publications: - title: "Static Analysis of Accessed Regions in Recursive Data Structures" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Radu Rugina" link: "https://researchr.org/alias/radu-rugina" year: "2003" doi: "http://link.springer.de/link/service/series/0558/bibs/2694/26940463.htm" links: doi: "http://link.springer.de/link/service/series/0558/bibs/2694/26940463.htm" tags: - "analysis" - "static analysis" - "data-flow" - "data-flow analysis" researchr: "https://researchr.org/publication/ChongR03" cites: 0 citedby: 0 pages: "463-482" booktitle: "Static Analysis, 10th International Symposium, SAS 2003, San Diego, CA, USA, June 11-13, 2003, Proceedings" editor: - name: "Radhia Cousot" link: "https://researchr.org/alias/radhia-cousot" volume: "2694" series: "Lecture Notes in Computer Science" publisher: "Springer" isbn: "3-540-40325-6" kind: "inproceedings" key: "ChongR03" - title: "Required Information Release" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2010" doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2010.22" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2010.22" dblp: "http://dblp.uni-trier.de/rec/bibtex/conf/csfw/Chong10" researchr: "https://researchr.org/publication/Chong10" cites: 0 citedby: 0 pages: "215-227" booktitle: "Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, July 17-19, 2010" publisher: "IEEE Computer Society" isbn: "978-0-7695-4082-5" kind: "inproceedings" key: "Chong10" - title: "Provenance: a future history" author: - name: "James Cheney" link: "https://researchr.org/alias/james-cheney" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "J. Nathan Foster" link: "http://www.cs.princeton.edu/~jnfoster/" - name: "Margo I. Seltzer" link: "https://researchr.org/alias/margo-i.-seltzer" - name: "Stijn Vansummeren" link: "https://researchr.org/alias/stijn-vansummeren" year: "2009" doi: "http://doi.acm.org/10.1145/1639950.1640064" links: doi: "http://doi.acm.org/10.1145/1639950.1640064" tags: - "history" researchr: "https://researchr.org/publication/CheneyCFSV09" cites: 0 citedby: 0 pages: "957-964" booktitle: "Companion to the 24th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2009, October 25-29, 2009, Orlando, Florida, USA" editor: - name: "Shail Arora" link: "https://researchr.org/alias/shail-arora" - name: "Gary T. Leavens" link: "https://researchr.org/alias/gary-t.-leavens" publisher: "ACM" isbn: "978-1-60558-768-4" kind: "inproceedings" key: "CheneyCFSV09" - title: "Decentralized Robustness" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2006" doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.11" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.11" tags: - "C++" researchr: "https://researchr.org/publication/ChongM06" cites: 0 citedby: 0 pages: "242-256" booktitle: "19th IEEE Computer Security Foundations Workshop, (CSFW-19 2006), 5-7 July 2006, Venice, Italy" publisher: "IEEE Computer Society" isbn: "0-7695-2615-2" kind: "inproceedings" key: "ChongM06" - title: "Using Replication and Partitioning to Build Secure Distributed Systems" author: - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Steve Zdancewic" link: "https://researchr.org/alias/steve-zdancewic" year: "2003" doi: "http://csdl.computer.org/comp/proceedings/sp/2003/1940/00/19400236abs.htm" links: doi: "http://csdl.computer.org/comp/proceedings/sp/2003/1940/00/19400236abs.htm" tags: - "C++" - "partitioning" researchr: "https://researchr.org/publication/ZhengCMZ03" cites: 0 citedby: 0 pages: "236-250" booktitle: "2003 IEEE Symposium on Security and Privacy (S&P 2003), 11-14 May 2003, Berkeley, CA, USA" publisher: "IEEE Computer Society" isbn: "0-7695-1940-7" kind: "inproceedings" key: "ZhengCMZ03" - title: "Building secure web applications with automatic partitioning" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Jed Liu" link: "https://researchr.org/alias/jed-liu" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Xin Qi" link: "https://researchr.org/alias/xin-qi" - name: "K. Vikram" link: "https://researchr.org/alias/k.