In language-based security, confidentiality and integrity policies conveniently specify the permitted flows of information between different parts of a program with diverse levels...
Non-interference is a semantical condition on programs that guarantees the absence of illicit information flow throughout their execution, and that can be enforced by appropriate i...
The region calculus of Tofte and Talpin is an annotated polymorphically typed lambda calculus which makes memory allocation and deallocation explicit. It is intended as an interme...
I report on an experience using the Coq proof assistant to develop a program verification tool with a machine-checkable proof of full correctness. The verifier is able to prove me...
We present a model of recursive and impredicatively quantified types with mutable references. We interpret in this model all of the type constructors needed for typed intermediate...
Andrew W. Appel, Christopher D. Richards, Jé...