digraph oakcites { ranksep="2.0"; size = "40.,80."; Y1982_00044638 [tooltip="Security Policies and Security Models",width=1.830000,height=1.292000,style=filled,color="#1120ee"]; Y1984_00044547 [tooltip="Unwinding and Inference Control",width=1.440000,height=1.006000,style=filled,color="#2220dd"]; Y1987_00044495 [tooltip="Specifications for Multi-Level Security and a Hook-Up Property",width=1.320000,height=0.918000,style=filled,color="#3b20c3"]; Y1987_00044502 [tooltip="A Comparison of Commercial and Military Computer Security Policies",width=1.290000,height=0.896000,style=filled,color="#3b20c3"]; Y1988_00044425 [tooltip="Noninterference and the Composability of Security Properties",width=1.140000,height=0.786000,style=filled,color="#4420bb"]; Y1990_00044322 [tooltip="Information Flow in Nondeterministic Systems",width=1.140000,height=0.786000,style=filled,color="#5520aa"]; Y1989_00044340 [tooltip="The Chinese Wall Security Policy",width=1.110000,height=0.764000,style=filled,color="#4c20b2"]; Y1991_00044228 [tooltip="Reducing Timing Channels with Fuzzy Time",width=1.080000,height=0.742000,style=filled,color="#5d20a1"]; Y1996_00044010 [tooltip="A Sense of Self for Unix Processes",width=1.050000,height=0.720000,style=filled,color="#882077"]; Y1990_00044358 [tooltip="Reasoning about Belief in Cryptographic Protocols",width=1.020000,height=0.698000,style=filled,color="#5520aa"]; Y1996_00044015 [tooltip="Decentralized Trust Management",width=1.020000,height=0.698000,style=filled,color="#882077"]; Y1990_00044325 [tooltip="Security Models and Information Flow",width=0.990000,height=0.676000,style=filled,color="#5520aa"]; Y1994_00044103 [tooltip="A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions",width=0.990000,height=0.676000,style=filled,color="#772088"]; Y1991_00044244 [tooltip="The Use of Logic in the Analysis of Cryptographic Protocols",width=0.960000,height=0.654000,style=filled,color="#5d20a1"]; Y2000_0001_01 [tooltip="Access Control Meets Public Key Infrastructure, or: Assigning Roles to Strangers",width=0.960000,height=0.654000,style=filled,color="#aa2055"]; Y1982_00044637 [tooltip="Non-Discretionary Controls for Commercial Applications",width=0.930000,height=0.632000,style=filled,color="#1120ee"]; Y1984_00044537 [tooltip=" An Augmented Capability Architecture to Support Lattice Security and Traceability of Access",width=0.930000,height=0.632000,style=filled,color="#2220dd"]; Y1987_00044508 [tooltip="A Multilevel Relational Data Model",width=0.930000,height=0.632000,style=filled,color="#3b20c3"]; Y1987_00044489 [tooltip="Reasoning About Security Models",width=0.930000,height=0.632000,style=filled,color="#3b20c3"]; Y1987_00044436 [tooltip=" Covert Channel Capacity",width=0.930000,height=0.632000,style=filled,color="#3b20c3"]; Y1992_00044194 [tooltip="The Typed Access Matrix Model",width=0.930000,height=0.632000,style=filled,color="#662099"]; Y1999_S05_02 [tooltip="Detecting Intrusions Using System Calls: Alternative Data Models",width=0.900000,height=0.610000,style=filled,color="#a1205d"]; Y1999_S05_01 [tooltip="A Data Mining Framework for Building Intrusion Detection Models",width=0.900000,height=0.610000,style=filled,color="#a1205d"]; Y2002_02_05_01 [tooltip="Using Programmer-Written Compiler Extensions to Catch Security Holes",width=0.900000,height=0.610000,style=filled,color="#bb2044"]; Y2001_0105_13 [tooltip="Intrusion Detection via Static Analysis",width=0.900000,height=0.610000,style=filled,color="#b2204c"]; Y1988_00044411 [tooltip="Using Mandatory Integrity to Enforce Commercial Security",width=0.900000,height=0.610000,style=filled,color="#4420bb"]; Y1989_00044304 [tooltip="A Secure Identity-Based Capability System",width=0.900000,height=0.610000,style=filled,color="#4c20b2"]; Y1991_00044227 [tooltip="An Analysis of Covert Timing Channels",width=0.900000,height=0.610000,style=filled,color="#5d20a1"]; Y1997_00043953 [tooltip="A Secure and Reliable Bootstrap Architecture",width=0.900000,height=0.610000,style=filled,color="#90206e"]; Y2005_05_06_02 [tooltip="Polygraph: Automatically Generating Signatures for Polymorphic Worms",width=0.870000,height=0.588000,style=filled,color="#d4202a"]; Y2004_04_08_02 [tooltip="SWATT: Software-Based Attestation for Embedded Devices",width=0.870000,height=0.588000,style=filled,color="#cc2033"]; Y2003_03_01_01 [tooltip="Mixminion: Design of a Type III Anonymous Remailer Protocol",width=0.870000,height=0.588000,style=filled,color="#c3203b"]; Y2002_02_01_01 [tooltip="Optical Time-Domain Eavesdropping Risks of CRT Displays",width=0.870000,height=0.588000,style=filled,color="#bb2044"]; Y1980_00044725 [tooltip="Protecting Shared Cryptographic Keys",width=0.870000,height=0.588000,style=filled,color="#0020ff"]; Y1986_00044481 [tooltip=" A Global Authentication Service without Global Trust",width=0.870000,height=0.588000,style=filled,color="#3320cc"]; Y1988_00044413 [tooltip=" Cascaded Authentication",width=0.870000,height=0.588000,style=filled,color="#4420bb"]; Y1988_00044384 [tooltip="The Algebra of Security",width=0.870000,height=0.588000,style=filled,color="#4420bb"]; Y1990_00044381 [tooltip="Transaction Processing in Multilevel-Secure Databases Using Replicated Architecture",width=0.870000,height=0.588000,style=filled,color="#5520aa"]; Y1989_00044353 [tooltip="Detection of Anomalous Computer Session Activity",width=0.870000,height=0.588000,style=filled,color="#4c20b2"]; Y1990_00044345 [tooltip="On the Formal Specification and Verification of a Multiparty Session Protocol",width=0.870000,height=0.588000,style=filled,color="#5520aa"]; Y1989_00044328 [tooltip="Using Narrowing in the Analysis of Key Management Protocols",width=0.870000,height=0.588000,style=filled,color="#4c20b2"]; Y1989_00044312 [tooltip="Aggregation and Inference: Facts and Fallacies",width=0.870000,height=0.588000,style=filled,color="#4c20b2"]; Y1989_00044306 [tooltip="Access Mediation in a Message Passing Kernel",width=0.870000,height=0.588000,style=filled,color="#4c20b2"]; Y1990_00044284 [tooltip="An Architecture for Practical Delegation in a Distributed System",width=0.870000,height=0.588000,style=filled,color="#5520aa"]; Y1990_00044283 [tooltip="A VMM Security Kernel for the VAX Architecture",width=0.870000,height=0.588000,style=filled,color="#5520aa"]; Y1992_00044191 [tooltip="On Message Integrity in Cryptographic Protocols",width=0.870000,height=0.588000,style=filled,color="#662099"]; Y1992_00044190 [tooltip="Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks",width=0.870000,height=0.588000,style=filled,color="#662099"]; Y1999_S01_03 [tooltip="Flexible Policy-Directed Code Safety",width=0.840000,height=0.566000,style=filled,color="#a1205d"]; Y1999_S01_01 [tooltip="Hardening COTS Software with Generic Software Wrappers",width=0.840000,height=0.566000,style=filled,color="#a1205d"]; Y2003_03_03_02 [tooltip="Pi: A Path Identification Mechanism to Defend Against DDoS Attacks",width=0.840000,height=0.566000,style=filled,color="#c3203b"]; Y2001_0106_15 [tooltip="A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission",width=0.840000,height=0.566000,style=filled,color="#b2204c"]; Y2001_0105_12 [tooltip="A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors",width=0.840000,height=0.566000,style=filled,color="#b2204c"]; Y2001_0104_09 [tooltip="SD3: A Trust Management System with Certified Evaluation",width=0.840000,height=0.566000,style=filled,color="#b2204c"]; Y2000_0009_23 [tooltip="LOMAC: Low Water-Mark Integrity Protection for COTS Environments",width=0.840000,height=0.566000,style=filled,color="#aa2055"]; Y1980_00044729 [tooltip="Protocols for Public Key Cryptosystems",width=0.840000,height=0.566000,style=filled,color="#0020ff"]; Y1983_00044599 [tooltip="Using Views in a Multilevel Secure Database Management System",width=0.840000,height=0.566000,style=filled,color="#1920e5"]; Y1984_00044565 [tooltip="The Interrogator: A Tool for Cryptographic Protocol Security",width=0.840000,height=0.566000,style=filled,color="#2220dd"]; Y1986_00044466 [tooltip="On the Design and the Implementation of Secure Xenix Workstations",width=0.840000,height=0.566000,style=filled,color="#3320cc"]; Y1988_00044437 [tooltip="Controlling Logical Inference in Multilevel Database Systems",width=0.840000,height=0.566000,style=filled,color="#4420bb"]; Y1988_00044433 [tooltip="The Sea View Security Model",width=0.840000,height=0.566000,style=filled,color="#4420bb"]; Y1988_00044428 [tooltip="An Axiomatic Basis of Trust in Distributed Systems",width=0.840000,height=0.566000,style=filled,color="#4420bb"]; Y1987_00044421 [tooltip=" Exploiting the Dual Nature of Sensitivity Labels",width=0.840000,height=0.566000,style=filled,color="#3b20c3"]; Y1990_00044387 [tooltip="Multiversion Concurrency Control for Multilevel Secure Database System",width=0.840000,height=0.566000,style=filled,color="#5520aa"]; Y1989_00044347 [tooltip="On the Derivation of Secure