Ana Almeida Matos & Gérard Boudol (2009):
On Declassification and the Non-disclosure Policy.
J. Comput. Secur. 17(5),
pp. 549–597,
doi:10.3233/JCS-2009-0355.
Deepak Alur, Dan Malks, John Crupi, Grady Booch & Martin Fowler (2003):
Core J2EE Patterns (Core Design Series): Best Practices and Design Strategies,
2 edition.
Sun Microsystems, Inc.,
Mountain View, CA, USA.
Gregory R. Andrews & Richard P. Reitman (1980):
An Axiomatic Approach to Information Flow in Programs.
ACM Trans. Program. Lang. Syst. 2(1),
pp. 56–76,
doi:10.1145/357084.357088.
Andrew W. Appel (1998):
SSA is Functional Programming.
SIGPLAN Not. 33(4),
pp. 17–20,
doi:10.1145/278283.278285.
Thomas H. Austin & Cormac Flanagan (2009):
Efficient Purely-dynamic Information Flow Analysis.
In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security,
PLAS '09.
ACM,
New York, NY, USA,
pp. 113–124,
doi:10.1145/1554339.1554353.
Thomas H. Austin & Cormac Flanagan (2010):
Permissive Dynamic Information Flow Analysis.
In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,
pp. 3:1–3:12,
doi:10.1145/1814217.1814220.
Luís Caires, Jorge A. Pérez, João Costa Seco, Hugo Torres Vieira & Lúcio Ferrão (2011):
Type-based Access Control in Data-centric Systems.
In: Proceedings of the 20th European Conference on Programming Languages and Systems: Part of the Joint European Conferences on Theory and Practice of Software,
ESOP'11/ETAPS'11.
Springer-Verlag,
Berlin, Heidelberg,
pp. 136–155,
doi:10.1006/inco.1994.1093.
D. Chandra & M. Franz (2007):
Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine.
In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007),
pp. 463–475,
doi:10.1109/ACSAC.2007.37.
Robert Daigneau (2011):
Service Design Patterns: Fundamental Design Solutions for SOAP/WSDL and RESTful Web Services,
1 edition.
Addison-Wesley Professional.
Dorothy E. Denning (1976):
A Lattice Model of Secure Information Flow.
Commun. ACM 19(5),
pp. 236–243,
doi:10.1145/360051.360056.
Dorothy E. Denning & Peter J. Denning (1977):
Certification of Programs for Secure Information Flow.
Commun. ACM 20(7),
pp. 504–513,
doi:10.1145/359636.359712.
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel & Anmol N. Sheth (2014):
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.
Communications of the ACM,
doi:10.1145/2494522.
Úlfar Erlingsson & Fred B. Schneider (2000):
SASI Enforcement of Security Policies: A Retrospective.
In: Proceedings of the 1999 Workshop on New Security Paradigms,
NSPW '99.
ACM,
New York, NY, USA,
pp. 87–95,
doi:10.1145/335169.335201.
Available at http://doi.acm.org/10.1145/335169.335201.
Paulo Jorge Abreu Duarte Ferreira (2012):
MSc Dissertation. Information flow analysis using data-dependent logical propositions..
Faculdade de Ciências e Tecnologia, Universidade Nova de Lisboa.
Jürgen Graf, Martin Hecker & Martin Mohr (2013):
Using JOANA for Information Flow Control in Java Programs - A Practical Guide.
In: Proceedings of the 6th Working Conference on Programming Languages (ATPS'13).
Luísa Lourenço & Luís Caires (2015):
Dependent Information Flow Types.
SIGPLAN Not. 50(1),
pp. 317–328,
doi:10.1145/2775051.2676994.
Maria Luísa Sobreira Gouveia Lourenço (2016):
A type system for value-dependent information flow analysis.
Andrew C. Myers & Barbara Liskov (2003):
Protecting privacy using the decentralized label model.
In: Foundations of Intrusion Tolerant Systems, OASIS 2003,
pp. 89–116,
doi:10.1145/363516.363526.
Andrew C. Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong & Nathaniel Nystrom (2006):
Jif 3.0: Java information flow.
Available at http://www.cs.cornell.edu/jif.
Andrei Sabelfeld & Andrew C. Myers (2003):
Language-based information-flow security.
IEEE Journal on Selected Areas in Communications 21(1),
pp. 5–19,
doi:10.1109/JSAC.2002.806121.
Fred Schneider, Greg Morrisett & Robert Harper (2001):
A Language-Based Approach to Security.
R Vallée-Rai, P Co & E Gagnon (1999):
Soot-a Java bytecode optimization framework.
CASCON.
Stephan Arthur Zdancewic (2002):
Programming Languages for Information Security,
Ithaca, NY, USA.
AAI3063751.
Steve Zdancewic (2004):
Challenges for information-flow security.
Proceedings of the 1st International Workshop on the Programming Language Interference and Dependence (PLID'04).
Jianzhou Zhao, Santosh Nagarakatte, Milo M.K. Martin & Steve Zdancewic (2013):
Formal Verification of SSA-based Optimizations for LLVM.
SIGPLAN Not. 48(6),
pp. 175–186,
doi:10.1145/2499370.2462164.