Discretionary capability confinement

The schematic protection model: its definition and analysis for acyclic attenuating schemes

Journal of the ACM (JACM)

Design patterns: elements of reusable object-oriented software

Design patterns: elements of reusable object-oriented software

Designing distributed applications with mobile code paradigms

ICSE '97 Proceedings of the 19th international conference on Software engineering

Extensible security architectures for Java

Proceedings of the sixteenth ACM symposium on Operating systems principles

History-based access control for mobile code

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security

Typed memory management in a calculus of capabilities

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

A Linear Time Algorithm for Deciding Subject Security

Journal of the ACM (JACM)

A language extension for expressing constraints on data access

Communications of the ACM

SAFKASI: a security mechanism for language-based systems

ACM Transactions on Software Engineering and Methodology (TOSEM)

Programming semantics for multiprogrammed computations

Communications of the ACM

Confined types in Java

Software—Practice & Experience - Special issue on aliasing in object-oriented systems

Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)

Encapsulating objects with confined types

OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

The Java Programming Language

The Java Programming Language

Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)

Stack inspection: Theory and variants

ACM Transactions on Programming Languages and Systems (TOPLAS)

Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only

ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming

A Language-Based Approach to Security

Informatics - 10 Years Back. 10 Years Ahead.

Constrained Delegation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy

The Confused Deputy: (or why capabilities might have been invented)

ACM SIGOPS Operating Systems Review

A State-Transition Model of Trust Management and Access Control

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations

The Typed Access Matrix Model

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy

IRM Enforcement of Java Stack Inspection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy

A Security Kernel Based on the Lambda-Calculus

A Security Kernel Based on the Lambda-Calculus

Lightweight confinement for featherweight java

OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications

On mutually-exclusive roles and separation of duty

Proceedings of the 11th ACM conference on Computer and communications security

A systematic approach to static access control

ACM Transactions on Programming Languages and Systems (TOPLAS)

A fine-grained, controllable, user-to-user delegation method in RBAC

Proceedings of the tenth ACM symposium on Access control models and technologies

Type-based confinement

Journal of Functional Programming

Implementing multiple protection domains in java

ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference

Language-based information-flow security

IEEE Journal on Selected Areas in Communications