are also referenced under publications, because the
technical report corresponds closely to a published article.
By chronology I mean publication date.
A recursion theorem for predicate transformers on inductive data types, Information Processing Letters 50 (1994) 329-336. (Here is a preprint.)
Predicate transformers and higher order programs, Theoretical Computer Science 150 (1995) 111-159. (Here is a preprint).
Data refinement, call by value, and higher order programs, Formal Aspects of Computing 7 (1995) 652-662.
A categorical model of higher order imperative programming, Mathematical Structures in Computer Science 8, 4 (1998) 351-399. (Here is a preprint).
Calculating Sharp Adaptation Rules, Information Processing Letters 7 (2000) 201-208.
A Weakest Precondition Semantics for Refinement of Object-oriented Programs, with Ana Cavalcanti. In IEEE Transactions on Software Engineering 26, 8 (2000) 713-728. There is an Extended Version, SIT Report 99-03.
Predicate transformer semantics of a higher order imperative language with record subtypes, Science of Computer Programming 41, 1 (2001) 1-51. (Also appeared as SIT Report 9801.)
Soundness of data refinement for a higher order imperative language, Theoretical Computer Science 278 (2002) 271-301. (Also appeared as SIT Report 99-05.)
Ownership Confinement Ensures Representation Independence for Object-oriented Programs, (with Anindya Banerjee), Journal of the ACM 52(6) (2005) 894-960. This supersedes our POPL 2002 paper, improving and extending it to include a static analysis and substantial examples. Additional examples and proofs appear in SIT Report 2004-14 which is slightly revised from the Dec 2002 submission).
Stack-based Access Control for Secure Information Flow, with Anindya Banerjee. In Journal of Functional Programming (2005) 15(2) 131-177, special issue on Language Based Security. This supersedes our CSFW 2002 and CSFW 2003 papers.
Towards imperative modules: Reasoning about invariants and sharing of mutable state, with Mike Barnett. In Theoretical Computer Science 365 (2006) 143-168. This supersedes the version in LICS 2004.
Observational purity and encapsulation, Theoretical Computer Science 376 (2007) 205-224. This supersedes the conference version which appeared in Fundamental Aspects of Software Engineering (FASE) 2005 and was awarded Best Software Science Paper by the EASST at ETAPS 2005. Here are the slides.
On assertion-based encapsulation for object invariants and simulations, Formal Aspects of Computing 19(2) 2007, 205-224. Supersedes the VSTTE position paper 2005.
Refactoring and representation independence for class hierarchies, with Leila Silva and Augusto Sampaio. Theoretical Computer Science 433 (2012) 60-97. This supersedes our FTfJP 2010 paper.
Local Reasoning for Global Invariants, Part I: Region Logic, with Anindya Banerjee and Stan Rosenberg. To appear in Journal of the ACM, 2013.
Local Reasoning for Global Invariants, Part II: Dynamic Boundaries, with Anindya Banerjee. To appear in Journal of the ACM, 2013.
State Based Encapsulation for Modular Reasoning about Behavior-Preserving Refactorings, with Anindya Banerjee. Invited chapter in Aliasing in Object-oriented Programming, Dave Clarke and James Noble and Tobias Wrigstad, eds., Springer State-of-the-art Surveys, 2012.
A common sense management model, IEEE Software, Nov. 1991 (with R.T. Yeh et al.)
Program derivation for freshmen, Proceedings of ACM Conference of the Special Interest Group in Computer Science Education 1994 (with R. Denman, W. Potter, and G. Richter).
Predicate transformer semantics of an Oberon-like language, Proceedings of IFIP TC2 Working Conference on Programming Concepts, Methods and Calculi, E.-R. Olderog, ed., Elsevier (1994) 467-487.
On the essence of Oberon, Proceedings of Conference on Programming Languages and System Architecture, J. Gutknecht, ed., Springer-Verlag (1994) 313-327.
