1. Spider-Scents: Grey-box Database-aware Web Scanning for Stored XSS, with Eric Olsson, Benjamin Eriksson, and Adam Doupé. In USENIX Security Symposium (USENIX Security), August 2024.

  2. FakeX: A Framework for Detecting Fake Reviews of Browser Extensions, with Eric Olsson, Benjamin Eriksson, Pablo Picazo-Sanchez, and Lukas Andersson. In ACM ASIA Conference on Computer and Communications Security (ASIACCS 2024), July 2024.

  3. Black Ostrich: Web Application Scanning with String Solvers, with Benjamin Eriksson, Amanda Stjerna, Riccardo De Masellis, and Philipp Ruemmer. In ACM Conference on Computer and Communications Security (CCS), November 2023.

  4. LazyTAP: On-Demand Data Minimization for Trigger-Action Applications, with Mohammad M. Ahmadpanah and Daniel Hedin. In IEEE Symposium on Security and Privacy (S&P'23), May 2023.

  5. No Signal Left to Chance: Driving Browser Extension Analysis by Download Patterns, with Pablo Picazo-Sanchez and Benjamin Eriksson. In Annual Computer Security Applications Conference (ACSAC), December 2022.

  6. SecWasm: Information Flow Control for WebAssembly, with Iulia Bastys, Maximilian Algehed, and Alexander Sjösten. In Static Analysis Symposium (SAS), December 2022.

  7. Are Chrome extensions compliant with the spirit of least privilege?, with Pablo Picazo-Sanchez, Lara Ortiz-Martin, and Gerardo Schneider. In International Journal of Information Security (IJIS), December 2022.

  8. Practical Data Access Minimization in Trigger-Action Platforms, with Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, and Earlence Fernandes. In USENIX Security Symposium (USENIX Security), August 2022.

  9. CatNap: Leveraging Generic MPC for Actively Secure Privacy-Enhancing Proximity Testing with a Napping Party, with Ivan Oleynikov and Elena Pagnin. In International Conference on Security and Cryptography (SECRYPT), July 2022.

  10. Outsourcing MPC Precomputation for Location Privacy, with Ivan Oleynikov and Elena Pagnin. In Location Privacy Workshop (LPW), June 2022.

  11. Hardening the Security Analysis of Browser Extensions, with Benjamin Eriksson and Pablo Picazo-Sanchez. In ACM Symposium On Applied Computing (SAC), April 2022.

  12. DeDup.js: Discovering Malicious and Vulnerable Extensions by Detecting Duplication, with Pablo Picazo-Sanchez and Maximilian Algehed. In International Conference on Information Systems Security and Privacy (ICISSP), February 2022.

  13. SandTrap: Securing JavaScript-driven Trigger-Action Platforms, with Mohammad M. Ahmadpanah, Daniel Hedin, Musard Balliu, and Lars Eric Olsson. In USENIX Security Symposium (USENIX Security), August 2021.

  14. Securing Node-RED Applications, with Mohammad M. Ahmadpanah, Musard Balliu, Daniel Hedin, and Lars Eric Olsson. In Protocols, Logic, and Strands: Festschrift in honor of Joshua Guttman, August 2021.

  15. EssentialFP: Exposing the Essence of Browser Fingerprinting, with Alexander Sjösten and Daniel Hedin. In IEEE Workshop on Designing Security for the Web (SecWeb), September 2021.

  16. Nontransitive Policies Transpiled, with Mohammad M. Ahmadpanah and Aslan Askarov. In IEEE European Symposium on Security and Privacy (EuroS&P), September 2021.

  17. Data Privacy in Trigger-Action Systems, with Yunang Chen, Amrita Roy Chowdhury, Ruizhe Wang, Rahul Chatterjee, and Earlence Fernandes. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), May 2021.

  18. Black Widow: Blackbox Data-driven Web Scanning, with Benjamin Eriksson and Giancarlo Pellegrino. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), May 2021.

  19. HMAC and "Secure Preferences": Revisiting Chromium-based Browsers Security, with Pablo Picazo-Sanchez and Gerardo Schneider. In Proceedings of the International Conference on Cryptology And Network Security (CANS), December 2020.

  20. Where are you Bob? Privacy-Preserving Proximity Testing with a Napping Party, with Ivan Oleynikov and Elena Pagnin. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), September 2020.

  21. Clockwork: Tracking Remote Timing Attacks, with Iulia Bastys, Musard Balliu, and Tamara Rezk. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), June 2020.

  22. VERONICA: Expressive and Precise Concurrent Information Flow Security, with Daniel Schoepe and Toby Murray. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), June 2020.

