Martín Abadi, Anindya Banerjee, Nevin Heintze, Jon Riecke. A Core Calculus of Dependency. 26th ACM Symposium on Principles of Programming Languages (POPL), pages 147–160, January 1999.
Martín Abadi, Bruno Blanchet. Analyzing security protocols with secrecy types and logic programs. 29th ACM Symposium on Principles of Programming Languages (POPL), pages 33–44, January 2002.
Martín Abadi, Bruno Blanchet. Secrecy by typing in security protocols. Journal of the ACM, 45(5), September 1999.
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti. Control-Flow Integrity—Principles, Implementations, and Applications. ACM Conference on Computer and Communications Security, Nov. 2005.
Martín Abadi, Michael Burrows, Butler Lampson, Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, 1993.
Bowen Alpern, Fred B. Schneider. Defining liveness. Information Processing Letters, 21:181–185, 1985.
Chris Andreae, James Noble, Shane Markstrum, Todd Millstein. A framework for pluggable type systems. 21st ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications (OOPSLA'06), to appear, October 2006.
Anindya Banerjee and David A. Naumann. Secure information flow and pointer confinement in a Java-like language. IEEE Computer Security Foundations Workshop (CSFW), June 2002.
John Barnes. High Integrity Software: The SPARK Approach to Safety and Security. Addison Wesley, 2003, ISBN 0321136160
Jean-Francois Bergeretti, Bernard A. Carré. Information-flow and data-flow analysis of while-programs. ACM Transactions on Programming Languages and Systems (TOPLAS), 7(1):37–61, January 1985.
Stephen Chong, Andrew C. Myers. Language-based information erasure. 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 241–254, June 2005.
Stephen Chong, Andrew C. Myers. Decentralized robustness. 19th IEEE Computer Security Foundations Workshop (CSFW'06), to appear, July 2006.
Michael Clarkson, Andrew C. Myers, Fred B. Schneider. Belief in information flow. 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 31–45, June 2005.
Dorothy E. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
Dorothy E. Denning and Peter J. Denning. Certification of Programs for Secure Information Flow. Communications of the ACM, 20(7):504–513, July 1977.
Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, Paul Barham. Vigilante: end-to-end containment of Internet worms. ACM Symposium on Operating Systems Principles (SOSP), pages 133–147, September 2005
R. De Nicola, G. Ferrari, and R. Pugliese. Programming access control: The KLAIM experience. In CONCUR 2000—Concurrency Theory, LNCS 1877, pages 48–65. Springer, 2000.
Dawson Engler, Benjamin Chelf, Andy Chou, Seth Hallem. Checking system rules Using system-specific, programmer-written compiler extensions. OSDI 2000.
Úlfar Erlingsson, Fred B. Schneider. IRM enforcement of Java stack inspection. IEEE Symposium on Security and Privacy, 2000.
Úlfar Erlingsson, Fred B. Schneider. SASI enforcement of security policies: a retrospective. WNSP: New Security Paradigms Workshop, 1999.
Jeffrey S. Foster, Tachio Terauchi, and Alex Aiken. Flow-sensitive type qualifiers. ACM Conference on Programming Language Design and Implementation (PLDI'02), pages 1–12, June 2002.
C. Fournet, A. Gordon, S. Maffeis. A type discipline for authorization policies. European Symposium on Programming (ESOP 2005), pages 141–156, April 6-8, 2005.
Dan Grossman, Greg Morrisett, Trevor Jim, Michael Hicks, Yanling Wang, James Cheney. Region-based memory management in Cyclone. ACM Conference on Programming Language Design and Implementation, pages 282–293, Berlin, Germany, June 2002.
Kevin W. Hamlen, Greg Morrisett, Fred B. Schneider. Computability Classes for Enforcement Mechanisms. ACM Transactions on Programming Languages And Systems (TOPLAS), 28(1):175–205, January 2006.
Nevin Heintze, Jon G. Riecke. The SLam calculus: programming with secrecy and integrity. 25th ACM Symposium on Principles of Programming Languages, January 1998.
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, DerTsai Lee, and Sy-Yen Kuo. Securing web application code by static analysis and runtime protection. 13th International Conference on World Wide Web (WWW'04), 2004.
Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks, James Cheney, Yanling Wang. Cyclone: a safe dialect of C. USENIX Annual Technical Conference, pages 275–288, Monterey, CA, June 2002.
A.K. Jones, B.H. Liskov. A language extension for controlling access to shared data. IEEE Transactions on Software Engineering 2(4), pp. 277–285 (1976)
Richard W. M. Jones, Paul H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. 3rd International Workshop on Automated Debugging, 1997.
Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe. Secure Execution Via Program Shepherding. 11th USENIX Security Symposium, August 2002.
Butler Lampson, Martín Abadi, Michael Burrows, Edward Wobber. Authentication in distributed systems: theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, 1992.
