explicit Secrecy: A Policy for Taint Tracking
Information-flow security for JavaScript and its APIs
JSLINQ: Building secure applications across tiers
Location-enhanced Authentication using the IoT
Password meters and generators on the web: From large-scale empirical study to getting it right
Value Sensitivity and Observable Abstract Values for Information Flow Control
Understanding and Enforcing Opacity
Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language
May I? - Content Security Policy Endorsement for Browser Extensions
InnerCircle: A Parallelizable Decentralized Privacy-Preserving Location Proximity Protocol
JSFlow: Tracking Information Flow in JavaScript and its APIs
Compositional Information-flow Security for Interactive Systems
SeLINQ: Tracking information across application-database boundaries
Architectures for Inlining Security Monitors in Web Application
Secure multi-execution: Fine-grained, declassification-aware, and transparent
Securing Class Initialization in Java-like Languages
Polyglots: Crossing Origins by Crossing Formats
Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing
Information-flow security for a core of JavaScript
On-The-Fly Inlining Of Dynamic Security Monitors
Capabilities for information flow
Limiting Information Leakage in Event-based Communication
Decentralized Delimited Release
A Perspective on Information-Flow Control
A lattice-based approach to mashup security
Security of Multithreaded Programs by Compilation
On-the-fly inlining of dynamic security monitors
Unifying Facets of Information Integrity
Dynamic vs. Static Flow-Sensitive Security Analysis
Secuirty of Multithreaded Programs by Compilation
Declassification: Dimensions and Principles
Implicit flows in malicious and nonmalicious code
Securing Timeout Instructions in Web Applications
Catch Me If You Can: Permissive Yet Secure Error Handling
Tight Enforcement of Information-Release Policies for Dynamic Languages
From dynamic to static and back: Riding the roller coaster of information-flow control research
Tracking Information Flow in Dynamic Tree Structures
Securing Interaction between Threads and the Scheduler in the Presence of Synchronization
Termination-Insensitive Noninterference Leaks More Than Just a Bit.
Cryptographically-Masked Flows
Security of Multithreaded Programs by Compilation
Localized Delimited Release: Combining the What and Where Dimensions of Information Release
Closing Internal Timing Channels by Transformation
Gradual Release: Unifying Declassification, Encryption and Key Release Policies
Securing Interaction between Threads and the Scheduler
Cryptographically-Masked Flows
Security for Multithreaded Programs under Cooperative Scheduling
Enforcing Robust Declassification and Qualified Robustness
Secure Implementation of Cryptographic Protocols: A Case Study of Mutual Distrust
Proceedings of FCS'05 Workshop on Foundations of Computer Security
Bridging Language-Based and Process Calculi Security
Security-typed languages for implementation of cryptographic protocols: A case study
Dimensions and Principles of Declassification
Proceedings of FCS'04 Workshop on Foundations of Computer Security
A Model for Delimited Information Release
Enforcing Robust Declassification
A Per Model of Secure Information Flow in Sequential Programs
Probabilistic Noninterference for Multi-threaded Programs
Download publication list
You can download this list to your computer.
Filter and download publication list
As logged in user (Chalmers employee) you find more export functions in MyResearch.
You may also import these directly to Zotero or Mendeley by using a browser plugin. These are found herer:
Zotero Connector
Mendeley Web Importer
The service SwePub offers export of contents from Research in other formats, such as Harvard and Oxford in .RIS, BibTex and RefWorks format.
Showing 11 research projects
SEBRA: SEcuring BRowser Extensions by Information Flow Analysis
Mint: Minimizing Code and Data in Complex Systems”
PrinSec: Principled Security for Emerging Application Domains
FlowShield: Securing Web Applications by Information Flow Tracking
WebSec: Securing Web-driven Systems
WASP - Security for Autonomous Systems
FlexCSP - Putting Content Security Policy to work for Practical Web Applications
AppFlow: Putting Information Flow Control to Work
DecentLP: Robust decentralized location privacy
Programming Language-Based Security To Rescue (PROSECUTOR)
Data-Driven Secure Business Intelligence (DataBIN)