1. We are Family: Relating Information-Flow Trackers, with Musard Balliu and Daniel Schoepe. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Oslo, Norway, September 2017.

  2. PrivatePool: Privacy-Preserving Ridesharing, with Per Hallgren and Claudio Orlandi. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Santa Barbara, CA, August 2017.

  3. A Principled Approach to Tracking Information Flow in the Presence of Libraries, with Daniel Hedin, Alexander Sjösten, and Frank Piessens. In Proceedings of the International Conference on Principles of Security and Trust (POST), Uppsala, Sweden, April 2017.

  4. Measuring Login Webpage Security, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the ACM Symposium on Applied Computing (SAC), Marrakech, Morocco, April 2017.

  5. Discovering Browser Extensions via Web Accessible Resources, with Alexander Sjösten and Steven Van Acker. In Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY), Scottsdale, AZ, USA, March 2017.

  6. Privacy-Preserving Location-Proximity for Mobile Apps, with Simonas Stirbys, Omar Abu Nabah, and Per Hallgren. In Proceedings of the Parallel, Distributed, and Network-Based Processing (PDP), St. Petersburg, Russia, March 2017.

  7. Location-enhanced Authentication using the IoT, with Ioannis Agadakos, Per Hallgren, and Georgios Portokalidis. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, December 2016.

  8. MaxPace: Speed-Constrained Location Queries, with Per Hallgren and Martin Ochoa. In Proceedings of the IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, USA, October 2016.

  9. Let's Face It: Faceted Values for Taint Tracking, with Daniel Schoepe, Musard Balliu, and Frank Piessens. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Greece, September 2016.

  10. JavaScript Sandboxing: Isolating and Restricting Client-Side JavaScript, with Steven Van Acker. In Foundations of Security Analysis and Design VIII, LNCS 9808, Springer, August 2016.

  11. Data Exfiltration in the Face of CSP, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), Xi'an, China, May 2016.

  12. Progress-Sensitive Security for SPARK, with Willard Rafnsson and Deepak Garg. In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS), London, UK, April 2016.

  13. Web Application Security using JSFlow, with Daniel Hedin. In Proceedings of the International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), Romania, March 2016.

  14. Explicit Secrecy: A Policy for Taint Tracking, with Daniel Schoepe, Musard Balliu, and Benjamin C. Pierce. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), Saarbrücken, Germany, March 2016.

  15. JSLINQ: Building Secure Applications across Tiers, with Musard Balliu, Benjamin Liebe, and Daniel Schoepe. In Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY), New Orleans, LA, March 2016.

  16. Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent, with Willard Rafnsson. Journal of Computer Security, Special issue on IEEE CSF 2012/13, IOS Press. 2016.

  17. Information-flow security for JavaScript and its APIs, with Daniel Hedin and Luciano Bello. Journal of Computer Security, Special issue on IEEE CSF 2012/13, IOS Press. 2016.

  18. Value Sensitivity and Observable Abstract Values for Information Flow Control, with Luciano Bello and Daniel Hedin. In Proceedings of the International Conferences on Logic for Programming, Artificial Intelligence and Reasoning (LPAR), November 2015.

  19. BetterTimes: Privacy-assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields, with Per Hallgren and Martin Ochoa. In Proceedings of the International Conference on Provable Security (ProvSec), Kanazawa, Japan, November 2015.

  20. InnerCircle: A Parallelizable Decentralized Privacy-Preserving Location Proximity Protocol, with Per Hallgren and Martin Ochoa. In Proceedings of the International Conference on Privacy, Security and Trust (PST), Izmir, Turkey, July 2015.

  21. Understanding and Enforcing Opacity, with Daniel Schoepe. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Verona, Italy, July 2015.

  22. Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language, with Daniel Hedin and Luciano Bello. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Verona, Italy, July 2015.

  23. May I? - Content Security Policy Endorsement for Browser Extensions, with Daniel Hausknecht and Jonas Magazinius. In Proceedings of the Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA), Milan, Italy, July 2015.

