p
Reference manual
Javadoc
Change log

Mailing list

Sign up for news about Jif!

(open subscription, low traffic)

Send mail to jif-users-l-request@cornell.edu with a subject line of join. Or turn on JavaScript to see the sign-up form.

Jif is a security-typed programming language that extends Java with support for information flow control and access control, enforced at both compile time and run time. The source code for the Jif compiler and run-time system is available for download. Jif is written in Java and is built using the Polyglot extensible Java compiler framework.

Static information flow control can protect the confidentiality and integrity of information manipulated by computing systems. The compiler tracks the correspondence between information the policies that restrict its use, enforcing security properties end-to-end within the system. After checking information flow within Jif programs, the Jif compiler translates them to Java programs and uses an ordinary Java compiler to produce secure executable programs.

Jif extends Java by adding labels that express restrictions on how information may be used. For example, the following variable declaration declares not only that the variable x is an int, but also that the information in x is governed by a security policy:

int {Alice→Bob} x;

In this case, the security policy says that the information in x is controlled by the principal Alice, and that Alice permits this information to be seen by the principal Bob. The policy {Alice←Bob} means that information is owned by Alice, and that Alice permits it to be affected by Bob. Based on label annotations like these, the Jif compiler analyzes information flows within programs, to determine whether they enforce the confidentiality and integrity of information.

Other systems that provide related functionality are the Flow Caml and SPARK/Ada languages. Jif provides richer support for tying security requirements to programs, with important features like selective, robust downgrading, language-based access control, and dynamic labels and principals. These features are crucial for language-based reasoning about security in complex applications.

Jif IDE is an Eclipse IDE plug-in for Jif, built using the Polyglot IDE framework. Jifclipse is another Eclipse-based IDE for Jif developed at Penn State. It tends not to support the latest version of Jif, however.

Release history

Release history
Version Release date
June 24, 2016
September 18, 2015
February 2009

Related group publications

  1. Viaduct: an extensible, optimizing compiler for secure distributed programs

    Using information flow as a specification for synthesizing cryptography (conditionally accepted)

    42nd ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI), June 2021. Coşku Acay, Rolph Recto, Joshua Gancher, Andrew Myers, and Elaine Shi. [ ×@inproceedings{viaduct-pldi21, title="Viaduct: an extensible, optimizing compiler for secure distributed programs", author="Coşku Acay and Rolph Recto and Joshua Gancher and Andrew Myers and Elaine Shi", booktitle="42nd ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI)", url="http://www.cs.cornell.edu/andru/papers/viaduct/", month="June", year="2021"} ]
  2. Compositional security for reentrant applications

    Reentrancy should be viewed through the lens of information flow

    IEEE Symp. on Security and Privacy, May 2021. Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C. Myers. [ ×@inproceedings{cync21, title="Compositional security for reentrant applications", author="Ethan Cecchetti and Siqiu Yao and Haobin Ni and Andrew C. Myers", booktitle="IEEE Symp. on Security and Privacy", url="http://www.cs.cornell.edu/andru/papers/oakland21", month="May", year="2021"} ]
  3. Trust, authority, and information flow in secure distributed systems
    Ph.D. dissertation, Cornell University Department of Computer Science, October 2020. Michael D. George. [ ×@phdthesis{mdg-thesis, title="Trust, authority, and information flow in secure distributed systems", author="Michael D. George", url="http://www.cs.cornell.edu/andru/papers/mdg-thesis.pdf", month="October", year="2020"} ]
  4. Securing smart contracts with information flow

    Information-flow control provides compositional security for smart contracts.

    3rd Int'l Symp. on Foundations and Applications of Blockchain (FAB), April 2020. Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C. Myers. [ ×@inproceedings{cecchetti-fab20, title="Securing smart contracts with information flow", author="Ethan Cecchetti and Siqiu Yao and Haobin Ni and Andrew C. Myers", booktitle="3rd Int'l Symp. on Foundations and Applications of Blockchain (FAB)", url="http://www.cs.cornell.edu/andru/papers/fab20", month="April", year="2020"} ]
  5. Reduced communication for distributed transactions through time-dependent guarantees
    Ph.D. dissertation, Cornell University, August 2019. Tom Magrino. [ ×@phdthesis{magrino-dissertation, title="Reduced communication for distributed transactions through time-dependent guarantees", author="Tom Magrino", url="https://tommagrino.com/papers/dissertation.pdf", month="August", year="2019"} ]
  6. Using information flow to design an ISA that controls timing channels

    Designing an instruction set for secure, timing-sensitive information flow.

    32nd IEEE Computer Security Foundations Symp. (CSF), June 2019. Drew Zagieboylo, G. Edward Suh, and Andrew C. Myers. [ ×@inproceedings{zsm19, title="Using information flow to design an ISA that controls timing channels", author="Drew Zagieboylo and G. Edward Suh and Andrew C. Myers", booktitle="32nd IEEE Computer Security Foundations Symp. (CSF)", url="http://www.cs.cornell.edu/andru/papers/hyperisa", month="June", year="2019"} ]
  7. Efficient, consistent distributed computation with predictive treaties

    Low-coordination semantic consistency via time-dependent predicates

    ACM SIGOPS/EuroSys European Conference on Computer Systems, March 2019. Tom Magrino, Jed Liu, Nate Foster, Johannes Gehrke, and Andrew C. Myers. [ ×@inproceedings{ptreaties, title="Efficient, consistent distributed computation with predictive treaties", author="Tom Magrino and Jed Liu and Nate Foster and Johannes Gehrke and Andrew C. Myers", booktitle="ACM SIGOPS/EuroSys European Conference on Computer Systems", url="http://www.cs.cornell.edu/andru/papers/ptreaties", month="March", year="2019"} ]
  8. Secure autonomous cyber-physical systems through verifiable information flow control

