The lectures and slides cover the course topics and try to be self-content (you will find even some source code in them). The content of the course is strongly based on the research results in the following papers.
Deian Stefan, Alejandro Russo, David Mazières, and John C. Mitchell. Disjunction category labels. In Proc. of the 16th Nordic Conference on Information Security Technology for Applications, NordSec’11. Springer-Verlag, 2012.
Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John C. Mitchell, and Alejandro Russo. Hails: Protecting data privacy in untrusted web applications. In Proc. of the 10th USENIX Conference on Operating Systems Design and Implementation, OSDI’12. USENIX Association, 2012.
Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, and David Mazières. Protecting Users by Confining JavaScript with COWL. In Proceedings of 11th Symposium on Operating Systems Design and Implementation, USENIX, Broomfield, October 2014.
Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, and Alejandro Russo. IFC inside: Retrofitting languages with dynamic information flow control. In the Proceedings of the Conference on Principles of Security and Trust (POST). Springer, April 2015.
Students can read the following papers to get more details to certain topics in the course.
Bell, David Elliott and LaPadula, Leonard J. (1973). Secure Computer Systems: Mathematical Foundations. MITRE Corporation.
Biba, K. J. [Integrity Considerations for Secure Computer Systems] (http://www.albany.edu/acc/courses/ia/classics/belllapadula1.pdf), MTR-3153, The Mitre Corporation, April 1977.
Hunt, S., Askarov, A., Sabelfeld, A. & Sands, D. (2008). Termination-insensitive noninterference leaks more than just a bit. In the Proceedings of the European Symposium on Research in Computer Security, Oct 2008, Malaga, Spain.
Jonas Magazinius, Aslan Askarov, and Andrei Sabelfeld. A lattice-based approach to mashup security. In Proc. Of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’10. ACM, 2010.
Johari, R. and Sharma, P. A Survey On Web Application Vulnerabilities (SQLIA,XSS) Exploitation and Security Engine for SQL Injection. In Proceedings of the Conference on Communication Systems and Network Technologies (CSNT), 2012.