Selected Papers by Geoffrey Smith

The materials on this page are based upon work supported by the National Science Foundation under Grant Nos. CNS-1749014, CNS-1116318, CNS-0831114, HRD-0317692, CCR-990951, CCR-9612176, and CCR-9596113. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

This group of papers considers the area of secure information flow, which is concerned with preventing systems from leaking information about their secret inputs to their publicly-observable outputs. Through about 2006, the emphasis was on ensuring noninterference, which roughly means that there is no leakage at all. More recent work has focused on quantitative information flow, with the goal of ensuring that the amount of leakage is in some sense small.

The Science of Quantitative Information Flow, Mário S. Alvim, Konstantinos Chatzikokolakis, Annabelle McIver, Carroll Morgan, Catuscia Palamidessi, and Geoffrey Smith (Springer International Publishing, Information Security and Cryptography series, September 2020).
Refinement Metrics for Quantitative Information Flow, Konstantinos Chatzikokolakis and Geoffrey Smith, in The Art of Modelling Computational Systems: A Journey from Logic and Concurrency to Security and Privacy: Essays Dedicated to Catuscia Palamidessi on the Occasion of Her 60th Birthday , LNCS, volume 11760, pp. 397-416, November 2019.
Quantifying Information Leakage of Deterministic Encryption, Mireya Jurado and Geoffrey Smith, in Proc. CCSW'19: 2019 Cloud Computing Security Workshop, London, UK, November 2019.
An axiomatization of information flow measures, Mário S. Alvim, Konstantinos Chatzikokolakis, Annabelle McIver, Carroll Morgan, Catuscia Palamidessi, and Geoffrey Smith, Theoretical Computer Science, vol. 777, pp. 32-54, July 2019.
Tight Bounds on Information Leakage from Repeated Independent Runs, David M. Smith and Geoffrey Smith, in Proc. CSF 2017: 30th IEEE Computer Security Foundations Symposium, pp. 318-327, Santa Barbara, California, August 2017.
Axioms for Information Leakage, Mário S. Alvim, Konstantinos Chatzikokolakis, Annabelle McIver, Carroll Morgan, Catuscia Palamidessi, and Geoffrey Smith, in Proc. CSF 2016: 29th IEEE Computer Security Foundations Symposium, pp. 77-92, Lisbon, Portugal, June 2016.
Correlated Secrets in Quantitative Information Flow, Nicolás E. Bordenabe and Geoffrey Smith, in Proc. CSF 2016: 29th IEEE Computer Security Foundations Symposium, pp. 93-104, Lisbon, Portugal, June 2016.
Recent Developments in Quantitative Information Flow (Invited Tutorial), Geoffrey Smith, in Proc. LICS 2015: 30th ACM/IEEE Symposium on Logic in Computer Science, pp. 23-31, Kyoto, Japan, July 2015.
Additive and multiplicative notions of leakage, and their capacities, Mário S. Alvim, Konstantinos Chatzikokolakis, Annabelle McIver, Carroll Morgan, Catuscia Palamidessi, and Geoffrey Smith, in Proc. CSF 2014: 27th IEEE Computer Security Foundations Symposium, pp. 308-322, Vienna, Austria, July 2014.
Abstract Channels and their Robust Information-Leakage Ordering, Annabelle McIver, Carroll Morgan, Geoffrey Smith, Barbara Espinoza, and Larissa Meinicke, in Proc. POST 2014: 3rd Conference on Principles of Security and Trust, pp. 83-102, Grenoble, France, April 2014.
Faster Two-Bit Pattern Analysis of Leakage, Ziyuan Meng and Geoffrey Smith, in Proc. QASA 2013: 2nd International Workshop on Quantitative Aspects of Security Assurance, Royal Holloway, University of London, September 2013.
Min-Entropy as a Resource, Barbara Espinoza and Geoffrey Smith, Information and Computation (Special Issue on Information Security as a Resource), vol. 226, pp. 57-75, April 2013. (Published version, copyright 2013 Elsevier Inc., can be accessed here.)
Measuring Information Leakage using Generalized Gain Functions, Mário S. Alvim, Kostas Chatzikokolakis, Catuscia Palamidessi, and Geoffrey Smith, in Proc. CSF 2012: 25th IEEE Computer Security Foundations Symposium, pp. 265-279, Harvard University, Cambridge, MA, June 2012.
Nontermination and Secure Information Flow, Geoffrey Smith and Rafael Alpízar, in Mathematical Structures in Computer Science (Special Issue on Programming Language Interference and Dependence), D. Clark, R. Giacombazzi, and C. Mu (Eds.), volume 21, issue 06, pp. 1183-1205, December 2011. (Published version, copyright Cambridge University Press 2011, can be accessed here.)
Min-Entropy Leakage of Channels in Cascade, Barbara Espinoza and Geoffrey Smith, in Proc. FAST 2011: 8th International Workshop on Formal Aspects of Security and Trust, Leuven, Belgium, September 2011.
Quantifying Information Flow Using Min-Entropy, Geoffrey Smith, an invited paper in Proc. QEST 2011: 8th International Conference on Quantitative Evaluation of SysTems, pp. 159-167, Aachen, Germany, September 2011.