Components",width=0.840000,height=0.566000,style=filled,color="#4c20b2"]; Y1992_00044206 [tooltip="Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases",width=0.840000,height=0.566000,style=filled,color="#662099"]; Y1993_00044165 [tooltip="A Semantic Model for Authentication Protocols",width=0.840000,height=0.566000,style=filled,color="#6e2090"]; Y1993_00044141 [tooltip="USTAT: A Real-Time Intrusion Detection System for UNIX",width=0.840000,height=0.566000,style=filled,color="#6e2090"]; Y1994_00044099 [tooltip="Simple Timing Channels",width=0.840000,height=0.566000,style=filled,color="#772088"]; Y1995_00044060 [tooltip="A Network Version of the Pump",width=0.840000,height=0.566000,style=filled,color="#7f207f"]; Y1996_00044020 [tooltip="Java Security: From HotJava to Netscape and Beyond",width=0.840000,height=0.566000,style=filled,color="#882077"]; Y1997_00043957 [tooltip="A General Theory of Security Properties",width=0.840000,height=0.566000,style=filled,color="#90206e"]; Y1998_00043905 [tooltip="Understanding Java Stack Inspection",width=0.840000,height=0.566000,style=filled,color="#992066"]; Y2000_0002_05 [tooltip="Efficient Authentication and Signing of Multicast Streams Over Lossy Channels ",width=0.840000,height=0.566000,style=filled,color="#aa2055"]; Y1999_S03_02 [tooltip="Verification of Control Flow Based Security Properties",width=0.810000,height=0.544000,style=filled,color="#a1205d"]; Y2006_06_09_01 [tooltip="SubVirt: Implementing Malware with Virtual Machines",width=0.810000,height=0.544000,style=filled,color="#dd2022"]; Y2006_06_01_01 [tooltip="Towards Automatic Generation of Vulnerability-Based Signatures",width=0.810000,height=0.544000,style=filled,color="#dd2022"]; Y2005_05_05_02 [tooltip="Low-Cost Traffic Analysis of Tor",width=0.810000,height=0.544000,style=filled,color="#d4202a"]; Y2005_05_03_03 [tooltip="Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication",width=0.810000,height=0.544000,style=filled,color="#d4202a"]; Y2005_05_01_03 [tooltip="Semantics-Aware Malware Detection",width=0.810000,height=0.544000,style=filled,color="#d4202a"]; Y2004_04_01_01 [tooltip="Keyboard Acoustic Emanations",width=0.810000,height=0.544000,style=filled,color="#cc2033"]; Y2003_03_04_03 [tooltip="Intransitive Non-Interference for Cryptographic Purposes",width=0.810000,height=0.544000,style=filled,color="#c3203b"]; Y2003_03_02_02 [tooltip="Anomaly Detection Using Call Stack Information",width=0.810000,height=0.544000,style=filled,color="#c3203b"]; Y2003_03_02_01 [tooltip="Active Mapping: Resisting NIDS Evasion without Altering Traffic",width=0.810000,height=0.544000,style=filled,color="#c3203b"]; Y2002_02_05_02 [tooltip="Improving Computer Security Using Extended Static Checking",width=0.810000,height=0.544000,style=filled,color="#bb2044"]; Y2002_02_04_02 [tooltip="Design of a Role-Based Trust-Management Framework",width=0.810000,height=0.544000,style=filled,color="#bb2044"]; Y2001_0108_18 [tooltip="Graph-Based Authentication of Digital Streams",width=0.810000,height=0.544000,style=filled,color="#b2204c"]; Y2000_0009_24 [tooltip="IRM Enforcement of Java Stack Inspection",width=0.810000,height=0.544000,style=filled,color="#aa2055"]; Y1981_00044673 [tooltip=" Mechanism Sufficiency Validation by Assignment",width=0.810000,height=0.544000,style=filled,color="#0820f6"]; Y1985_00044624 [tooltip="Issues in Discretionary Access Control",width=0.810000,height=0.544000,style=filled,color="#2a20d4"]; Y1985_00044589 [tooltip="How to (Selectively) Broadcast a Secret",width=0.810000,height=0.544000,style=filled,color="#2a20d4"]; Y1984_00044576 [tooltip="Comparison Paper between the Bell and LaPadula Model and the SRI Model",width=0.810000,height=0.544000,style=filled,color="#2220dd"]; Y1984_00044545 [tooltip="Cryptographic Checksums for Multilevel Database Security",width=0.810000,height=0.544000,style=filled,color="#2220dd"]; Y1984_00044540 [tooltip=" Linus IV - An Experiment in Computer Security",width=0.810000,height=0.544000,style=filled,color="#2220dd"]; Y1987_00044505 [tooltip="Data Dependencies and Inference Control in Multilevel Relational Database Systems",width=0.810000,height=0.544000,style=filled,color="#3b20c3"]; Y1987_00044504 [tooltip=" Checking Classification Constraints for Consistency and Completeness",width=0.810000,height=0.544000,style=filled,color="#3b20c3"]; Y1986_00044483 [tooltip="Extending the Non-Interference Version of MLS for SAT",width=0.810000,height=0.544000,style=filled,color="#3320cc"]; Y1987_00044423 [tooltip=" Limiting the Damage Potential of Discretionary Trojan Horses",width=0.810000,height=0.544000,style=filled,color="#3b20c3"]; Y1987_00044418 [tooltip=" Compartmented Mode Workstation: Results Through Prototyping",width=0.810000,height=0.544000,style=filled,color="#3b20c3"]; Y1988_00044403 [tooltip="Inference Aggregation Detection in Database Management Systems",width=0.810000,height=0.544000,style=filled,color="#4420bb"]; Y1988_00044401 [tooltip="ASD Views",width=0.810000,height=0.544000,style=filled,color="#4420bb"]; Y1988_00044399 [tooltip="Views as the Security Objects in a Multilevel Secure Relational Database Management System",width=0.810000,height=0.544000,style=filled,color="#4420bb"]; Y1990_00044367 [tooltip="Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns",width=0.810000,height=0.544000,style=filled,color="#5520aa"]; Y1990_00044333 [tooltip="Beyond the Pale of MAC and DAC--Defining New Forms of Access Control",width=0.810000,height=0.544000,style=filled,color="#5520aa"]; Y1990_00044324 [tooltip="Probabilistic Interference",width=0.810000,height=0.544000,style=filled,color="#5520aa"]; Y1990_00044316 [tooltip="Extending the Brewer-Nash Model to a Multilevel Context",width=0.810000,height=0.544000,style=filled,color="#5520aa"]; Y1994_00044264 [tooltip=" Self-Nonself Discrimination in a Computer",width=0.810000,height=0.544000,style=filled,color="#772088"]; Y1991_00044232 [tooltip="Storage Channels in Disk Arm Optimization",width=0.810000,height=0.544000,style=filled,color="#5d20a1"]; Y1992_00044192 [tooltip="Roles in Cryptographic Protocols",width=0.810000,height=0.544000,style=filled,color="#662099"]; Y1993_00044164 [tooltip="A Logical Language for Specifying Cryptographic Protocol Requirements",width=0.810000,height=0.544000,style=filled,color="#6e2090"]; Y1994_00044109 [tooltip="Prudent Engineering Practice for Cryptographic Protocols",width=0.810000,height=0.544000,style=filled,color="#772088"]; Y1997_00043978 [tooltip="Analysis of a Denial of Service Attack on TCP",width=0.810000,height=0.544000,style=filled,color="#90206e"]; Y1997_00043968 [tooltip="Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-Based Approach",width=0.810000,height=0.544000,style=filled,color="#90206e"]; Y2000_0002_04 [tooltip="Practical Techniques for Searches on Encrypted Data",width=0.810000,height=0.544000,style=filled,color="#aa2055"]; Y2000_0001_03 [tooltip="A Practically Implementable and Tractable Delegation Logic",width=0.810000,height=0.544000,style=filled,color="#aa2055"]; Y2007_oakland07h26 [tooltip="The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies",width=0.780000,height=0.522000,style=filled,color="#e52019"]; Y2007_oakland07h11 [tooltip="Exploring Multiple Execution Paths for Malware Analysis",width=0.780000,height=0.522000,style=filled,color="#e52019"]; Y2007_oakland07h0 [tooltip="A Systematic Approach to Uncover Security Flaws in GUI Logic",width=0.780000,height=0.522000,style=filled,color="#e52019"]; Y1999_S01_02 [tooltip="Firmato: A Novel Firewall Management Toolkit",width=0.780000,height=0.522000,style=filled,color="#a1205d"]; Y2008_2008X3168A158 [tooltip="Compromising Reflections -or- How to Read LCD Monitors Around the Corner",width=0.780000,height=0.522000,style=filled,color="#ee2011"]; Y2006_06_10_01 [tooltip="A Safety-Oriented Platform",width=0.780000,height=0.522000,style=filled,color="#dd2022"]; Y2006_06_09_03 [tooltip="On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques",width=0.780000,height=0.522000,style=filled,color="#dd2022"]; Y2006_06_07_03 [tooltip="Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities",width=0.780000,height=0.522000,style=filled,color="#dd2022"]; Y2006_06_01_02 [tooltip="Misleading Worm Signature Generators Using Deliberate Noise Injection",width=0.780000,height=0.522000,style=filled,color="#dd2022"]; Y2005_05_05_01 [tooltip="Relating Symbolic and Cryptographic Secrecy",width=0.780000,height=0.522000,style=filled,color="#d4202a"]; Y2004_04_07_01 [tooltip="Fast Portscan Detection Using Sequential Hypothesis Testing",width=0.780000,height=0.522000,style=filled,color="#cc2033"]; Y2004_04_06_02 [tooltip="Formalizing Sensitivity in Static Analysis for Intrusion Detection",width=0.780000,height=0.522000,style=filled,color="#cc2033"]; Y2004_04_01_03 [tooltip="Analysis of an Electronic Voting System",width=0.780000,height=0.522000,style=filled,color="#cc2033"]; Y2003_03_06_02 [tooltip="Random Key Predistribution Schemes for Sensor Networks",width=0.780000,height=0.522000,style=filled,color="#c3203b"]; Y2003_03_04_01 [tooltip="A Unified Scheme for Resource Protection in Automated Trust Negotiation",width=0.780000,height=0.522000,style=filled,color="#c3203b"]; Y2003_03_01_03 [tooltip="Defending Anonymous Communications Against Passive Logging Attacks",width=0.780000,height=0.522000,style=filled,color="#c3203b"]; Y2003_03_01_02 [tooltip="Probabilistic Treatment of MIXes to Hamper Traffic Analysis",width=0.780000,height=0.522000,style=filled,color="#c3203b"]; Y2002_02_02_02 [tooltip="P5: A Protocol for Scalable Anonymous Communication",width=0.780000,height=0.522000,style=filled,color="#bb2044"]; Y2002_02_01_02 [tooltip="Statistical Identification of Encrypted Web Browsing Traffic",width=0.780000,height=0.522000,style=filled,color="#bb2044"]; Y2001_0103_07 [tooltip="Preserving Information Flow Properties Under Refinement",width=0.780000,height=0.522000,style=filled,color="#b2204c"]; Y2000_0008_22 [tooltip="Kronos: A Scalable Group Re-Keying Approach for Secure Multicast",width=0.780000,height=0.522000,style=filled,color="#aa2055"]; Y2000_0007_19 [tooltip="Fang: A Firewall Analysis Engine",width=0.780000,height=0.522000,style=filled,color="#aa2055"]; Y1980_00044727 [tooltip="One Time Pads Are Key Safeguarding Schemes, Not Cryptosystems. Fast Key Safeguarding Schemes (Threshold Schemes) Exist",width=0.780000,height=0.522000,style=filled,color="#0020ff"]; Y1980_00044723 [tooltip=" Secure Communications in the Presence of Pervasive Deceit",width=0.780000,height=0.522000,style=filled,color="#0020ff"]; Y1982_00044679 [tooltip="A Software Protection Scheme",width=0.780000,height=0.522000,style=filled,color="#1120ee"]; Y1982_00044668 [tooltip="Specification-to-Code Correlation",width=0.780000,height=0.522000,style=filled,color="#1120ee"]; Y1983_00044651 [tooltip="A Note on the Denial-of-Service Problem",width=0.780000,height=0.522000,style=filled,color="#1920e5"]; Y1984_00044575 [tooltip="A Formal Statement of the MMS Security Model",width=0.780000,height=0.522000,style=filled,color="#2220dd"]; Y1985_00044571 [tooltip="Network Security Overview",width=0.780000,height=0.522000,style=filled,color="#2a20d4"]; Y1984_00044546 [tooltip="The Integrity-Lock Approach to Secure Database Management",width=0.780000,height=0.522000,style=filled,color="#2220dd"]; Y1987_00044509 [tooltip="Multilevel Security for Knowledge-Based Systems",width=0.780000,height=0.522000,style=filled,color="#3b20c3"]; Y1987_00044488 [tooltip="A Universal Theory of Information Flow",width=0.780000,height=0.522000,style=filled,color="#3b20c3"]; Y1986_00044478 [tooltip=" Intrusion-Tolerance Using Fine-Grain Fragmentation-Scattering",width=0.780000,height=0.522000,style=filled,color="#3320cc"]; Y1986_00044459 [tooltip=" An Analysis of the Differences Between the Computer Security Practices in the Military and Private Sectors",width=0.780000,height=0.522000,style=filled,color="#3320cc"]; Y1986_00044451 [tooltip="An Experience Using Two Covert Channel Analysis Techniques on a Real System Design",width=0.780000,height=0.522000,style=filled,color="#3320cc"]; Y1988_00044435 [tooltip="A Near-Term Design for the Sea View Multilevel Database System",width=0.780000,height=0.522000,style=filled,color="#4420bb"]; Y1990_00044372 [tooltip="The Deductive Theory Manager: A Knowledge Based System for Formal Verification",width=0.780000,height=0.522000,style=filled,color="#5520aa"]; Y1990_00044369 [tooltip="Auditing the Use of Covert Storage Channels in Secure Systems",width=0.780000,height=0.522000,style=filled,color="#5520aa"]; Y1989_00044351 [tooltip="A Model for Specifying Multi-Granularity Integrity Policies",width=0.780000,height=0.522000,style=filled,color="#4c20b2"]; Y1989_00044349 [tooltip="Transformation of Access Rights",width=0.780000,height=0.522000,style=filled,color="#4c20b2"]; Y1990_00044337 [tooltip="Some Conundrums Concerning Separation of Duty",width=0.780000,height=0.522000,style=filled,color="#5520aa"]; Y1989_00044332 [tooltip="LOCK Trek: Navigating Uncharted Space",width=0.780000,height=0.522000,style=filled,color="#4c20b2"]; Y1990_00044323 [tooltip="Constructively Using Noninterference to Analyze Systems",width=0.780000,height=0.522000,style=filled,color="#5520aa"]; Y1990_00044319 [tooltip="Naming and Grouping Privileges to Simplify Security Management in Large Databases",width=0.780000,height=0.522000,style=filled,color="#5520aa"]; Y1990_00044285 [tooltip="Practical Authentication for Distributed Computing",width=0.780000,height=0.522000,style=filled,color="#5520aa"]; Y1991_00044266 [tooltip=" Variable Noise Effects Upon a Simple Timing Channel",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044259 [tooltip="The SRI IDES Statistical Anomaly Detector",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044257 [tooltip="A Novel Decomposition of Multilevel Relations into Single-Level Relations",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044253 [tooltip="An Analysis of the Proxy problem in Distributed Systems",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044251 [tooltip="SPX: Global Authentication Using Public Key Certificates",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044245 [tooltip="Exploring the BAN Approach to Protocol Analysis",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044240 [tooltip="Intrusion Tolerance in Distributed Computing Systems",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1991_00044237 [tooltip="Safety Analysis for the Extended Schematic Protection Model",width=0.780000,height=0.522000,style=filled,color="#5d20a1"]; Y1992_00044212 [tooltip="Security for Object-Oriented Database Systems",width=0.780000,height=0.522000,style=filled,color="#662099"]; Y1994_00044107 [tooltip="Collecting Garbage in Multilevel Secure Object Stores",width=0.780000,height=0.522000,style=filled,color="#772088"]; Y1994_00044094 [tooltip="On Unifying Some Cryptographic Protocol Logics",width=0.780000,height=0.522000,style=filled,color="#772088"]; Y1995_00044077 [tooltip="Recent-Secure Authentication: Enforcing Revocation in Distributed Systems",width=0.780000,height=0.522000,style=filled,color="#7f207f"]; Y1995_00044047 [tooltip=" Practical Domain and Type Enforcement for UNIX",width=0.780000,height=0.522000,style=filled,color="#7f207f"]; Y1995_00044044 [tooltip="Integrating Security in CORBA Based Object Archititectures",width=0.780000,height=0.522000,style=filled,color="#7f207f"]; Y1995_00044043 [tooltip="Holding Intruders Accountable on the Internet",width=0.780000,height=0.522000,style=filled,color="#7f207f"]; Y1996_00044022 [tooltip="Secure Network Objects",width=0.780000,height=0.522000,style=filled,color="#882077"]; Y1996_00044016 [tooltip="Security Properties and CSP",width=0.780000,height=0.522000,style=filled,color="#882077"]; Y1996_00044007 [tooltip="Supporting Multiple Access Control Policies in Database Systems",width=0.780000,height=0.522000,style=filled,color="#882077"]; Y1996_00044001 [tooltip="A Fair Non-Repudiation Protocol",width=0.780000,height=0.522000,style=filled,color="#882077"]; Y1996_00043998 [tooltip="A Security Policy Model for Clinical Information Systems",width=0.780000,height=0.522000,style=filled,color="#882077"]; Y1997_00043964 [tooltip="Automated Analysis of Cryptographic Protocols Using Mur-phi",width=0.780000,height=0.522000,style=filled,color="#90206e"]; Y1997_00043962 [tooltip="Filtering Postures: Local Enforcement for Global Policies",width=0.780000,height=0.522000,style=filled,color="#90206e"]; Y1998_00043926 [tooltip="Complete, Safe Information Flow with Decentralized Labels",width=0.780000,height=0.522000,style=filled,color="#992066"]; Y1998_00043923 [tooltip="Strand Spaces: Why is a Security Protocol Correct?",width=0.780000,height=0.522000,style=filled,color="#992066"]; Y1998_00043921 [tooltip="On Enabling Secure Applications through Off-Line Biometric Identification",width=0.780000,height=0.522000,style=filled,color="#992066"]; Y1998_00043917 [tooltip="Detecting Disruptive Routers: A Distributed Network Monitoring Approach",width=0.780000,height=0.522000,style=filled,color="#992066"]; Y1998_00043900 [tooltip="Access Control in an Open Distributed Environment",width=0.780000,height=0.522000,style=filled,color="#992066"]; Y2000_0001_02 [tooltip="A Security Infrastructure for Distributed Java Applications",width=0.780000,height=0.522000,style=filled,color="#aa2055"]; Y2007_oakland07h3 [tooltip="Attacking the IPsec Standards in Encryption-only Configurations",width=0.750000,height=0.500000,style=filled,color="#e52019"]; Y2007_oakland07h28 [tooltip="Usable Mandatory Integrity Protection for Operating Systems",width=0.750000,height=0.500000,style=filled,color="#e52019"]; Y1999_S08_01 [tooltip="Software Smart Cards via Cryptographic Camouflage",width=0.750000,height=0.500000,style=filled,color="#a1205d"]; Y1999_S05_03 [tooltip="Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST)",width=0.750000,height=0.500000,style=filled,color="#a1205d"]; Y1999_S04_04 [tooltip="20 Years of Covert Channel Modeling and Analysis",width=0.750000,height=0.500000,style=filled,color="#a1205d"]; Y2008_2008X3168A387 [tooltip="Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications",width=0.750000,height=0.500000,style=filled,color="#ee2011"]; Y2008_2008X3168A354 [tooltip="Civitas: Toward a Secure Voting System",width=0.750000,height=0.500000,style=filled,color="#ee2011"]; Y2008_2008X3168A339 [tooltip="Expressive Declassification Policies and Modular Static Enforcement",width=0.750000,height=0.500000,style=filled,color="#ee2011"]; Y2008_2008X3168A216 [tooltip="Towards Practical Privacy for Genomic Computation",width=0.750000,height=0.500000,style=filled,color="#ee2011"]; Y2008_2008X3168A202 [tooltip="Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol",width=0.750000,height=0.500000,style=filled,color="#ee2011"]; Y2006_06_10_04 [tooltip="The Final Nail in WEPs Coffin",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_10_03 [tooltip="Analysis of the Linux Random Number Generator",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_08_02 [tooltip="Cognitive Authentication Schemes Safe Against Spyware",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_07_04 [tooltip="Cobra: Fine-Grained Malware Analysis Using Stealth Localized Executions",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_07_02 [tooltip="Automatically Generating Malicious Disks Using Symbolic Execution",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_07_01 [tooltip="Deriving an Information Flow Checker and Certifying Compiler for Java",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_06_02 [tooltip="FIREMAN: A Toolkit for Firewall Modeling and Analysis",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_05_01 [tooltip="A Computationally Sound Mechanized Prover for Security Protocols",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_03_05 [tooltip="New Constructions and Practical Applications for Private Stream Searching",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_03_02 [tooltip="Locating Hidden Servers",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_03_01 [tooltip="Fundamental Limits on the Anonymity Provided by the MIX Technique",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2006_06_02_03 [tooltip="Siren: Catching Evasive Malware",width=0.750000,height=0.500000,style=filled,color="#dd2022"]; Y2005_05_06_01 [tooltip="Remote Physical Device Fingerprinting",width=0.750000,height=0.500000,style=filled,color="#d4202a"]; Y2005_05_04_03 [tooltip="BIND: A Fine-Grained Attestation Service for Secure Distributed Systems",width=0.750000,height=0.500000,style=filled,color="#d4202a"]; Y2005_05_02_02 [tooltip="Detection of Denial-of-Message Attacks on Sensor Network Broadcasts",width=0.750000,height=0.500000,style=filled,color="#d4202a"]; Y2005_05_01_01 [tooltip="Language-Based Generation and Evaluation of NIDS Signatures",width=0.750000,height=0.500000,style=filled,color="#d4202a"]; Y2004_04_06_01 [tooltip="Run-Time Principals in Information-Flow Type Systems",width=0.750000,height=0.500000,style=filled,color="#cc2033"]; Y2004_04_05_02 [tooltip="Securing OLAP Data Cubes Against Privacy Breaches ",width=0.750000,height=0.500000,style=filled,color="#cc2033"]; Y2004_04_04_02 [tooltip="Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation",width=0.750000,height=0.500000,style=filled,color="#cc2033"]; Y2004_04_03_02 [tooltip="Automatic Proof of Strong Secrecy for Security Protocols",width=0.750000,height=0.500000,style=filled,color="#cc2033"]; Y2004_04_03_01 [tooltip="Symmetric Encryption in Automatic Analyses for Confidentiality Against Active Adversaries",width=0.750000,height=0.500000,style=filled,color="#cc2033"]; Y2004_04_02_02 [tooltip="A Layered Design of Discretionary Access Controls with Decidable Safety Properties",width=0.750000,height=0.500000,style=filled,color="#cc2033"]; Y2003_03_07_03 [tooltip="Using Replication and Partitioning to Build Secure Distributed Systems",width=0.750000,height=0.500000,style=filled,color="#c3203b"]; Y2003_03_07_01 [tooltip="Hardening Functions for Large Scale Distributed Computations",width=0.750000,height=0.500000,style=filled,color="#c3203b"]; Y2003_03_04_02 [tooltip="Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management",width=0.750000,height=0.500000,style=filled,color="#c3203b"]; Y2003_03_03_01 [tooltip="Defending Against Denial-of-Service Attacks with Puzzle Auctions (extended abstract)",width=0.750000,height=0.500000,style=filled,color="#c3203b"]; Y2002_02_07_03 [tooltip="Expander Graphs for Digital Stream Authentication and Robust Overlay Networks",width=0.750000,height=0.500000,style=filled,color="#bb2044"]; Y2002_02_07_01 [tooltip="Efficient Multicast Packet Authentication Using Signature Amortization",width=0.750000,height=0.500000,style=filled,color="#bb2044"]; Y2002_02_06_02 [tooltip="Why 6? Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector",width=0.750000,height=0.500000,style=filled,color="#bb2044"]; Y2002_02_06_01 [tooltip="Noninterference and Intrusion Detection",width=0.750000,height=0.500000,style=filled,color="#bb2044"]; Y2002_02_04_01 [tooltip="Binder, a Logic-Based Security Language",width=0.750000,height=0.500000,style=filled,color="#bb2044"]; Y2002_02_03_01 [tooltip="Methods and Limitations of Security Policy Reconciliation",width=0.750000,height=0.500000,style=filled,color="#bb2044"]; Y2001_0108_19 [tooltip="ELK, a New Protocol for Efficient Large-Group Key Distribution",width=0.750000,height=0.500000,style=filled,color="#b2204c"]; Y2001_0102_05 [tooltip="Evaluation of Intrusion Detectors: A Decision Theory Approach",width=0.750000,height=0.500000,style=filled,color="#b2204c"]; Y2000_0007_18 [tooltip="Verifying the EROS Confinement Mechanism",width=0.750000,height=0.500000,style=filled,color="#aa2055"]; Y2000_0007_17 [tooltip="Using Model Checking to Analyze Network Vulnerabilities",width=0.750000,height=0.500000,style=filled,color="#aa2055"]; Y2000_0006_16 [tooltip="Logic Induction of Valid Behavior Specifications for Intrusion Detection",width=0.750000,height=0.500000,style=filled,color="#aa2055"]; Y1980_00044733 [tooltip="Demonstrating Security for Trusted Applications on a Security Kernel Base",width=0.750000,height=0.500000,style=filled,color="#0020ff"]; Y1980_00044731 [tooltip="A System Architecture to Support a Verifiably Secure Multilevel Security System",width=0.750000,height=0.500000,style=filled,color="#0020ff"]; Y1980_00044722 [tooltip="On the Difficulty of Computing Logarithms Over GF(qm)",width=0.750000,height=0.500000,style=filled,color="#0020ff"]; Y1980_00044714 [tooltip="On Security Flow Analysis in Computer Systems (Preliminary Report)",width=0.750000,height=0.500000,style=filled,color="#0020ff"]; Y1980_00044711 [tooltip="An Overview of Transborder Data Flow Issues",width=0.750000,height=0.500000,style=filled,color="#0020ff"]; Y1982_00044694 [tooltip="A Practical Executive for Secure Communications",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1981_00044693 [tooltip="Required Cryptographic Authentication Criteria for Electronic Funds Transfer Systems",width=0.750000,height=0.500000,style=filled,color="#0820f6"]; Y1981_00044692 [tooltip="Security Proofs for Information Protection Systems",width=0.750000,height=0.500000,style=filled,color="#0820f6"]; Y1982_00044682 [tooltip="Forward Search as a Cryptanalytic Tool Against a Public Key Privacy Channel",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1982_00044681 [tooltip="Cryptographic Relational Algebra",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1982_00044672 [tooltip=" Privacy Protection in the 1980s",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1981_00044669 [tooltip="Access Flow A Protection Model Which Integrates Access Control and Information Flow",width=0.750000,height=0.500000,style=filled,color="#0820f6"]; Y1981_00044666 [tooltip="Information Flow Analysis of Formal Specifications",width=0.750000,height=0.500000,style=filled,color="#0820f6"]; Y1982_00044659 [tooltip="A Practical Approach to Identifying Storage and Timing Channels",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1982_00044658 [tooltip="Kernel Isolation for the PDP-11/70",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1982_00044655 [tooltip="Memoryless Inference Controls for Statistical Databases",width=0.750000,height=0.500000,style=filled,color="#1120ee"]; Y1983_00044652 [tooltip="The VERUS Design Verification System",width=0.750000,height=0.500000,style=filled,color="#1920e5"]; Y1983_00044640 [tooltip=" Security Enhancement through Product Evaluation",width=0.750000,height=0.500000,style=filled,color="#1920e5"]; Y1985_00044629 [tooltip="The Implementation of Secure