@string{ACM = "ACM Press"} @string{IEEE = "IEEE Computer Society Press"} @string{SV = "Springer-Verlag"} @string{AW = "Addison-Wesley"} %Series @string{LNCS = "LNCS"} %Journals @string{JCS = "J. Computer Security"} @string{TCS = "Theoretical Computer Science"} @string{JACM = "J. ACM"} @string{CACM = "Comm. of the ACM"} @string{IC = "Information and Computation"} @string{TOPLAS = "ACM TOPLAS"} @string{HOSC = "Higher Order and Symbolic Computation"} %Conferenes @string{SSP = "Proc. IEEE Symp. on Security and Privacy"} @string{SOSP = "Proc. ACM Symp. on Operating System Principles"} @string{ESOP = "Proc. European Symposium on Programming"} @string{FOSSACS = "Proc. Foundations of Software Science and Computation Structure"} @string{POPL = "Proc. ACM Symp. on Principles of Programming Languages"} @string{CSFW = "Proc. IEEE Computer Security Foundations Workshop"} @string{ESORICS = "Proc. European Symp. on Research in Computer Security"} @string{SAS = "Proc. Symposium on Static Analysis"} @string{ICFP ="Proc. ACM International Conference on Functional Programming"} @string{LICS ="Proc. IEEE Symp. on Logic in Computer Science"} @inproceedings{Abadi+:Core, author = "M. Abadi and A. Banerjee and N. Heintze and J. Riecke", title = "A Core calculus of Dependency", booktitle = POPL, month = jan, year = 1999, pages = "147--160" } @inproceedings{Abadi:Blanchet:FOSSACS01, author = "M. Abadi and B. Blanchet", title = "Secrecy types for asymmetric communication", booktitle = FOSSACS, pages = "25--41", year = 2001, month = apr, series = LNCS, volume = 2030, publisher = SV } @book{Abadi:Cardelli:Objects, author = "M. Abadi and L. Cardelli", title = "A Theory of Objects", series = "Monographs in Computer Science", publisher = SV, address = "New York", year = 1996 } @article{Abadi:Gordon:Spi, author = "M. Abadi and A. D. Gordon", title = "A Calculus for Cryptographic Protocols: The {Spi} Calculus", journal = IC, year = 1999, volume = 148, number = 1, month = jan, pages = "1--70" } @inproceedings{Abadi:Secrecy:Typing, author = "M. Abadi", title = "Secrecy by typing in security protocols", booktitle = "Proc. Theoretical Aspects of Computer Software", pages = "611--638", month = sep, year = 1997 } @article{Abadi:Secrecy:Typing:ACM, author = "M. Abadi", title = "Secrecy by typing in security protocols", journal = JACM, volume = 46, number = 5, month = sep, year = 1999, pages = "749--786" } @incollection{Abramksy:McCusker:Game:Semantics, author = "S. Abramksy and G. McCusker", title = "Game Semantics", booktitle = "Logic and Computation: Proc. 1997 Marktoberdorf Summer School", publisher = SV, year = 1998, editor = "U. Berger and H. Schwichtenberg", series = "NATO Science Series" } @phdthesis{Agat:PhD, author = "J. Agat", title = "Type Based Techniques for Covert Channel Elimination and Register Allocation", school = "Chalmers University of Technology and Gothenburg University", address = "Gothenburg, Sweden", month = dec, year = 2000 } @inproceedings{Agat:Sands:SSP01, author = "J. Agat and D. Sands", title = "On confidentiality and algorithms", booktitle = SSP, year = 2001, month = may, pages = "64--77" } @inproceedings{Agat:Timing, author = "J. Agat", title = "Transforming out timing leaks", booktitle = POPL, year = 2000, month = jan, pages = "40--53", } @inproceedings{Aldini:CONCUR01, author = "A. Aldini", title = "Probabilistic Information Flow in a Process Algebra", booktitle = "Proc. CONCUR'01", pages = "152--168", year = 2001, volume = 2154, series = LNCS, month = aug, publisher = SV } @article{Andrews:Reitman:Axiomatic, title = "An axiomatic approach to information flow in programs", author = "G. R. Andrews and R. P. Reitman", journal = TOPLAS, volume = 2, number = 1, month = jan, year = 1980, pages = "56--75" } @book{Appel:Continuations:Book, author = "A. Appel", title = "Compiling with Continuations", publisher = "Cambridge University Press", year = 1992 } @inproceedings{Banatre:Bryce:CSFW93, author = "J.-P. Ban\^atre and C. Bryce", title = "Information flow control in a parallel language framework", booktitle = CSFW, year = 1993, pages = "39--52", month = jun } @inproceedings{Banatre:Bryce:LeMetayer:Distributed95, author = "J.