-vikram" - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Xin Zheng" link: "https://researchr.org/alias/xin-zheng" year: "2009" doi: "http://doi.acm.org/10.1145/1461928.1461949" abstract: "Swift is a new, principled approach to building Web applications that are secure by construction. Modern Web applications typically implement some functionality as client-side JavaScript code, for improved interactivity. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of Web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the client browser and Java code running on the server. To improve interactive performance, code and data are placed on the client. However, security-critical code and data are always placed on the server. The compiler may also automatically replicate code across the client and server, to obtain both security and performance." links: doi: "http://doi.acm.org/10.1145/1461928.1461949" tags: - "program partitioning" - "JavaScript" - "secure by construction" - "Java" - "code partitioning" - "functional programming" - "Swift" - "data-flow programming" - "data-flow" - "C++" - "security" - "compiler" - "web applications" - "partitioning" - "systematic-approach" researchr: "https://researchr.org/publication/ChongLMQVZZ09" cites: 0 citedby: 0 journal: "Communications of the ACM" volume: "52" number: "2" pages: "79-87" kind: "article" key: "ChongLMQVZZ09" - title: "Owned Policies for Information Security" author: - name: "Hubie Chen" link: "https://researchr.org/alias/hubie-chen" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2004" doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2004.15" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2004.15" tags: - "security" researchr: "https://researchr.org/publication/ChenC04%3A10" cites: 0 citedby: 0 pages: "126-138" booktitle: "17th IEEE Computer Security Foundations Workshop, (CSFW-17 2004), 28-30 June 2004, Pacific Grove, CA, USA" publisher: "IEEE Computer Society" isbn: "0-7695-2169-X" kind: "inproceedings" key: "ChenC04:10" - title: "Security policies for downgrading" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2004" doi: "http://doi.acm.org/10.1145/1030083.1030110" abstract: "A long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation. Examples are given showing that the downgrading policy language captures useful aspects of designer intent. These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition. " links: doi: "http://doi.acm.org/10.1145/1030083.1030110" tags: - "control systems" - "data-flow language" - "type system" - "data-flow" - "C++" - "security" - "security policies" researchr: "https://researchr.org/publication/ChongM04" cites: 0 citedby: 0 pages: "198-209" booktitle: "Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washingtion, DC, USA, October 25-29, 2004" editor: - name: "Vijayalakshmi Atluri" link: "https://researchr.org/alias/vijayalakshmi-atluri" - name: "Birgit Pfitzmann" link: "https://researchr.org/alias/birgit-pfitzmann" - name: "Patrick Drew McDaniel" link: "https://researchr.org/alias/patrick-drew-mcdaniel" publisher: "ACM" isbn: "1-58113-961-6" kind: "inproceedings" key: "ChongM04" - title: "Scalable extensibility via nested inheritance" author: - name: "Nathaniel Nystrom" link: "https://researchr.org/alias/nathaniel-nystrom" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2004" doi: "http://doi.acm.org/10.1145/1028976.1028986" links: doi: "http://doi.acm.org/10.1145/1028976.1028986" tags: - "C++" researchr: "https://researchr.org/publication/NystromCM04" cites: 0 citedby: 0 pages: "99-115" booktitle: "Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2004" editor: - name: "John M. Vlissides" link: "https://researchr.org/alias/john-m.-vlissides" - name: "Douglas C. Schmidt" link: "https://researchr.org/alias/douglas-c.-schmidt" address: "Vancouver, BC, Canada" publisher: "ACM" isbn: "1-58113-831-8" kind: "inproceedings" key: "NystromCM04" - title: "Civitas: Toward a Secure Voting System" author: - name: "Michael R. Clarkson" link: "https://researchr.org/alias/michael-r.