  23. AutoNav: Evaluation and Automatization of Web Navigation Policies, with Benjamin Eriksson. In Proceedings of the Web Conference (WWW), April 2020.

  24. An Empirical Study of Information Flows in Real-World JavaScript, with Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, and Michael Pradel. In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), London, UK, November 2019.

  25. Securing IoT Apps, with Musard Balliu and Iulia Bastys. In IEEE Security and Privacy Magazine, Special Issue on the Internet of Things (IoT), 2019.

  26. TOPPool: Time-aware Optimized Privacy-Preserving Ridesharing, with Elena Pagnin, Gunnar Gunnarsson, Pedram Talebi, and Claudio Orlandi. In Privacy Enhancing Technologies (PETs), Issue 4, 2019.

  27. Information-Flow Control for Database-backed Applications, with Marco Guarnieri, Daniel Schoepe, Musard Balliu, and David Basin. In IEEE European Symposium on Security and Privacy (EuroS&P), Stockholm, Sweden, June 2019.

  28. On the Road with Third-Party Apps: Security Analysis of an In-Vehicle App Platform, with Benjamin Eriksson and Jonas Groth. In International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS), Heraklion, Greece, May 2019.

  29. Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks, with Alexander Sjösten, Steven Van Acker, and Pablo Picazo-Sanchez. In Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2019.

  30. Raising the Bar: Evaluating Origin-wide Security Manifests, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico, December 2018.

  31. Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps, with Iulia Bastys and Frank Piessens. In Nordic Conference on Secure Systems (NordSec), Oslo, Norway, November 2018.

  32. If This Then What? Controlling Flows in IoT Apps, with Iulia Bastys and Musard Balliu. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 2018.

  33. Prudent Design Principles for Information Flow Control, with Iulia Bastys and Frank Piessens. In Proceedings of the Workshop on Programming Languages and Analysis for Security (PLAS), Toronto, Canada, October 2018.

  34. Assuring BetterTimes: Private Arithmetic Formulas, with Per Hallgren, Ravi Kishore, and Martin Ochoa. Journal of Computer Security, IOS Press. 2018.

  35. Information Flow Tracking for Side-effectful Libraries, with Alexander Sjösten and Daniel Hedin. In Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE), Madrid, Spain, June 2018.

  36. We are Family: Relating Information-Flow Trackers, with Musard Balliu and Daniel Schoepe. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Oslo, Norway, September 2017.

  37. PrivatePool: Privacy-Preserving Ridesharing, with Per Hallgren and Claudio Orlandi. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Santa Barbara, CA, August 2017.

  38. A Principled Approach to Tracking Information Flow in the Presence of Libraries, with Daniel Hedin, Alexander Sjösten, and Frank Piessens. In Proceedings of the International Conference on Principles of Security and Trust (POST), Uppsala, Sweden, April 2017.

  39. Measuring Login Webpage Security, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the ACM Symposium on Applied Computing (SAC), Marrakech, Morocco, April 2017.

  40. Discovering Browser Extensions via Web Accessible Resources, with Alexander Sjösten and Steven Van Acker. In Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY), Scottsdale, AZ, USA, March 2017.

  41. Privacy-Preserving Location-Proximity for Mobile Apps, with Simonas Stirbys, Omar Abu Nabah, and Per Hallgren. In Proceedings of the Parallel, Distributed, and Network-Based Processing (PDP), St. Petersburg, Russia, March 2017.

  42. Location-enhanced Authentication using the IoT, with Ioannis Agadakos, Per Hallgren, and Georgios Portokalidis. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, December 2016.

  43. MaxPace: Speed-Constrained Location Queries, with Per Hallgren and Martin Ochoa. In Proceedings of the IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, USA, October 2016.

  44. Let's Face It: Faceted Values for Taint Tracking, with Daniel Schoepe, Musard Balliu, and Frank Piessens. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Greece, September 2016.

  45. JavaScript Sandboxing: Isolating and Restricting Client-Side JavaScript, with Steven Van Acker. In Foundations of Security Analysis and Design VIII, LNCS 9808, Springer, August 2016.

  46. Data Exfiltration in the Face of CSP, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS), Xi'an, China, May 2016.

  47. Progress-Sensitive Security for SPARK, with Willard Rafnsson and Deepak Garg. In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS), London, UK, April 2016.

  48. Web Application Security using JSFlow, with Daniel Hedin. In Proceedings of the International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC), Romania, March 2016.

  49. Explicit Secrecy: A Policy for Taint Tracking, with Daniel Schoepe, Musard Balliu, and Benjamin C. Pierce. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), Saarbrücken, Germany, March 2016.