-P. Ban\^atre and C. Bryce and D. {Le M\'etayer}", booktitle = "Proc. {IEEE} International Workshop on Future Trends in Distributed Computing Systems", pages = "384--394", title = "An approach to information security in distributed systems", year = 1995 } @inproceedings{Banatre:Bryce:LeMetayer:ESORICS94, author = "J.-P. Ban\^atre and C. Bryce and D. {Le M\'etayer}", title = "Compile-time detection of information flow in sequential programs", booktitle = ESORICS, series = LNCS, volume = 875, pages = "55--73", year = 1994, publisher = SV } @inproceedings{Banerjee:Naumann:CSFW02, author = "A. Banerjee and D. A. Naumann", title = "Secure information flow and pointer confinement in a {J}ava-like language", booktitle = CSFW, pages = "253--267", year = 2002, month = jun } @book{Barendregt:Lambda, author = "H. Barendregt", title = "The Lambda Calculus, Its Syntax and Semantics", publisher = "North-Holland", year = 1984 } @inproceedings{Barthe:Serpette:FLOPS99, Author = "G. Barthe and B. Serpette", Title = "Partial evaluation and non-interference for object calculi", Booktitle = "Proc. FLOPS", Year = 1999, Publisher = SV, series = LNCS, volume = 1722, pages = "53--67", month = nov } @techreport{Bell:LaPadula, author = "D. E. Bell and L. J. LaPadula", title = "Secure Computer Systems: Mathematical Foundations", institution = "MITRE Corp.", address = "Bedford, MA", number = "MTR-2547, Vol. 1", year = 1973 } @inproceedings{Bodei+:FOSSACS99, author = "C. Bodei and P. Degano and F. Nielson and H. {Riis Nielson}", title = "Static Analysis of Processes for No Read-Up and No Write-Down", booktitle = FOSSACS, year = 1999, month = apr, pages = "120--134", number = 1578, series = LNCS, publisher = SV } @incollection{Bodei+:Flow:Logic, author = "C. Bodei and P. Degano and H. {Riis Nielson} and F. Nielson", title = "Security Analysis using Flow Logics", pages = "525--542", booktitle = "Current Trends in Theoretical Computer Science", publisher = "World Scientific", year = 2000, editor = "G. Paun and G. Rozenberg and A. Salomaa" } @article{Bodei+:IC01, author = "C. Bodei and P. Degano and F. Nielson and H. {Riis Nielson}", title = "Static Analysis for the $\pi$-calculus with Applications to Security", journal = IC, volume = 168, pages = "68--92", year = 2001, } @inproceedings{Bodei+:PACT01, author = "C. Bodei and P. Degano and H. {Riis Nielson} and F. Nielson", title = "Static Analysis for Secrecy and Non-Interference in Networks of Processes", booktitle = "Proc. PACT'01", year = 2001, month = sep, pages = "27--41", volume = 2127, series = LNCS, publisher = SV } @article{Capabilities, author = "J. B. Dennis and E. C. VanHorn", title = "Programming Semantics for Multiprogrammed Computations", journal = CACM, volume = 9, number = 3, year = 1966, month = mar, pages = "143--155" } @inproceedings{Cardelli:Gordon:Ambients, author = "L. Cardelli and A. D. Gordon", title = "Mobile Ambients", booktitle = FOSSACS, pages = "140--155", year = 1998, month = apr, series = LNCS, volume = 1378, publisher = SV } @inproceedings{Castellani:Boudol:ICALP01, author = "G. Boudol and I. Castellani", title = "Noninterference for Concurrent Programs", booktitle = "Proc. ICALP", series = LNCS, volume = 2076, month = jul, year = 2001, pages = "382--395" } @article{Castellani:Boudol:TCS02, author = "G. Boudol and I. Castellani", title = "Non-interference for concurrent programs and thread systems", journal = TCS, year = 2002, volume = 281, number = 1, pages = "109--130", month = jun } @inproceedings{Clark+:ENTCS, author = "D. Clark and S. Hunt and P. Malacaria", booktitle = "Quantitative Aspects of Programming Languages---{Selected} papers from QAPL 2001", title = "Quantitative analysis of the leakage of confidential data", series = "Electronic Notes in Theoretical Computer Science", publisher = "Elsevier", year = 2002, volume = 59 } @article{Clark+:JCL, author = "D. Clark and C. Hankin and S. Hunt", title = "Information Flow for {Algol-like} Languages", journal = "Journal of Computer Languages", note = "To appear", year = 2002 } @article{Cohen:InformationA, author = "E. S. Cohen", title = "Information Transmission in Computational Systems", journal = "ACM SIGOPS Operating Systems Review", year = 1977, volume = 11, number = 5, pages = "133--139" } @incollection{Cohen:InformationB, author = "E. S. Cohen", title = "Information Transmission in Sequential Programs", booktitle = "Foundations of