Publications by Stephen Chong
Conference and highly-selective workshop publications
- Making Formulog Fast: An Argument for Unconventional Datalog Evaluation
.
Proceedings of the 2024 ACM SIGPLAN International Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), October 2024.
Distinguished Artifact Award.
[ Abstract | PDF | arXiv | BibTeX ] - Parallel Assembly Synthesis
.
Logic-Based Program Synthesis and Transformation: 34th International Symposium (LOPSTR), pages 3–26, September 2024.
[ Abstract | PDF | BibTeX ] - Guess & Sketch: Language Model Guided Transpilation
.
The Twelfth International Conference on Learning Representations (ICLR), June 2024.
[ Abstract | OpenReview | Poster PDF | BibTeX ] - Expressive Authorization Policies using Computation Principals
.
Proceedings of the 28th ACM on Symposium on Access Control Models and Technologies (ACM SACMAT), June 2023.
[ Abstract | BibTeX | DOI ] - Quantitative Robustness Analysis of Sensor Attacks on Cyber-Physical Systems
.
26th ACM International Conference on Hybrid Systems: Computation and Control (HSCC), May 2023.
[ Abstract | PDF | BibTeX ] - From SMT to ASP: Solver-Based Approaches to Solving Datalog Synthesis-as-Rule-Selection Problems
.
Proceedings of the 50th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2023.
[ Abstract | PDF | BibTeX ] - Fast Incremental PEG Parsing
.
Proceedings of the 14th ACM SIGPLAN International Conference on Software Language Engineering (SLE), October 2021.
(Best Research Paper Award)
[ Abstract | PDF | BibTeX ] - Assuage: Assembly Synthesis Using a Guided Exploration
.
Proceedings of the 34th ACM Symposium on User Interface Software and Technology (UIST), October 2021.
[ Abstract | PDF | BibTeX ] - Relational Analysis of Sensor Attacks on Cyber-Physical Systems
.
Proceedings of the 34th IEEE Computer Security Foundations Symposium (CSF), June 2021.
[ Abstract | PDF | BibTeX ] - Coupled Relational Symbolic Execution for Differential Privacy
.
European Symposium on Programming (ESOP), March 2021.
[ Abstract | arXiv | BibTeX ] - Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages
.
Proceedings of the 2021 IEEE Symposium on Security and Privacy (Oakland), May 2021.
[ Abstract | PDF | Implementation | Coq formalization | BibTeX ] - Formulog: Datalog for SMT-based Static Analysis
.
Proceedings of the 2020 ACM SIGPLAN International Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), November 2020.
[ Abstract | PDF | BibTeX | Artifact | Extended version | Web site ] - Fine-Grained, Language-Based Access Control for Database-Backed Applications
.
The Art, Science, and Engineering of Programming 4(2), March 2020.
[ Abstract | PDF | BibTeX | DOI ] - Trials and Tribulations in Synthesizing Operating Systems
.
Proceedings of the 10th Workshop on Programming Languages and Operating Systems (PLOS), October 2019.
[ Abstract | PDF | BibTeX ] - Relational Symbolic Execution
.
Proceedings of the 21st International Symposium on Principles and Practice of Declarative Programming (PPDP), October 2019.
[ Abstract | PDF | BibTeX ] - Machine Learning-Enabled Adaptation of Information Fusion Software Systems
.
22nd International Conference on Information Fusion, pages 1–7, July 2019.
[ DOI | BibTeX ] - Information Flow Control for Distributed Trusted Execution Environments
.
Proceedings of the 32nd IEEE Computer Security Foundations Symposium (CSF), June 2019.
[ Abstract | PDF | BibTeX ] - Programming with Flow-Limited Authorization: Coarser is Better
.
4th IEEE European Symposium on Security and Privacy (EuroS&P), June 2019.
[ Abstract | PDF | BibTeX ] - Adapting Autonomous Ocean Vehicle Software Systems to Changing Environments
.
OCEANS 2018 MTS/IEEE Charleston, pages 1–6, October 2018.
[ DOI | BibTeX ] - Cryptographically Secure Information Flow Control on Key-Value Stores
.
Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS), November 2017.
[ Abstract | PDF | arXiv (with proofs) | BibTeX ] - Whip: Higher-Order Contracts for Modern Services
.
Proceedings of the 22nd ACM SIGPLAN International Conference on Functional Programming (ICFP), September 2017.
[ Abstract | PDF | Web site | BibTeX ] - Automatic Enforcement of Expressive Security Policies using Enclaves
.
Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), October 2016.
[ Abstract | PDF | Technical Report | BibTeX ] - Extensible Access Control with Authorization Contracts
.
Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), October 2016.
[ Abstract | PDF | Technical Report | BibTeX ] - A Progress-Sensitive Flow-Sensitive Inlined Information-Flow Control Monitor
.
Proceedings of the 31st IFIP TC 11 International Information Security and Privacy Conference (IFIP SEC), pages 352–366, May 2016.
[ Abstract | PDF | BibTeX ] - Precise, Dynamic Information Flow for Database-Backed Applications
.
Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2016.
[ Abstract | PDF | BibTeX ] - Correct Audit Logging: Theory and Practice
.
5th International Conference on Principles of Security and Trust (POST), April 2016.
[ Abstract | PDF | BibTeX ] - It’s My Privilege: Controlling Downgrading in DC-Labels
.
Proceedings of the 11th International Workshop on Security and Trust Management (STM), September 2015.
[ Abstract | PDF | BibTeX ] - Hybrid Monitors for Concurrent Noninterference
.
Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF), July 2015.
[ Abstract | PDF | Technical Report | BibTeX ] - Cryptographic Enforcement of Language-Based Erasure
.
Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF), July 2015.
[ Abstract | PDF | GitHub | BibTeX ] - Exploring and Enforcing Security Guarantees via Program Dependence Graphs
.
Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 291–302, June 2015.
[ Abstract | PDF | Video abstract | Software | BibTeX ] - Shill: A Secure Shell Scripting Language
.
11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2014.
[ Abstract | PDF | Shill web site | OSDI presentation | BibTeX ] - Declarative Policies for Capability Control
.
Proceedings of the 27th IEEE Computer Security Foundations Symposium (CSF), June 2014.
[ Abstract | PDF | BibTeX ] - Truthful Mechanisms for Agents that Value Privacy
.
Proceedings of the 14th ACM Conference on Electronic Commerce (EC), June 2013.
[ Abstract | PDF | BibTeX ] - Asynchronous Functional Reactive Programming for GUIs
.
Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 411–422, June 2013.
[ Abstract | Elm web site | PDF | BibTeX ] - Towards Fully Automatic Placement of Security Sanitizers and Declassifiers
.
Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 385–398, January 2013.
[ Abstract | PDF | BibTeX ] - Towards a Practical Secure Concurrent Language
.
Proceedings of the 25th Annual ACM SIGPLAN Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), pages 57–74, October 2012.
[ Abstract | PDF | Technical Report | BibTeX ] - Precise Enforcement of Progress-Sensitive Security
.
Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pages 881–893, October 2012.
Errata: This PDF corrects a typo in the typing rule for While that is present in the archival CCS version of the paper.
[ Abstract | PDF | BibTeX ] - Learning is Change in Knowledge: Knowledge-based Security for Dynamic Policies
.
Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF), pages 308–322, June 2012.
[ Abstract | PDF | Technical Report | BibTeX ] - Static Analysis for Efficient Hybrid Information-Flow Control
.
Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF), pages 146–160, June 2011.
[ Abstract | PDF | Technical Report | BibTeX ] - Inference of Expressive Declassification Policies
.
Proceedings of the 2011 IEEE Symposium on Security and Privacy (Oakland), pages 180–195, May 2011.
[ Abstract | PDF | BibTeX ] - Required Information Release
.
Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF), pages 215–227, July 2010.
[ PDF | Technical Report | BibTeX ] - Self-Identifying Sensor Data
.
Proceedings of the Ninth International Conference on Information Processing in Sensor Networks (IPSN), pages 82–93, April 2010.
[ PDF | Journal version | BibTeX ] - Deriving Epistemic Conclusions from Agent Architecture
.