-clarkson" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2008" doi: "http://doi.ieeecomputersociety.org/10.1109/SP.2008.32" links: doi: "http://doi.ieeecomputersociety.org/10.1109/SP.2008.32" tags: - "C++" researchr: "https://researchr.org/publication/ClarksonCM08" cites: 0 citedby: 0 pages: "354-368" booktitle: "2008 IEEE Symposium on Security and Privacy (S&P 2008), 18-21 May 2008, Oakland, California, USA" publisher: "IEEE Computer Society" kind: "inproceedings" key: "ClarksonCM08" - title: "Towards Semantics for Provenance Security" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2009" doi: "http://www.usenix.org/events/tapp09/tech/full_papers/chong/chong.pdf" links: doi: "http://www.usenix.org/events/tapp09/tech/full_papers/chong/chong.pdf" tags: - "semantics" - "security" researchr: "https://researchr.org/publication/Chong09" cites: 0 citedby: 0 booktitle: "First Workshop on the Theory and Practice of Provenance, February 23, 2009, San Francisco, CA, USA, Proceedings" editor: - name: "James Cheney" link: "https://researchr.org/alias/james-cheney" publisher: "USENIX" kind: "inproceedings" key: "Chong09" - title: "Civitas: A Secure Remote Voting System" author: - name: "Michael E. Clarkson" link: "https://researchr.org/alias/michael-e.-clarkson" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2007" doi: "http://drops.dagstuhl.de/opus/volltexte/2008/1296" links: doi: "http://drops.dagstuhl.de/opus/volltexte/2008/1296" tags: - "C++" - "e-science" researchr: "https://researchr.org/publication/ClarksonCM07" cites: 0 citedby: 0 booktitle: "Frontiers of Electronic Voting, 29.07. - 03.08.2007" editor: - name: "David Chaum" link: "https://researchr.org/alias/david-chaum" - name: "Miroslaw Kutylowski" link: "https://researchr.org/alias/miroslaw-kutylowski" - name: "Ronald L. Rivest" link: "https://researchr.org/alias/ronald-l.-rivest" - name: "Peter Y. A. Ryan" link: "https://researchr.org/alias/peter-y.-a.-ryan" volume: "07311" series: "Dagstuhl Seminar Proceedings" publisher: "Internationales Begegnungs- und Forschungszentrum fuer Informatik (IBFI), Schloss Dagstuhl, Germany" kind: "inproceedings" key: "ClarksonCM07" - title: "Deriving epistemic conclusions from agent architecture" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Ron van der Meyden" link: "https://researchr.org/alias/ron-van-der-meyden" year: "2009" doi: "http://doi.acm.org/10.1145/1562814.1562826" links: doi: "http://doi.acm.org/10.1145/1562814.1562826" tags: - "architecture" researchr: "https://researchr.org/publication/ChongM09-0" cites: 0 citedby: 0 pages: "61-70" booktitle: "Proceedings of the 12th Conference on Theoretical Aspects of Rationality and Knowledge (TARK-2009), Stanford, CA, USA, July 6-8, 2009" editor: - name: "Aviad Heifetz" link: "https://researchr.org/alias/aviad-heifetz" kind: "inproceedings" key: "ChongM09-0" - title: "End-to-End Enforcement of Erasure and Declassification" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2008" doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2008.12" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2008.12" tags: - "C++" researchr: "https://researchr.org/publication/ChongM08" cites: 0 citedby: 0 pages: "98-111" booktitle: "Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, 23-25 June 2008" publisher: "IEEE Computer Society" isbn: "978-0-7695-3182-3" kind: "inproceedings" key: "ChongM08" - title: "Review of type-logical semantics" author: - name: "Riccardo Pucella" link: "https://researchr.org/alias/riccardo-pucella" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2003" doi: "http://doi.acm.org/10.1145/637437.637442" links: doi: "http://doi.acm.org/10.1145/637437.637442" tags: - "semantics" - "reviewing" researchr: "https://researchr.org/publication/PucellaC03" cites: 0 citedby: 0 journal: "SIGACT News" volume: "34" number: "1" pages: "6-17" kind: "article" key: "PucellaC03" - title: "Information-Flow Security for Interactive Programs" author: - name: "Kevin R. O Neill" link: "https://researchr.org/alias/kevin-r.-o-neill" - name: "Michael R. Clarkson" link: "https://researchr.org/alias/michael-r.