UC Santa Cruz

April 13 Information Flow Analysis
- Termination-Insensitive Noninterference Leaks More Than Just a Bit. Aslan Askarov et al. ESORICS 2008.
  - Contributions:
    1. Addressed problems with information flow analysis and intermediary output.
    2. New model for analyzing these types of applications.
  - Questions:
    1. This model is deterministic. Would non-determinism break the model?
- Cross site scripting prevention with dynamic data tainting and static analysis. Vogt et al. 2007.
  - Contributions:
    1. Approached XSS attacks from the client-side (previous XSS defenses have focused on the server side).
    2. Applied information flow techniques to XSS prevention (though data tainting seems to have been used here before).
    3. Heavy-duty, real-world information flow analysis case.
  - Questions:
    1. Is this approach more broadly applicable to client-side information flow analysis?

April 16
- Aspect-Oriented Programming. Gregor Kiczales et al. ACM Comput. Surv. 28(4es): 154 (1996).
April 23
- A Generic Type-and-Effect System. Marino and Millstein. TLDI 2009.
April 30
- JFlow: Practical Mostly-Static Information Flow Control. Andrew Myers. POPL 1999.
May 7 tba
May 14 tba
May 21 tba
May 28 tba
June 4 tba
June 11 tba