publications: - title: "Static Analysis of Accessed Regions in Recursive Data Structures" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Radu Rugina" link: "https://researchr.org/alias/radu-rugina" year: "2003" doi: "http://link.springer.de/link/service/series/0558/bibs/2694/26940463.htm" links: doi: "http://link.springer.de/link/service/series/0558/bibs/2694/26940463.htm" tags: - "analysis" - "static analysis" - "data-flow" - "data-flow analysis" researchr: "https://researchr.org/publication/ChongR03" cites: 0 citedby: 0 pages: "463-482" booktitle: "SAS" kind: "inproceedings" key: "ChongR03" - title: "Required Information Release" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2010" doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2010.22" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2010.22" dblp: "http://dblp.uni-trier.de/rec/bibtex/conf/csfw/Chong10" researchr: "https://researchr.org/publication/Chong10" cites: 0 citedby: 0 pages: "215-227" booktitle: "csfw" kind: "inproceedings" key: "Chong10" - title: "Provenance: a future history" author: - name: "James Cheney" link: "https://researchr.org/alias/james-cheney" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "J. Nathan Foster" link: "http://www.cs.princeton.edu/~jnfoster/" - name: "Margo I. Seltzer" link: "https://researchr.org/alias/margo-i.-seltzer" - name: "Stijn Vansummeren" link: "https://researchr.org/alias/stijn-vansummeren" year: "2009" doi: "http://doi.acm.org/10.1145/1639950.1640064" links: doi: "http://doi.acm.org/10.1145/1639950.1640064" tags: - "history" researchr: "https://researchr.org/publication/CheneyCFSV09" cites: 0 citedby: 0 pages: "957-964" booktitle: "OOPSLA" kind: "inproceedings" key: "CheneyCFSV09" - title: "Decentralized Robustness" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2006" doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.11" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.11" tags: - "C++" researchr: "https://researchr.org/publication/ChongM06" cites: 0 citedby: 0 pages: "242-256" booktitle: "csfw" kind: "inproceedings" key: "ChongM06" - title: "Using Replication and Partitioning to Build Secure Distributed Systems" author: - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Steve Zdancewic" link: "https://researchr.org/alias/steve-zdancewic" year: "2003" doi: "http://csdl.computer.org/comp/proceedings/sp/2003/1940/00/19400236abs.htm" links: doi: "http://csdl.computer.org/comp/proceedings/sp/2003/1940/00/19400236abs.htm" tags: - "C++" - "partitioning" researchr: "https://researchr.org/publication/ZhengCMZ03" cites: 0 citedby: 0 pages: "236-250" booktitle: "sp" kind: "inproceedings" key: "ZhengCMZ03" - title: "Building secure web applications with automatic partitioning" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Jed Liu" link: "https://researchr.org/alias/jed-liu" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Xin Qi" link: "https://researchr.org/alias/xin-qi" - name: "K. Vikram" link: "https://researchr.org/alias/k.-vikram" - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Xin Zheng" link: "https://researchr.org/alias/xin-zheng" year: "2009" doi: "http://doi.acm.org/10.1145/1461928.1461949" abstract: "Swift is a new, principled approach to building Web applications that are secure by construction. Modern Web applications typically implement some functionality as client-side JavaScript code, for improved interactivity. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of Web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the client browser and Java code running on the server. To improve interactive performance, code and data are placed on the client. However, security-critical code and data are always placed on the server. The compiler may also automatically replicate code across the client and server, to obtain both security and performance." links: doi: "http://doi.acm.org/10.1145/1461928.1461949" tags: - "program partitioning" - "JavaScript" - "secure by construction" - "Java" - "code partitioning" - "functional programming" - "Swift" - "data-flow programming" - "data-flow" - "C++" - "security" - "compiler" - "web applications" - "partitioning" - "systematic-approach" researchr: "https://researchr.org/publication/ChongLMQVZZ09" cites: 0 citedby: 0 journal: "CACM" volume: "52" number: "2" pages: "79-87" kind: "article" key: "ChongLMQVZZ09" - title: "Owned Policies for Information Security" author: - name: "Hubie Chen" link: "https://researchr.org/alias/hubie-chen" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2004" doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2004.15" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2004.15" tags: - "security" researchr: "https://researchr.org/publication/ChenC04%3A10" cites: 0 citedby: 0 pages: "126-138" booktitle: "csfw" kind: "inproceedings" key: "ChenC04:10" - title: "Security policies for downgrading" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2004" doi: "http://doi.acm.org/10.1145/1030083.1030110" abstract: "A long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security policies for downgrading and a security type system that incorporates them, allowing secure downgrading of information through an explicit declassification operation. Examples are given showing that the downgrading policy language captures useful aspects of designer intent. These policies are connected to a semantic security condition that generalizes noninterference, and the type system is shown to enforce this security condition. " links: doi: "http://doi.acm.org/10.1145/1030083.1030110" tags: - "control systems" - "data-flow language" - "type system" - "data-flow" - "C++" - "security" - "security policies" researchr: "https://researchr.org/publication/ChongM04" cites: 0 citedby: 0 pages: "198-209" booktitle: "ccs" kind: "inproceedings" key: "ChongM04" - title: "Scalable extensibility via nested inheritance" author: - name: "Nathaniel Nystrom" link: "https://researchr.org/alias/nathaniel-nystrom" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2004" doi: "http://doi.acm.org/10.1145/1028976.1028986" links: doi: "http://doi.acm.org/10.1145/1028976.1028986" tags: - "C++" researchr: "https://researchr.org/publication/NystromCM04" cites: 0 citedby: 0 pages: "99-115" booktitle: "OOPSLA" kind: "inproceedings" key: "NystromCM04" - title: "Civitas: Toward a Secure Voting System" author: - name: "Michael R. Clarkson" link: "https://researchr.org/alias/michael-r.-clarkson" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2008" doi: "http://doi.ieeecomputersociety.org/10.1109/SP.2008.32" links: doi: "http://doi.ieeecomputersociety.org/10.1109/SP.2008.32" tags: - "C++" researchr: "https://researchr.org/publication/ClarksonCM08" cites: 0 citedby: 0 pages: "354-368" booktitle: "sp" kind: "inproceedings" key: "ClarksonCM08" - title: "Towards Semantics for Provenance Security" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2009" doi: "http://www.usenix.org/events/tapp09/tech/full_papers/chong/chong.pdf" links: doi: "http://www.usenix.org/events/tapp09/tech/full_papers/chong/chong.pdf" tags: - "semantics" - "security" researchr: "https://researchr.org/publication/Chong09" cites: 0 citedby: 0 booktitle: "FAST" kind: "inproceedings" key: "Chong09" - title: "Civitas: A Secure Remote Voting System" author: - name: "Michael E. Clarkson" link: "https://researchr.org/alias/michael-e.-clarkson" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2007" doi: "http://drops.dagstuhl.de/opus/volltexte/2008/1296" links: doi: "http://drops.dagstuhl.de/opus/volltexte/2008/1296" tags: - "C++" - "e-science" researchr: "https://researchr.org/publication/ClarksonCM07" cites: 0 citedby: 0 booktitle: "Dagstuhl" kind: "inproceedings" key: "ClarksonCM07" - title: "Deriving epistemic conclusions from agent architecture" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Ron van der Meyden" link: "https://researchr.org/alias/ron-van-der-meyden" year: "2009" doi: "http://doi.acm.org/10.1145/1562814.1562826" links: doi: "http://doi.acm.org/10.1145/1562814.1562826" tags: - "architecture" researchr: "https://researchr.org/publication/ChongM09-0" cites: 0 citedby: 0 pages: "61-70" booktitle: "tark" kind: "inproceedings" key: "ChongM09-0" - title: "End-to-End Enforcement of Erasure and Declassification" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2008" doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2008.12" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSF.2008.12" tags: - "C++" researchr: "https://researchr.org/publication/ChongM08" cites: 0 citedby: 0 pages: "98-111" booktitle: "csfw" kind: "inproceedings" key: "ChongM08" - title: "Review of type-logical semantics" author: - name: "Riccardo Pucella" link: "https://researchr.org/alias/riccardo-pucella" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2003" doi: "http://doi.acm.org/10.1145/637437.637442" links: doi: "http://doi.acm.org/10.1145/637437.637442" tags: - "semantics" - "reviewing" researchr: "https://researchr.org/publication/PucellaC03" cites: 0 citedby: 0 journal: "sigact" volume: "34" number: "1" pages: "6-17" kind: "article" key: "PucellaC03" - title: "Information-Flow Security for Interactive Programs" author: - name: "Kevin R. O Neill" link: "https://researchr.org/alias/kevin-r.