Proceedings of the Twelfth Conference on Theoretical Aspects of Rationality and Knowledge (TARK), pages 61–70, July 2009.
[ PDF | BibTeX ] - End-to-End Enforcement of Erasure and Declassification
.
Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF), pages 98–111, June 2008.
[ Abstract | PDF | Technical Report | BibTeX ] - Civitas: Toward a Secure Voting System
.
Proceedings of the 2008 IEEE Symposium on Security and Privacy (Oakland), pages 354–368, May 2008.
[ PDF | Technical Report | Web site | BibTeX ] - Secure Web Applications via Automatic Partitioning
.
Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP), pages 31–44, October 2007.
(Best paper award.)
[ PDF | Web site | BibTeX ] - SIF: Enforcing Confidentiality and Integrity in Web Applications
.
Proceedings of the 16th USENIX Security Symposium, pages 1–16, August 2007.
[ PDF | Web site | BibTeX ] - Decentralized Robustness
.
Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW), pages 242–253, July 2006.
[ PDF | PS | Slides (ppt) | BibTeX ] - Information-Flow Security for Interactive Programs
.
Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW), pages 190–201, July 2006.
[ PDF | PS | Technical Report | BibTeX ] - Language-Based Information Erasure
.
Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW), pages 241–254, June 2005.
[ PDF | PS | BibTeX ] - Security Policies for Downgrading
.
Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS), pages 189–209, October 2004.
[ PDF | PS | BibTeX ] - Scalable Extensibility via Nested Inheritance
.
Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), pages 99–115, October 2004.
[ PDF | PS | Technical Report | Web site | BibTeX ] - Owned Policies for Information Security
.
Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW), pages 126–138, June 2004.
[ PDF | PS | Slides (ppt) | BibTeX ] - Static Analysis of Accessed Regions in Recursive Data Structures
.
Proceedings of the 10th International Static Analysis Symposium (SAS), June 2003.
[ PDF | PS | Slides (PDF) | BibTeX ] - Using Replication and Partitioning to Build Secure Distributed Systems
.
Proceedings of the 2003 IEEE Symposium on Security and Privacy (Oakland), pages 236–250, May 2003.
[ PDF | BibTeX ]
Workshop papers
- Formulog: Datalog + SMT + FP
.
Proceedings of the 4th International Workshop on the Resurgence of Datalog in Academia and Industry (Datalog 2.0), September 2022.
[ Abstract | PDF | BibTeX ] - Using architecture to reason about information security
.
Proceedings of the 6th Layered Assurance Workshop (LAW), pages 1–11, 2012.
[ Abstract | BibTeX ] - A More Precise Security Type System for Dynamic Security Tests
.
Proceedings of the ACM SIGPLAN Fifth Workshop on Programming Languages and Analysis for Security (PLAS), June 2010.
[ PDF | Technical Report | BibTeX ] - Provenance: A Future History
.
Companion to the 24th Annual ACM SIGPLAN Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications: Onward! Session (OOPSLA Onward!), pages 957–964, October 2009.
[ PDF | BibTeX ] - Towards Semantics for Provenance Security
.
Proceedings of the 1st Workshop on the Theory and Practice of Provenance (TaPP), February 2009.
[ PDF | Slides (PDF) | BibTeX ] - A Framework for Creating Natural Language User Interfaces for Action-Based Applications
.
Proceedings of the Third International AMAST Workshop on Algebraic Methods in Language Processing, TWLT Report 21 (AMiLP-3), August 2003.
[ PDF | BibTeX ]
Journal articles
- Towards Porting Operating Systems with Program Synthesis
.
ACM Transactions on Programming Languages and Systems, September 2022.
[ Abstract | PDF | BibTeX | DOI ] - Expressing Information Flow Properties
.
Foundations and Trends in Privacy and Security 3(1):1–102, 2022.
[ Abstract | PDF | BibTeX | Publisher website ] - A Progress-Sensitive Flow-Sensitive Inlined Information-Flow Control Monitor
.
Computers & Security 71:114–131, November 2017.