Beyond Fun: order and membership in polytypic imperative programming, Proceedings of Mathematics of Program Construction, Johan Jeuring, ed, Springer-Verlag (1998) 286-314.
Towards squiggly refinement algebra, in Programming Concepts and Methods, David Gries and Willem-Paul de Roever, eds, Chapman and Hall (1998) 346-365.
A weakest precondition semantics for refinement in an object-oriented language, Proceedings of World Congress on Formal Methods, LNCS 1709 (1999) 1439-1459 (with Ana Cavalcanti).
Ideal models for pointwise relational and state-free imperative programming. Proceedings of ACM Principles and Practice of Declarative Programming (2001) 4-15.
Representation Independence, Confinement, and Access Control, Proceedings of ACM Principles of Programming Languages POPL 2002 (with Anindya Banerjee). (Here are slides from POPL and the paper with appendix.)
Forward simulation for data refinement of classes, with Ana Cavalcanti. Proceedings of Formal Methods Europe FME'2002, LNCS 2391, 471-490. There is an Extended Version, SIT Report 2001-4.
On a specification-oriented model for object-orientation, with Ana Cavalcanti. Proceedings of Sixth Brazilian Symposium on Programming Languages, 114-127 (2002).
Secure Information Flow and Pointer Confinement in a Java-like Language, Proceedings of Fifteenth IEEE Computer Security Foundations CSFW (2002) 253-270 (with Anindya Banerjee).
Using Access Control for Secure Information Flow in a Java-like Language, Proceedings of Sixteenth IEEE Computer Security Foundations CSFW (2003) 155-169 (with Anindya Banerjee).
CodeBLUE: a Bluetooth interactive dance club system, with Dennis Hromin, Michael Chladil, Natalie Vanatta, Susanne Wetzel, Farooq Anjum, and Ravi Jain. In IEEE Global Telecommunications Conference GLOBECOM (2003) 2814-2818.
Towards imperative modules: Reasoning about invariants and sharing of mutable state (extended abstract), in IEEE Logic in Computer Science LICS 2004. Here are the slides.
Friends need a bit more: Maintaining invariants over shared state , with Mike Barnett. In Mathematics of Program Construction MPC 2004.
Modular and constraint-based information flow inference for an object-oriented language, with Qi Sun and Anindya Banerjee. In 11th International Static Analysis Symposium SAS 2004.
Observational purity and encapsulation, in Fundamental Aspects of Software Engineering (FASE) 2005. Awarded Best Software Science Paper by the EASST at ETAPS 2005. Here are the slides.
State based ownership, reentrance, and encapsulation, with Anindya Banerjee. In ECOOP 2005, 387-411.
State based ownership, reentrance, and encapsulation, in ECOOP 2005, 387-411 (with Anindya Banerjee).
Verifying a secure information flow analyzer, In Theorem Proving in Higher Order Logics (TPHOLS), 211-226, 2005. Here are the PVS files.
Modular reasoning in object oriented programming, position paper in Verified Softare: Theories, Tools, Technologies (VSTTE) 2005. Here are the slides.
Deriving an Information Flow Checker and certifying compiler for Java, with Gilles Barthe and Tamara Rezk, in 27th IEEE Symposium on Security and Privacy, May 2006 230-242.
Allowing State Changes in Specifications, with Mike Barnett, Wolfram Schulte, and Qi Sun. Invited paper in International Conference on Emerging Trends in Information and Communication Security, 2006.
Category theoretic models of data refinement, with Michael Johnson and John Power. In Electronic Notes in Theoretical Computer Science 225(2) 21-38. Proceedings of Irish Conference on Mathmatical Foundations of Computer Science and Information Technology MFCSIT 2006.
From coupling relations to mated invariants for checking information flow (extended abstract), in ESORICS 2006 (European Symposium on Research in Computer Security), LNCS 4189, 279-296.
