References

Up: A Model for Decentralized Previous: Acknowledgments

References

AR80: Gregory R. Andrews and Richard P. Reitman. An axiomatic approach to information flow in programs. ACM Transactions on Programming Languages and Systems, 2(1):56-76, 1980.
Bib77: K. J. Biba. Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, April 1977.
BL75: D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, MITRE Corp. MTR-2997, Bedford, MA, 1975. Available as NTIS AD-A023 588.
BN89: D. F. Brewer and J. Nash. The Chinese wall security policy. In Proc. of the IEEE Symposium on Security and Privacy, pages 206-258, May 1989.
CW87: David Clark and David R. Wilson. A comparison of commerical and military computer security policies. In Proc. of the IEEE Symposium on Security and Privacy, pages 184-194, 1987.
DD77: Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Comm. of the ACM, 20(7):504-513, 1977.
Den76: Dorothy E. Denning. A lattice model of secure information flow. Comm. of the ACM, 19(5):236-243, 1976.
DG84: William F. Dowling and Jean H. Gallier. Linear-time algorithms for testing the satisfiability of propositional Horn formulæ. Journal of Logic Programming, 1(3):267-284, October 1984.
Fol91: Simon N. Foley. A taxonomy for information flow policies and models. In Proc. of the IEEE Symposium on Security and Privacy, pages 98-108, 1991.
GJS96: James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. Addison-Wesley, August 1996. ISBN 0-201-63451-1.
GM84: J. A. Goguen and J. Meseguer. Unwinding and inference control. In Proc. of the IEEE Symposium on Security and Privacy, pages 11-20, April 1984.
JG91: Pierre Jouvelot and David K. Gifford. Algebraic reconstruction of types and effects. In ACM Symposium on Principles of Programming Languages, pages 303-310, January 1991.
JL78: Anita K. Jones and Barbara Liskov. A language extension for expressing constraints on data access. Comm. of the ACM, 21(5):358-367, May 1978.
LAB+84: Barbara Liskov, Russell Atkinson, Toby Bloom, J. Eliot Moss, J. Craig Schaffert, Robert Scheifler, and Alan Snyder. CLU Reference Manual. Springer-Verlag, 1984. Also published as Lecture Notes in Computer Science 114, G. Goos and J. Hartmanis, Eds., Springer-Verlag, 1981.
LABW91: Butler Lampson, Martín Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. In Proc. 13th ACM Symp. on Operating System Principles (SOSP), pages 165-182, October 1991. Operating System Review, 253(5).
Lam73: Butler W. Lampson. A note on the confinement problem. Comm. of the ACM, 10:613-615, 1973.
LY96: T. Lindholm and F. Yellin. The Java Virtual Machine. Addison-Wesley, Englewood Cliffs, NJ, May 1996.
MMN90: Catherine J. McCollum, Judith R. Messing, and LouAnna Notargiacomo. Beyond the pale of MAC and DAC -- defining new forms of access control. In Proc. of the IEEE Symposium on Security and Privacy, pages 190-200, 1990.
MR92: M. D. McIlroy and J. A. Reeds. Multilevel security in the UNIX tradition. Software--Practice and Experience, 22(8):673-694, August 1992.
Nec97: George C. Necula. Proof-carrying code. In Proc. of ACM Symp. on Principles of Programming Languages, pages 106-119, January 1997.
PO95: Jens Palsberg and Peter Ørbæk. Trust in the lambda-calculus. In Proc. 2nd International Symposium on Static Analysis, number 983 in Lecture Notes in Computer Science, pages 314-329. Springer, September 1995.
RM96: Jakob Rehof and Torben Æ. Mogensen. Tractable constraints in finite semilattices. In Proc. 3rd International Symposium on Static Analysis, number 1145 in Lecture Notes in Computer Science, pages 285-300. Springer-Verlag, September 1996.
RSC92: Joel Richardson, Peter Schwarz, and Luis-Felipe Cabrera. CACL: Efficient fine-grained protection for objects. In Proceedings of the 1992 ACM Conference on Object-Oriented Programming Systems, Languages, and Applications, pages 154-165, Vancouver, BC, Canada, October 1992.
Vol97: Dennis Volpano. Provably-secure programming languages for remote evaluation. ACM SIGPLAN Notices, 32(1):117-119, January 1997.
VSI96: Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167-187, 1996.

Andrew C. Myers, Barbara Liskov