Email from David Rager:

Greetings,

For the interested, a copy of the paper covered during tomorrow's
seminar is available for download here:
http://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf

The abstract reads:
"Current standard security practices do not provide substantial
assurance that the end-to-end behavior of a computing system satisfies
important security policies such as confidentiality. An end-to-end
confidentiality policy might assert that secret input data cannot be
inferred by an attacker through the attacker's observations of system
output; this policy regulates information flow.

Conventional security mechanisms such as access control and encryption
do not directly address the enforcement of information-flow policies.
Recently, a promising new approach has been developed: the use of
programming-language techniques
for specifying and enforcing information-flow policies. In this
article we survey the past three decades of research on
information-flow security, particularly focusing on work that uses
static program analysis to enforce information-flow policies. We
give a structured view of recent work in the area and identify some
important open challenges."

Thanks,
David