Secure Computation", publisher = "Academic Press", year = 1978, editor = "R. A. DeMillo and D. P. Dobkin and A. K. Jones and R. J. Lipton", pages = "297--335" } @inproceedings{Cousot:Cousot:Abstract:Interpretation, author = "P. Cousot and R. Cousot", title = "Abstract interpretation: {A} unified lattice model for static analysis of programs by construction or approximation of fixpoints", pages = "238--252", booktitle = POPL, year = 1977, month = jan } @article{DY83, author = "D. Dolev and A. Yao", title = "On the security of public-key protocols", journal = "IEEE Transactions on Information Theory", volume = 2, number = 29, pages = "198--208", month = aug, year = 1983 } @inproceedings{Dam:Giambiagi:CSFW00, author = "M. Dam and P. Giambiagi", title = "Confidentiality for Mobile Code: {The} Case of a Simple Payment Protocol", booktitle = CSFW, year = 2000, month = jul, pages = "233--244" } @book{Denning:Book, author = "D. E. Denning", title = "Cryptography and Data Security", publisher = AW, address = "Reading, MA", year = 1982 } @article{Denning:Denning:Certification, author = "D. E. Denning and P. J. Denning", title = "Certification of Programs for Secure Information Flow", journal = CACM, volume = 20, number = 7, pages = "504--513", month = jul, year = 1977 } @article{Denning:Lattice, author = "D. E. Denning", title = "A Lattice Model of Secure Information Flow", journal = CACM, volume = 19, number = 5, pages = "236--243", month = may, year = 1976 } @inproceedings{DiPierro+:AGP00, author = "A. {Di Pierro} and C. Hankin and H. Wiklicky", title = "Probabilistic Confinement in a Declarative Framework", booktitle = "Declarative Programming---{Selected} papers from AGP 2000", publisher = "Elsevier", series = "Electronic Notes in Theoretical Computer Science", volume = 48, year = 2001 } @inproceedings{DiPierro+:CSFW02, author = "A. {Di Pierro} and C. Hankin and H. Wiklicky", title = "Approximate Non-Interference", booktitle = CSFW, year = 2002, pages = "1--17", month = jun } @inproceedings{DiPierro+:SAS02, author = "A. {Di Pierro} and C. Hankin and H. Wiklicky", title = "Analysing Approximate Confinement under Uniform Attacks", booktitle = SAS, year = 2002, series = LNCS, volume = 2477, publisher = SV, month = sep, pages = "310--325" } @inproceedings{Duggan:CSFW02, author = "D. Duggan", title = "Cryptographic Types", booktitle = CSFW, year = 2002, pages = "238--252", month = jun } @inproceedings{Erlingsson:Schneider:SASI, title = "{SASI} enforcement of security policies: A retrospective", booktitle = "Proc. of the New Security Paradigm Workshop", author = "U. Erlingsson and F. B. Schneider", year = 1999, month = sep, pages = "87--95" } @inproceedings{Evans:Twyman:SSP99, author = "D. Evans and A. Twyman", title = "Flexible Policy-Directed Code Safety", booktitle = SSP, month = may, year = 1999, pages = "32--45" } @techreport{Feiertag:80, author = "R. J. Feiertag", title = "A Technique for Proving Specifications are Multilevel Secure", institution = "SRI International Computer Science Lab", month = jan, year = 1980, number = "CSL-109", address = "Menlo Park, California" } @phdthesis{Fenton:73, author = "J. S. Fenton", title = "Information Protection Systems", school = "University of Cambridge", address = "Cambridge, England", year = 1973 } @article{Fenton:74, author = "J. S. Fenton", title = "Memoryless Subsystems", institution = "University of Cambridge", address = "Cambridge, England", journal = "Computing J.", volume = 17, number = 2, pages = "143--147", month = may, year = 1974 } @inproceedings{Focardi+:CSFW00, author = "R. Focardi and R. Gorrieri and F. Martinelli", title = "Information Flow Analysis in a Discrete-Time Process Algebra", booktitle = CSFW, pages = "170--184", year = 2000, month = jul } @article{Focardi:Gorrieri:Classification, author = "R. Focardi and R. Gorrieri", title = "A Classification of Security Properties for Process Algebras", journal = JCS, year = "1995", volume = 3, number = 1, pages = "5--33" } @unpublished{Giambiagi:02, author = "P. Giambiagi", title = "Confidentiality for Implementations of Security Protocols", month = feb, year = 2002, note = "Unpublished manuscript" } @misc{Giambiagi:Lic, author = "P. Giambiagi", title = "Secrecy for Mobile Implementations of Security Protocols", howpublished = "Licentiate