default search action
Andrei Sabelfeld
Person information
- affiliation: Chalmers University of Technology, Gothenburg, Sweden
Refine list
refinements active!
zoomed in on ?? of ?? records
view refined list in
export refined list as
showing all ?? records
2020 – today
- 2024
- [c99]Eric Olsson, Benjamin Eriksson, Pablo Picazo-Sanchez, Lukas Andersson, Andrei Sabelfeld:
FakeX: A Framework for Detecting Fake Reviews of Browser Extensions. AsiaCCS 2024 - [c98]Eric Olsson, Benjamin Eriksson, Adam Doupé, Andrei Sabelfeld:
Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS. USENIX Security Symposium 2024 - 2023
- [c97]Benjamin Eriksson, Amanda Stjerna, Riccardo De Masellis, Philipp Rümmer, Andrei Sabelfeld:
Black Ostrich: Web Application Scanning with String Solvers. CCS 2023: 549-563 - [c96]Mohammad M. Ahmadpanah, Daniel Hedin, Andrei Sabelfeld:
Poster: Data Minimization by Construction for Trigger-Action Applications. CCS 2023: 3522-3524 - [c95]Mohammad M. Ahmadpanah, Daniel Hedin, Andrei Sabelfeld:
LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. SP 2023: 3079-3097 - 2022
- [j21]Pablo Picazo-Sanchez, Lara Ortiz-Martin, Gerardo Schneider, Andrei Sabelfeld:
Are chrome extensions compliant with the spirit of least privilege? Int. J. Inf. Sec. 21(6): 1283-1297 (2022) - [c94]Pablo Picazo-Sanchez, Benjamin Eriksson, Andrei Sabelfeld:
No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns. ACSAC 2022: 896-910 - [c93]Ivan Oleynikov, Elena Pagnin, Andrei Sabelfeld:
Outsourcing MPC Precomputation for Location Privacy. EuroS&P Workshops 2022: 504-513 - [c92]Pablo Picazo-Sanchez, Maximilian Algehed, Andrei Sabelfeld:
DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication. ICISSP 2022: 528-535 - [c91]Benjamin Eriksson, Pablo Picazo-Sanchez, Andrei Sabelfeld:
Hardening the security analysis of browser extensions. SAC 2022: 1694-1703 - [c90]Iulia Bastys, Maximilian Algehed, Alexander Sjösten, Andrei Sabelfeld:
SecWasm: Information Flow Control for WebAssembly. SAS 2022: 74-103 - [c89]Ivan Oleynikov, Elena Pagnin, Andrei Sabelfeld:
CatNap: Leveraging Generic MPC for Actively Secure Privacy-enhancing Proximity Testing with a Napping Party. SECRYPT 2022: 237-248 - [c88]Yunang Chen, Mohannad Alhanahnah, Andrei Sabelfeld, Rahul Chatterjee, Earlence Fernandes:
Practical Data Access Minimization in Trigger-Action Platforms. USENIX Security Symposium 2022: 2929-2945 - 2021
- [c87]Mohammad M. Ahmadpanah, Musard Balliu, Daniel Hedin, Lars Eric Olsson, Andrei Sabelfeld:
Securing Node-RED Applications. Protocols, Strands, and Logic 2021: 1-21 - [c86]Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld:
EssentialFP: Exposing the Essence of Browser Fingerprinting. EuroS&P Workshops 2021: 32-48 - [c85]Mohammad M. Ahmadpanah, Aslan Askarov, Andrei Sabelfeld:
Nontransitive Policies Transpiled. EuroS&P 2021: 543-561 - [c84]Yunang Chen, Amrita Roy Chowdhury, Ruizhe Wang, Andrei Sabelfeld, Rahul Chatterjee, Earlence Fernandes:
Data Privacy in Trigger-Action Systems. SP 2021: 501-518 - [c83]Benjamin Eriksson, Giancarlo Pellegrino, Andrei Sabelfeld:
Black Widow: Blackbox Data-driven Web Scanning. SP 2021: 1125-1142 - [c82]Mohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, Lars Eric Olsson, Andrei Sabelfeld:
SandTrap: Securing JavaScript-driven Trigger-Action Platforms. USENIX Security Symposium 2021: 2899-2916 - 2020
- [c81]Pablo Picazo-Sanchez, Gerardo Schneider, Andrei Sabelfeld:
HMAC and "Secure Preferences": Revisiting Chromium-Based Browsers Security. CANS 2020: 107-126 - [c80]Daniel Schoepe, Toby Murray, Andrei Sabelfeld:
VERONICA: Expressive and Precise Concurrent Information Flow Security. CSF 2020: 79-94 - [c79]Iulia Bastys, Musard Balliu, Tamara Rezk, Andrei Sabelfeld:
Clockwork: Tracking Remote Timing Attacks. CSF 2020: 350-365 - [c78]Ivan Oleynikov, Elena Pagnin, Andrei Sabelfeld:
Where Are You Bob? Privacy-Preserving Proximity Testing with a Napping Party. ESORICS (1) 2020: 677-697 - [c77]Benjamin Eriksson, Andrei Sabelfeld:
AutoNav: Evaluation and Automatization of Web Navigation Policies. WWW 2020: 1320-1331 - [i9]Daniel Schoepe, Toby Murray, Andrei Sabelfeld:
VERONICA: Expressive and Precise Concurrent Information Flow Security (Extended Version with Technical Appendices). CoRR abs/2001.11142 (2020) - [i8]Yunang Chen, Amrita Roy Chowdhury, Ruizhe Wang, Andrei Sabelfeld, Rahul Chatterjee, Earlence Fernandes:
Data Privacy in Trigger-Action IoT Systems. CoRR abs/2012.05749 (2020) - [i7]Ivan Oleynikov, Elena Pagnin, Andrei Sabelfeld:
Where are you Bob? Privacy-Preserving Proximity Testing with a Napping Party. IACR Cryptol. ePrint Arch. 2020: 857 (2020)
2010 – 2019
- 2019
- [j20]Musard Balliu, Iulia Bastys, Andrei Sabelfeld:
Securing IoT Apps. IEEE Secur. Priv. 17(5): 22-29 (2019) - [j19]Elena Pagnin, Gunnar Gunnarsson, Pedram Talebi, Claudio Orlandi, Andrei Sabelfeld:
TOPPool: Time-aware Optimized Privacy-Preserving Ridesharing. Proc. Priv. Enhancing Technol. 2019(4): 93-111 (2019) - [c76]Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel, Andrei Sabelfeld:
An Empirical Study of Information Flows in Real-World JavaScript. PLAS@CCS 2019: 45-59 - [c75]Marco Guarnieri, Musard Balliu, Daniel Schoepe, David A. Basin, Andrei Sabelfeld:
Information-Flow Control for Database-Backed Applications. EuroS&P 2019: 79-94 - [c74]Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez, Andrei Sabelfeld:
Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks. NDSS 2019 - [c73]Benjamin Eriksson, Jonas Groth, Andrei Sabelfeld:
On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform. VEHITS 2019: 64-75 - [i6]Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel, Andrei Sabelfeld:
An Empirical Study of Information Flows in Real-World JavaScript. CoRR abs/1906.11507 (2019) - 2018
- [j18]Per A. Hallgren, Ravi Kishore, Martín Ochoa, Andrei Sabelfeld:
Assuring BetterTimes. J. Comput. Secur. 26(4): 557-587 (2018) - [c72]Steven Van Acker, Daniel Hausknecht, Andrei Sabelfeld:
Raising the Bar: Evaluating Origin-wide Security Manifests. ACSAC 2018: 342-354 - [c71]Iulia Bastys, Frank Piessens, Andrei Sabelfeld:
Prudent Design Principles for Information Flow Control. PLAS@CCS 2018: 17-23 - [c70]Iulia Bastys, Musard Balliu, Andrei Sabelfeld:
If This Then What?: Controlling Flows in IoT Apps. CCS 2018: 1102-1119 - [c69]Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld:
Information Flow Tracking for Side-Effectful Libraries. FORTE 2018: 141-160 - [c68]Iulia Bastys, Frank Piessens, Andrei Sabelfeld:
Tracking Information Flow via Delayed Output - Addressing Privacy in IoT and Emailing Apps. NordSec 2018: 19-37 - 2017
- [j17]Toby C. Murray, Andrei Sabelfeld, Lujo Bauer:
Special issue on verified information flow security. J. Comput. Secur. 25(4-5): 319-321 (2017) - [c67]Alexander Sjösten, Steven Van Acker, Andrei Sabelfeld:
Discovering Browser Extensions via Web Accessible Resources. CODASPY 2017: 329-336 - [c66]Per A. Hallgren, Claudio Orlandi, Andrei Sabelfeld:
PrivatePool: Privacy-Preserving Ridesharing. CSF 2017: 276-291 - [c65]Musard Balliu, Daniel Schoepe, Andrei Sabelfeld:
We Are Family: Relating Information-Flow Trackers. ESORICS (1) 2017: 124-145 - [c64]Simonas Stirbys, Omar Abu Nabah, Per A. Hallgren, Andrei Sabelfeld:
Privacy-Preserving Location-Proximity for Mobile Apps. PDP 2017: 337-345 - [c63]Daniel Hedin, Alexander Sjösten, Frank Piessens, Andrei Sabelfeld:
A Principled Approach to Tracking Information Flow in the Presence of Libraries. POST 2017: 49-70 - [c62]Steven Van Acker, Daniel Hausknecht, Andrei Sabelfeld:
Measuring login webpage security. SAC 2017: 1753-1760 - 2016
- [j16]Willard Rafnsson, Andrei Sabelfeld:
Secure multi-execution: Fine-grained, declassification-aware, and transparent. J. Comput. Secur. 24(1): 39-90 (2016) - [j15]Daniel Hedin, Luciano Bello, Andrei Sabelfeld:
Information-flow security for JavaScript and its APIs. J. Comput. Secur. 24(2): 181-234 (2016) - [c61]Ioannis Agadakos, Per A. Hallgren, Dimitrios Damopoulos, Andrei Sabelfeld, Georgios Portokalidis:
Location-enhanced authentication using the IoT: because you cannot be in two places at once. ACSAC 2016: 251-264 - [c60]Steven Van Acker, Daniel Hausknecht, Andrei Sabelfeld:
Data Exfiltration in the Face of CSP. AsiaCCS 2016: 853-864 - [c59]Per A. Hallgren, Martín Ochoa, Andrei Sabelfeld:
MaxPace: Speed-constrained location queries. CNS 2016: 136-144 - [c58]Musard Balliu, Benjamin Liebe, Daniel Schoepe, Andrei Sabelfeld:
JSLINQ: Building Secure Applications across Tiers. CODASPY 2016: 307-318 - [c57]Daniel Schoepe, Musard Balliu, Frank Piessens, Andrei Sabelfeld:
Let's Face It: Faceted Values for Taint Tracking. ESORICS (1) 2016: 561-580 - [c56]Willard Rafnsson, Deepak Garg, Andrei Sabelfeld:
Progress-Sensitive Security for SPARK. ESSoS 2016: 20-37 - [c55]Daniel Schoepe, Musard Balliu, Benjamin C. Pierce, Andrei Sabelfeld:
Explicit Secrecy: A Policy for Taint Tracking. EuroS&P 2016: 15-30 - [c54]Steven Van Acker, Andrei Sabelfeld:
JavaScript Sandboxing: Isolating and Restricting Client-Side JavaScript. FOSAD 2016: 32-86 - 2015
- [c53]Steven Van Acker, Daniel Hausknecht, Wouter Joosen, Andrei Sabelfeld:
Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting It Right. CODASPY 2015: 253-262 - [c52]Daniel Hedin, Luciano Bello, Andrei Sabelfeld:
Value-Sensitive Hybrid Information Flow Control for a JavaScript-Like Language. CSF 2015: 351-365 - [c51]Daniel Schoepe, Andrei Sabelfeld:
Understanding and Enforcing Opacity. CSF 2015: 539-553 - [c50]Daniel Hausknecht, Jonas Magazinius, Andrei Sabelfeld:
May I? - Content Security Policy Endorsement for Browser Extensions. DIMVA 2015: 261-281 - [c49]Luciano Bello, Daniel Hedin, Andrei Sabelfeld:
Value Sensitivity and Observable Abstract Values for Information Flow Control. LPAR 2015: 63-78 - [c48]Per A. Hallgren, Martín Ochoa, Andrei Sabelfeld:
BetterTimes - Privacy-Assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields. ProvSec 2015: 291-309 - [c47]Per A. Hallgren, Martín Ochoa, Andrei Sabelfeld:
InnerCircle: A parallelizable decentralized privacy-preserving location proximity protocol. PST 2015: 1-6 - [c46]Daniel Hedin, Andrei Sabelfeld:
Web Application Security Using JSFlow. SYNASC 2015: 16-19 - 2014
- [j14]Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld:
Preface. J. Comput. Secur. 22(4): 467-468 (2014) - [c45]Willard Rafnsson, Andrei Sabelfeld:
Compositional Information-Flow Security for Interactive Systems. CSF 2014: 277-292 - [c44]Jonas Magazinius, Daniel Hedin, Andrei Sabelfeld:
Architectures for Inlining Security Monitors in Web Applications. ESSoS 2014: 141-160 - [c43]Daniel Schoepe, Daniel Hedin, Andrei Sabelfeld:
SeLINQ: tracking information across application-database boundaries. ICFP 2014: 25-38 - [c42]Daniel Hedin, Arnar Birgisson, Luciano Bello, Andrei Sabelfeld:
JSFlow: tracking information flow in JavaScript and its APIs. SAC 2014: 1663-1671 - 2013
- [j13]Willard Rafnsson, Keiko Nakata, Andrei Sabelfeld:
Securing Class Initialization in Java-like Languages. IEEE Trans. Dependable Secur. Comput. 10(1): 1-13 (2013) - [c41]Jonas Magazinius, Billy K. Rios, Andrei Sabelfeld:
Polyglots: crossing origins by crossing formats. CCS 2013: 753-764 - [c40]Willard Rafnsson, Andrei Sabelfeld:
Secure Multi-execution: Fine-Grained, Declassification-Aware, and Transparent. CSF 2013: 33-48 - [c39]Per A. Hallgren, Daniel T. Mauritzson, Andrei Sabelfeld:
GlassTube: a lightweight approach to web application integrity. PLAS 2013: 71-82 - 2012
- [j12]Jonas Magazinius, Alejandro Russo, Andrei Sabelfeld:
On-the-fly inlining of dynamic security monitors. Comput. Secur. 31(7): 827-843 (2012) - [c38]Daniel Hedin, Andrei Sabelfeld:
Information-Flow Security for a Core of JavaScript. CSF 2012: 3-18 - [c37]Willard Rafnsson, Daniel Hedin, Andrei Sabelfeld:
Securing Interactive Programs. CSF 2012: 293-307 - [c36]Arnar Birgisson, Daniel Hedin, Andrei Sabelfeld:
Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing. ESORICS 2012: 55-72 - [p2]Daniel Hedin, Andrei Sabelfeld:
A Perspective on Information-Flow Control. Software Safety and Security 2012: 319-347 - [i5]Lieven Desmet, Martin Johns, Benjamin Livshits, Andrei Sabelfeld:
Web Application Security (Dagstuhl Seminar 12401). Dagstuhl Reports 2(10): 1-37 (2012) - 2011
- [c35]Jonas Magazinius, Aslan Askarov, Andrei Sabelfeld:
Decentralized Delimited Release. APLAS 2011: 220-237 - [c34]Arnar Birgisson, Andrei Sabelfeld:
Multi-run Security. ESORICS 2011: 372-391 - [c33]Willard Rafnsson, Andrei Sabelfeld:
Limiting information leakage in event-based communication. PLAS 2011: 4 - [c32]Arnar Birgisson, Alejandro Russo, Andrei Sabelfeld:
Capabilities for information flow. PLAS 2011: 5 - 2010
- [j11]Andrei Sabelfeld:
Preface. J. Comput. Secur. 18(6): 1075 (2010) - [j10]Gilles Barthe, Tamara Rezk, Alejandro Russo, Andrei Sabelfeld:
Security of multithreaded programs by compilation. ACM Trans. Inf. Syst. Secur. 13(3): 21:1-21:32 (2010) - [c31]Jonas Magazinius, Aslan Askarov, Andrei Sabelfeld:
A lattice-based approach to mashup security. AsiaCCS 2010: 15-23 - [c30]Alejandro Russo, Andrei Sabelfeld:
Dynamic vs. Static Flow-Sensitive Security Analysis. CSF 2010: 186-199 - [c29]Arnar Birgisson, Alejandro Russo, Andrei Sabelfeld:
Unifying Facets of Information Integrity. ICISS 2010: 48-65 - [c28]Keiko Nakata, Andrei Sabelfeld:
Securing Class Initialization. IFIPTM 2010: 48-62 - [c27]Jonas Magazinius, Alejandro Russo, Andrei Sabelfeld:
On-the-fly Inlining of Dynamic Security Monitors. SEC 2010: 173-186 - [p1]Alejandro Russo, Andrei Sabelfeld, Keqin Li:
Implicit flows in malicious and nonmalicious code. Logics and Languages for Reliability and Security 2010: 301-322
2000 – 2009
- 2009
- [j9]Andrei Sabelfeld, David Sands:
Declassification: Dimensions and principles. J. Comput. Secur. 17(5): 517-548 (2009) - [j8]Alejandro Russo, Andrei Sabelfeld:
Securing interaction between threads and the scheduler in the presence of synchronization. J. Log. Algebraic Methods Program. 78(7): 593-618 (2009) - [c26]Aslan Askarov, Andrei Sabelfeld:
Tight Enforcement of Information-Release Policies for Dynamic Languages. CSF 2009: 43-59 - [c25]Alejandro Russo, Andrei Sabelfeld:
Securing Timeout Instructions in Web Applications. CSF 2009: 92-106 - [c24]Andrei Sabelfeld, Alejandro Russo:
From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research. Ershov Memorial Conference 2009: 352-365 - [c23]Alejandro Russo, Andrei Sabelfeld, Andrey Chudnov:
Tracking Information Flow in Dynamic Tree Structures. ESORICS 2009: 86-103 - [c22]Aslan Askarov, Andrei Sabelfeld:
Catch me if you can: permissive yet secure error handling. PLAS 2009: 45-57 - 2008
- [j7]Andrei Sabelfeld:
Preface. J. Comput. Secur. 16(5): 495 (2008) - [j6]Aslan Askarov, Daniel Hedin, Andrei Sabelfeld:
Cryptographically-masked flows. Theor. Comput. Sci. 402(2-3): 82-101 (2008) - [c21]Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, David Sands:
Termination-Insensitive Noninterference Leaks More Than Just a Bit. ESORICS 2008: 333-348 - 2007
- [c20]Andrei Sabelfeld:
Dimensions of Declassification in Theory and Practice. ASIAN 2007: 1 - [c19]Gilles Barthe, Tamara Rezk, Alejandro Russo, Andrei Sabelfeld:
Security of Multithreaded Programs by Compilation. ESORICS 2007: 2-18 - [c18]Aslan Askarov, Andrei Sabelfeld:
Localized delimited release: combining the what and where dimensions of information release. PLAS 2007: 53-60 - [c17]Aslan Askarov, Andrei Sabelfeld:
Gradual Release: Unifying Declassification, Encryption and Key Release Policies. S&P 2007: 207-221 - [e3]Gilles Barthe, Heiko Mantel, Peter Müller, Andrew C. Myers, Andrei Sabelfeld:
Mobility, Ubiquity and Security, 25.02. - 02.03.2007. Dagstuhl Seminar Proceedings 07091, Internationales Begegnungs- und Forschungszentrum fuer Informatik (IBFI), Schloss Dagstuhl, Germany 2007 [contents] - [i4]Gilles Barthe, Heiko Mantel, Peter Müller, Andrew C. Myers, Andrei Sabelfeld:
07091 Executive Summary - Mobility, Ubiquity and Security. Mobility, Ubiquity and Security 2007 - [i3]Gilles Barthe, Heiko Mantel, Peter Müller, Andrew C. Myers, Andrei Sabelfeld:
07091 Abstracts Collection - Mobility, Ubiquity and Security. Mobility, Ubiquity and Security 2007 - 2006
- [j5]Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic:
Enforcing Robust Declassification and Qualified Robustness. J. Comput. Secur. 14(2): 157-196 (2006) - [c16]Alejandro Russo, John Hughes, David A. Naumann, Andrei Sabelfeld:
Closing Internal Timing Channels by Transformation. ASIAN 2006: 120-135 - [c15]Alejandro Russo, Andrei Sabelfeld:
Securing Interaction between Threads and the Scheduler. CSFW 2006: 177-189 - [c14]Alejandro Russo, Andrei Sabelfeld:
Security for Multithreaded Programs Under Cooperative Scheduling. Ershov Memorial Conference 2006: 474-480 - [c13]Aslan Askarov, Daniel Hedin, Andrei Sabelfeld:
Cryptographically-Masked Flows. SAS 2006: 353-369 - [e2]Dieter Gollmann, Jan Meier, Andrei Sabelfeld:
Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings. Lecture Notes in Computer Science 4189, Springer 2006, ISBN 3-540-44601-X [contents] - 2005
- [j4]Martín Abadi, Greg Morrisett, Andrei Sabelfeld:
"Language-Based Security". J. Funct. Program. 15(2): 129 (2005) - [c12]Andrei Sabelfeld, David Sands:
Dimensions and Principles of Declassification. CSFW 2005: 255-269 - [c11]Aslan Askarov, Andrei Sabelfeld:
Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study. ESORICS 2005: 197-221 - [c10]Riccardo Focardi, Sabina Rossi, Andrei Sabelfeld:
Bridging Language-Based and Process Calculi Security. FoSSaCS 2005: 299-315 - [e1]