A. Myers, B. Liskov, "A Decentralized Model for Information Flow Control", in 16th ACM Symposium on Operating Systems Principles (SOSP 1997), pp. 129-142, 1997.

Abstract
This paper presents a new model for controlling information flow in systems with mutual distrust and decentralized authority. The model allows users to share information with distrusted code (e.g., downloaded applets), yet still control how that codedisseminates the shared information to others. The model improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-grained data sharing. The paper also shows how static program analysis can be used to certify proper information flows in this model and to avoid most run-time information flow checks.

http://dx.doi.org/10.1145/268998.266669

http://doi.acm.org.ezproxy.auckland.ac.nz/10.1145/268998.266669


@inproceedings{266669,
  author = {Andrew C. Myers and Barbara Liskov},
  title = {A decentralized model for information flow control},
  booktitle = {SOSP '97: Proceedings of the sixteenth ACM symposium on Operating systems principles},
  year = {1997},
  isbn = {0-89791-916-5},
  pages = {129--142},
  location = {Saint Malo, France},
  doi = {http://doi.acm.org.ezproxy.auckland.ac.nz/10.1145/268998.266669},
  publisher = {ACM Press},
  address = {New York, NY, USA},
 }