  24. Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting It Right, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, March 2015.

  25. SeLINQ: Tracking Information Across Application-Database Boundaries, with Daniel Schoepe and Daniel Hedin. In Proceedings of the ACM International Conference on Functional Programming (ICFP), Gothenburg, Sweden, September 2014.

  26. Compositional Information-flow Security for Interactive Systems, with Willard Rafnsson. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Vienna, Austria, July 2014.

  27. JSFlow: Tracking Information Flow in JavaScript and its APIs, with Daniel Hedin, Arnar Birgisson, and Luciano Bello. In Proceedings of the ACM Symposium on Applied Computing (SAC), Gyeongju, Korea, March 2014.

  28. Architectures for Inlining Security Monitors in Web Application, with Jonas Magazinius and Daniel Hedin. In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS), Munich, Germany, February 2014.

  29. Polyglots: Crossing Origins by Crossing Formats, with Jonas Magazinius and Billy K. Rios. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.

  30. Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent, with Willard Rafnsson. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), New Orleans, LA, June 2013.

  31. GlassTube: A Lightweight Approach to Web Application Integrity, with Per Hallgren and Daniel Mauritzson. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), Seattle, WA, June 2013.

  32. Securing Class Initialization in Java-like Languages, with Willard Rafnsson and Keiko Nakata. In IEEE Transactions on Dependable and Secure Computing (TDSC), 10:1(1-13), January 2013.

  33. On-the-fly Inlining of Dynamic Security Monitors, with Jonas Magazinius and Alejandro Russo. In Computers & Security, 31:7(827-843), October 2012, Elsevier.

  34. Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing, with Arnar Birgisson and Daniel Hedin. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Pisa, Italy, September 2012, LNCS, Springer-Verlag.

  35. Information-Flow Security for a Core of JavaScript, with Daniel Hedin. In Proceedings of the IEEE Computer Security Foundations Symposium, Harvard University, Cambridge MA, June 25-27, 2012. IEEE Computer Society Press.

  36. Securing Interactive Programs, with Willard Rafnsson and Daniel Hedin. In Proceedings of the IEEE Computer Security Foundations Symposium, Harvard University, Cambridge MA, June 25-27, 2012. IEEE Computer Society Press.

  37. Decentralized Delimited Release, with Jonas Magazinius and Aslan Askarov. In Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS), Kenting, Taiwan, December 2011. LNCS, Springer-Verlag.

  38. Multi-run security, with Arnar Birgisson. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Leuven, Belgium, September 2011, LNCS, Springer-Verlag.

  39. A Perspective on Information-Flow Control, with Daniel Hedin. In Proceedings of the 2011 Marktoberdorf Summer School, IOS Press.

  40. Capabilities for information flow, with Arnar Birgisson and Alejandro Russo. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Jose, CA, June 2011.

  41. Limiting Information Leakage in Event-based Communication, with Willard Rafnsson. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Jose, CA, June 2011.

  42. Unifying Facets of Information Integrity, with Arnar Birgisson and Alejandro Russo. In Proceedings of the International Conference on Information Systems Security (ICISS), Gandhinagar, India, December 2010, LNCS, Springer-Verlag.

  43. On-the-fly Inlining of Dynamic Security Monitors, with Jonas Magazinius and Alejandro Russo. In Proceedings of the IFIP International Information Security Conference (SEC), Brisbane, Australia, September 2010.

  44. Dynamic vs. Static Flow-Sensitive Security Analysis, with Alejandro Russo. In Proceedings of the IEEE Computer Security Foundations Symposium, Edinburgh, UK, July 17-19, 2010. IEEE Computer Society Press.

  45. Security of Multithreaded Programs by Compilation, with Gilles Barthe, Tamara Rezk, and Alejandro Russo. In ACM Transactions on Information and System Security (TISSEC). 13:3(21:1-21:32), July 2010.

  46. Securing Class Initialization, with Keiko Nakata. In Proceedings of the IFIP International Conference on Trust Management (IFIPTM), Morioka, Iwate, Japan, June 2010, LNCS, Springer-Verlag.