    Software and hardware codesign to improve assurance of cyberphysical systems

    ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC), October 2018. Jed Liu, Joe Corbett-Davies, Andrew Ferraiuolo, Alexander Ivanov, Mulong Luo, G. Edward Suh, Andrew C. Myers, and Mark Campbell. [ ×@inproceedings{cpsspc18, title="Secure autonomous cyber-physical systems through verifiable information flow control", author="Jed Liu and Joe Corbett-Davies and Andrew Ferraiuolo and Alexander Ivanov and Mulong Luo and G. Edward Suh and Andrew C. Myers and Mark Campbell", booktitle="ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)", url="http://www.cs.cornell.edu/andru/papers/cpsspc18", month="October", year="2018"} ]
  9. Hyperflow: A processor architecture for nonmalleable, timing-safe information-flow security

    Information flow helps design a secure processor that controls timing channels

    25th ACM Conf. on Computer and Communications Security (CCS), October 2018. Andrew Ferraiuolo, Mark Zhao, Andrew C. Myers, and G. Edward Suh. [ ×@inproceedings{hyperflow, title="Hyperflow: A processor architecture for nonmalleable, timing-safe information-flow security", author="Andrew Ferraiuolo and Mark Zhao and Andrew C. Myers and Suh, G. Edward", booktitle="25th ACM Conf. on Computer and Communications Security (CCS)", url="http://www.cs.cornell.edu/andru/papers/hyperflow", month="October", year="2018"} ]
  10. Designing hardware to be free of covert channels by construction
    ACM Workshop on Formal Methods in Security, June 2018. Invited talk. Andrew C. Myers. [ ×@misc{fms18-talk, title="Designing hardware to be free of covert channels by construction", author="Andrew C. Myers", url="http://www.cs.cornell.edu/andru/papers/18jun-fms/18jun-fms-myers.pdf", pages="315–316", month="June", note="Invited talk.", year="2018"} ]
  11. Nonmalleable information flow control

    A type system enforcing a dual hyperproperty that constrains the use of endorsement

    24th ACM Conf. on Computer and Communications Security (CCS), pp. 1875–1891, October 2017. Ethan Cecchetti, Andrew C. Myers, and Owen Arden. [ ×@inproceedings{nmifc, title="Nonmalleable information flow control", author="Ethan Cecchetti and Andrew C. Myers and Owen Arden", booktitle="24th ACM Conf. on Computer and Communications Security (CCS)", url="http://www.cs.cornell.edu/andru/papers/nmifc", pages="1875–1891", month="October", year="2017"}TR ]
  12. Nonmalleable information flow control: technical report

    A type system enforcing a dual hyperproperty that constrains the use of endorsement

    Technical report arXiv:1708.08596, Cornell University Computing and Information Science, August 2017. Ethan Cecchetti, Andrew C. Myers, and Owen Arden. [ ×@techreport{nmifc-tr, title="Nonmalleable information flow control: technical report", author="Ethan Cecchetti and Andrew C. Myers and Owen Arden", institution="Cornell University Computing and Information Science", number="arXiv:1708.08596", url="https://arxiv.org/abs/1708.08596", month="August", year="2017"} ]
  13. Secure information flow verification with mutable dependent types

    Fully compile-time enforcement of dependent labels in a security-typed HDL

    54th Design Automation Conference (DAC), June 2017. Andrew Ferraiuolo, Weizhe Hua, Andrew C. Myers, and G. Edward Suh. [ ×@inproceedings{FHMS17, title="Secure information flow verification with mutable dependent types", author="Andrew Ferraiuolo and Weizhe Hua and Andrew C. Myers and G. Edward Suh", booktitle="54th Design Automation Conference (DAC)", url="https://people.ece.cornell.edu/af433/pdf/ferraiuolo-dac-17.pdf", month="June", year="2017"} ]
  14. Fabric: Building open distributed systems securely by construction

    A secure, decentralized, distributed programming system based on information flow control

    J. Computer Security, 25(4–5):319–321, May 2017. Jed Liu, Owen Arden, Michael D. George, and Andrew C. Myers. [ ×@article{jfabric, title="Fabric: Building open distributed systems securely by construction", author="Jed Liu and Owen Arden and Michael D. George and Andrew C. Myers", volume="25", number="4–5", url="http://www.cs.cornell.edu/andru/papers/jfabric", pages="319–321", month="May", year="2017"} ]
  15. Full-processor timing channel protection with applications to secure hardware compartments
    Technical report 1813–41218, Cornell University Computing and Information Science, April 2017. Andrew Ferraiuolo, Yao Wang, Rui Xu, Danfeng Zhang, Andrew C. Myers, and Edward Suh. [ ×@techreport{timing-compartments-tr, title="Full-processor timing channel protection with applications to secure hardware compartments", author="Andrew Ferraiuolo and Yao Wang and Rui Xu and Danfeng Zhang and Andrew C. Myers and Edward Suh", institution="Cornell University Computing and Information Science", number="1813–41218", url="http://hdl.handle.net/1813/41218", month="April", year="2017"} ]
  16. Verification of a practical hardware security architecture through static information flow analysis

    Verifying information flow in an implementation of the TrustZone architecture

    Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS), April 2017. Andrew Ferraiuolo, Rui Xu, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh. [ ×@inproceedings{trustzone-secverilog, title="Verification of a practical hardware security architecture through static information flow analysis", author="Andrew Ferraiuolo and Rui Xu and Danfeng Zhang and Andrew C. Myers and G. Edward Suh", booktitle="Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS)", url="http://www.cs.cornell.edu/andru/papers/trustzone", month="April", year="2017"}SecVerilog project ]
  17. Safe serializable secure scheduling: transactions and the trade-off between security and consistency

