Literature
The lectures and slides cover the course topics and try to be self-content (you will find even some source code in them). The content of the course is strongly based on the research results in the following papers.
Carlos Tome-Cortiñas, Alejandro Russo. Simple Contextual Information-Flow Control with Effects. Draft, 2021.
Marco Vassena, Alejandro Russo, Pablo Buiras, and Lucas Waye. A verified static information-flow control library. In the Journal of Logical and Algebraic Methods in Programming, JLAMP, 2018.
Marco Vassena, Joachim Breitner and Alejandro Russo. Securing Concurrent Lazy Programs Against Information Leakage. In Proc. of IEEE Computer Security Foundations Symposium, CSF, 2017.
Maximilian Algehed and Alejandro Russo. Encoding DCC in Haskell. In Proc. of ACM Workshop on Programming Languages and Analysis for Security, PLAS, 2017.
Deian Stefan, Alejandro Russo, John Mitchell, and David Mazières. Flexible Dynamic Information Flow Control in Presence of Exceptions. Journal of Functional Programming, JFP, Cambridge University Press, 2016.
Alejandro Russo. Functional pearl: Two can keep a secret, if one of them uses Haskell. In Proc. of the ACM SIGPLAN International Conference on Functional Programming, ICFP 2015, ACM.
Deian Stefan, Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazières. Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling In Proc. of European Symposium on Research in Computer Security, ESORICS, 2013.
Complimentary reading
Students can read the following papers to get more details to certain topics in the course.
Maximilian Algehed. A perspective on the Dependency Core Calculus. In Proc. of ACM Workshop on Programming Languages and Analysis for Security, PLAS, 2018.
Pablo Buiras and Alejandro Russo. Lazy Programs Leak Secrets. In Proc. of Nordic Conference on Secure IT Systems, NordSec, 2013.
Deian Stefan, Alejandro Russo, David Mazières, and John C. Mitchell. Disjunction category labels. In Proc. of the Nordic Conference on Information Security Technology for Applications, NordSec’11. Springer-Verlag, 2012.
Hunt, S., Askarov, A., Sabelfeld, A. & Sands, D. (2008). Termination-insensitive noninterference leaks more than just a bit. In the Proceedings of the European Symposium on Research in Computer Security, Oct 2008, Malaga, Spain.