Entity-Relationship Databases",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1985_00044619 [tooltip="Ada's Suitability for Trusted Computer Systems",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1985_00044618 [tooltip="Secure Ada Target: Issues, System Design, and Verification",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1985_00044613 [tooltip="Commutative Filters for Reducing Inference Threats in Multilevel Database Systems",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1983_00044609 [tooltip="Modified Architecture for the Sub-Keys Model",width=0.750000,height=0.500000,style=filled,color="#1920e5"]; Y1983_00044607 [tooltip=" Recent Advances in the Design and Implementation of Large Integer Factorization Algorithms",width=0.750000,height=0.500000,style=filled,color="#1920e5"]; Y1983_00044604 [tooltip=" Message Authentication with Manipulation Detection Codes",width=0.750000,height=0.500000,style=filled,color="#1920e5"]; Y1985_00044591 [tooltip="A Database Encryption Scheme Which Allows the Computation of Statistics Using Encrypted Data",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1985_00044588 [tooltip="Polonius: An Identity Authentication System",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1984_00044581 [tooltip="A Gypsy-Based Kernel",width=0.750000,height=0.500000,style=filled,color="#2220dd"]; Y1985_00044577 [tooltip="A Unification of Computer and Network Security Concepts",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1984_00044563 [tooltip="Analysis of a Kernel Verification",width=0.750000,height=0.500000,style=filled,color="#2220dd"]; Y1985_00044558 [tooltip="The Restricted Access Processor: An Example of Formal Verification",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1985_00044557 [tooltip="An Information Flow Tool for Gypsy",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1984_00044538 [tooltip=" KVM/370 in Retrospect",width=0.750000,height=0.500000,style=filled,color="#2220dd"]; Y1985_00044529 [tooltip="Analysis of the Hardware Verification of the Honeywell SCOMP",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1985_00044521 [tooltip="Structuring Systems for Formal Verification",width=0.750000,height=0.500000,style=filled,color="#2a20d4"]; Y1987_00044494 [tooltip="A Model for Multilevel Security Based on Operator Nets",width=0.750000,height=0.500000,style=filled,color="#3b20c3"]; Y1987_00044491 [tooltip="Using Formal Verification Techniques to Analyze Encryption Protocols",width=0.750000,height=0.500000,style=filled,color="#3b20c3"]; Y1987_00044487 [tooltip="Toward Verified Execution Environments",width=0.750000,height=0.500000,style=filled,color="#3b20c3"]; Y1986_00044473 [tooltip="Views for Multilevel Database Security",width=0.750000,height=0.500000,style=filled,color="#3320cc"]; Y1986_00044467 [tooltip="An Intrusion-Detection Model",width=0.750000,height=0.500000,style=filled,color="#3320cc"]; Y1986_00044464 [tooltip="On Access Checking in Capability-Based Systems",width=0.750000,height=0.500000,style=filled,color="#3320cc"]; Y1986_00044463 [tooltip="A Secure Capability Computer System",width=0.750000,height=0.500000,style=filled,color="#3320cc"]; Y1986_00044454 [tooltip=" A Security Policy and Formal Top Level Specification for a Multi-Level Secure Local Area Network",width=0.750000,height=0.500000,style=filled,color="#3320cc"]; Y1987_00044440 [tooltip=" A Formal Method for the Identification of Covert Storage Channels in Source Code",width=0.750000,height=0.500000,style=filled,color="#3b20c3"]; Y1988_00044430 [tooltip=" Security Policy Modeling for the Next-Generation Packet Switch",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1987_00044424 [tooltip="ABYSS: A Trusted Architecture for Software Protection",width=0.750000,height=0.500000,style=filled,color="#3b20c3"]; Y1988_00044416 [tooltip="Reverification of a Microprocessor",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1988_00044410 [tooltip="Implementing Commercial Data Integrity with Secure Capabilities",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1988_00044408 [tooltip="Reasoning About Knowledge in Multilevel Secure Distributed Systems",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1988_00044407 [tooltip="A Bandwidth Computation Model for Covert Storage Channels and Its Applications",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1988_00044395 [tooltip="A Fault Tolerance Approach to Computer Viruses",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1990_00044391 [tooltip=" Modeling Security-Relevant Data Semantics",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1988_00044386 [tooltip="Security Specifications",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1988_00044385 [tooltip="Concerning "Modeling" of Computer Security",width=0.750000,height=0.500000,style=filled,color="#4420bb"]; Y1990_00044375 [tooltip="A Hierarchical Methodology for Verifying Microprogrammed Microprocessors",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1990_00044374 [tooltip="Verifying A Hardware Security Architecture",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1990_00044370 [tooltip="A Network Security Monitor",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1989_00044366 [tooltip="With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1989_00044357 [tooltip="Defending Systems against Viruses through Cryptographic Authentication",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1989_00044342 [tooltip="A 'New' Security Policy Model",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1990_00044320 [tooltip="Referential Secrecy",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1990_00044318 [tooltip="Polyinstantiation Integrity in Multilevel Relations",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1989_00044315 [tooltip="A Security Policy for an A1 DBMS (a Trusted Subject)",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1989_00044314 [tooltip="A Security Model for Object-Oriented Databases",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1989_00044307 [tooltip="A Formal Model for UNIX Setuid",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1990_00044300 [tooltip="Integrating an Object-Oriented Data Model with Multilevel Security",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1989_00044299 [tooltip="Statistical Models of Trust: TCB'S vs. People",width=0.750000,height=0.500000,style=filled,color="#4c20b2"]; Y1990_00044297 [tooltip="Specification and Verification of the ASOS Kernel",width=0.750000,height=0.500000,style=filled,color="#5520aa"]; Y1994_00044267 [tooltip="Extending the Schematic Protection Model - I Conditional Tickets and Authentication",width=0.750000,height=0.500000,style=filled,color="#772088"]; Y1991_00044263 [tooltip="Directed-Graph Epidemiological Models of Computer Viruses",width=0.750000,height=0.500000,style=filled,color="#5d20a1"]; Y1994_00044260 [tooltip="The Complexity and Composability of Secure Interoperation",width=0.750000,height=0.500000,style=filled,color="#772088"]; Y1991_00044238 [tooltip="A Taxonomy for Information Flow Policies and Models",width=0.750000,height=0.500000,style=filled,color="#5d20a1"]; Y1991_00044236 [tooltip="A Separation Model for Virtual Machine Monitors",width=0.750000,height=0.500000,style=filled,color="#5d20a1"]; Y1991_00044229 [tooltip="Toward a Mathematical Foundation for Information Flow Security",width=0.750000,height=0.500000,style=filled,color="#5d20a1"]; Y1992_00044215 [tooltip="BLACKER: Security for the DDN, Examples of A1 Security Engineering Trades ",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044209 [tooltip=" A Neural Network Component for an Intrusion Detection System",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044205 [tooltip="A Two Snapshot Algorithm for Concurrency Control In Multi-Level Secure Databases",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044204 [tooltip="A Multilevel Transaction Problem for Multilevel Secure Database Systems and Its Solution for the Replicated Architecture",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044201 [tooltip="Using Traces of Procedure Calls to Reason About Composability",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044196 [tooltip="Non-Monotonic Transformation of Access Rights, ",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044195 [tooltip="A Resource Allocation Model for Denial of Service",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044186 [tooltip="Lattice Scheduling and Covert Channels",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044184 [tooltip="Authorization in Distributed Systems: A Formal Approach",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1992_00044182 [tooltip="On Inter-Realm Authentication in Large Distributed Systems",width=0.750000,height=0.500000,style=filled,color="#662099"]; Y1993_00044168 [tooltip="Assuring Distributed