My webpage publication list is usually outdated, so please check DBLP, HAL, or my students' webpages for more up-to-date information. I often tweet about my work as @TamaraRezk well before publishing it here.

Selected Conferences and Workshops

  • Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE with Lesly-Ann Daniel and Sébastien Bardin
    NDSS'21

  • High-Assurance Cryptography in the Spectre Era with Gilles Barthe, Sunjay Cauligi, Benjamin Grégoire, Adrien Koutsos, Kevin Liao, Tiago Oliveira, Swarn Priya, and Peter Schwabe
    IEEE S&P'21

  • Statically Identifying XSS using Deep Learning with Héloïse Maurel and Santiago Vidal
    Secrypt'21

  • Reflections on the Experimental Evaluation of a Binary-Level Symbolic Analyzer for Spectre Lesly-Ann Daniel, Sébastien Bardin, Tamara rezk


  • SecureJS Compiler: Portable Memory Isolation in JavaScript with Yoonseok Ko and Manuel Serrano
    SAC 2021

  • Constant-Time Foundations for the New Spectre Era with Sunjay Cauligi, Craig Disselkoen, Klaus von Gleissenthall, Deian Stefan, Gilles Barthe
    PLDI'20

  • Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level with Lesly-Ann Daniel and Sébastien Bardin
    IEEE S&P'20

  • Security Analysis of ElGamal Implementations with Mohamad El Laz and Benjamin Grégoire
    Secrypt'20

  • Clockwork: Tracking Remote Timing Attacks with Iulia Bastys, Musard Balliu, and Andrei Sabelfeld
    In Proceedings of the IEEE Computer Security Foundations Symposium 2020 (CSF'20)

  • Typed-based Declassification for Free with Minh Ngo and David Naumann
    In Proceedings of ICFEM'20

  • Streghtening Content Security Policy via Monitoring and URL Parameters Filtering with Francis Somé
    In Proceedings of WPES'20

  • Impossibility of Precise and Sound Termination Sensitive Security Enforcements with Minh Ngo and Frank Piessens
    IEEE S&P'18

  • On the Content Security Policy Violations due to the Same-Origin Policy with Francis Somé and Nataliia Bielova
    WWW'17

  • On Access Control, Capabilities, their Equivalence, and Confused Deputy Attacks with Vineet Rajani and Deepak Garg
    CSF'16

  • Hybrid Typing of Secure Information Flow in a JavaScript-like Language with José Fragoso-Santos, Thomas Jensen, and Alan Schmitt
    TGC'15

  • Stateful Declassification Policies for Event-Driven Programs with Mathy Vanhoef, Willem De Groef, Dominique Devriese, Frank Piessens
    CSF'14

  • An Information Flow Monitor-Inlining Compiler for Securing a Core of JavaScript with José Fragoso-Santos
    IFIP SEC'14

  • An Information Flow Monitor for a Core of DOM - Introducing references and live primitives with Ana Almeida-Matos and José Fragoso-Santos
    TGC'14

  • Mashic Compiler: Mashup Sandboxing using Inter-frame Communication with Zhengqin Luo
    CSF'12, see also journal version where we propose an optimization for the compiler based on future batches

  • Information-flow types for homomorphic encryptions with Cédric Fournet and Jéremy Planul
    CCS'11

  • Automated Code Injection Prevention for Web Applications with Zhengqin Luo, and Manuel Serrano
    TOSCA'11

  • Towards Reasoning for Web Applications: An Operational Semantics for Hop with Gérard Boudol, Zhengqin Luo, and Manuel Serrano
    APLWACA 2010, see also the journal version where we model the same origin policy

  • Robustness Guarantees for Anonymity with Gilles Barthe, Alejandro Hevia, Zhengqin Luo, and Bogdan Warinschi
    CSF 2010

  • A Security-Preserving Compiler for Distributed Programs with Cédric Fournet and Gurvan Le Guernic
    CCS 2009

  • Cryptographically sound implementations for typed information-flow security with Cédric Fournet
    POPL 2008

  • Deriving an Information Flow Checker and Certifying Compiler for Java with Gilles Barthe and David Naumann
    IEEE S&P'06

  • Preventing timing leaks through transactional branching instructions with Gilles Barthe and Martijn Warnier
    QAPL'05

  • Secure Information Flow by Self Composition with Gilles Barthe and Pedro D'Argenio
    CSFW'04

    Journals

  • Mashic Compiler: Mashup Sandboxing using Inter-frame Communication In Journal of Computer Security 
    @article{mashicJCS,  
author    = {Zhengqin Luo and Jos{\'e} Fragoso Santos and Ana Almeida Matos and Tamara Rezk},
  title     = {Mashic Compiler: Mashup Sandboxing using Inter-frame Communication},
  journal   = {Journal of Computer Security},
  year      = {2016}
  }
  • Reasoning about Web Applications: An Operational Semantics for Hop In ACM TOPLAS, June 2012
    @article{hopsemantics,  
author    = {Gerard Boudol and Zhengqin Luo and Tamara Rezk and Manuel Serrano},
  title     = {Reasoning about Web Applications: An Operational Semantics for Hop},
  journal   = {ACM Transanctions on Programming  Languages and Systems},
  volume    = {34},
  number    = {2},
  year      = {2012}
  }
  • A Certified Lightweight Non-Interference Java Bytecode Verifier In MSCS, 2013 
    @article{jvmlong,  
author    = {Gilles Barthe and David Pichardie and Tamara Rezk},
  title     = {A Certified Lightweight Non-Interference Java Bytecode Verifier},
  journal   = {Mathematical Structures in Computer Science (MSCS)},
  volume    = {23},
  number    = {5},
  year      = {2013}
  }
  • Secure Information Flow by Self Composition In the Special Issue of MSCS of PLID, December 2011
    @article{selfcomposition,
  author    = {Gilles Barthe and Pedro R. D'Argenio and Tamara Rezk},
  title     = {Secure information flow by self-composition},
  journal   = {Mathematical Structures in Computer Science},
  volume    = {21},
  number    = {6},
  year      = {2011},
  pages     = {1207-1252}
}
  • Security of Multithreaded Programs by Compilation In ACM TISSEC, July 2010
    @article{securemultithreaded,
  author    = {Gilles Barthe and Tamara Rezk and Alejandro Russo and Andrei Sabelfeld},
  title     = {Security of multithreaded programs by compilation},
  journal   = {ACM Transactions on Information and System Security},
  volume    = {13},
  number    = {3},
  year      = {2010}
}
  • Certificate Translation for Optimizing Compilers In ACM TOPLAS, June 2009
    @article{certificatetranslation,  
author    = {Gilles Barthe and Benjamin Gr{\'e}goire and C{\'e}sar Kunz and Tamara Rezk},
  title     = {Certificate Translation for Optimizing Compilers},
  journal   = {ACM Transanctions on Programming  Languages and Systems},
  volume    = {31},
  number    = {5},
  year      = {2009}
  }
  • Security Types Preserving Compilation In the International Journal of Computer Languages, Systems and Structures, September 2007 
    @ARTICLE{preservingtypes,
  AUTHOR = {Gilles Barthe and Tamara Rezk and Amitabh Basu},
  TITLE = {Security Types Preserving Compilation},
  YEAR = {2005},
  journal   = {Computer Languages, Systems {\&} Structures},
  volume    = {33},
  number    = {2},
  year      = {2007},
  pages     = {35-59}
}