  50. JSLINQ: Building Secure Applications across Tiers, with Musard Balliu, Benjamin Liebe, and Daniel Schoepe. In Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY), New Orleans, LA, March 2016.

  51. Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent, with Willard Rafnsson. Journal of Computer Security, Special issue on IEEE CSF 2012/13, IOS Press. 2016.

  52. Information-flow security for JavaScript and its APIs, with Daniel Hedin and Luciano Bello. Journal of Computer Security, Special issue on IEEE CSF 2012/13, IOS Press. 2016.

  53. Value Sensitivity and Observable Abstract Values for Information Flow Control, with Luciano Bello and Daniel Hedin. In Proceedings of the International Conferences on Logic for Programming, Artificial Intelligence and Reasoning (LPAR), November 2015.

  54. BetterTimes: Privacy-assured Outsourced Multiplications for Additively Homomorphic Encryption on Finite Fields, with Per Hallgren and Martin Ochoa. In Proceedings of the International Conference on Provable Security (ProvSec), Kanazawa, Japan, November 2015.

  55. InnerCircle: A Parallelizable Decentralized Privacy-Preserving Location Proximity Protocol, with Per Hallgren and Martin Ochoa. In Proceedings of the International Conference on Privacy, Security and Trust (PST), Izmir, Turkey, July 2015.

  56. Understanding and Enforcing Opacity, with Daniel Schoepe. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Verona, Italy, July 2015.

  57. Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language, with Daniel Hedin and Luciano Bello. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Verona, Italy, July 2015.

  58. May I? - Content Security Policy Endorsement for Browser Extensions, with Daniel Hausknecht and Jonas Magazinius. In Proceedings of the Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA), Milan, Italy, July 2015.

  59. Password Meters and Generators on the Web: From Large-Scale Empirical Study to Getting It Right, with Steven Van Acker and Daniel Hausknecht. In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY), San Antonio, TX, March 2015.

  60. SeLINQ: Tracking Information Across Application-Database Boundaries, with Daniel Schoepe and Daniel Hedin. In Proceedings of the ACM International Conference on Functional Programming (ICFP), Gothenburg, Sweden, September 2014.

  61. Compositional Information-flow Security for Interactive Systems, with Willard Rafnsson. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), Vienna, Austria, July 2014.

  62. JSFlow: Tracking Information Flow in JavaScript and its APIs, with Daniel Hedin, Arnar Birgisson, and Luciano Bello. In Proceedings of the ACM Symposium on Applied Computing (SAC), Gyeongju, Korea, March 2014.

  63. Architectures for Inlining Security Monitors in Web Application, with Jonas Magazinius and Daniel Hedin. In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS), Munich, Germany, February 2014.

  64. Polyglots: Crossing Origins by Crossing Formats, with Jonas Magazinius and Billy K. Rios. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.

  65. Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent, with Willard Rafnsson. In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), New Orleans, LA, June 2013.

  66. GlassTube: A Lightweight Approach to Web Application Integrity, with Per Hallgren and Daniel Mauritzson. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), Seattle, WA, June 2013.

  67. Securing Class Initialization in Java-like Languages, with Willard Rafnsson and Keiko Nakata. In IEEE Transactions on Dependable and Secure Computing (TDSC), 10:1(1-13), January 2013.

  68. On-the-fly Inlining of Dynamic Security Monitors, with Jonas Magazinius and Alejandro Russo. In Computers & Security, 31:7(827-843), October 2012, Elsevier.

  69. Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing, with Arnar Birgisson and Daniel Hedin. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Pisa, Italy, September 2012, LNCS, Springer-Verlag.

  70. Information-Flow Security for a Core of JavaScript, with Daniel Hedin. In Proceedings of the IEEE Computer Security Foundations Symposium, Harvard University, Cambridge MA, June 25-27, 2012. IEEE Computer Society Press.

  71. Securing Interactive Programs, with Willard Rafnsson and Daniel Hedin. In Proceedings of the IEEE Computer Security Foundations Symposium, Harvard University, Cambridge MA, June 25-27, 2012. IEEE Computer Society Press.

  72. Decentralized Delimited Release, with Jonas Magazinius and Aslan Askarov. In Proceedings of the Asian Symposium on Programming Languages and Systems (APLAS), Kenting, Taiwan, December 2011. LNCS, Springer-Verlag.

  73. Multi-run security, with Arnar Birgisson. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Leuven, Belgium, September 2011, LNCS, Springer-Verlag.

  74. A Perspective on Information-Flow Control, with Daniel Hedin. In Proceedings of the 2011 Marktoberdorf Summer School, IOS Press.