[ Abstract | PDF | BibTeX ] - Truthful Mechanisms for Agents That Value Privacy
.
ACM Transactions on Economics and Computation 4(3):13:1–13:30, 2016.
[ BibTeX ] - Using Architecture to Reason about Information Security
.
ACM Transactions on Information and System Security 18(2), December 2015.
[ Abstract | ACM DL | BibTeX ] - Self-Identifying Data for Fair Use
.
Journal of Data and Information Quality 5(3), December 2014.
[ Abstract | BibTeX ] - Required Information Release
.
Journal of Computer Security 20(6):637–676, 2012.
[ Abstract | IOS Press | BibTeX ]
Technical reports and manuscripts
- Formalizing Privacy Laws for License Generation and Data Repository Decision Automation
.
October 2019.
[ Abstract | arXiv | BibTeX ] - Automatic Enforcement of Expressive Security Policies using Enclaves
.
Harvard University Technical Report TR-02-16, 2016.
[ DASH | BibTeX ] - Extensible Access Control with Authorization Contracts
.
Harvard University Technical Report TR-03-16, 2016.
[ DASH | BibTeX ] - Report on the NSF Workshop on Formal Methods for Security
.
August 2016.
[ Abstract | Summary | Full Report (ACM DL) | Full Report (arXiv) | BibTeX ] - Higher-order Behavioral Contracts for Distributed Components
.
Harvard University Technical Report TR-03-15, 2015.
[ DASH | BibTeX ] - Global and Local Monitors to Enforce Noninterference in Concurrent Programs
.
Harvard University Technical Report TR-02-15, 2015.
[ Abstract | PDF | BibTeX ] - Exploring and Enforcing Application Security Guarantees via Program Dependence Graphs
.
Harvard University Technical Report TR-04-14, 2014.
[ Abstract | PDF | BibTeX ] - Enforcing Language Semantics Using Proof-Carrying Data
.
August 2013.
http://eprint.iacr.org/2013/513
[ Abstract | IACR ePrint Archive | BibTeX ] - Towards a Practical Secure Concurrent Language
.
Harvard University Technical Report TR-05-12, August 2012.
[ PDF | BibTeX ] - Learning is Change in Knowledge: Knowledge-based Security for Dynamic Policies
.
Harvard University Technical Report TR-02-12, 2012.
[ PDF | BibTeX ] - Static Analysis for Efficient Hybrid Information-Flow Control
.
Harvard University Technical Report TR-05-11, May 2011.
[ PDF | BibTeX ] - Required Information Release
.
Harvard University Technical Report TR-04-10, April 2010.
[ PDF | BibTeX ] - A More Precise Security Type System for Dynamic Security Tests
.
Harvard University Technical Report TR-05-10, June 2010.
[ PDF | BibTeX ] - Secure Web Applications via Automatic Partitioning
.
Communications of the ACM 52(2):79–87, February 2009.
[ ACM Portal | BibTeX ] - Expressive and Enforceable Information Security Policies
.
Ph.D. thesis, Cornell University, August 2008.
[ PDF | BibTeX ] - Civitas: Toward a Secure Voting System
.
Cornell University Computing and Information Science Technical Report 2007-2081, May 2008.
[ URI | BibTeX ] - End-to-End Enforcement of Erasure and Declassification
.
Cornell University Computing and Information Science Technical Report http://hdl.handle.net/1813/10504, April 2008.
[ URI | BibTeX ] - Information-Flow Security for Interactive Programs
.
Cornell University Computing and Information Science Technical Report 2006-2022, April 2006.
[ URI | BibTeX ] - Scalable Extensibility via Nested Inheritance
.
Cornell University Computing and Information Science Technical Report 2004-1940, 2004.
[ PDF | BibTeX ] - Word Alignment of Proof Verbalizations Using Generative Statistical Models
.
Cornell University Computer Science Department Technical Report 2002-1864, May 2002.
[ PDF | PS | BibTeX ]
Books
- Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security
.
ACM, June 2009. ISBN 978-1-60558-645-8.
[ BibTeX ]
Distributing papers
The papers available here have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.