@phdthesis(assaf-thesis, author = {Mounir Assaf}, year = {2015}, title = {From Qualitative to Quantitative Program Analysis: Permissive Enforcement of Secure Information Flow}, school = {Universit\IeC{\'e} de Rennes 1}, url = {https://hal.inria.fr/tel-01184857}, ) @incollection(assaf-paper, author = {Mounir Assaf and Julien Signoles and Fr\IeC{\'e}d\IeC{\'e}ric Tronel and \IeC{\'E}ric Totel}, year = {2013}, title = {Program Transformation for Non-interference Verification on Programs with Pointers}, editor = {Lech J. Janczewski and Henry B. Wolfe and Sujeet Shenoi}, booktitle = {Security and Privacy Protection in Information Processing Systems}, series = {IFIP Advances in Information and Communication Technology}, volume = {405}, publisher = {Springer}, pages = {231--244}, url = {http://dx.doi.org/10.1007/978-3-642-39218-4_18}, ) @inproceedings(boneh.brumley-2003, author = {David Brumley and Dan Boneh}, year = {2003}, title = {Remote Timing Attacks are Practical}, booktitle = {Proceedings of the 12th Usenix Security Symposium}, url = {https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf}, ) @article(chase-etal.1990, author = {David R. Chase and Mark Wegman and F. Kenneth Zadeck}, year = {1990}, title = {Analysis of Pointers and Structures}, journal = {SIGPLAN Not.}, volume = {25}, number = {6}, pages = {296--310}, doi = {10.1145/93548.93585}, ) @article(denning.denning-1977, author = {Dorothy E. Denning and Peter J. Denning}, year = {1977}, title = {Certification of Programs for Secure Information Flow}, journal = {Commun. ACM}, volume = {20}, number = {7}, pages = {504--513}, doi = {10.1145/359636.359712}, ) @inproceedings(genkin.etal-2016, author = {Daniel Genkin and Lev Packmanov and Itamar Pipman and Eran Tromer}, year = {2016}, title = {{ECDH} key-extraction via low-bandwidth electromagnetic attacks on {PCs}}, booktitle = {RSA Conference Cryptographers' Track (CT-RSA)}, series = {LNCS}, volume = {9610}, pages = {219--235}, url = {https://eprint.iacr.org/2016/129.pdf}, ) @inproceedings(goguen.meseguer-1982, author = {J.A. Goguen and J. Meseguer}, year = {1982}, title = {Security Policies and Security Models}, booktitle = {Security and Privacy, 1982 IEEE Symposium on}, pages = {11--11}, doi = {10.1109/SP.1982.10014}, ) @inproceedings(jsflow-hybrid, author = {D. Hedin and L. Bello and A. Sabelfeld}, year = {2015}, title = {Value-Sensitive Hybrid Information Flow Control for a {JavaScript}-Like Language}, booktitle = {Computer Security Foundations Symposium (CSF), 2015 IEEE 28th}, pages = {351--365}, doi = {10.1109/CSF.2015.31}, ) @inproceedings(jsflow, author = {Daniel Hedin and Arnar Birgisson and Luciano Bello and Andrei Sabelfeld}, year = {2014}, title = {{JSFlow}: Tracking Information Flow in {JavaScript} and Its {APIs}}, booktitle = {Proceedings of the 29th Annual ACM Symposium on Applied Computing}, series = {SAC '14}, publisher = {ACM}, pages = {1663--1671}, doi = {10.1145/2554850.2554909}, ) @inproceedings(hunt.sands-2006, author = {Sebastian Hunt and David Sands}, year = {2006}, title = {On Flow-sensitive Security Types}, booktitle = {Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages}, series = {POPL '06}, publisher = {ACM}, pages = {79--90}, doi = {10.1145/1111037.1111045}, ) @article(kerschbaumer-flow, author = {Christoph Kerschbaumer and Eric Hennigan and Per Larsen and Stefan Brunthaler and Michael Franz}, year = {2013}, title = {Information Flow Tracking Meets Just-in-time Compilation}, journal = {ACM Trans. Archit. Code Optim.}, volume = {10}, number = {4}, pages = {38:1--38:25}, doi = {10.1145/2555289.2555295}, ) @article(frama-c, author = {Florent Kirchner and Nikolai Kosmatov and Virgile Prevosto and Julien Signoles and Boris Yakobowski}, year = {2015}, title = {{Frama-C}: A software analysis perspective}, journal = {Formal Aspects of Computing}, volume = {27}, number = {3}, pages = {573--609}, doi = {10.1007/s00165-014-0326-7}, ) @inproceedings(leguernic.etal-2006, author = {Le Guernic, Gurvan and Anindya Banerjee and Thomas Jensen and David A. Schmidt}, year = {2007}, title = {Automata-based Confidentiality Monitoring}, booktitle = {Proceedings of the 11th Asian Computing Science Conference on Advances in Computer Science: Secure Software and Related Issues}, series = {ASIAN'06}, publisher = {Springer-Verlag}, pages = {75--89}, url = {http://dl.acm.org/citation.cfm?id=1782734.1782741}, ) @inproceedings(necula-cil, author = {George C. Necula and Scott McPeak and Shree Prakash Rahul and Westley Weimer}, year = {2002}, title = {{CIL}: Intermediate Language and Tools for Analysis and Transformation of {C} Programs}, booktitle = {Proceedings of the 11th International Conference on Compiler Construction}, series = {CC '02}, publisher = {Springer-Verlag}, pages = {213--228}, url = {http://dx.doi.org/10.1007/3-540-45937-5_16}, ) @book(isabelle, author = {Tobias Nipkow and Markus Wenzel and Lawrence C. Paulson}, year = {2002}, title = {Isabelle/HOL: A Proof Assistant for Higher-order Logic}, publisher = {Springer-Verlag}, doi = {10.1007/3-540-45949-9}, ) @inproceedings(russo.sabelfeld-2010, author = {A. Russo and A. Sabelfeld}, year = {2010}, title = {Dynamic vs. Static Flow-Sensitive Security Analysis}, booktitle = {Computer Security Foundations Symposium (CSF), 2010 23rd IEEE}, pages = {186--199}, doi = {10.1109/CSF.2010.20}, ) @article(volpano.etal-1996, author = {Dennis Volpano and Cynthia Irvine and Geoffrey Smith}, year = {1996}, title = {A Sound Type System for Secure Flow Analysis}, journal = {J. Comput. Secur.}, volume = {4}, number = {2-3}, pages = {167--187}, doi = {10.3233/JCS-1996-42-304}, )