Closing internal timing channels by transformation, with Alejandro Russo, John Hughes, and Andrei Sabelfeld, to appear in 11th Asian Computing Science Conference, Tokyo, Dec 2006.
Beyond stack inspection: a unified access-control and information-flow security model, with Marco Pistoia and Anindya Banerjee, in 28th IEEE Symposium on Security and Privacy, May 2007, 149-163.
Modular Verification of Higher-Order Methods with Mandatory Calls Specified by Model Programs, with Steve M. Shaner and Gary T. Leavens. In Object Oriented Programming, Languages, and Systems OOPSLA 2007. (Iowa State University TR-07-04). Awarded Best Student Paper.
Expressive declassification policies and modular static enforcement, with Anindya Banerjee and Stan Rosenberg. In 29th IEEE Symposium on Security and Privacy, May 2008, 339-353.
Regional Logic for Local Reasoning about Global Invariants, with Anindya Banerjee and Stan Rosenberg. In European Conference on Object Oriented Programming, ECOOP 2008. Won the ECOOP 2008 Distinguished Paper Award. Superseded by Local Reasoning for Global Invariants, Part I: Region Logic (see above).
Boogie Meets Regions: a Verification Experience Report, with Anindya Banerjee and Mike Barnett. In Verified Software: Theories, Tools, Experiments, VSTTE 2008. The BoogiePL files can be found here and in the Microsoft Tech Report.
Dynamic Boundaries: Information Hiding by Second Order Framing with First Order Assertions, with Anindya Banerjee. In Programming Languages and Systems, 19th European Symposium on Programming (ESOP) 2010, invited paper. (The version here corrects a bug in the proceedings and includes appendix.)
Information Flow Monitor Inlining, with Andrey Chudnov. In IEEE Computer Security Foundations Symposium, July 2010, 200-214. See also slightly older version with proofs.
Local Reasoning and Dynamic Framing for the Composite Pattern and its Clients, with Stan Rosenberg and Anindya Banerjee. In Verified Software: Theories, Tools, Experiments, VSTTE 2010, LNCS 6217, pages 183-198.
Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols, with François Dupressoir, Andrew D. Gordon, and Jan Jürjens. To appear in IEEE Computer Security Foundations Symposium, July 2011. Extended version as Microsoft MSR-TR-2011-50.
Symbolic Analysis for Security of Roaming Protocols in Mobile Networks [Extended Abstract], with Chunyu Tang and Susanne Wetzel. In 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm), Sept 2011.
Decision Procedures for Region Logic, with Anindya Banerjee and Stan Rosenberg. In 13th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI), January 2012, LNCS 7148, 379-395.
State Based Encapsulation for Modular Reasoning about Behavior-Preserving Refactorings, with Anindya Banerjee. Invited chapter in Aliasing in Object-oriented Programming, Dave Clarke and James Noble and Tobias Wrigstad, eds., Springer State-of-the-art Surveys, 2012.
Simulation and class refinement for Java (with Ana Cavalcanti). In ECOOP 2000 Workshop on Formal Techniques for Java Programs, S. Drossopoulou, S. Eisenbach, B. Jacobs, G.T. Leavens, P. Muller, and A. Poetzsch-Heffter, eds. Technical Report 269, Fernuniversitat Hagen, 2000.
Class refinement for sequential java, with Ana Cavalcanti. In ECOOP 2001 Workshop on Formal Techniques for Java Programs, S. Eisenbach, G.T. Leavens, P. Muller, A. Poetzsch-Heffter, E. Poll, eds.
High assurance for interactive applications in ad hoc networks, with Susanne Wetzel. Proceedings of First International Workshop on Wireless Security Technologies, London, April 2003.
Ownership: transfer, sharing, and encapsulation, with Anindya Banerjee. In ECOOP 2003 Workshop on Formal Techniques for Java Programs, July 2003.