    A side channel created by an intrinsic conflict between consistency and security, and a fix

    23rd ACM Conf. on Computer and Communications Security (CCS), pp. 229–241, October 2016. Isaac Sheff, Tom Magrino, Jed Liu, Andrew C. Myers, and Robbert Van Renesse. [ ×@inproceedings{abrtchan, title="Safe serializable secure scheduling: transactions and the trade-off between security and consistency", author="Isaac Sheff and Tom Magrino and Jed Liu and Andrew C. Myers and Robbert Van Renesse", booktitle="23rd ACM Conf. on Computer and Communications Security (CCS)", url="http://www.cs.cornell.edu/andru/papers/abrtchan", pages="229–241", month="October", year="2016"}Fabric project ]
  18. SecDCP: Secure dynamic cache partitioning for efficient timing channel protection

    Timing channels can be prevented efficiently by dynamically partitioning caches.

    53rd Design Automation Conference (DAC), pp. 74:1–74:6, June 2016. Yao Wang, Andrew Ferraiuolo, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh. [ ×@inproceedings{WFZMS16, title="SecDCP: Secure dynamic cache partitioning for efficient timing channel protection", author="Yao Wang and Andrew Ferraiuolo and Danfeng Zhang and Andrew C. Myers and G. Edward Suh", booktitle="53rd Design Automation Conference (DAC)", url="http://www.cs.cornell.edu/andru/papers/dac16", pages="74:1–74:6", month="June", year="2016"} ]
  19. A calculus for flow-limited authorization

    A language that uses information flow to check the code of authorization mechanisms.

    29th IEEE Computer Security Foundations Symp. (CSF), pp. 135–147, June 2016. Owen Arden and Andrew C. Myers. [ ×@inproceedings{flac, title="A calculus for flow-limited authorization", author="Owen Arden and Andrew C. Myers", booktitle="29th IEEE Computer Security Foundations Symp. (CSF)", url="http://www.cs.cornell.edu/andru/papers/flac", pages="135–147", month="June", year="2016"}TR ]
  20. Lattice priority scheduling: low-overhead timing channel protection for a shared memory controller

    Using lattice policies to design a low-overhead memory controller that does not leak information via timing channels.

    22nd IEEE Symp. on High Performance Computer Architecture (HPCA), pp. 382–393, March 2016. Andrew Ferraiuolo, Yao Wang, Danfeng Zhang, Andrew C. Myers, and G. Edward Suh. [ ×@inproceedings{Ferraiuolo16, title="Lattice priority scheduling: low-overhead timing channel protection for a shared memory controller", author="Andrew Ferraiuolo and Yao Wang and Danfeng Zhang and Andrew C. Myers and Suh, G. Edward", booktitle="22nd IEEE Symp. on High Performance Computer Architecture (HPCA)", url="http://www.cs.cornell.edu/andru/papers/hpca16", pages="382–393", month="March", year="2016"} ]
  21. JRIF: reactive information flow control for Java

    Specifying information flow policies with reactive information-flow automata

    Technical report 1813–41194, Cornell University Computing and Information Science, February 2016. Elisavet Kozyri, Owen Arden, Andrew C. Myers, and Fred B. Schneider. [ ×@techreport{jrif-tr, title="JRIF: reactive information flow control for Java", author="Kozyri, Elisavet and Arden, Owen and Myers, Andrew C. and Schneider, Fred B.", institution="Cornell University Computing and Information Science", number="1813–41194", url="https://ecommons.cornell.edu/handle/1813/41194", month="February", year="2016"} ]
  22. Flow-limited authorization
    Ph.D. dissertation, Cornell University, 2016. Owen Arden. [ ×@phdthesis{owen-thesis, title="Flow-limited authorization", author="Owen Arden", url="http://www.cs.cornell.edu/andru/papers/FLA_OwenArden.pdf", year="2016"}Fabric project ]
  23. Building distributed systems with information flow control
    Ph.D. dissertation, Cornell University Department of Computer Science, August 2015. K. Vikram. [ ×@phdthesis{vikram-thesis, title="Building distributed systems with information flow control", author="K. Vikram", url="http://www.cs.cornell.edu/andru/papers/kv-thesis.pdf", month="August", year="2015"}Fabric project ]
  24. Sound and practical methods for full-system timing channel control
    Ph.D. dissertation, Cornell University Department of Computer Science, August 2015. Danfeng Zhang. [ ×@phdthesis{zhangdf-thesis, title="Sound and practical methods for full-system timing channel control", author="Danfeng Zhang", url="http://www.cs.cornell.edu/andru/papers/zhangdf-thesis.pdf", month="August", year="2015"}SecVerilog project ]
  25. Flow-limited authorization

    An expressive logic for reasoning about the interaction between authorization and information flow.

    28th IEEE Computer Security Foundations Symp. (CSF), pp. 569–583, July 2015. Owen Arden, Jed Liu, and Andrew C. Myers. [ ×@inproceedings{flam, title="Flow-limited authorization", author="Owen Arden and Jed Liu and Andrew C. Myers", booktitle="28th IEEE Computer Security Foundations Symp. (CSF)", url="http://www.cs.cornell.edu/andru/papers/flam", pages="569–583", month="July", year="2015"}TRslides ]
  26. Flow-limited authorization: technical report
    Technical report 1813–40138, Cornell University Computing and Information Science, May 2015. Owen Arden, Jed Liu, and Andrew C. Myers. [ ×@techreport{flamtr, title="Flow-limited authorization: technical report", author="Owen Arden and Jed Liu and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="1813–40138", url="http://hdl.handle.net/1813/40138", month="May", year="2015"} ]
  27. A hardware design language for timing-sensitive information-flow security

    SecVerilog: a security-typed hardware design language for building hardware without leaks or timing channels.

    Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 503–516, March 2015. Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. [ ×@inproceedings{zwsm15, title="A hardware design language for timing-sensitive information-flow security", author="Danfeng Zhang and Yao Wang and G. Edward Suh and Andrew C. Myers", booktitle="Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS)", url="http://www.cs.cornell.edu/andru/papers/asplos15", pages="503–516", month="March", year="2015"}SecVerilog projectTR ]
  28. A calculus for flow-limited authorization: technical report
    Technical report 1813–42406, Cornell University Computing and Information Science, February 2015. Owen Arden and Andrew C. Myers. [ ×@techreport{flac-tr, title="A calculus for flow-limited authorization: technical report", author="Owen Arden and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="1813–42406", url="http://hdl.handle.net/1813/42406", month="February", year="2015"} ]
  29. A language-based approach to secure quorum replication

    Quorum replication with information flow control can simultaneously enforce all three core security properties: confidentiality, integrity, and availability.

    9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), August 2014. Lantian Zheng and Andrew C. Myers. [ ×@inproceedings{zm14-plas, title="A language-based approach to secure quorum replication", author="Lantian Zheng and Andrew C. Myers", booktitle="9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS)", url="http://www.cs.cornell.edu/andru/papers/plas14", month="August", year="2014"} ]
  30. Defining and enforcing referential security

    New security properties related to referential integrity and persistence can be soundly enforced by a type system.

    3rd Conf. on Principles of Security and Trust (POST), pp. 199–219, April 2014. Jed Liu and Andrew C. Myers. [ ×@inproceedings{persist, title="Defining and enforcing referential security", author="Liu, Jed and Myers, Andrew C.", booktitle="3rd Conf. on Principles of Security and Trust (POST)", url="http://www.cs.cornell.edu/andru/papers/persist", pages="199–219", month="April", year="2014"}TR ]
  31. A hardware design language for efficient control of timing channels
    Technical report http://hdl.handle.net/1813/36274, Cornell University Computing and Information Science, April 2014. Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. [ ×@techreport{hwtiming14, title="A hardware design language for efficient control of timing channels", author="Danfeng Zhang and Yao Wang and G. Edward Suh and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="http://hdl.handle.net/1813/36274", url="http://hdl.handle.net/1813/36274", month="April", year="2014"} ]
  32. Warranties for faster strong consistency

    Distributed transactions can be sped up by giving clients time-limited invariants on state and computation.

    11th USENIX Symp. on Networked Systems Design and Implementation (NSDI), pp. 513–517, April 2014. Jed Liu, Tom Magrino, Owen Arden, Michael D. George, and Andrew C. Myers. [ ×@inproceedings{warranties, title="Warranties for faster strong consistency", author="Jed Liu and Tom Magrino and Owen Arden and Michael D. George and Andrew C. Myers", booktitle="11th USENIX Symp. on Networked Systems Design and Implementation (NSDI)", url="http://www.cs.cornell.edu/andru/papers/warranties", pages="513–517", month="April", year="2014"}Fabric project ]
  33. A language for securely referencing persistent information in a federated system
    Technical report 1813–35150, Cornell University Computing and Information Science, January 2014. Jed Liu and Andrew C. Myers. [ ×@techreport{persist-TR, title="A language for securely referencing persistent information in a federated system", author="Jed Liu and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="1813–35150", url="http://hdl.handle.net/1813/35150", month="January", year="2014"} ]
  34. How Languages Can Save Distributed Computing
    ACM Principles of Programming Languages, January 2013. Keynote talk. Andrew C. Myers. [ ×@misc{popl13-talk, title="How Languages Can Save Distributed Computing", author="Andrew C. Myers", url="https://dl.acm.org/citation.cfm?id=2429107", pages="315–316", month="January", note="Keynote talk.", year="2013"} ]
  35. Towards a secure federated information system
    Ph.D. dissertation, Cornell University Department of Computer Science, August 2012. Jed Liu. [ ×@phdthesis{liu-thesis, title="Towards a secure federated information system", author="Jed Liu", url="http://www.cs.cornell.edu/andru/papers/jed-liu-dissertation.pdf", month="August", year="2012"} ]
  36. Language-based control and mitigation of timing channels

    A type system bounds timing leakage when programs are run on hardware obeying the right contract.

    ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI), pp. 99–110, June 2012. Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. [ ×@inproceedings{pldi12, title="Language-based control and mitigation of timing channels", author="Danfeng Zhang and Aslan Askarov and Andrew C. Myers", booktitle="ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI)", url="https://www.cs.cornell.edu/andru/papers/pltiming.html", pages="99–110", month="June", year="2012"}SecVerilog project ]
  37. Sharing mobile code securely with information flow control
    IEEE Symp. on Security and Privacy, pp. 191–205, May 2012. Owen Arden, Michael D. George, Jed Liu, K. Vikram, Aslan Askarov, and Andrew C. Myers. [ ×@inproceedings{oakland12, title="Sharing mobile code securely with information flow control", author="Owen Arden and Michael D. George and Jed Liu and K. Vikram and Aslan Askarov and Andrew C. Myers", booktitle="IEEE Symp. on Security and Privacy", url="http://www.cs.cornell.edu/andru/papers/mobile.html", pages="191–205", month="May", year="2012"}Fabric project ]
  38. Predictive mitigation of timing channels in interactive systems
    18th ACM Conf. on Computer and Communications Security (CCS), pp. 563–574, October 2011. Danfeng Zhang, Aslan Askarov, and Andrew C. Myers. [ ×@inproceedings{zam11, title="Predictive mitigation of timing channels in interactive systems", author="Danfeng Zhang and Aslan Askarov and Andrew C. Myers", booktitle="18th ACM Conf. on Computer and Communications Security (CCS)", url="http://www.cs.cornell.edu/andru/papers/gentiming.html", pages="563–574", month="October", year="2011"} ]
  39. Attacker control and impact for confidentiality and integrity
    Logical Methods in Computer Science, 7(3), September 2011. Aslan Askarov and Andrew C. Myers. [ ×@article{am11, title="Attacker control and impact for confidentiality and integrity", author="Aslan Askarov and Andrew C. Myers", volume="7", number="3", url="http://www.cs.cornell.edu/andru/papers/robknowledge-lmcs.pdf", month="September", year="2011"} ]
  40. Predictive black-box mitigation of timing channels
    17th ACM Conf. on Computer and Communications Security (CCS), pp. 297–307, October 2010. Aslan Askarov, Danfeng Zhang, and Andrew C. Myers. [ ×@inproceedings{azm10, title="Predictive black-box mitigation of timing channels", author="Aslan Askarov and Danfeng Zhang and Andrew C. Myers", booktitle="17th ACM Conf. on Computer and Communications Security (CCS)", url="http://www.cs.cornell.edu/andru/papers/timing.html", pages="297–307", month="October", year="2010"} ]
  41. A semantic framework for declassification and endorsement
    19th European Symposium on Programming, pp. 64–84, March 2010. Aslan Askarov and Andrew C. Myers. [ ×@inproceedings{am10, title="A semantic framework for declassification and endorsement", author="Aslan Askarov and Andrew C. Myers", booktitle="19th European Symposium on Programming", url="http://www.cs.cornell.edu/andru/papers/robknowledge.pdf", pages="64–84", month="March", year="2010"} ]
  42. Quantifying information flow with beliefs
    Journal of Computer Security, 17(5):655–701, October 2009. Michael R. Clarkson, Andrew C. Myers, and Fred B. Schneider. [ ×@article{cms09, title="Quantifying information flow with beliefs", author="Michael R. Clarkson and Andrew C. Myers and Fred B. Schneider", volume="17", number="5", url="http://www.cs.cornell.edu/andru/papers/jbelief.pdf", pages="655–701", month="October", year="2009"}TR ]
  43. Fabric: a platform for secure distributed computation and storage
    22nd ACM Symp. on Operating System Principles (SOSP), pp. 321–334, October 2009. Jed Liu, Michael D. George, K. Vikram, Xin Qi, Lucas Waye, and Andrew C. Myers. [ ×@inproceedings{fabric09, title="Fabric: a platform for secure distributed computation and storage", author="Jed Liu and Michael D. George and K. Vikram and Xin Qi and Lucas Waye and Andrew C. Myers", booktitle="22nd ACM Symp. on Operating System Principles (SOSP)", url="http://www.cs.cornell.edu/andru/papers/fabric-sosp09.html", pages="321–334", month="October", year="2009"}Fabric project ]
  44. Quantification and formalization of security
    Ph.D. dissertation, Cornell University Department of Computer Science, August 2009. Michael Clarkson. [ ×@phdthesis{clarkson-thesis, title="Quantification and formalization of security", author="Michael Clarkson", url="http://www.cs.cornell.edu/andru/papers/clarkson_dissertation.pdf", month="August", year="2009"} ]
  45. Building secure web applications with automatic partitioning
    Comm. of the ACM, 52(2):79–87, February 2009. Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. [ ×@article{swift09, title="Building secure web applications with automatic partitioning", author="Stephen Chong and Jed Liu and Andrew C. Myers and Xin Qi and K. Vikram and Lantian Zheng and Xin Zheng", volume="52", number="2", url="http://portal.acm.org/citation.cfm?id=1461949", pages="79–87", month="February", year="2009"} ]
  46. Expressive and enforceable information security policies
    Ph.D. dissertation, Cornell University Department of Computer Science, August 2008. Stephen Chong. [ ×@phdthesis{chong-thesis, title="Expressive and enforceable information security policies", author="Stephen Chong", url="http://people.seas.harvard.edu/~chong/pubs/chong_dissertation.pdf", month="August", year="2008"} ]
  47. End-to-end enforcement of erasure and declassification
    IEEE Computer Security Foundations Symp. (CSF), pp. 98–111, June 2008. Stephen Chong and Andrew C. Myers. [ ×@inproceedings{cm08, title="End-to-end enforcement of erasure and declassification", author="Stephen Chong and Andrew C. Myers", booktitle="IEEE Computer Security Foundations Symp. (CSF)", url="http://www.cs.cornell.edu/andru/papers/enferasure-csf08.pdf", pages="98–111", month="June", year="2008"} ]