Thesis, Royal Institute of Technology, Stockholm", month = oct, year = 2001 } @inproceedings{Goguen:Meseguer:Noninterference, author = "J. A. Goguen and J. Meseguer", title = "Security Policies and Security Models", booktitle = SSP, year = 1982, month = apr, pages = "11--20" } @inproceedings{Goguen:Meseguer:Unwinding, author = "J. A. Goguen and J. Meseguer", title = "Unwinding and Inference Control", booktitle = SSP, year = 1984, month = apr, pages = "75--86" } @inproceedings{Gray:Probabilistic, author = "J.W. {Gray III}", title = "Probabilistic Interference", booktitle = SSP, year = 1990, month = may, pages = "170--179" } @inproceedings{Heintze:Riecke:Slam, author = "N. Heintze and J. G. Riecke", title = "The {SLam} calculus: programming with secrecy and integrity", booktitle = POPL, year = 1998, pages = "365--377", month = jan } @inproceedings{Hennessy:Riely:ICALP00, author = "M. Hennessy and J. Riely", title = "Information Flow vs Resource Access in the Asynchronous Pi-calculus (Extended Abstract)", booktitle = "Proc. ICALP'00", month = jul, year = 2000, series = LNCS, volume = 1853, publisher = SV, pages = "415--427" } @inproceedings{Honda+:ESOP00, author = "K. Honda and V. Vasconcelos and N. Yoshida", title = "Secure Information Flow as Typed Process Behaviour", booktitle = ESOP, pages = "180--199", year = 2000, volume = 1782, series = LNCS, publisher = SV } @inproceedings{Honda:Yoshida:POPL02, title = "A Uniform Type Structure for Secure Information Flow", author = "K. Honda and N. Yoshida", booktitle = POPL, month = jan, year = 2002, pages = "81--92" } @article{Hydra, author = "W. A. Wulf and E. Cohen and W. Corwin and A. Jones and R. Levin and C. Pierson and F. Pollack", title = "H{YDRA}: The Kernel of a Multiprocessor System", journal = CACM, volume = 17, number = 6, year = 1974, month = jun, pages = "337--345" } @book{Java:Machine, author = "T. Lindholm and F. Yellin", title = "The {Java} Virtual Machine", publisher = AW, address = "Reading, MA", month = may, year = 1996 } @article{Joshi:Leino:SCP00, author = "R. Joshi and K. R. M. Leino", title = "A Semantic Approach to Secure Information Flow", journal = "Science of Computer Programming", year = 2000, volume = "37", number = "1--3", pages = "113--138", publisher = "Elsevier" } @inproceedings{Kocher:Timing, author = "P. C. Kocher", title = "Timing Attacks on Implementations of {D}iffie-{H}ellman, {RSA}, {DSS}, and Other Systems", booktitle = "Proc. CRYPTO'96", volume = 1109, series = LNCS, year = 1996, publisher = SV, pages = "104--113" } @inproceedings{Kozen:Language:Based:Security, author = "D. Kozen", title = "Language-Based Security", booktitle = "Proc. Mathematical Foundations of Computer Science", pages = "284--298", publisher = SV, series = LNCS, volume = 1672, month = sep, year = 1999 } @techreport{LaPadula:Bell, author = "L. J. LaPadula and D. E. Bell", title = "Secure Computer Systems: A Mathematical Model", institution = "MITRE Corp.", address = "Bedford, MA", number = "MTR-2547, Vol. 2", year = 1973, note = "Reprinted in {\em J. of Computer Security}, vol. 4, no. 2--3, pp. 239--263, 1996" } @inproceedings{Lampson:ACLS, author = "B. W. Lampson", title = "Protection", booktitle = "Proc. Princeton Symposium on Information Sciences and Systems", address = "Princeton University", year = 1971, month = mar, pages = "437--443", note = "Reprinted in {\em Operating Systems Review}, vol. 8, no. 1, pp. 18--24, Jan. 1974" } @article{Lampson:Confinement, author = "B. W. Lampson", title = "A Note on the Confinement Problem", journal = CACM, volume = 16, number = 10, month = oct, year = 1973, pages = "613--615" } @article{Larsen:Skou:Bisimulation, author = "K. G. Larsen and A. Skou", title = "Bisimulation through probabilistic testing", journal = IC, year = 1991, volume = 94, number = 1, pages = "1--28", month = sep } @inproceedings{Laud:ESOP01, author = "P. Laud", title = "Semantics and Program Analysis of Computationally Secure Information Flow", booktitle = ESOP, pages = "77--91", year = 2001, series = LNCS, publisher = SV, volume = 2028, month = apr } @inproceedings{Leino:Joshi:MPC98, author = "K. R. M. Leino and R. Joshi", title = "A semantic approach to secure information flow", booktitle = "Proc. Mathematics of Program Construction", series = LNCS, volume = 