Calculating Bounds on Information Leakage Using Two-Bit Patterns, Ziyuan Meng and Geoffrey Smith, in Proc. PLAS 2011: Sixth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, San Jose, California, June 2011.
Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks, Boris Köpf and Geoffrey Smith, in Proc. CSF 2010: 23rd IEEE Computer Security Foundations Symposium, pp. 44-56, Edinburgh, UK, July 2010.
Computing the Leakage of Information-Hiding Systems, Miguel E. Andrés, Catuscia Palamidessi, Peter van Rossum, and Geoffrey Smith, in Proc. TACAS 2010: Sixteenth International Conference on Tools and Algorithms for the Construction and Analysis of Systems, J. Esparza and R. Majumdar (Eds.), LNCS 6015, pp. 373-389, Paphos, Cyprus, March 2010.
Secure Information Flow for Distributed Systems, Rafael Alpízar and Geoffrey Smith, in Proc. 6th International Workshop on Formal Aspects of Security and Trust (FAST2009), P. Degano and J. Guttman (Eds.), LNCS 5983, pp. 126-140, Eindhoven, the Netherlands, November 2009.
On the Foundations of Quantitative Information Flow, Geoffrey Smith, in Proc. FOSSACS 2009: Twelfth International Conference on Foundations of Software Science and Computation Structures, LNCS 5504, pp. 288-302, York, UK, March 2009.
Adversaries and Information Leaks, Geoffrey Smith, a tutorial paper in Gilles Barthe and Cédric Fournet, editors, TGC 2007 (Trustworthy Global Computing), volume 4912 of Lecture Notes in Computer Science, pp. 383-400. Springer-Verlag, 2008.
Fast Probabilistic Simulation, Nontermination, and Secure Information Flow, Geoffrey Smith and Rafael Alpízar, Proc. ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS'07), pp. 67-71, San Diego, California, June 2007.
Secure Information Flow with Random Assignment and Encryption, Geoffrey Smith and Rafael Alpízar, Proc. 4th ACM Workshop on Formal Methods in Security Engineering (FMSE'06), pp. 33-43, Alexandria, Virginia, November 2006.
Improved Typings for Probabilistic Noninterference in a Multi-Threaded Language, Geoffrey Smith, Journal of Computer Security 14(6), pp. 591-623, December 2006.
Principles of Secure Information Flow Analysis, Geoffrey Smith, Chapter 13 (pp. 291-307) of Malware Detection, edited by Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang, Springer-Verlag, 2007.
Type Inference and Informative Error Reporting for Secure Information Flow, Zhenyue Deng and Geoffrey Smith, Proc. ACMSE 2006: 44th ACM Southeast Conference, pp. 543-548, Melbourne, Florida, March 2006.
Lenient Array Operations for Practical Secure Information Flow, Zhenyue Deng and Geoffrey Smith, Proc. 17th IEEE Computer Security Foundations Workshop, pp. 115-124, Pacific Grove, California, June 2004.
Secure Information Flow Analysis: A Science of Hacking?, Geoffrey Smith, slides for a seminar given at FIU in October 2003.
Probabilistic Noninterference through Weak Probabilistic Bisimulation, Geoffrey Smith, Proc. 16th IEEE Computer Security Foundations Workshop, pp. 3-13, Pacific Grove, California, June 2003.
A New Type System for Secure Information Flow, Geoffrey Smith, Proc. 14th IEEE Computer Security Foundations Workshop, pp. 115-125, Cape Breton, Nova Scotia, June 2001.
Verifying Secrets and Relative Secrecy, Dennis Volpano and Geoffrey Smith, Proc. 27th ACM Symposium on Principles of Programming Languages, pp. 268-276, Boston Massachusetts, January 2000.
Probabilistic Noninterference in a Concurrent Language, Dennis Volpano and Geoffrey Smith, Journal of Computer Security 7(2,3), pp. 231-253, November 1999.
Confinement Properties for Multi-Threaded Programs, Geoffrey Smith and Dennis Volpano, Electronic Notes in Theoretical Computer Science 20, 1999.
Language Issues in Mobile Program Security, Dennis Volpano and Geoffrey Smith, in Mobile Agents and Security, G. Vigna (Ed.), volume 1419 of Lecture Notes in Computer Science, pp. 25-43. Springer Verlag, 1998.
Secure Information Flow in a Multi-threaded Imperative Language, Geoffrey Smith and Dennis Volpano, Proc. 25th ACM Symposium on Principles of Programming Languages, pp. 355-364, San Diego, California, January 1998.
Eliminating Covert Flows with Minimum Typings, Dennis Volpano and Geoffrey Smith, Proc. 10th IEEE Computer Security Foundations Workshop, pp. 156-168, Rockport, Massachusetts, June 1997.
A Type-Based Approach to Program Security, Dennis Volpano and Geoffrey Smith, Proc. TAPSOFT'97, LNCS 1214, pp. 607-621, Lille, France, April 1997.
A Sound Type System for Secure Flow Analysis, Dennis Volpano, Geoffrey Smith and Cynthia Irvine, Journal of Computer Security 4(3), pp. 167-187, December 1996.