  48. Securing nonintrusive web encryption through information flow
    3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), pp. 125–134, June 2008. Lantian Zheng and Andrew C. Myers. [ ×@inproceedings{zm08, title="Securing nonintrusive web encryption through information flow", author="Lantian Zheng and Andrew C. Myers", booktitle="3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS)", url="https://www.cs.cornell.edu/andru/papers/plas08.pdf", pages="125–134", month="June", year="2008"} ]
  49. Civitas: Toward a secure voting system
    IEEE Symp. on Security and Privacy, pp. 354–368, May 2008. Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. [ ×@inproceedings{ccm08, title="Civitas: Toward a secure voting system", author="Michael R. Clarkson and Stephen Chong and Andrew C. Myers", booktitle="IEEE Symp. on Security and Privacy", url="http://www.cs.cornell.edu/andru/papers/civitas.html", pages="354–368", month="May", year="2008"}Civitas project ]
  50. Secure web applications via automatic partitioning
    21st ACM Symp. on Operating System Principles (SOSP), pp. 31–44, October 2007. (SOSP Best Paper Award.) Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. [ ×@inproceedings{swift07, title="Secure web applications via automatic partitioning", author="Stephen Chong and Jed Liu and Andrew C. Myers and Xin Qi and K. Vikram and Lantian Zheng and Xin Zheng", booktitle="21st ACM Symp. on Operating System Principles (SOSP)", url="http://www.cs.cornell.edu/andru/papers/swift-sosp07.pdf", pages="31–44", month="October", year="2007"} ]
  51. SIF: Enforcing confidentiality and integrity in web applications
    16th USENIX Security Symp., August 2007. Stephen Chong, K. Vikram, and Andrew C. Myers. [ ×@inproceedings{sif07, title="SIF: Enforcing confidentiality and integrity in web applications", author="Stephen Chong and K. Vikram and Andrew C. Myers", booktitle="16th USENIX Security Symp.", url="http://www.cs.cornell.edu/andru/papers/sif.pdf", month="August", year="2007"}SIF project ]
  52. Dynamic security labels and static information flow control
    International Journal of Information Security, 6(2–3), March 2007. Lantian Zheng and Andrew C. Myers. [ ×@article{zm07, title="Dynamic security labels and static information flow control", author="Lantian Zheng and Andrew C. Myers", volume="6", number="2–3", url="http://www.cs.cornell.edu/andru/papers/dynlabel-ijis.pdf", month="March", year="2007"} ]
  53. Quantifying information flow with beliefs
    Technical report 2007-2075, Cornell University Computing and Information Science, March 2007. Michael R. Clarkson, Andrew C. Myers, and Fred B. Schneider. [ ×@techreport{cms09-tr, title="Quantifying information flow with beliefs", author="Michael R. Clarkson and Andrew C. Myers and Fred B. Schneider", institution="Cornell University Computing and Information Science", number="2007-2075", url="http://hdl.handle.net/1813/5766", month="March", year="2007"} ]
  54. Making distributed computation secure by construction
    Ph.D. dissertation, Cornell University Department of Computer Science, January 2007. Lantian Zheng. [ ×@phdthesis{zheng-thesis, title="Making distributed computation secure by construction", author="Lantian Zheng", url="http://www.cs.cornell.edu/andru/papers/lantian-thesis.pdf", month="January", year="2007"} ]
  55. Jif 3.0: Java information flow
    Software release, July 2006. Andrew C. Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong, and Nathaniel Nystrom. [ ×@software{jif, title="Jif 3.0: Java information flow", author="Andrew C. Myers and Lantian Zheng and Steve Zdancewic and Stephen Chong and Nathaniel Nystrom", url="http://www.cs.cornell.edu/jif", month="July", year="2006"}Jif project ]
  56. Decentralized robustness
    19th IEEE Computer Security Foundations Workshop (CSFW), pp. 242–253, July 2006. Stephen Chong and Andrew C. Myers. [ ×@inproceedings{cm06, title="Decentralized robustness", author="Stephen Chong and Andrew C. Myers", booktitle="19th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/robdlm.pdf", pages="242–253", month="July", year="2006"} ]
  57. Making distributed computation trustworthy by construction: technical report
    Technical report 2006–2040, Cornell University Computing and Information Science, 2006. Lantian Zheng and Andrew C. Myers. [ ×@techreport{dsimp-tr, title="Making distributed computation trustworthy by construction: technical report", author="Lantian Zheng and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="2006–2040", url="http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2006-2040", year="2006"} ]
  58. Enforcing robust declassification and qualified robustness
    Journal of Computer Security, 14(2):157–196, 2006. Andrew C. Myers, Andrei Sabelfeld, and Steve Zdancewic. [ ×@article{msz06, title="Enforcing robust declassification and qualified robustness", author="Andrew C. Myers and Andrei Sabelfeld and Steve Zdancewic", volume="14", number="2", url="http://www.cs.cornell.edu/andru/papers/robdecl-jcs", pages="157–196", year="2006"} ]
  59. Language-based information erasure
    18th IEEE Computer Security Foundations Workshop (CSFW), pp. 241–254, June 2005. Stephen Chong and Andrew C. Myers. [ ×@inproceedings{cm05, title="Language-based information erasure", author="Stephen Chong and Andrew C. Myers", booktitle="18th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/erasure.pdf", pages="241–254", month="June", year="2005"} ]
  60. End-to-end availability policies and noninterference
