Language-Based Security Papers

Label models

• D. E. Denning, “A lattice model of secure information flow,” Communications of the ACM, vol. 19, pp. 236–243, May 1976. [Online]. Available: http://doi.acm.org/10.1145/360051.360056

• A. C. Myers and B. Liskov, “Protecting privacy using the decentralized label model,” ACM Trans. Softw. Eng. Methodol., vol. 9, pp. 410–442, October 2000. [Online]. Available: http://doi.acm.org/10.1145/363516.363526

• D. Stefan, A. Russo, D. Mazie`res, and J. C. Mitchell, “Disjunction category labels,” in 16th Nordic Conference on Secure IT Systems, ser. NordSec. Springer, 2011, pp. 223–239. [Online]. Available: http://www.scs.stanford.edu/~dm/home/papers/stefan:dclabels.pdf

• Benoît Montagu, Benjamin C. Pierce, and Randy Pollack. A Theory of Information-Flow Labels. In Proceedings of the 2013 IEEE Computer Security Foundations Symposium, June 2013. [ bib | coq code | http://www.cis.upenn.edu/~bcpierce/papers/csf2013.pdf ]

Type systems

• D. E. Denning and P. J. Denning, “Certification of programs for secure information flow,” Comm. of the ACM, vol. 20, no. 7, pp. 504–513, Jul. 1977. [Online]. Available: https://doi.org/10.1145/359636.359712
• Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2-3):167– 187, 1996. http://users.cis.fiu.edu/~smithg/papers/jcs96.pdf
• S. Hunt and D. Sands, “On flow-sensitive security types,” in Proc. 33rd Proc. ACM Symposium on Principles of Programming Languages (POPL), 2006, pp. 79–90. http://www.cse.chalmers.se/~dave/papers/Hunt-Sands-POPL06.pdf

Declassification

• A. Sabelfeld and D. Sands, “Dimensions and principles of declassification,” in Computer Security Foundations 18th Workshop, IEEE, Ed., June 2005, pp. 255–269. [Online]. Available: http://www.cse.chalmers.se/~dave/papers/sabelfeld-sands-CSFW05.pdf
• A. Sabelfeld and D. Sands. Declassification: Dimensions and principles. Journal of Computer Security, 17(5):517–548, 2009. [Online]. Available: http://www.cse.chalmers.se/~andrei/sabelfeld-sands-jcs07.pdf
• H. Mantel and D. Sands, “Controlled declassification based on intransitive noninterference,” in Proc. Asian Symp. on Programming Languages and Systems, ser. LNCS. Springer- Verlag, 2004, pp. 129–145. [Online]. Available: http://www.cse.chalmers.se/~dave/papers/Mantel-Sands-TR04.pdf

Side channels

• Hunt, S., Askarov, A., Sabelfeld, A. & Sands, D. (2008). Termination-insensitive noninterference leaks more than just a bit. Paper presented at the 13th European Symposium on Research in Computer Security, Oct 2008, Malaga, Spain. http://openaccess.city.ac.uk/197/2/esorics08.pdf

• Deian Stefan, Alejandro Russo, Pablo Buiras, Amit Levy, John C. Mitchell, David Mazières: Addressing covert termination and timing channels in concurrent information flow systems. ICFP 2012: 201-214 http://www.cse.chalmers.se/~russo/publications_files/icfp2012.pdf

Dynamic analysis

• T. H. Austin and C. Flanagan, “Efficient purely-dynamic information flow analysis,” SIGPLAN Notices, vol. 44, pp. 20–31, December 2009. [Online]. Available: http://slang.soe.ucsc.edu/cormac/papers/plas09.pdf
• T. H. Austin and C. Flanagan. Permissive dynamic information flow analysis. In PLAS’10, pages 3:1–3:12. ACM, 2010. [Online]. Available: https://users.soe.ucsc.edu/~cormac/papers/plas10.pdf
• T. H. Austin and C. Flanagan. Multiple facets for dynamic information flow. In Proc. of the 39th Symposium of Principles of Programming Languages. ACM, 2012. [Online]. Available: https://doi.org/10.1145/2103621.2103677
• T. H. Austin, T. Schmitz, and C. Flanagan. Multiple facets for dynamic information flow with exceptions. ACM TOPLAS, Volume 39 Issue 3, July 2017, Article No. 10 https://users.soe.ucsc.edu/~cormac/papers/toplas17.pdf, https://doi.org/10.1145/3024086
• D. Stefan, A. Russo, J. C. Mitchell, and D. Mazie`res, “Flexible dynamic information flow control in Haskell,” in Proceedings of the 4th Symposium on Haskell. ACM, 2011, pp. 95–106. [Online]. Available: http://www.cse.chalmers.se/~russo/publications_files/haskell11.pdf, http://www.scs.stanford.edu/~deian/pubs/stefan:2011:flexible-ext.pdf
• D. Devriese and F. Piessens. Non-interference through secure multi-execution. In Proc. of the 2010 Symposium on Security and Privacy, pages 109–124. IEEE, 2010. https://pdfs.semanticscholar.org/4e73/34db18da606f0ddb85caab476a026337aa1e.pdf (should be available through IEEExplore)
• W. Rafnsson and A. Sabelfeld. Secure multi-execution: Fine-grained, declassification-aware, and transparent. Journal of Computer Security, 24(1):39– 90, 2016. http://www.cse.chalmers.se/~andrei/jcs-sme.pdf