Here is some work on intrusion detection:

Anatomy of a Real-time Intrusion Prevention System, Ricardo Koller, Raju Rangaswami, Joseph Marrero, Igor Hernandez, Geoffrey Smith, Mandy Barsilai, Silviu Necula, S. Masoud Sadjadi, Tao Li, and Krista Merrill, Proc. 5th IEEE International Conference on Autonomic Computing, pp. 151-160, Chicago, Illinois, June 2008.

Here is some work on minimal nondeterministic finite automata:

Ibas: A Tool for Finding Minimal Unary NFAs, Daniel Cazalis and Geoffrey Smith, unpublished manuscript, October 2008.
Inductive Bases and their Application to Searches for Minimal Unary NFAs, Geoffrey Smith, Proc. ACMSE 2006: 44th ACM Southeast Conference, pp. 470-475, Melbourne, Florida, March 2006.

The following paper considers the use of XML for managing role-based access control policies:

Managing Security Policies in a Distributed Environment Using eXtensible Markup Language (XML), Nathan Vuong, Geoffrey Smith, and Yi Deng, Proc. 16th ACM Symposium on Applied Computing, pp. 405-411, Las Vegas, NV, March 2001.

The following papers present sound polymorphic type systems for imperative languages. By considering traditional variables rather than Standard ML's references, we are able to type programs less restrictively.

A Sound Polymorphic Type System for a Dialect of C, Geoffrey Smith and Dennis Volpano, Science of Computer Programming 32(2-3), pp. 49-72, 1998.
Polymorphic Typing of Variables and References, Geoffrey Smith and Dennis Volpano, ACM Transactions on Programming Languages and Systems 18(3), pp. 254-267, May 1996.
A Type Soundness Proof for Variables in LCF ML, Dennis Volpano and Geoffrey Smith, Information Processing Letters 56(3), pp. 141-146, November 1995.

The following papers, based on my PhD dissertation work, address the problem of extending Hindley/Milner type inference to allow overloaded operators and atomic subtyping.

Principal Type Schemes for Functional Programs with Overloading and Subtyping, Geoffrey S. Smith, Science of Computer Programming 23(2-3), pp. 197-226, December 1994.
On the Complexity of ML Typability with Overloading, Dennis M. Volpano and Geoffrey S. Smith, Proc. 5th Conference on Functional Programming Languages and Computer Architecture, LNCS 523, pp. 15-28, Cambridge, Massachusetts, August 1991.
Polymorphic Type Inference for Languages with Overloading and Subtyping, Geoffrey Seward Smith, Cornell University Ph.D. dissertation, August 1991. (A reconstructed version.)

Geoffrey Smith's homepage