    18th IEEE Computer Security Foundations Workshop (CSFW), pp. 272–286, June 2005. Lantian Zheng and Andrew C. Myers. [ ×@inproceedings{zm05, title="End-to-end availability policies and noninterference", author="Lantian Zheng and Andrew C. Myers", booktitle="18th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/avail.pdf", pages="272–286", month="June", year="2005"} ]
  61. Belief in information flow
    18th IEEE Computer Security Foundations Workshop (CSFW), pp. 31–45, June 2005. Michael R. Clarkson, Andrew C. Myers, and Fred B. Schneider. [ ×@inproceedings{cms05, title="Belief in information flow", author="Michael R. Clarkson and Andrew C. Myers and Fred B. Schneider", booktitle="18th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/InfoFlowBelief.pdf", pages="31–45", month="June", year="2005"} ]
  62. End-to-end availability policies and noninterference
    Technical report 2005–1987, Cornell University Computing and Information Science, 2005. Lantian Zheng and Andrew C. Myers. [ ×@techreport{zm05TR, title="End-to-end availability policies and noninterference", author="Lantian Zheng and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="2005–1987", url="http://techreports.library.cornell.edu:8081/Dienst/UI/1.0/Display/cul.cis/TR2005-1987", year="2005"} ]
  63. Security policies for downgrading
    11th ACM Conf. on Computer and Communications Security (CCS), pp. 198–209, October 2004. Stephen Chong and Andrew C. Myers. [ ×@inproceedings{cm04, title="Security policies for downgrading", author="Stephen Chong and Andrew C. Myers", booktitle="11th ACM Conf. on Computer and Communications Security (CCS)", url="http://www.cs.cornell.edu/andru/papers/decl-policy.pdf", pages="198–209", month="October", year="2004"} ]
  64. Dynamic security labels and noninterference
    2nd Workshop on Formal Aspects in Security and Trust (FAST), IFIP TC1 WG1.7, August 2004. Lantian Zheng and Andrew C. Myers. [ ×@inproceedings{zm04, title="Dynamic security labels and noninterference", author="Lantian Zheng and Andrew C. Myers", booktitle="2nd Workshop on Formal Aspects in Security and Trust (FAST), IFIP TC1 WG1.7", url="http://www.cs.cornell.edu/andru/papers/dynlabel.pdf", month="August", year="2004"} ]
  65. Enforcing robust declassification
    17th IEEE Computer Security Foundations Workshop (CSFW), pp. 172–186, June 2004. Andrew C. Myers, Andrei Sabelfeld, and Steve Zdancewic. [ ×@inproceedings{msz04, title="Enforcing robust declassification", author="Andrew C. Myers and Andrei Sabelfeld and Steve Zdancewic", booktitle="17th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/csfw04.pdf", pages="172–186", month="June", year="2004"} ]
  66. A model for delimited release
    2003 International Symposium on Software Security, pp. 174–191, 2004. Andrei Sabelfeld and Andrew C. Myers. [ ×@inproceedings{sm04, title="A model for delimited release", author="Andrei Sabelfeld and Andrew C. Myers", booktitle="2003 International Symposium on Software Security", number="3233", url="http://www.cs.cornell.edu/andru/papers/isss03.pdf", pages="174–191", year="2004"} ]
  67. Dynamic security labels and noninterference
    Technical report 2004–1924, Cornell University Computing and Information Science, 2004. Lantian Zheng and Andrew C. Myers. [ ×@techreport{zm04TR, title="Dynamic security labels and noninterference", author="Lantian Zheng and Andrew C. Myers", institution="Cornell University Computing and Information Science", number="2004–1924", url="http://www.cs.cornell.edu/andru/papers/dynl-tr.pdf", year="2004"} ]
  68. Observational determinism for concurrent program security
    16th IEEE Computer Security Foundations Workshop (CSFW), pp. 29–43, June 2003. Steve Zdancewic and Andrew C. Myers. [ ×@inproceedings{zm03, title="Observational determinism for concurrent program security", author="Steve Zdancewic and Andrew C. Myers", booktitle="16th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/csfw03.pdf", pages="29–43", month="June", year="2003"} ]
  69. Using replication and partitioning to build secure distributed systems
    IEEE Symp. on Security and Privacy, pp. 236–250, May 2003. Lantian Zheng, Stephen Chong, Andrew C. Myers, and Steve Zdancewic. [ ×@inproceedings{zcmz03, title="Using replication and partitioning to build secure distributed systems", author="Lantian Zheng and Stephen Chong and Andrew C. Myers and Steve Zdancewic", booktitle="IEEE Symp. on Security and Privacy", url="http://www.cs.cornell.edu/andru/papers/sp03.pdf", pages="236–250", month="May", year="2003"} ]
  70. Language-based information-flow security
    IEEE Journal on Selected Areas in Communications, 21(1):5–19, January 2003. Andrei Sabelfeld and Andrew C. Myers. [ ×@article{sm-jsac, title="Language-based information-flow security", author="Andrei Sabelfeld and Andrew C. Myers", volume="21", number="1", url="http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf", pages="5–19", month="January", year="2003"} ]
  71. Secure information flow via linear continuations
    Higher-Order and Symbolic Computation, 15(2–3):209–234, September 2002. Steve Zdancewic and Andrew C. Myers. [ ×@article{zm02-hosc, title="Secure information flow via linear continuations", author="Steve Zdancewic and Andrew C. Myers", volume="15", number="2–3", url="http://www.cs.cornell.edu/andru/papers/hosc01.pdf", pages="209–234", month="September", year="2002"} ]
  72. Secure program partitioning
    ACM Trans. on Computer Systems, 20(3):283–328, August 2002. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. [ ×@article{zznm02, title="Secure program partitioning", author="Steve Zdancewic and Lantian Zheng and Nathaniel Nystrom and Andrew C. Myers", volume="20", number="3", url="http://www.cs.cornell.edu/andru/papers/sosp01/spp-tr.pdf", pages="283–328", month="August", year="2002"} ]
