Paper announcement: Language-Based Information-Flow Security

We would like to announce the availability of a survey paper on
language-based techniques for the specification and enforcement
of confidentiality properties. The paper is to appear in IEEE
Journal on Selected Areas in Communication.

             Language-Based Information-Flow Security

             Andrei Sabelfeld         Andrew C. Myers

   Current standard security practices do not provide substantial
   assurance that the end-to-end behavior of a computing system
   satisfies important security policies such as confidentiality.  An
   end-to-end confidentiality policy might assert that secret input
   data cannot be inferred by an attacker through the attacker's
   observations of system output; this policy regulates information

   Conventional security mechanisms such as access control and
   encryption do not directly address the enforcement of
   information-flow policies. Recently, a promising new approach has
   been developed: the use of programming-language techniques for
   specifying and enforcing information-flow policies.  In this article
   we survey the past three decades of research on information-flow
   security, particularly focusing on work that uses static program
   analysis to enforce information-flow policies.  We give a structured
   view of recent work in the area and identify some important open

   Keywords: Computer security, confidentiality, information flow,
   noninterference, security-type systems, covert channels,
   security policies, concurrency.

Paper available via

BibTeX file with references made in the survey available via

Comments and suggestions are most welcome.

Best wishes,
Andrei Sabelfeld and Andrew C. Myers