  47. A Lattice-based Approach to Mashup Security, with Jonas Magazinius and Aslan Askarov. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing, China, April 2010.

  48. Tracking Information Flow in Dynamic Tree Structures, with Alejandro Russo and Andrey Chudnov. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Saint Malo, France, September 2009, LNCS, Springer-Verlag.

  49. Implicit flows in malicious and nonmalicious code, with Alejandro Russo and Keqin Li. In Proceedings of the 2009 Marktoberdorf Summer School, IOS Press.

  50. Securing Interaction between Threads and the Scheduler in the Presence of Synchronization, with Alejandro Russo. In Journal of Logic and Algebraic Programming, 78:7(593-618), Elsevier, August 2009.

  51. Securing Timeout Instructions in Web Applications, with Alejandro Russo. In Proceedings of the IEEE Computer Security Foundations Symposium, Port Jefferson, NY, July 8-10, 2009. IEEE Computer Society Press.

  52. Tight Enforcement of Information-Release Policies for Dynamic Languages, with Aslan Askarov. In Proceedings of the IEEE Computer Security Foundations Symposium, Port Jefferson, NY, July 8-10, 2009. IEEE Computer Society Press.

  53. From dynamic to static and back: Riding the roller coaster of information-flow control research, with Alejandro Russo. In Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, June 15-19, 2009. LNCS 5947, Springer-Verlag.

  54. Catch Me If You Can: Permissive Yet Secure Error Handling, with Aslan Askarov. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Dublin, Ireland, June 2009.

  55. Declassification: Dimensions and Principles, with David Sands. Journal of Computer Security, 17:5(517-548), IOS Press. Accepted: December 2006; Final version: February 2007; Publication: January 2009.

  56. Termination-Insensitive Noninterference Leaks More Than Just a Bit, with Aslan Askarov, Sebastian Hunt, and David Sands. In Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS), Malaga, Spain, October 2008, LNCS 5283, Springer-Verlag.

  57. Cryptographically-Masked Flows, with Aslan Askarov and Daniel Hedin. In Theoretical Computer Science, 402(2-3):82-101, August 2008, Elsevier.

  58. Closing Internal Timing Channels by Transformation, with Alejandro Russo, John Hughes, and David Naumann. In Proceedings of the 11th Annual Asian Computing Science Conference, Tokyo, Japan, December 6-8, 2006, Revised Selected Papers, LNCS 4435, Springer-Verlag. January 2008.

  59. Security of Multithreaded Programs by Compilation, with Gilles Barthe, Tamara Rezk, and Alejandro Russo. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), Dresden, Germany, September 24-26, 2007, LNCS 4734, Springer-Verlag.

  60. Localized Delimited Release: Combining the What and Where Dimensions of Information Release, with Aslan Askarov. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Diego, California, June 14, 2007.

  61. Gradual Release: Unifying Declassification, Encryption and Key Release Policies, with Aslan Askarov. In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley/Oakland, California, May 20-23, 2007.

  62. Cryptographically-Masked Flows, with Aslan Askarov and Daniel Hedin. In Proceedings of the International Static Analysis Symposium, Seoul, Korea, August 29-31, 2006. LNCS 4134, Springer-Verlag.

  63. Securing Interaction between Threads and the Scheduler, with Alejandro Russo. In Proceedings of the 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. IEEE Computer Society Press.

  64. Security for Multithreaded Programs under Cooperative Scheduling, with Alejandro Russo. In Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, June 27-30, 2006. LNCS 4378, Springer-Verlag.

  65. Enforcing Robust Declassification and Qualified Robustness, with Andrew C. Myers and Steve Zdancewic. Journal of Computer Security, 14(2):157-196, IOS Press, May 2006.

  66. Security-typed languages for implementation of cryptographic protocols: A case study, with Aslan Askarov. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), Milan, Italy, September 12-14, 2005, LNCS, Springer-Verlag, September 2005.