-clarkson" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2006" doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.16" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.16" tags: - "data-flow programming" - "data-flow" - "security" researchr: "https://researchr.org/publication/ONeillCC06" cites: 0 citedby: 0 pages: "190-201" booktitle: "19th IEEE Computer Security Foundations Workshop, (CSFW-19 2006), 5-7 July 2006, Venice, Italy" publisher: "IEEE Computer Society" isbn: "0-7695-2615-2" kind: "inproceedings" key: "ONeillCC06" - title: "Language-Based Information Erasure" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2005" doi: "http://dx.doi.org/10.1109/CSFW.2005.19" links: doi: "http://dx.doi.org/10.1109/CSFW.2005.19" tags: - "rule-based" - "C++" researchr: "https://researchr.org/publication/ChongM05" cites: 0 citedby: 0 pages: "241-254" booktitle: "18th IEEE Computer Security Foundations Workshop, (CSFW-18 2005), 20-22 June 2005, Aix-en-Provence, France" publisher: "IEEE Computer Society" isbn: "0-7695-2340-4" kind: "inproceedings" key: "ChongM05" - title: "Self-identifying sensor data" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Christian Skalka" link: "https://researchr.org/alias/christian-skalka" - name: "Jeffrey A. Vaughan" link: "https://researchr.org/alias/jeffrey-a.-vaughan" year: "2010" doi: "http://doi.acm.org/10.1145/1791212.1791223" links: doi: "http://doi.acm.org/10.1145/1791212.1791223" dblp: "http://dblp.uni-trier.de/rec/bibtex/conf/ipsn/ChongSV10" tags: - "data-flow" researchr: "https://researchr.org/publication/ChongSV10" cites: 0 citedby: 0 pages: "82-93" booktitle: "Proceedings of the 9th International Conference on Information Processing in Sensor Networks, IPSN 2010, April 12-16, 2010, Stockholm, Sweden" editor: - name: "Tarek F. Abdelzaher" link: "https://researchr.org/alias/tarek-f.-abdelzaher" - name: "Thiemo Voigt" link: "https://researchr.org/alias/thiemo-voigt" - name: "Adam Wolisz" link: "https://researchr.org/alias/adam-wolisz" publisher: "ACM" isbn: "978-1-60558-988-6" kind: "inproceedings" key: "ChongSV10" - title: "Secure web application via automatic partitioning" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Jed Liu" link: "https://researchr.org/alias/jed-liu" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Xin Qi" link: "https://researchr.org/alias/xin-qi" - name: "K. Vikram" link: "https://researchr.org/alias/k.-vikram" - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Xin Zheng" link: "https://researchr.org/alias/xin-zheng" year: "2007" doi: "http://doi.acm.org/10.1145/1294261.1294265" abstract: "Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the browser, and Java code running on the server. To improve interactive performance, code and data are placed on the client side. However, security-critical code and data are always placed on the server. Code and data can also be replicated across the client and server, to obtain both security and performance. A max-flow algorithm is used to place code and data in a way that minimizes client-server communication. " links: doi: "http://doi.acm.org/10.1145/1294261.1294265" tags: - "program partitioning" - "JavaScript" - "Java" - "functional programming" - "data-flow programming" - "data-flow" - "C++" - "security" - "compiler" - "web applications" - "partitioning" - "systematic-approach" researchr: "https://researchr.org/publication/ChongLMQVZZ07" cites: 33 citedby: 0 pages: "31-44" booktitle: "Proceedings of the 21st ACM Symposium on Operating Systems Principles 2007, SOSP 2007, Stevenson, Washington, USA, October 14-17, 2007" editor: - name: "Thomas C. Bressoud" link: "https://researchr.org/alias/thomas-c.-bressoud" - name: "M. Frans Kaashoek" link: "https://researchr.org/alias/m.-frans-kaashoek" publisher: "ACM" isbn: "978-1-59593-591-5" kind: "inproceedings" key: "ChongLMQVZZ07" - title: "Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, PLAS 2009, Dublin, Ireland, 15-21 June, 2009" year: "2009" tags: - "programming languages" - "program analysis" - "analysis" - "security" - "programming" researchr: "https://researchr.org/publication/pldi-2009plas" cites: 0 citedby: 0 booktitle: "Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, PLAS 2009, Dublin, Ireland, 15-21 June, 2009" conference: "PLDI" editor: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "David A. Naumann" link: "https://researchr.org/alias/david-a.-naumann" publisher: "ACM" isbn: "978-1-60558-645-8" kind: "proceedings" key: "pldi-2009plas"