99.44% pure: Useful Abstractions in Specifications, with Mike Barnett, Wolfram Schulte, and Qi Sun. In EC0OP 2004 Workshop on Formal Techniques for Java-like Programs, June 2004.
History-based access control and secure information flow, with Anindya Banerjee, in Proceedings of the workshop on Construction and Analysis of Safe, Secure and Interoperable Smart Cards (CASSIS), May 2004.
Assertion-based encapsulation, invariants and simulations, July 2005 (invited survey paper), in proceedings of Formal Methods for Components and Objects FMCO 2004.
Towards a Logical Account of Declassification (Short Paper), with Anindya Banerjee and Stan Rosenberg, in ACM SIGPLAN workshop on Programming Languages and Analysis for Security 2007, 61-66.
Refactoring and representation independence for class hierarchies [extended abstract], with Leila Silva and Augusto Sampaio. In the 12th ECOOP Workshop on Formal Techniques for Java-like Programs, June 2010.
Items marked with are also referenced under publications, because the
technical report corresponds closely to a published article.
* Predicate transformer semantics of a higher order imperative language with record subtypes, SIT Report 98-01 (1998).
* A Weakest Precondition Semantics for an Object-oriented Language of Refinement, extended version. SIT Report 99-03 (1999) (with Ana Cavalcanti).
* Soundness of data refinement for a higher order imperative language, SIT Report 99-05 (1999).
* Deriving sharp rules of adaptation for Hoare logics, SIT Report 99-06 (1999).
* An ideal model for pointwise relational programming, SIT Report 20-04 (Dec. 2000).
A Static Analysis for Instance-based Confinement in Java, (with Anindya Banerjee) Nov 2001.
A simple semantics and static analysis for Java security, SIT Report 2001-1 (with Anindya Banerjee). (There is also a short version: A simple static analysis for Java security, June 2001 (with Anindya Banerjee).
Patterns, heaps, and imperative lambdas, revised Jan. 2002, from following item.
Patterns and lax lambda laws for relational and imperative programming, SIT Report 2001-2.
* codeBLUE: a Bluetooth interactive dance club system, SIT Report 2002-1 (May 2002) (with Dennis Hromin, Michael Chladil, Natalie Vanatta, Farooq Anjum, and Ravi Jain).
Ownership transfer and abstraction, Kansas State University CIS Tech Report 2004-1, Oct 2003 (with Anindya Banerjee).
Constraint-based secure information flow inference for a Java-like language, Kansas State University CIS Tech Report 2004-2 (with Qi Sun and Anindya Banerjee).
Machine-checked correctness of a secure information flow analyzer (preliminary report), SIT Report CS-2004-10, March 2004. Here are the PVS files.
State based encapsulation and generics, Dec 2004 SIT Report CS-2004-11 (also appears as Kansas State University CIS-TR-2004-5) (with Anindya Banerjee)
Behavioral Subtyping, Specification Inheritance, and Modular Reasoning, July 2006, with Gary Leavens (Iowa State University TR-06-20).
Preliminary Definition of Core JML, Sept 2006, with Gary T. Leavens and Stan Rosenberg. (Stevens Institute of Technology CS Report 2006-07, revised.) See also the PVS source files.
Behavioral Subtyping is Equivalent to Modular Reasoning for Object-oriented Programs, March 2007, with Gary T. Leavens. The technical report is Iowa State University TR-06-36.
* Expressive declassification policies and modular static enforcement, with Anindya Banerjee and Stan Rosenberg, Stevens CS TR-2007-04. A version will appear in 29th IEEE Symposium on Security and Privacy, May 2008.
An admissible second order frame rule in region logic, Mar 2008, Stevens CS TR-2008-02. There is a shorter version.
Theory for Software Verification --DRAFT, Jan 2009.
Analysis of authentication and key establishment in inter-generational mobile telephony (long version), with Chunyu Tang and Susanne Wetzel. Submitted for publication, 2013.
Two-categories and program structure, PhD thesis 1992.