  75. Capabilities for information flow, with Arnar Birgisson and Alejandro Russo. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Jose, CA, June 2011.

  76. Limiting Information Leakage in Event-based Communication, with Willard Rafnsson. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Jose, CA, June 2011.

  77. Unifying Facets of Information Integrity, with Arnar Birgisson and Alejandro Russo. In Proceedings of the International Conference on Information Systems Security (ICISS), Gandhinagar, India, December 2010, LNCS, Springer-Verlag.

  78. On-the-fly Inlining of Dynamic Security Monitors, with Jonas Magazinius and Alejandro Russo. In Proceedings of the IFIP International Information Security Conference (SEC), Brisbane, Australia, September 2010.

  79. Dynamic vs. Static Flow-Sensitive Security Analysis, with Alejandro Russo. In Proceedings of the IEEE Computer Security Foundations Symposium, Edinburgh, UK, July 17-19, 2010. IEEE Computer Society Press.

  80. Security of Multithreaded Programs by Compilation, with Gilles Barthe, Tamara Rezk, and Alejandro Russo. In ACM Transactions on Information and System Security (TISSEC). 13:3(21:1-21:32), July 2010.

  81. Securing Class Initialization, with Keiko Nakata. In Proceedings of the IFIP International Conference on Trust Management (IFIPTM), Morioka, Iwate, Japan, June 2010, LNCS, Springer-Verlag.

  82. A Lattice-based Approach to Mashup Security, with Jonas Magazinius and Aslan Askarov. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing, China, April 2010.

  83. Tracking Information Flow in Dynamic Tree Structures, with Alejandro Russo and Andrey Chudnov. In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Saint Malo, France, September 2009, LNCS, Springer-Verlag.

  84. Implicit flows in malicious and nonmalicious code, with Alejandro Russo and Keqin Li. In Proceedings of the 2009 Marktoberdorf Summer School, IOS Press.

  85. Securing Interaction between Threads and the Scheduler in the Presence of Synchronization, with Alejandro Russo. In Journal of Logic and Algebraic Programming, 78:7(593-618), Elsevier, August 2009.

  86. Securing Timeout Instructions in Web Applications, with Alejandro Russo. In Proceedings of the IEEE Computer Security Foundations Symposium, Port Jefferson, NY, July 8-10, 2009. IEEE Computer Society Press.

  87. Tight Enforcement of Information-Release Policies for Dynamic Languages, with Aslan Askarov. In Proceedings of the IEEE Computer Security Foundations Symposium, Port Jefferson, NY, July 8-10, 2009. IEEE Computer Society Press.

  88. From dynamic to static and back: Riding the roller coaster of information-flow control research, with Alejandro Russo. In Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, June 15-19, 2009. LNCS 5947, Springer-Verlag.

  89. Catch Me If You Can: Permissive Yet Secure Error Handling, with Aslan Askarov. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Dublin, Ireland, June 2009.

  90. Declassification: Dimensions and Principles, with David Sands. Journal of Computer Security, 17:5(517-548), IOS Press. Accepted: December 2006; Final version: February 2007; Publication: January 2009.

  91. Termination-Insensitive Noninterference Leaks More Than Just a Bit, with Aslan Askarov, Sebastian Hunt, and David Sands. In Proceedings of the 13th European Symposium on Research in Computer Security (ESORICS), Malaga, Spain, October 2008, LNCS 5283, Springer-Verlag.

  92. Cryptographically-Masked Flows, with Aslan Askarov and Daniel Hedin. In Theoretical Computer Science, 402(2-3):82-101, August 2008, Elsevier.

  93. Closing Internal Timing Channels by Transformation, with Alejandro Russo, John Hughes, and David Naumann. In Proceedings of the 11th Annual Asian Computing Science Conference, Tokyo, Japan, December 6-8, 2006, Revised Selected Papers, LNCS 4435, Springer-Verlag. January 2008.

  94. Security of Multithreaded Programs by Compilation, with Gilles Barthe, Tamara Rezk, and Alejandro Russo. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), Dresden, Germany, September 24-26, 2007, LNCS 4734, Springer-Verlag.

  95. Localized Delimited Release: Combining the What and Where Dimensions of Information Release, with Aslan Askarov. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Diego, California, June 14, 2007.

  96. Gradual Release: Unifying Declassification, Encryption and Key Release Policies, with Aslan Askarov. In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley/Oakland, California, May 20-23, 2007.

  97. Cryptographically-Masked Flows, with Aslan Askarov and Daniel Hedin. In Proceedings of the International Static Analysis Symposium, Seoul, Korea, August 29-31, 2006. LNCS 4134, Springer-Verlag.

