Integrity Considerations for Secure Computer Systems, 1977. ,
Reactive non-interference for a browser model, 2011 5th International Conference on Network and System Security, pp.97-104, 2011. ,
DOI : 10.1109/ICNSS.2011.6059965
A Trusted Mechanised JavaScript Specification, Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL'13, pp.87-100, 2013. ,
DOI : 10.1145/2535838.2535876
URL : https://hal.archives-ouvertes.fr/hal-00910135
Reactive noninterference, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pp.79-90, 2009. ,
DOI : 10.1145/1653662.1653673
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.146.3298
On Dynamic Flow-Sensitive Floating-Label Systems, 2014 IEEE 27th Computer Security Foundations Symposium, p.2014, 2014. ,
DOI : 10.1109/CSF.2014.13
URL : http://arxiv.org/abs/1507.06189
Information Flow Monitor Inlining, 2010 23rd IEEE Computer Security Foundations Symposium, pp.200-214, 2010. ,
DOI : 10.1109/CSF.2010.21
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.153.6508
Implementing continuation marks in JavaScript, Proceedings of the 9th Scheme and Functional Programming Workshop, 2008. ,
Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints, Proceedings of the Fourth ACM Symposium on Principles of Programming Languages (POPL'77), pp.238-252, 1977. ,
Introduction to lattices and order, 2002. ,
A Lattice Model of Secure Information Flow, Commun. ACM, vol.19, issue.5, pp.236-243, 1976. ,
Gradual Information Flow Typing, 2011. ,
Javascript -the definitive guide, 2011. ,
DOM: Towards a Formal Specification, Proceedings of the ACM SIGPLAN Workshop PLAN- X on Programming Language Technologies for XML, 2008. ,
Towards a program logic for JavaScript, Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL'13, pp.31-44, 2012. ,
Security Policies and Security Models, Proceedings of the 3rd IEEE Symposium on Security and Privacy, SP'82, pp.11-20, 1982. ,
A reference architecture for Web browsers, 21st IEEE International Conference on Software Maintenance (ICSM'05), pp.661-664, 2005. ,
DOI : 10.1109/ICSM.2005.13
The Essence of JavaScript, Proceedings of the 24th European Conference on Object-Oriented Programming (ECOOP), pp.126-150, 2010. ,
DOI : 10.1007/978-3-642-14107-2_7
Web API Verification: Results and Challenges, 2012. ,
Information-Flow Security for a Core of JavaScript, 2012 IEEE 25th Computer Security Foundations Symposium, pp.3-18, 2012. ,
DOI : 10.1109/CSF.2012.19
JSFlow, Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC '14, pp.1663-1671, 2014. ,
DOI : 10.1145/2554850.2554909
On Flow-sensitive Security Types, Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '06, pp.79-90, 2006. ,
Sorin Lerner and Hovav Shacham. An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications, Proceedings of the 17th ACM Conference on Computer and Communications Security, pp.270-283, 2010. ,
Aspect-Oriented Programming, Proceedings of the 11th European Conference on Object-Oriented Programming (ECOOP), pp.220-242, 1997. ,
Information Integrity Policies, Proceedings Formal Aspects in Security & Trust (FAST), 2003. ,
AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements, Proceedings of the 19th USENIX Security Symposium, pp.371-388, 2012. ,
An Operational Semantics for JavaScript, Proceedings of the 6th Asian Symposium on Programming Languages and Systems, pp.307-325, 2008. ,
DOI : 10.1007/11601524_11
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.144.388
A lattice-based approach to mashup security, Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pp.15-23, 2010. ,
DOI : 10.1145/1755688.1755691
On-the-fly Inlining of Dynamic Security Monitors, Proceedings of the 25th IFIP TC-11 International Information Security Conference IFIP Advances in Information and Communication Technology, pp.173-186, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-01054519
On-the-fly inlining of dynamic security monitors, Computers & Security, vol.31, issue.7, pp.827-843, 2012. ,
DOI : 10.1016/j.cose.2011.10.002
URL : https://hal.archives-ouvertes.fr/hal-01054519
Operational semantics for multi-language programs, ACM Transactions on Programming Languages and Systems, vol.31, issue.3, pp.1-12, 2009. ,
DOI : 10.1145/1498926.1498930
Static Analysis for Efficient Hybrid Information- Flow Control, Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF'24, pp.146-160, 2011. ,
ADsafety: Type-Based Verification of JavaScript Sandboxing, Proceedings of the 20th USENIX Security Symposium. USENIX Association, p.71, 2011. ,
A library for light-weight information-flow security in haskell, Proceedings of the 1st ACM SIGPLAN Symposium on Haskell, pp.13-24, 2008. ,
Dynamic vs. Static Flow-Sensitive Security Analysis, 2010 23rd IEEE Computer Security Foundations Symposium, pp.186-199, 2010. ,
DOI : 10.1109/CSF.2010.20
A Per Model of Secure Information Flow in Sequential Programs, Higher Order and Symbolic Computation, pp.59-91, 2001. ,
DOI : 10.1007/3-540-49099-X_4
Language-based information-flow security, IEEE Journal on Selected Areas in Communications, vol.21, issue.1, pp.5-19, 2003. ,
DOI : 10.1109/JSAC.2002.806121
A Model for Delimited Information Release, Proceedings of the 9th Asian Symposium on Programming Languages and Systems, pp.220-237, 2003. ,
DOI : 10.1007/978-3-540-37621-7_9
Dynamic Dependency Monitoring to Secure Information Flow, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.203-217, 2007. ,
DOI : 10.1109/CSF.2007.20
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.129.4843
Flexible dynamic information flow control in Haskell, Proceedings of the 4th ACM SIGPLAN Symposium on Haskell, pp.95-106, 2011. ,
Building secure systems with LIO (demo), Proceedings of the 2014 ACM SIGPLAN Symposium on Haskell, pp.93-94, 2014. ,
Automated Analysis of Security-Critical JavaScript APIs, 2011 IEEE Symposium on Security and Privacy, pp.363-378, 2011. ,
DOI : 10.1109/SP.2011.39
Provably Correct Runtime Enforcement of Non-interference Properties, Proceedings of 8th International Conference on Information and Communications Security, pp.332-351, 2006. ,
DOI : 10.1007/11935308_24
A Sound Type System for Secure Flow Analysis, Journal of Computer Security, vol.4, issue.26, pp.167-187, 1996. ,
Toward Principled Browser Security, 14th Workshop on Hot Topics in Operating Systems. USENIX Association, p.2013, 2013. ,
Prototype-Chain Indistinguishability) For any two memories µ 0 and µ 1 respectively well-typed by ? 0 and ? 1 , reference r, and property p such that r 0 = Proto ,
? 0 ? ? µ 1 , ? 1 , and ? lev ( (? 0 (r), p)) ? lev(? 0 (r)) ? ? ,
? lev(? 0 (r)) ? ? (hyp.5) then, it holds that: r 0 = r 1 . We proceed by induction on the derivation of ,
? ? (3) -(hyp.5) + (2) ? p ? dom(µ 1 (r)) (4) -(hyp.4) + (hyp.6) + (3) ? r 1 = r (5) -(hyp.3) + (4) ? r 0 = r 1 (6) -(1) + (5) [Look-up] p ? dom(µ 0 (r)) (hyp.6), pp.7-7 ,
-(hyp.4) + (hyp.6) + (1) ? r 1 = Proto(µ 1 , r ? 1 , p), where: r ? 1 = µ 1 (r · ,