Jay Ligatti, Lujo Bauer, David Walker. Edit automata: enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2):2–16, February 2005.
D. Malkhi, N. Nisan, B. Pinkas, Y. Sella. Fairplay—a secure two-party computation system. Usenix Security Symposium 2004
Stephen McCamant, Greg Morrisett. Evaluating SFI for a CISC architecture. 15th USENIX Security Symposium, to appear, August 2006.
J. McHugh, D. I. Good. An information flow tool for Gypsy. 1985 IEEE Symposium on Security and Privacy, pages 46–48.
Ricardo Medel, Adriana Compagnoni and Eduardo Bonelli. Non-interference for a typed assembly language. Workshop on Foundations of Computer Security (FCS'05), June 2005.
Greg Morrisett, David Walker, Karl Crary, Neal Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):528-569, May 1999.
G. Morrisett, K. Crary, N. Glew, D. Grossman, R. Samuels, F. Smith, D. Walker, S. Weirich, and S. Zdancewic. TALx86: a realistic typed assembly language. 1999 ACM SIGPLAN Workshop on Compiler Support for System Software, pages 25–35, Atlanta, GA, USA, May 1999.
Andrew C. Myers. JFlow: practical mostly-static information flow control. 26th ACM Symposium on Principles of Programming Languages (POPL), Jan. 1999, pages 228–241.
Andrew C. Myers, Barbara Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410–442, October 2000.
Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic. Enforcing robust declassification and qualified robustness Journal of Computer Security, 14(2):157–196, 2006.
George Necula. Proof-carrying code. 24th ACM Symposium on Principles of Programming Languages (POPL), Jan. 1997, pp. 106–119.
George C. Necula, Scott McPeak, Westley Weimer. CCured: type-safe retrofitting of legacy code. 29th ACM Symposium on Principles of Programming Languages, 2002, pp. 128–139.
Francois Pottier, Vincent Simonet. Information flow inference for ML. 29th ACM Symposium on Principles of Programming Languages, pages 319–330, 2002.
Francois Pottier, Christian Skalka, Scott Smith. A Systematic Approach to Static Access Control. European Symposium on Programming (ESOP 2001), p. 30, 2001. LNCS 2028.
Olatunji Ruwase, Monica Lam. A practical dynamic buffer overflow detector. Network and Distributed System Security Symposium (NDSS'04), pages 159–169, February 2004.
Andrei Sabelfeld, David Sands. Dimensions and principles of declassification. 18th Computer Security Foundations Workshop, pages 255–269, June 2005.
Andrei Sabelfeld, Andrew C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5–19, Jan. 2003.
Fred B. Schneider, Greg Morrisett, Robert Harper. A language-based approach to security. Informatics: 10 Years Back, 10 Years Ahead, Lecture Notes in Computer Science, Vol. 2000, Springer-Verlag, Heidelberg, 86–101, 2000.
Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, David Wagner. Detecting format string vulnerabilities with type qualifiers. 10th USENIX Security Symposium, August 2001.
Jan Vitek, Boris Bokowski. Confined Types. 14th ACM SIGPLAN conference on object-oriented programming, systems, languages, and applications (OOPSLA'99), pages 82–96, 1999.
Dennis Volpano, Geoffrey Smith, Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167–187, 1996.
Dennis Volpano and Geoffrey Smith. A Type-Based Approach to Program Security. 7th International Joint Conference on the Theory and Practice of Software Development, pages 607–621, 1997.
Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham. Efficient software-based fault isolation. ACM Symposium on Operating Systems Principles (SOSP), 1993.
D. Wagner, J. S. Foster, E. A. Brewer, and Alexander Aiken. A first step towards automated detection of buffer overrun vulnerabilities. Network and Distributed System Security Symposium, pages 3–17, February 2000.
David Walker. A type system for expressive security policies. 26th Symposium on Principles of Programming Languages (POPL), 254–267, 1999.
Steve Zdancewic, Andrew C. Myers. Observational determinism for concurrent program security. 16th IEEE Computer Security Foundations Workshop, June 2003.
Steve Zdancewic, Andrew C. Myers. Secure information flow and linear continuations. Higher-Order and Symbolic Computation, 15(2–3):209–234, Sept. 2002.
Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers. Secure program partitioning, ACM Transactions on Computing Systems (TOCS), 20(3):283–328, August 2002.
Steve Zdancewic, Andrew C. Myers. Robust declassification. 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June 2001, pages 15–23.
Lantian Zheng, Stephen Chong, Andrew C. Myers, Steve Zdancewic. Using replication and partitioning to build secure distributed systems. IEEE Symposium on Security and Privacy, May 2003.
Lantian Zheng, Andrew C. Myers. End-to-end availability policies and noninterference. 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 272–286, June 2005.