  73. Programming languages for information security
    Ph.D. dissertation, Cornell University Department of Computer Science, August 2002. Steve Zdancewic. [ ×@phdthesis{zdance-thesis, title="Programming languages for information security", author="Steve Zdancewic", url="http://www.cis.upenn.edu/~stevez/papers/Zda02.pdf", month="August", year="2002"} ]
  74. Untrusted hosts and confidentiality: secure program partitioning
    18th ACM Symp. on Operating System Principles (SOSP), pp. 1–14, October 2001. (SOSP Best Paper Award.) Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. [ ×@inproceedings{zznm01, title="Untrusted hosts and confidentiality: secure program partitioning", author="Steve Zdancewic and Lantian Zheng and Nathaniel Nystrom and Andrew C. Myers", booktitle="18th ACM Symp. on Operating System Principles (SOSP)", url="http://www.cs.cornell.edu/andru/papers/sosp01/zznm01.pdf", pages="1–14", month="October", year="2001"} ]
  75. Robust declassification
    14th IEEE Computer Security Foundations Workshop (CSFW), pp. 15–23, June 2001. Steve Zdancewic and Andrew C. Myers. [ ×@inproceedings{zm01b, title="Robust declassification", author="Steve Zdancewic and Andrew C. Myers", booktitle="14th IEEE Computer Security Foundations Workshop (CSFW)", url="http://www.cs.cornell.edu/andru/papers/csfw01.pdf", pages="15–23", month="June", year="2001"} ]
  76. Secure information flow and CPS
    10th European Symposium on Programming, pp. 46–61, 2001. Steve Zdancewic and Andrew C. Myers. [ ×@inproceedings{zm01, title="Secure information flow and CPS", author="Steve Zdancewic and Andrew C. Myers", booktitle="10th European Symposium on Programming", volume="2028", url="http://www.cs.cornell.edu/andru/papers/lincont.pdf", pages="46–61", year="2001"} ]
  77. Secure program partitioning
    Technical report 2001–1846, Cornell University Department of Computer Science, 2001. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. [ ×@techreport{zznm01-tr, title="Secure program partitioning", author="Steve Zdancewic and Lantian Zheng and Nathaniel Nystrom and Andrew C. Myers", institution="Cornell University Department of Computer Science", number="2001–1846", url="http://www.cs.cornell.edu/andru/papers/sosp01/spp-tr.pdf", year="2001"} ]
  78. Protecting privacy using the decentralized label model
    ACM Transactions on Software Engineering and Methodology, 9(4):410–442, October 2000. Andrew C. Myers and Barbara Liskov. [ ×@article{ml-tosem, title="Protecting privacy using the decentralized label model", author="Andrew C. Myers and Barbara Liskov", volume="9", number="4", url="http://www.cs.cornell.edu/andru/papers/iflow-tosem.pdf", pages="410–442", month="October", year="2000"} ]
  79. Confidentiality and integrity with untrusted hosts
    Technical report 2000–1810, Computer Science Dept., Cornell University, August 2000. Steve Zdancewic and Andrew C. Myers. [ ×@techreport{zm00TR, title="Confidentiality and integrity with untrusted hosts", author="Steve Zdancewic and Andrew C. Myers", institution="Computer Science Dept., Cornell University", number="2000–1810", url="http://hdl.handle.net/1813/5800", month="August", year="2000"} ]
  80. JFlow: practical mostly-static information flow control
    26th ACM Symp. on Principles of Programming Languages (POPL), pp. 228–241, January 1999. (ACM POPL Most Influential Paper Award, 2009.) Andrew C. Myers. [ ×@inproceedings{myers-popl99, title="JFlow: practical mostly-static information flow control", author="Andrew C. Myers", booktitle="26th ACM Symp. on Principles of Programming Languages (POPL)", url="http://www.cs.cornell.edu/andru/papers/popl99/popl99.pdf", pages="228–241", month="January", year="1999"}slides ]
  81. Mostly-static decentralized information flow control
    Technical report MIT/LCS/TR-783, Massachusetts Institute of Technology, January 1999. (George M. Sprowls Award for outstanding Ph.D. thesis in the MIT EECS department.) Andrew C. Myers. [ ×@techreport{myers-phd-tr-award, title="Mostly-static decentralized information flow control", author="Andrew C. Myers", institution="Massachusetts Institute of Technology", number="MIT/LCS/TR-783", url="http://www.cs.cornell.edu/andru/release/tr783.pdf", month="January", year="1999"} ]
  82. Complete, safe information flow with decentralized labels
    IEEE Symp. on Security and Privacy, pp. 186–197, May 1998. Andrew C. Myers and Barbara Liskov. [ ×@inproceedings{ml-sp98, title="Complete, safe information flow with decentralized labels", author="Andrew C. Myers and Barbara Liskov", booktitle="IEEE Symp. on Security and Privacy", url="http://www.cs.cornell.edu/andru/papers/sp98/sp98.pdf", pages="186–197", month="May", year="1998"} ]
  83. A decentralized model for information flow control
    16th ACM Symp. on Operating System Principles (SOSP), pp. 129–142, October 1997. Andrew C. Myers and Barbara Liskov. [ ×@inproceedings{ml-ifc-97, title="A decentralized model for information flow control", author="Andrew C. Myers and Barbara Liskov", booktitle="16th ACM Symp. on Operating System Principles (SOSP)", url="http://www.cs.cornell.edu/andru/papers/iflow-sosp97/paper.html", pages="129–142", month="October", year="1997"} ]

Sponsors

The development and maintenance of Jif software has been supported by DARPA contracts F30602-98-1-0237 and F30602-99-1-0533, monitored by USAF Rome Laboratory, by ONR Grants N00014-01-1-0968 and N00014-13-1-0089, by NSF grants 0133302, 0208642, 0430161, 0627649, and CCF-0964409, and by AFRL NICECAP Award FA8750-08-2-0079.