-o-neill" - name: "Michael R. Clarkson" link: "https://researchr.org/alias/michael-r.-clarkson" - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" year: "2006" doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.16" links: doi: "http://doi.ieeecomputersociety.org/10.1109/CSFW.2006.16" tags: - "data-flow programming" - "data-flow" - "security" researchr: "https://researchr.org/publication/ONeillCC06" cites: 0 citedby: 0 pages: "190-201" booktitle: "csfw" kind: "inproceedings" key: "ONeillCC06" - title: "Language-Based Information Erasure" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" year: "2005" doi: "http://dx.doi.org/10.1109/CSFW.2005.19" links: doi: "http://dx.doi.org/10.1109/CSFW.2005.19" tags: - "rule-based" - "C++" researchr: "https://researchr.org/publication/ChongM05" cites: 0 citedby: 0 pages: "241-254" booktitle: "csfw" kind: "inproceedings" key: "ChongM05" - title: "Self-identifying sensor data" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Christian Skalka" link: "https://researchr.org/alias/christian-skalka" - name: "Jeffrey A. Vaughan" link: "https://researchr.org/alias/jeffrey-a.-vaughan" year: "2010" doi: "http://doi.acm.org/10.1145/1791212.1791223" links: doi: "http://doi.acm.org/10.1145/1791212.1791223" dblp: "http://dblp.uni-trier.de/rec/bibtex/conf/ipsn/ChongSV10" tags: - "data-flow" researchr: "https://researchr.org/publication/ChongSV10" cites: 0 citedby: 0 pages: "82-93" booktitle: "ipsn" kind: "inproceedings" key: "ChongSV10" - title: "Secure web application via automatic partitioning" author: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "Jed Liu" link: "https://researchr.org/alias/jed-liu" - name: "Andrew C. Myers" link: "https://researchr.org/alias/andrew-c.-myers" - name: "Xin Qi" link: "https://researchr.org/alias/xin-qi" - name: "K. Vikram" link: "https://researchr.org/alias/k.-vikram" - name: "Lantian Zheng" link: "https://researchr.org/alias/lantian-zheng" - name: "Xin Zheng" link: "https://researchr.org/alias/xin-zheng" year: "2007" doi: "http://doi.acm.org/10.1145/1294261.1294265" abstract: "Swift is a new, principled approach to building web applications that are secure by construction. In modern web applications, some application functionality is usually implemented as client-side code written in JavaScript. Moving code and data to the client can create security vulnerabilities, but currently there are no good methods for deciding when it is secure to do so. Swift automatically partitions application code while providing assurance that the resulting placement is secure and efficient. Application code is written as Java-like code annotated with information flow policies that specify the confidentiality and integrity of web application information. The compiler uses these policies to automatically partition the program into JavaScript code running in the browser, and Java code running on the server. To improve interactive performance, code and data are placed on the client side. However, security-critical code and data are always placed on the server. Code and data can also be replicated across the client and server, to obtain both security and performance. A max-flow algorithm is used to place code and data in a way that minimizes client-server communication. " links: doi: "http://doi.acm.org/10.1145/1294261.1294265" tags: - "program partitioning" - "JavaScript" - "Java" - "functional programming" - "data-flow programming" - "data-flow" - "C++" - "security" - "compiler" - "web applications" - "partitioning" - "systematic-approach" researchr: "https://researchr.org/publication/ChongLMQVZZ07" cites: 33 citedby: 0 pages: "31-44" booktitle: "sosp" kind: "inproceedings" key: "ChongLMQVZZ07" - title: "Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, PLAS 2009, Dublin, Ireland, 15-21 June, 2009" year: "2009" tags: - "programming languages" - "program analysis" - "analysis" - "security" - "programming" researchr: "https://researchr.org/publication/pldi-2009plas" cites: 0 citedby: 0 booktitle: "Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, PLAS 2009, Dublin, Ireland, 15-21 June, 2009" conference: "PLDI" editor: - name: "Stephen Chong" link: "http://people.seas.harvard.edu/~chong/" - name: "David A. Naumann" link: "https://researchr.org/alias/david-a.-naumann" publisher: "ACM" isbn: "978-1-60558-645-8" kind: "proceedings" key: "pldi-2009plas"