  98. Securing Interaction between Threads and the Scheduler, with Alejandro Russo. In Proceedings of the 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. IEEE Computer Society Press.

  99. Security for Multithreaded Programs under Cooperative Scheduling, with Alejandro Russo. In Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, June 27-30, 2006. LNCS 4378, Springer-Verlag.

  100. Enforcing Robust Declassification and Qualified Robustness, with Andrew C. Myers and Steve Zdancewic. Journal of Computer Security, 14(2):157-196, IOS Press, May 2006.

  101. Security-typed languages for implementation of cryptographic protocols: A case study, with Aslan Askarov. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), Milan, Italy, September 12-14, 2005, LNCS, Springer-Verlag, September 2005.

  102. Dimensions and Principles of Declassification, with David Sands. In Proceedings of the 18th IEEE Computer Security Foundations Workshop, Aix-en-Provence, France, June 20-22, 2005. IEEE Computer Society Press.

  103. Bridging Language-Based and Process Calculi Security, with Riccardo Focardi and Sabina Rossi. In Proceedings of Foundations of Software Science and Computation Structures (FOSSACS'05), pages 299-315, Edinburgh, Scotland, April 2-8, 2005, LNCS 3441, Springer-Verlag.

    Full version available as Bridging Language-Based and Process Calculi Security, Technical Report, CS-2004-14, University of Venice, December 2004.

  104. A Model for Delimited Information Release, with Andrew C. Myers. In Proceedings of the 2003 International Symposium on Software Security (ISSS'03), pages 174-191, Tokyo, Japan, November 4-6, 2003. LNCS 3233, Springer-Verlag. October 2004.

  105. Enforcing Robust Declassification, with Andrew C. Myers and Steve Zdancewic. In Proceedings of the 17th IEEE Computer Security Foundations Workshop, Pacific Grove, California, June 28-30, 2004. IEEE Computer Society Press.

  106. A Unifying Approach to the Security of Distributed and Multi-Threaded Programs, with Heiko Mantel. Journal of Computer Security, 11(4):615-676, IOS Press, September 2003.

  107. Confidentiality for Multithreaded Programs via Bisimulation. In Proceedings of Andrei Ershov 5th International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, July 9-12, 2003. LNCS 2890, Springer-Verlag.

  108. Language-Based Information-Flow Security (ps, pdf) with Andrew C. Myers. IEEE Journal on Selected Areas in Communications, 21(1):5-19, January 2003.
    This is a survey article on language-based techniques for the specification and enforcement of confidentiality properties. The BibTeX file with references made in the survey is available here.

  109. Static Confidentiality Enforcement for Distributed Programs, with Heiko Mantel. In Proceedings of the 9th International Static Analysis Symposium, Madrid, Spain, September 17-20, 2002. LNCS 2477, Springer-Verlag.

  110. The Impact of Synchronisation on Secure Information Flow in Concurrent Programs. In Proceedings of Andrei Ershov 4th International Conference on Perspectives of System Informatics, Akademgorodok, Novosibirsk, Russia, July 3-6, 2001. LNCS 2244, Springer-Verlag.

  111. A Generic Approach to the Security of Multi-threaded Programs, with Heiko Mantel. In Proceedings of the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June 11-13, 2001. IEEE Computer Society Press.

  112. Semantic Models for the Security of Sequential and Concurrent Programs. (ps-file size: 2M). PhD Thesis, Chalmers University of Technology and University of Gothenburg, May 2001. Defended in June 2001.

  113. A Per Model of Secure Information Flow in Sequential Programs, with David Sands. Higher-Order and Symbolic Computation, 14(1):59-91, March 2001.

  114. Probabilistic Noninterference for Multi-threaded Programs, with David Sands. In Proceedings of the 13th IEEE Computer Security Foundations Workshop, Cambridge, England, July 2000. IEEE Computer Society Press.

  115. Semantics-based Security and Aspects of Program Analysis. (ps-file size: 2M) Licentiate Thesis, Chalmers University of Technology and University of Gothenburg, March 2000.

  116. A Per Model of Secure Information Flow in Sequential Programs, with David Sands. In Proceedings of the 8th European Symposium on Programming, ESOP'99, LNCS 1576, pages 40-58, Amsterdam, March 1999, Springer-Verlag.

  117. Equivalent Transformations of Recursive Schemes with Finite Unfolding, with Viktor Sabelfeld. Programming and Computer Software, 23 (2):70-77, 1997.

  118. Correct Transformations of Logic Programs. Joint Bulletin of Novosibirsk Computer Center and the Institute of Informatics Systems, 5:55-67, 1996.