  67. Dimensions and Principles of Declassification, with David Sands. In Proceedings of the 18th IEEE Computer Security Foundations Workshop, Aix-en-Provence, France, June 20-22, 2005. IEEE Computer Society Press.

  68. Bridging Language-Based and Process Calculi Security, with Riccardo Focardi and Sabina Rossi. In Proceedings of Foundations of Software Science and Computation Structures (FOSSACS'05), pages 299-315, Edinburgh, Scotland, April 2-8, 2005, LNCS 3441, Springer-Verlag.

    Full version available as Bridging Language-Based and Process Calculi Security, Technical Report, CS-2004-14, University of Venice, December 2004.

  69. A Model for Delimited Information Release, with Andrew C. Myers. In Proceedings of the 2003 International Symposium on Software Security (ISSS'03), pages 174-191, Tokyo, Japan, November 4-6, 2003. LNCS 3233, Springer-Verlag. October 2004.

  70. Enforcing Robust Declassification, with Andrew C. Myers and Steve Zdancewic. In Proceedings of the 17th IEEE Computer Security Foundations Workshop, Pacific Grove, California, June 28-30, 2004. IEEE Computer Society Press.

  71. A Unifying Approach to the Security of Distributed and Multi-Threaded Programs, with Heiko Mantel. Journal of Computer Security, 11(4):615-676, IOS Press, September 2003.

  72. Confidentiality for Multithreaded Programs via Bisimulation. In Proceedings of Andrei Ershov 5th International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, July 9-12, 2003. LNCS 2890, Springer-Verlag.

  73. Language-Based Information-Flow Security (ps, pdf) with Andrew C. Myers. IEEE Journal on Selected Areas in Communications, 21(1):5-19, January 2003.
    This is a survey article on language-based techniques for the specification and enforcement of confidentiality properties. The BibTeX file with references made in the survey is available here.

  74. Static Confidentiality Enforcement for Distributed Programs, with Heiko Mantel. In Proceedings of the 9th International Static Analysis Symposium, Madrid, Spain, September 17-20, 2002. LNCS 2477, Springer-Verlag.

  75. The Impact of Synchronisation on Secure Information Flow in Concurrent Programs. In Proceedings of Andrei Ershov 4th International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, July 3-6, 2001. LNCS 2244, Springer-Verlag.

  76. A Generic Approach to the Security of Multi-threaded Programs, with Heiko Mantel. In Proceedings of the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June 11-13, 2001. IEEE Computer Society Press.

  77. Semantic Models for the Security of Sequential and Concurrent Programs. (ps-file size: 2M). PhD Thesis, Chalmers University of Technology and University of Gothenburg, May 2001. Defended in June 2001.

  78. A Per Model of Secure Information Flow in Sequential Programs, with David Sands. Higher-Order and Symbolic Computation, 14(1):59-91, March 2001.

  79. Probabilistic Noninterference for Multi-threaded Programs, with David Sands. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, Cambridge, England, July 2000. IEEE Computer Society Press.

  80. Semantics-based Security and Aspects of Program Analysis. (ps-file size: 2M) Licentiate Thesis, Chalmers University of Technology and University of Gothenburg, March 2000.

  81. A Per Model of Secure Information Flow in Sequential Programs, with David Sands. In Proceedings of the 8th European Symposium on Programming, ESOP'99, LNCS 1576, pages 40-58, Amsterdam, March 1999, Springer-Verlag.

  82. Simple Semantic Analysis Problems for Functional Programs, with Viktor Sabelfeld. In Proceedings of the 1997 ACM SIGPLAN International Conference on Functional Programming, Amsterdam, June 1997. ACM Press.

  83. Equivalent Transformations of Recursive Schemes with Finite Unfolding, with Viktor Sabelfeld. Programming and Computer Software, 23 (2):70-77, 1997.

  84. Correct Transformations of Logic Programs. Joint Bulletin of Novosibirsk Computer Center and the Institute of Informatics Systems, 5:55-67, 1996.