1422, pages = "254--271", year = 1998, month = jun } @inproceedings{Lowe:CSFW02, author = "G. Lowe", title = "Quantifying Information Flow", booktitle = CSFW, year = 2002, pages = "18--31", month = jun } @inproceedings{Malacaria:Hankin:LICS99, author = "P. Malacaria and C. Hankin", title = "Non-Deterministic Games and Program Analysis: {An} Application to Security", booktitle = LICS, pages = "443--452", year = 1999 } @inproceedings{Mantel:CSFW00, author = "H. Mantel", title = "Possibilistic Definitions of Security -- {An} Assembly Kit --", booktitle = CSFW, pages = "185--199", year = 2000, month = jul } @inproceedings{Mantel:SSP02, author = "H. Mantel", title = "On the Composition of Secure Systems", booktitle = SSP, pages = "81--94", year = 2002, month = may } @inproceedings{Mantel:Sabelfeld:CSFW01, author = "H. Mantel and A. Sabelfeld", title = "A Generic Approach to the Security of Multi-Threaded Programs", booktitle = CSFW, pages = "126--142", year = "2001", month = jun } @article{Mantel:Sabelfeld:JCS, author = "H. Mantel and A. Sabelfeld", title = "A Unifying Approach to the Security of Distributed and Multi-Threaded Programs", journal = JCS, year = 2002, note = "To appear." } @inproceedings{McCullough:Hook-up, author = "D. McCullough", title = "Specifications for Multi-level Security and Hook-Up Property", booktitle = SSP, month = apr, year = 1987, pages = "161--166" } @inproceedings{McCullough:SSP88, author = "D. McCullough", title = "Noninterference and the Composability of Security Properties", booktitle = SSP, pages = "177--186", year = 1988, month = may } @inproceedings{McHugh:Gypsy, author = "J. McHugh and D. I. Good", title = "An information flow tool for {G}ypsy", booktitle = SSP, month = apr, year = 1985, pages = "46--48" } @article{McLean:JCS92, author = "J. McLean", title = "Proving Noninterference and Functional Correctness Using Traces", journal = JCS, volume = 1, number = 1, year = 1992, pages = "37--58" } @inproceedings{McLean:SSP94, author = "J. McLean", title = "A General Theory of Composition for Trace Sets Closed Under Selective Interleaving Functions", booktitle = SSP, pages = "79--93", year = 1994, month = may } @inproceedings{McLean:Secure:Models:Inflow, title = "Security Models and Information Flow", author = "J. McLean", pages = "180--187", month = may, booktitle = SSP, year = 1990 } @article{McLean:TSE96, author = "J. McLean", title = "A General Theory of Composition for a Class of ``possibilistic'' Security Properties", journal = "IEEE Transactions on Software Engineering", year = 1996 , volume = 22, number = 1, pages = "53--67", month = jan } @inproceedings{Mizuno:NCSC89, author = "M. Mizuno", title = "A Least Fixed Point Approach to Inter-Procedural Information Flow Control", booktitle = "Proc. National Computer Security Conference", pages = "558--570", year = 1989 } @inproceedings{Mizuno:Oldehoeft:NCSC87, author = "M. Mizuno and A. Oldehoeft", title = "Information Flow Control in a Distributed Object-Oriented System With Statically-Bound Object Variables", booktitle = "Proc. National Computer Security Conference", pages = "56--67", year = 1987 } @article{Mizuno:Schmidt:Security, author = "M. Mizuno and D. Schmidt", title = "A Security Flow Control Algorithm and Its Denotational Semantics Correctness Proof", number = "6A", journal = "Formal Aspects of Computing", pages = "727--754", volume = 4, year = 1992 } @article{Morrisett+:TOPLAS, author = "G. Morrisett and D. Walker and K. Crary and N. Glew", title = "From {S}ystem {F} to Typed Assembly Language", journal = TOPLAS, year = 1999, volume = 21, number = 3, pages = "528--569", month = may } @phdthesis{Morrisett:PhD, author = "G. Morrisett", title = "Compiling with Types", school = "Carnegie Mellon University", month = dec, year = 1995, note = "Published as CMU Tech Report CMU-CS-95-226" } @inproceedings{Myers:Liskov:SOSP97, author = "A. C. Myers and B. Liskov", title = "A Decentralized Model for Information Flow Control", booktitle = SOSP, month = oct, year = 1997, pages = "129--142" } @inproceedings{Myers:Liskov:SSP98, author = "A. C. Myers and B. Liskov", title = "Complete, Safe Information Flow with Decentralized Labels", booktitle = SSP, month = may, year = 1998, pages = "186--197" } @inproceedings{Myers:POPL99, author = "A. C. Myers", title = "{JF}low: Practical Mostly-Static Information Flow Control", booktitle = POPL, year = 1999, month = jan, pages = "228--241" } @inproceedings{Necula:POPL97, author = "G. C. Necula", title = "Proof-Carrying Code", booktitle = POPL, pages = "106--119", year = 1997, month = jan } @inproceedings{Nielson+:CONCUR99, author = "F. Nielson and H. {Riis Nielson} and R. R. Hansen and J. G. Jensen", title = "Validating Firewalls in Mobile Ambients", booktitle = "Proc. CONCUR'99", pages = "463--477", number = 1664, series = LNCS, publisher = SV, year = 1999 } @book{Nielson+:Program:Analysis, author = "F. Nielson and H. {Riis Nielson} and C. Hankin", title = "Principles of Program Analysis", publisher = SV, year = 1999 } @inproceedings{Oerbaek:Can, author = "P. {\O}rb{\ae}k", title = "Can you trust your data?", series = LNCS, volume = 915, pages = "575--590", booktitle = "Proc. TAPSOFT/FASE'95", year = 1995, publisher = SV, month = may } @article{Oerbaek:Palsberg:Trust, author = "P. {\O}rb{\ae}k and J. Palsberg", title = "Trust in the $\lambda$-calculus", journal = "J. Functional Programming", volume = 7, number = 6, year = 1997, pages = "557--591" } @phdthesis{Oerbaek:Trust, author = "P. {\O}rb{\ae}k", title = "Trust and Dependence Analysis", school = "{BRICS}", year = 1997, address = "University of Aarhus, Aarhus, Denmark" } @manual{Orange:Book, organization = "Department of Defense", title = "Department of Defense Trusted Computer System Evaluation Criteria", key = "DOD", month = dec, year = 1985, edition = "{DOD 5200.28-STD (The Orange Book)}" } @inproceedings{Palsberg:Oerbaek:SAS95, author = "J. Palsberg and P. {\O}rb{\ae}k", title = "Trust in the $\lambda$-calculus", booktitle = SAS, pages = "314--329", month = sep, year = 1995, series = LNCS, number = 983, publisher = SV } @inproceedings{Pottier:CSFW02, author = "F. Pottier", title = "A Simple View of Type-Secure Information Flow in the pi-Calculus", booktitle = CSFW, year = 2002, pages = "320--330", month = jun } @inproceedings{Pottier:Conchon:ICFP00, author = "F. Pottier and S. Conchon", title = "Information Flow Inference for Free", booktitle = ICFP, pages = "46--57", year = 2000, month = sep } @inproceedings{Pottier:Simonet:POPL02, author = "F. Pottier and V. Simonet", title = "Information Flow Inference for {ML}", booktitle = POPL, month = jan, year = 2002, pages = "319--330" } @article{Pottier:Simonet:TOPLAS, author = "F. Pottier and V. Simonet", title = "Information Flow Inference for {ML}", journal = TOPLAS, year = 2002, note = "To appear" } @phdthesis{Reitman:PhD, author = "R. P. Reitman", title = "Information flow in parallel programs: {An} axiomatic approach", school = "Cornell University", year = 1978 } @inproceedings{Roscoe95, author = "A. W. Roscoe", title = "{CSP} and determinism in security modeling", booktitle = SSP, pages = "114--127", year = 1995, pages = "114--127", month = may } @incollection{Ryan:Bertinoro01, author = "P. Ryan", title = "Mathematical Models of Computer Security---Tutorial Lectures", booktitle = "Foundations of Security Analysis and Design", pages = "1--62", publisher = SV, year = 2001, editor = "R. Focardi and R. Gorrieri", volume = 2171, series = LNCS } @inproceedings{Ryan:Schneider:CSFW99, author = "P. Ryan and S. Schneider", title = "Process Algebra and Non-Interference", booktitle = CSFW, month = jun, year = 1999, pages = "214--227" } @misc{SOAP, author = "D. Box and D. Ehnebuske and G. Kakivaya and A. Layman and N. Mendelsohn and H. F. Nielsen and S. Thatte and D. Winer", title = "Simple Object Access Protocol ({SOAP}) 1.1", month = may, year = 2000, howpublished = "http://www.w3.org/TR/SOAP/" } @inproceedings{Sabelfeld:Mantel:SAS02, author = "A. Sabelfeld and H. Mantel", title = "Static Confidentiality Enforcement for Distributed Programs", booktitle = SAS, year = 2002, series = LNCS, volume = 2477, publisher = SV, month = sep, pages = "376--394" } @article{Sabelfeld:Myers:JSAC, author = "A. Sabelfeld and A. C. Myers", title = "Language-Based Information-Flow Security", journal = "IEEE J. Selected Areas in Communications", year = 2003, month = jan, volume = 21, number = 1, pages = "5--19" } @inproceedings{Sabelfeld:PSI01, author = "A. Sabelfeld", title = "The Impact of Synchronisation on Secure Information Flow in Concurrent Programs", booktitle = "Proc. Andrei Ershov International Conference on Perspectives of System Informatics", pages = "227--241", year = 2001, series = LNCS, volume = 2244, publisher = SV, month = jul } @phdthesis{Sabelfeld:PhD, author = "A. Sabelfeld", title = "Semantic Models for the Security of Sequential and Concurrent Programs", school = "Chalmers University of Technology and Gothenburg University", address = "Gothenburg, Sweden", month = may, year = 2001 } @inproceedings{Sabelfeld:Sands:ESOP99, author = "A. Sabelfeld and D. Sands", title = "A Per Model of Secure Information Flow in Sequential Programs", series = LNCS, volume = 1576, pages = "40--58", booktitle = ESOP, year = 1999, publisher = SV, month = mar } @article{Sabelfeld:Sands:HOSC01, author = "A. Sabelfeld and D. Sands", title = "A Per Model of Secure Information Flow in Sequential Programs", journal = HOSC, volume = 14, month = mar, number = 1, year = 2001, pages = "59--91" } @inproceedings{Sabelfeld:Sands:Probabilistic, author = "A. Sabelfeld and D. Sands", title = "Probabilistic Noninterference for Multi-threaded Programs", booktitle = CSFW, pages = "200--214", year = 2000, month = jul } @article{Saltzer+:End-to-end, author = "J. H. Saltzer and D. P. Reed and D. D. Clark", title = "End-to-end Arguments in System Design", journal = TOCS, volume = 2, number = 4, month = nov, year = 1984, pages = "277--288" } @article{Saltzer:Schroeder:TCB, author = "J. H. Saltzer and M. D. Schroeder", title = "The Protection of Information in Computer Systems", journal = "Proc. of the IEEE", volume = 63, number = 9, month = sep, year = 1975, pages = "1278--1308" } @incollection{Schneider+:Language-based:Security, author = "F. B. Schneider and G. Morrisett and R. Harper", title = "A Language-Based Approach to Security", booktitle = "Informatics---10 Years Back, 10 Years Ahead", volume = 2000, series = LNCS, publisher = SV, year = 2000, pages = "86--101" } @inproceedings{Sewell:Vitek:CSFW00, author = "P. Sewell and J. Vitek", title = "Secure Composition of Untrusted Code: {Wrappers} and Causality Types", booktitle = CSFW, year = 2000, pages = "269--284", month = jul } @book{Shannon:Information:Theory, author = "C. E. Shannon and W. Weaver", title = "The Mathematical Theory of Communication", publisher = "University of Illinois Press", year = 1963 } @inproceedings{Sheldon:Gifford:LFP90, author = "M. A. Sheldon and D. K. Gifford", title = "Static Dependent Types for First Class Modules", booktitle = "Proc. Lisp and Functional Programming", month = jun, pages = "20--29", year = 1990 } @inproceedings{Simonet:CSFW02, author = "V. Simonet", title = "Fine-grained Information Flow Analysis for a {$\lambda$-calculus} with Sum Types", booktitle = CSFW, year = 2002, pages = "223--237", month = jun } @inproceedings{Smith:CSFW01, author = "G. Smith", title = "A New Type System for Secure Information Flow", booktitle = CSFW, pages = "115--125", year = 2001, month = jun } @inproceedings{Smith:Volpano:MultiThreaded, author = "G. Smith and D. Volpano", title = "Secure Information Flow in a Multi-threaded Imperative Language", pages = "355--364", booktitle = POPL, month = jan, year = 1998 } @inproceedings{Sumii:Pierce:CSFW01, author = "E. Sumii and B. Pierce", title = "Logical Relations for Encryption", booktitle = CSFW, pages = "256--269", year = 2001, month = jun } @inproceedings{Sutherland:NCSC86, author = "D. Sutherland", title = "A Model of Information", booktitle = "Proc. National Computer Security Conference", year = 1986, pages = "175--183", month = sep } @inproceedings{Syverson:Gray:Epistemic, author = "P. Syverson and J. W. {Gray III}", title = "The Epistemic Representation of Information Flow Security in Probabilistic Systems", booktitle = CSFW, pages = "152--166", month = jun, year = 1995 } @inproceedings{Thiemann:ESOP01, author = "P. Thiemann", title = "Enforcing Security Properties by Type Specialization", booktitle = ESOP, series = LNCS, publisher = SV, year = 2001, month = apr, volume = 2028 } @inproceedings{Volpano:CSFW00, author = "D. Volpano", title = "Secure Introduction of One-way Functions", booktitle = CSFW, pages = "246--254", year = 2000, month = jul } @inproceedings{Volpano:SAS99, author = "D. Volpano", title = "Safety versus Secrecy", year = 1999, pages = "303--311", booktitle = SAS, volume = 1694, series = LNCS, month = sep, publisher = SV } @article{Volpano:Smith:Irvine:Sound, author = "D. Volpano and G. Smith and C. Irvine", title = "A Sound Type System for Secure Flow Analysis", journal = JCS, volume = 4, number = 3, year = 1996, pages = "167--187" } @article{Volpano:Smith:MinimumTypings, author = "D. Volpano and G. Smith", title = "Eliminating Covert Flows with Minimum Typings", journal = CSFW, month = jun, pages = "156--168", year = 1997 } @article{Volpano:Smith:Probabilistic, author = "D. Volpano and G. Smith", title = "Probabilistic Noninterference in a Concurrent Language", journal = JCS, volume = 7, number = "2--3", month = nov, pages = "231--253", year = 1999 } @inproceedings{Volpano:Smith:Probabilistic:CSFW, author = "D. Volpano and G. Smith", title = "Probabilistic Noninterference in a Concurrent Language", booktitle = CSFW, month = jun, pages = "34--43", year = 1998 } @inproceedings{Volpano:Smith:Relative, title = "Verifying Secrets and Relative Secrecy", author = "D. Volpano and G. Smith", pages = "268--276", booktitle = POPL, year = 2000, month = jan } @inproceedings{Volpano:Smith:TypeBased, author = "D. Volpano and G. Smith", title = "A Type-Based Approach to Program Security", booktitle = "Proc. TAPSOFT'97", series = LNCS, year = 1997, volume = 1214, publisher = SV, month = apr, pages = "607--621" } @phdthesis{Wagner:PhD, title = "Static analysis and computer security: New techniques for software assurance", author = "D. Wagner", year = 2000, school = "University of California at Berkeley" } @inproceedings(Wahbe:SOSP93, author = "R. Wahbe and S. Lucco and T. Anderson and S. Graham", title = "Efficient Software-Based Fault Isolation", year = 1993, booktitle = SOSP, month = dec, pages = "203--216" ) @inproceedings{Xi:Pfenning:POPL99, author = "H. Xi and F. Pfenning", title = "Dependent Types in Practical Programming", month = jan, year = 1999, booktitle = POPL, pages = "214--227" } @inproceedings{Zanotti:SAS02, author = "M. Zanotti", title = "Security Typings by Abstract Interpretation", booktitle = SAS, year = 2002, series = LNCS, volume = 2477, publisher = SV, month = sep, pages = "360--375" } @inproceedings{Zdancewic+:Partitioning, month = oct, year = 2001, author = "S. Zdancewic and L. Zheng and N. Nystrom and A. C. Myers", title = "Untrusted Hosts and Confidentiality: Secure Program Partitioning", booktitle = SOSP, pages = "1--14" } @inproceedings{Zdancewic:Myers:CSFW01, author = "S. Zdancewic and A. C. Myers", title = "Robust Declassification", booktitle = CSFW, month = jun, year = 2001, pages = "15--23" } @inproceedings{Zdancewic:Myers:ESOP01, author = "S. Zdancewic and A. C. Myers", title = "Secure Information Flow and {CPS}", booktitle = ESOP, year = 2001, month = apr, volume = 2028, series = LNCS, publisher = SV, pages = "46--61" } @article{Zdancewic:Myers:HOSC, author = "S. Zdancewic and A. C. Myers", title = "Secure Information Flow via Linear Continuations", journal = HOSC, volume = 15, number = "2--3", month = sep, year = 2002, pages = "209--234" } @phdthesis{Zdancewic:PhD, author = "S. Zdancewic", title = "Programming Languages for Information Security", school = "Cornell University", month = jul, year = 2002 } @techreport{integrity, author = "K. J. Biba", title = "Integrity Considerations for Secure Computer Systems", number = "ESD-TR-76-372", institution = "USAF Electronic Systems Division", address = "Bedford, MA", month = apr, year = 1977, note = "(Also available through National Technical Information Service, Springfield Va., NTIS AD-A039324.)" } @techreport{java-sandbox, author = "J. S. Fritzinger and M. Mueller", title = "Java Security", year = 1996, institution = "Sun Microsystems, Inc.", address = "Palo Alto, CA" } @unpublished{jif, author = "A. C. Myers and N. Nystrom and L. Zheng and S. Zdancewic", title = "{Jif}: {J}ava Information Flow", note = "Software release. http://www.cs.cornell.edu/jif", month = jul, year = 2001 } @article{stack-inspection, title = "The Security Architecture Formerly Known as Stack Inspection: A Security Mechanism for Language-based Systems", author = "D. S. Wallach and A. W. Appel and E. W. Felten", journal = "ACM Transactions on Software Engineering and Methodology", volume = 9, number = 4, month = oct, year = 2000, pages = "341--378" }