Trusted Mach",width=0.750000,height=0.500000,style=filled,color="#6e2090"]; Y1993_00044167 [tooltip="Detection and Elimination of Inference Channels in Multilevel Relational Database Systems",width=0.750000,height=0.500000,style=filled,color="#6e2090"]; Y1993_00044163 [tooltip="Trust Relationships in Secure Systems - A Distributed Authentication Perspective",width=0.750000,height=0.500000,style=filled,color="#6e2090"]; Y1993_00044156 [tooltip="A Logical Analysis of Authorized and Prohibited Information Flows",width=0.750000,height=0.500000,style=filled,color="#6e2090"]; Y1993_00044154 [tooltip="On Introducing Noise into the Bus-Contention Channel",width=0.750000,height=0.500000,style=filled,color="#6e2090"]; Y1993_00044147 [tooltip="Protocol Design for Integrity Protection",width=0.750000,height=0.500000,style=filled,color="#6e2090"]; Y1994_00044097 [tooltip="Mode Security: An Infrastructure for Covert Channel Suppression",width=0.750000,height=0.500000,style=filled,color="#772088"]; Y1994_00044092 [tooltip=" A Model for Secure Protocols and Their Compositions",width=0.750000,height=0.500000,style=filled,color="#772088"]; Y1995_00044078 [tooltip="Reasoning about Accountability in Protocols for Electronic Commerce",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044075 [tooltip="The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044071 [tooltip="Supporting Security Requirements in Multilevel Real-Time Databases",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044065 [tooltip="Version Pool Management in a Multilevel Secure Multiversion Transaction Manager",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044055 [tooltip="CSP and Determinism in Security Modelling",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044048 [tooltip="A Multilevel File System for High Assurance",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044042 [tooltip="Preserving Privacy in a Network of Mobile Computers",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1995_00044039 [tooltip="The Design and Implementation of a Secure Auction Service",width=0.750000,height=0.500000,style=filled,color="#7f207f"]; Y1996_00044014 [tooltip="A Communication Agreement Framework for Access/Action Control",width=0.750000,height=0.500000,style=filled,color="#882077"]; Y1997_00043983 [tooltip="Number Theoretic Attacks on Secure Password Schemes",width=0.750000,height=0.500000,style=filled,color="#90206e"]; Y1997_00043963 [tooltip="Providing Flexibility in Information Flow Control for Object-Oriented Systems",width=0.750000,height=0.500000,style=filled,color="#90206e"]; Y1997_00043951 [tooltip="Anonymous Connections and Onion Routing",width=0.750000,height=0.500000,style=filled,color="#90206e"]; Y1997_00043949 [tooltip="A Logical Language for Expressing Authorizations",width=0.750000,height=0.500000,style=filled,color="#90206e"]; Y1998_00043927 [tooltip="Stack and Queue Integrity on Hostile Platforms",width=0.750000,height=0.500000,style=filled,color="#992066"]; Y1998_00043924 [tooltip="On the Formal Definition of Separation-of-Duty Policies and their Composition",width=0.750000,height=0.500000,style=filled,color="#992066"]; Y1998_00043918 [tooltip="Timing Attacks Against Trusted Path",width=0.750000,height=0.500000,style=filled,color="#992066"]; Y1998_00043914 [tooltip="An Automated Approach for Identifying Potential Vulnerabilities in Software",width=0.750000,height=0.500000,style=filled,color="#992066"]; Y1998_00043904 [tooltip="Secure Execution of Java Applets Using a Remote Playground",width=0.750000,height=0.500000,style=filled,color="#992066"]; Y1997_00043952 [tooltip="The Design and Implementation of a Multilevel Secure Log Manager",shape=box,style=filled,color="#90206e"]; Y1997_00043952 -> Y1982_00044638; Y1997_00043956 [tooltip="Secure Software Architectures",shape=box,style=filled,color="#90206e"]; Y1997_00043956 -> Y1982_00044638; Y1997_00043957 -> Y1982_00044638; Y1996_00044020 -> Y1982_00044638; Y1995_00044053 [tooltip="Absorbing Covers and Intransitive Non-Interference",shape=box,style=filled,color="#7f207f"]; Y1995_00044053 -> Y1982_00044638; Y1995_00044055 -> Y1982_00044638; Y1995_00044071 -> Y1982_00044638; Y1994_00044103 -> Y1982_00044638; Y1993_00044143 [tooltip="Preventing Denial and Forgery of Causal Relationships in Distributed Systems",shape=box,style=filled,color="#6e2090"]; Y1993_00044143 -> Y1982_00044638; Y1992_00044184 -> Y1982_00044638; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1982_00044638; Y1992_00044201 -> Y1982_00044638; Y1991_00044229 -> Y1982_00044638; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1982_00044638; Y1994_00044260 -> Y1982_00044638; Y1991_00044266 -> Y1982_00044638; Y1990_00044322 -> Y1982_00044638; Y1990_00044324 -> Y1982_00044638; Y1990_00044325 -> Y1982_00044638; Y1988_00044384 -> Y1982_00044638; Y1988_00044386 -> Y1982_00044638; Y1990_00044387 -> Y1982_00044638; Y1988_00044392 [tooltip="A Secure Distributed Operating System",shape=box,style=filled,color="#4420bb"]; Y1988_00044392 -> Y1982_00044638; Y1988_00044408 -> Y1982_00044638; Y1987_00044436 -> Y1982_00044638; Y1986_00044451 -> Y1982_00044638; Y1987_00044484 [tooltip="A Graph-Theoretic Formulation of Multilevel Secure Distributed Systems: An Overview",shape=box,style=filled,color="#3b20c3"]; Y1987_00044484 -> Y1982_00044638; Y2001_0103_06 [tooltip="On Confidentiality and Algorithms",shape=box,style=filled,color="#b2204c"]; Y2001_0103_06 -> Y1982_00044638; Y2001_0103_07 -> Y1982_00044638; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y1982_00044638; Y2002_02_06_01 -> Y1982_00044638; Y2003_03_04_03 -> Y1982_00044638; Y2003_03_07_03 -> Y1982_00044638; Y2004_04_06_01 -> Y1982_00044638; Y2007_oakland07h25 [tooltip="A Cryptographic Decentralized Label Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h25 -> Y1982_00044638; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y1982_00044638; Y2009_2009Xoakland2009h15 [tooltip="Non-Interference for a Practical DIFC-Based Operating System",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h15 -> Y1982_00044638; Y1998_00043901 [tooltip="Ensuring Continuity During Dynamic Security Policy Reconfiguration in DTE",shape=box,style=filled,color="#992066"]; Y1998_00043901 -> Y1984_00044547; Y1997_00043957 -> Y1984_00044547; Y1996_00044020 -> Y1984_00044547; Y1995_00044047 -> Y1984_00044547; Y1995_00044053 [tooltip="Absorbing Covers and Intransitive Non-Interference",shape=box,style=filled,color="#7f207f"]; Y1995_00044053 -> Y1984_00044547; Y1993_00044156 -> Y1984_00044547; Y1992_00044201 -> Y1984_00044547; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1984_00044547; Y1991_00044236 -> Y1984_00044547; Y1991_00044266 -> Y1984_00044547; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1984_00044547; Y1990_00044322 -> Y1984_00044547; Y1990_00044324 -> Y1984_00044547; Y1990_00044387 -> Y1984_00044547; Y1988_00044408 -> Y1984_00044547; Y1988_00044425 -> Y1984_00044547; Y1988_00044430 -> Y1984_00044547; Y1988_00044437 -> Y1984_00044547; Y1987_00044484 [tooltip="A Graph-Theoretic Formulation of Multilevel Secure Distributed Systems: An Overview",shape=box,style=filled,color="#3b20c3"]; Y1987_00044484 -> Y1984_00044547; Y1987_00044495 -> Y1984_00044547; Y2000_0007_18 -> Y1984_00044547; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y1984_00044547; Y2002_02_06_01 -> Y1984_00044547; Y2003_03_04_03 -> Y1984_00044547; Y1998_00043902 [tooltip="Composing Partially-Specified Systems",shape=box,style=filled,color="#992066"]; Y1998_00043902 -> Y1987_00044495; Y1995_00044047 -> Y1987_00044495; Y1994_00044102 [tooltip="Asynchronous Composition and Required Security Conditions",shape=box,style=filled,color="#772088"]; Y1994_00044102 -> Y1987_00044495; Y1994_00044103 -> Y1987_00044495; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1987_00044495; Y1992_00044201 -> Y1987_00044495; Y1991_00044229 -> Y1987_00044495; Y1991_00044241 [tooltip="Verification of Secure Distributed Systems in Higher Order Logic: A Modular Approach Using Generic Components",shape=box,style=filled,color="#5d20a1"]; Y1991_00044241 -> Y1987_00044495; Y1991_00044242 [tooltip="Applying a Theory of Modules and Interfaces to Security Verification",shape=box,style=filled,color="#5d20a1"]; Y1991_00044242 -> Y1987_00044495; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1987_00044495; Y1990_00044322 -> Y1987_00044495; Y1990_00044324 -> Y1987_00044495; Y1990_00044325 -> Y1987_00044495; Y1988_00044386 -> Y1987_00044495; Y1988_00044392 [tooltip="A Secure Distributed Operating System",shape=box,style=filled,color="#4420bb"]; Y1988_00044392 -> Y1987_00044495; Y1988_00044408 -> Y1987_00044495; Y2001_0103_07 -> Y1987_00044495; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y1987_00044495; Y2003_03_04_03 -> Y1987_00044495; Y2006_06_05_03 [tooltip="Simulatable Security and Polynomially Bounded Concurrent Composability",shape=box,style=filled,color="#dd2022"]; Y2006_06_05_03 -> Y1987_00044495; Y1998_00043901 [tooltip="Ensuring Continuity During Dynamic Security Policy Reconfiguration in DTE",shape=box,style=filled,color="#992066"]; Y1998_00043901 -> Y1987_00044502; Y1998_00043926 -> Y1987_00044502; Y1996_00044014 -> Y1987_00044502; Y1995_00044047 -> Y1987_00044502; Y1993_00044161 [tooltip="Achieving Stricter Correctness Requirements in Multilevel Secure Databases",shape=box,style=filled,color="#6e2090"]; Y1993_00044161 -> Y1987_00044502; Y1991_00044237 -> Y1987_00044502; Y1990_00044285 -> Y1987_00044502; Y1989_00044304 -> Y1987_00044502; Y1990_00044337 -> Y1987_00044502; Y1989_00044342 -> Y1987_00044502; Y1989_00044351 -> Y1987_00044502; Y1988_00044384 -> Y1987_00044502; Y1988_00044410 -> Y1987_00044502; Y1988_00044412 [tooltip="The Trusted Path between SMITE and the User",shape=box,style=filled,color="#4420bb"]; Y1988_00044412 -> Y1987_00044502; Y1988_00044435 -> Y1987_00044502; Y2000_0009_23 -> Y1987_00044502; Y2001_0104_10 [tooltip="Formal Treatment of Certificate Revocation Under Communal Access Control",shape=box,style=filled,color="#b2204c"]; Y2001_0104_10 -> Y1987_00044502; Y2002_02_04_02 -> Y1987_00044502; Y2007_oakland07h28 -> Y1987_00044502; Y1998_00043902 [tooltip="Composing Partially-Specified Systems",shape=box,style=filled,color="#992066"]; Y1998_00043902 -> Y1988_00044425; Y1997_00043957 -> Y1988_00044425; Y1996_00043993 [tooltip="Defining Noninterference in the Temporal Logic of Actions",shape=box,style=filled,color="#882077"]; Y1996_00043993 -> Y1988_00044425; Y1995_00044055 -> Y1988_00044425; Y1994_00044102 [tooltip="Asynchronous Composition and Required Security Conditions",shape=box,style=filled,color="#772088"]; Y1994_00044102 -> Y1988_00044425; Y1992_00044184 -> Y1988_00044425; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1988_00044425; Y1991_00044229 -> Y1988_00044425; Y1991_00044241 [tooltip="Verification of Secure Distributed Systems in Higher Order Logic: A Modular Approach Using Generic Components",shape=box,style=filled,color="#5d20a1"]; Y1991_00044241 -> Y1988_00044425; Y1991_00044242 [tooltip="Applying a Theory of Modules and Interfaces to Security Verification",shape=box,style=filled,color="#5d20a1"]; Y1991_00044242 -> Y1988_00044425; Y1991_00044266 -> Y1988_00044425; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1988_00044425; Y1990_00044324 -> Y1988_00044425; Y2006_06_05_03 [tooltip="Simulatable Security and Polynomially Bounded Concurrent Composability",shape=box,style=filled,color="#dd2022"]; Y2006_06_05_03 -> Y1988_00044425; Y1998_00043902 [tooltip="Composing Partially-Specified Systems",shape=box,style=filled,color="#992066"]; Y1998_00043902 -> Y1990_00044322; Y1994_00044102 [tooltip="Asynchronous Composition and Required Security Conditions",shape=box,style=filled,color="#772088"]; Y1994_00044102 -> Y1990_00044322; Y1994_00044103 -> Y1990_00044322; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1990_00044322; Y1991_00044229 -> Y1990_00044322; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1990_00044322; Y1991_00044266 -> Y1990_00044322; Y1991_00044266 -> Y1990_00044322; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1990_00044322; Y2001_0103_07 -> Y1990_00044322; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y1990_00044322; Y2003_03_04_03 -> Y1990_00044322; Y2003_03_07_03 -> Y1990_00044322; Y2009_2009Xoakland2009h03 [tooltip="Automatic Discovery and Quantification of Information Leaks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h03 -> Y1990_00044322; Y1998_00043926 -> Y1989_00044340; Y1996_00044020 -> Y1989_00044340; Y1994_00044102 [tooltip="Asynchronous Composition and Required Security Conditions",shape=box,style=filled,color="#772088"]; Y1994_00044102 -> Y1989_00044340; Y1994_00044260 -> Y1989_00044340; Y1990_00044333 -> Y1989_00044340; Y2000_0009_23 -> Y1989_00044340; Y2002_02_04_02 -> Y1989_00044340; Y2004_04_02_01 [tooltip="Access Control by Tracking Shallow Execution History",shape=box,style=filled,color="#cc2033"]; Y2004_04_02_01 -> Y1989_00044340; Y2004_04_02_02 -> Y1989_00044340; Y2006_06_06_03 [tooltip="Retrofitting Legacy Code for Authorization Policy Enforcement",shape=box,style=filled,color="#dd2022"]; Y2006_06_06_03 -> Y1989_00044340; Y1999_S01_01 -> Y1989_00044340; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1989_00044340; Y2007_oakland07h14 [tooltip="Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h14 -> Y1989_00044340; Y1996_00043992 [tooltip="An Analysis of the Timed Z-Channel",shape=box,style=filled,color="#882077"]; Y1996_00043992 -> Y1991_00044228; Y1996_00043992 [tooltip="An Analysis of the Timed Z-Channel",shape=box,style=filled,color="#882077"]; Y1996_00043992 -> Y1991_00044228; Y1996_00044020 -> Y1991_00044228; Y1995_00044070 [tooltip="Capacity Estimation and Auditibility of Network Covert Channels",shape=box,style=filled,color="#7f207f"]; Y1995_00044070 -> Y1991_00044228; Y1995_00044075 -> Y1991_00044228; Y1994_00044099 -> Y1991_00044228; Y1993_00044153 [tooltip="Modelling a Fuzzy Time System",shape=box,style=filled,color="#6e2090"]; Y1993_00044153 -> Y1991_00044228; Y1993_00044154 -> Y1991_00044228; Y1992_00044187 [tooltip="The Influence of Delay Upon an Idealized Channel's Bandwidth",shape=box,style=filled,color="#662099"]; Y1992_00044187 -> Y1991_00044228; Y1991_00044227 -> Y1991_00044228; Y1991_00044232 -> Y1991_00044228; Y2007_oakland07h19 [tooltip="Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h19 -> Y1991_00044228; Y1997_00043968 -> Y1996_00044010; Y1996_00044009 [tooltip="An Immunological Approach to Change Detection: Algorithms, Analysis and Implications",shape=box,style=filled,color="#882077"]; Y1996_00044009 -> Y1996_00044010; Y2000_0006_16 -> Y1996_00044010; Y2001_0105_11 [tooltip="Information-Theoretic Measures for Anomaly Detection",shape=box,style=filled,color="#b2204c"]; Y2001_0105_11 -> Y1996_00044010; Y2001_0105_13 -> Y1996_00044010; Y2003_03_02_02 -> Y1996_00044010; Y2004_04_06_02 -> Y1996_00044010; Y2006_06_02_02 [tooltip="A Framework for the Evaluation of Intrusion Detection Systems",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_02 -> Y1996_00044010; Y1999_S01_01 -> Y1996_00044010; Y1999_S05_02 -> Y1996_00044010; Y1999_S05_03 -> Y1996_00044010; Y1998_00043923 -> Y1990_00044358; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1990_00044358; Y1995_00044078 -> Y1990_00044358; Y1994_00044094 -> Y1990_00044358; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1990_00044358; Y1993_00044165 -> Y1990_00044358; Y1992_00044192 -> Y1990_00044358; Y1991_00044244 -> Y1990_00044358; Y1991_00044245 -> Y1990_00044358; Y1991_00044246 [tooltip="A System for the Specification and Analysis of Key Management Protocols",shape=box,style=filled,color="#5d20a1"]; Y1991_00044246 -> Y1990_00044358; Y2000_0001_01 -> Y1996_00044015; Y2000_0001_03 -> Y1996_00044015; Y2001_0104_08 [tooltip="Understanding Trust Management Systems",shape=box,style=filled,color="#b2204c"]; Y2001_0104_08 -> Y1996_00044015; Y2001_0104_09 -> Y1996_00044015; Y2002_02_04_01 -> Y1996_00044015; Y2002_02_04_02 -> Y1996_00044015; Y2002_02_04_03 [tooltip="Constrained Delegation",shape=box,style=filled,color="#bb2044"]; Y2002_02_04_03 -> Y1996_00044015; Y2004_04_05_01 [tooltip="Safety in Automated Trust Negotiation",shape=box,style=filled,color="#cc2033"]; Y2004_04_05_01 -> Y1996_00044015; Y2005_05_03_01 [tooltip="Distributed Proving in Access-Control Systems",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_01 -> Y1996_00044015; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1996_00044015; Y1994_00044103 -> Y1990_00044325; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1990_00044325; Y1992_00044201 -> Y1990_00044325; Y1991_00044229 -> Y1990_00044325; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1990_00044325; Y1991_00044266 -> Y1990_00044325; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1990_00044325; Y2001_0103_06 [tooltip="On Confidentiality and Algorithms",shape=box,style=filled,color="#b2204c"]; Y2001_0103_06 -> Y1990_00044325; Y2003_03_07_03 -> Y1990_00044325; Y1998_00043902 [tooltip="Composing Partially-Specified Systems",shape=box,style=filled,color="#992066"]; Y1998_00043902 -> Y1994_00044103; Y1997_00043956 [tooltip="Secure Software Architectures",shape=box,style=filled,color="#90206e"]; Y1997_00043956 -> Y1994_00044103; Y1997_00043957 -> Y1994_00044103; Y1996_00043993 [tooltip="Defining Noninterference in the Temporal Logic of Actions",shape=box,style=filled,color="#882077"]; Y1996_00043993 -> Y1994_00044103; Y1996_00044023 [tooltip="Run-Time Security Evaluation (RTSE) for Distributed Applications",shape=box,style=filled,color="#882077"]; Y1996_00044023 -> Y1994_00044103; Y1995_00044053 [tooltip="Absorbing Covers and Intransitive Non-Interference",shape=box,style=filled,color="#7f207f"]; Y1995_00044053 -> Y1994_00044103; Y1995_00044060 -> Y1994_00044103; Y2001_0103_07 -> Y1994_00044103; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y1994_00044103; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1991_00044244; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1991_00044244; Y1994_00044094 -> Y1991_00044244; Y1993_00044164 -> Y1991_00044244; Y1993_00044164 -> Y1991_00044244; Y1993_00044165 -> Y1991_00044244; Y1991_00044245 -> Y1991_00044244; Y1999_S08_02 [tooltip="Analysis of the Internet Key Exchange Protocol Using the NRL Protocol Analyzer",shape=box,style=filled,color="#a1205d"]; Y1999_S08_02 -> Y1991_00044244; Y2000_0001_03 -> Y2000_0001_01; Y2001_0104_08 [tooltip="Understanding Trust Management Systems",shape=box,style=filled,color="#b2204c"]; Y2001_0104_08 -> Y2000_0001_01; Y2001_0104_09 -> Y2000_0001_01; Y2001_0104_10 [tooltip="Formal Treatment of Certificate Revocation Under Communal Access Control",shape=box,style=filled,color="#b2204c"]; Y2001_0104_10 -> Y2000_0001_01; Y2002_02_04_02 -> Y2000_0001_01; Y2002_02_04_03 [tooltip="Constrained Delegation",shape=box,style=filled,color="#bb2044"]; Y2002_02_04_03 -> Y2000_0001_01; Y2003_03_04_01 -> Y2000_0001_01; Y2004_04_05_01 [tooltip="Safety in Automated Trust Negotiation",shape=box,style=filled,color="#cc2033"]; Y2004_04_05_01 -> Y2000_0001_01; Y1995_00044047 -> Y1982_00044637; Y1991_00044237 -> Y1982_00044637; Y1989_00044351 -> Y1982_00044637; Y1988_00044410 -> Y1982_00044637; Y1987_00044423 -> Y1982_00044637; Y1987_00044502 -> Y1982_00044637; Y2000_0009_23 -> Y1982_00044637; Y1997_00043960 [tooltip="Ensuring Assurance in Mobile Computing",shape=box,style=filled,color="#90206e"]; Y1997_00043960 -> Y1984_00044537; Y1993_00044168 -> Y1984_00044537; Y1989_00044304 -> Y1984_00044537; Y1988_00044410 -> Y1984_00044537; Y1985_00044624 -> Y1984_00044537; Y2000_0007_18 -> Y1984_00044537; Y2003_03_07_04 [tooltip="Vulnerabilities in Synchronous IPC Designs",shape=box,style=filled,color="#c3203b"]; Y2003_03_07_04 -> Y1984_00044537; Y1997_00043969 [tooltip="Catalytic Inference Analysis: Detecting Inference Threats Due to Knowledge Discovery",shape=box,style=filled,color="#90206e"]; Y1997_00043969 -> Y1987_00044508; Y1992_00044213 [tooltip="A "Natural" Decomposition of Multi-level Relations",shape=box,style=filled,color="#662099"]; Y1992_00044213 -> Y1987_00044508; Y1991_00044257 -> Y1987_00044508; Y1990_00044318 -> Y1987_00044508; Y1990_00044320 -> Y1987_00044508; Y1988_00044435 -> Y1987_00044508; Y1988_00044437 -> Y1987_00044508; Y1993_00044156 -> Y1987_00044489; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1987_00044489; Y1991_00044237 -> Y1987_00044489; Y1991_00044244 -> Y1987_00044489; Y1989_00044301 [tooltip="Symbol Security Condition Considered Harmful",shape=box,style=filled,color="#4c20b2"]; Y1989_00044301 -> Y1987_00044489; Y1988_00044384 -> Y1987_00044489; Y1988_00044385 -> Y1987_00044489; Y1995_00044070 [tooltip="Capacity Estimation and Auditibility of Network Covert Channels",shape=box,style=filled,color="#7f207f"]; Y1995_00044070 -> Y1987_00044436; Y1991_00044229 -> Y1987_00044436; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1987_00044436; Y1990_00044322 -> Y1987_00044436; Y2003_03_04_03 -> Y1987_00044436; Y2007_oakland07h19 [tooltip="Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h19 -> Y1987_00044436; Y2009_2009Xoakland2009h03 [tooltip="Automatic Discovery and Quantification of Information Leaks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h03 -> Y1987_00044436; Y1996_00044014 -> Y1992_00044194; Y1992_00044196 -> Y1992_00044194; Y1994_00044260 -> Y1992_00044194; Y1994_00044269 [tooltip="On the Minimality of Testing for Rights in Transformation Models",shape=box,style=filled,color="#772088"]; Y1994_00044269 -> Y1992_00044194; Y2003_03_04_02 -> Y1992_00044194; Y2004_04_02_02 -> Y1992_00044194; Y2005_05_03_02 [tooltip="On Safety in Discretionary Access Control",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_02 -> Y1992_00044194; Y2001_0105_11 [tooltip="Information-Theoretic Measures for Anomaly Detection",shape=box,style=filled,color="#b2204c"]; Y2001_0105_11 -> Y1999_S05_02; Y2001_0105_12 -> Y1999_S05_02; Y2003_03_02_02 -> Y1999_S05_02; Y2004_04_06_02 -> Y1999_S05_02; Y2006_06_02_01 [tooltip="Dataflow Anomaly Detection",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_01 -> Y1999_S05_02; Y2006_06_02_02 [tooltip="A Framework for the Evaluation of Intrusion Detection Systems",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_02 -> Y1999_S05_02; Y2000_0006_16 -> Y1999_S05_01; Y2001_0102_04 [tooltip="Data Mining Methods for Detection of New Malicious Executables",shape=box,style=filled,color="#b2204c"]; Y2001_0102_04 -> Y1999_S05_01; Y2001_0105_11 [tooltip="Information-Theoretic Measures for Anomaly Detection",shape=box,style=filled,color="#b2204c"]; Y2001_0105_11 -> Y1999_S05_01; Y2004_04_06_02 -> Y1999_S05_01; Y2005_05_01_02 [tooltip="Efficient Intrusion Detection Using Automaton Inlining",shape=box,style=filled,color="#d4202a"]; Y2005_05_01_02 -> Y1999_S05_01; Y2006_06_02_02 [tooltip="A Framework for the Evaluation of Intrusion Detection Systems",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_02 -> Y1999_S05_01; Y2003_03_02_02 -> Y2002_02_05_01; Y2005_05_01_03 -> Y2002_02_05_01; Y2006_06_07_03 -> Y2002_02_05_01; Y2006_06_07_04 -> Y2002_02_05_01; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y2002_02_05_01; Y2008_2008X3168A387 -> Y2002_02_05_01; Y2002_02_05_01 -> Y2001_0105_13; Y2003_03_02_02 -> Y2001_0105_13; Y2004_04_06_02 -> Y2001_0105_13; Y2005_05_01_02 [tooltip="Efficient Intrusion Detection Using Automaton Inlining",shape=box,style=filled,color="#d4202a"]; Y2005_05_01_02 -> Y2001_0105_13; Y2006_06_02_01 [tooltip="Dataflow Anomaly Detection",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_01 -> Y2001_0105_13; Y2008_2008X3168A263 [tooltip="Preventing Memory Error Exploits with WIT",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A263 -> Y2001_0105_13; Y1991_00044237 -> Y1988_00044411; Y1991_00044249 [tooltip="On the Buzzword Security Policy",shape=box,style=filled,color="#5d20a1"]; Y1991_00044249 -> Y1988_00044411; Y1989_00044307 -> Y1988_00044411; Y1990_00044337 -> Y1988_00044411; Y1988_00044410 -> Y1988_00044411; Y2000_0009_23 -> Y1988_00044411; Y1998_00043900 -> Y1989_00044304; Y1998_00043905 -> Y1989_00044304; Y1997_00043945 [tooltip="An Authorization Scheme for Distributed Object Systems",shape=box,style=filled,color="#90206e"]; Y1997_00043945 -> Y1989_00044304; Y1996_00044022 -> Y1989_00044304; Y1993_00044168 -> Y1989_00044304; Y1992_00044183 [tooltip="Integrating Security in a Group Oriented Distributed System",shape=box,style=filled,color="#662099"]; Y1992_00044183 -> Y1989_00044304; Y1997_00043952 [tooltip="The Design and Implementation of a Multilevel Secure Log Manager",shape=box,style=filled,color="#90206e"]; Y1997_00043952 -> Y1991_00044227; Y1995_00044075 -> Y1991_00044227; Y1994_00044099 -> Y1991_00044227; Y1993_00044153 [tooltip="Modelling a Fuzzy Time System",shape=box,style=filled,color="#6e2090"]; Y1993_00044153 -> Y1991_00044227; Y1992_00044187 [tooltip="The Influence of Delay Upon an Idealized Channel's Bandwidth",shape=box,style=filled,color="#662099"]; Y1992_00044187 -> Y1991_00044227; Y1991_00044232 -> Y1991_00044227; Y2004_04_08_02 -> Y1997_00043953; Y2005_05_04_03 -> Y1997_00043953; Y2006_06_09_01 -> Y1997_00043953; Y2007_oakland07h12 [tooltip="Minimal TCB Code Execution (extended abstract)",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h12 -> Y1997_00043953; Y2008_2008X3168A233 [tooltip="Lares: An Architecture for Secure Active Monitoring Using Virtualization",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A233 -> Y1997_00043953; Y2008_2008X3168A296 [tooltip="Cloaker: Hardware Supported Rootkit Concealment",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A296 -> Y1997_00043953; Y2006_06_01_01 -> Y2005_05_06_02; Y2006_06_01_02 -> Y2005_05_06_02; Y2006_06_01_03 [tooltip="Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience",shape=box,style=filled,color="#dd2022"]; Y2006_06_01_03 -> Y2005_05_06_02; Y2007_oakland07h4 [tooltip="ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h4 -> Y2005_05_06_02; Y2008_2008X3168A081 [tooltip="Casting Out Demons: Sanitizing Training Data for Anomaly Sensors",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A081 -> Y2005_05_06_02; Y2005_05_02_01 [tooltip="Distributed Detection of Node Replication Attacks in Sensor Networks",shape=box,style=filled,color="#d4202a"]; Y2005_05_02_01 -> Y2004_04_08_02; Y2005_05_04_01 [tooltip="A Generic Attack on Checksumming-Based Software Tamper Resistance",shape=box,style=filled,color="#d4202a"]; Y2005_05_04_01 -> Y2004_04_08_02; Y2005_05_04_03 -> Y2004_04_08_02; Y2009_2009Xoakland2009h12 [tooltip="A Logic of Secure Systems and its Application to Trusted Computing",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h12 -> Y2004_04_08_02; Y2008_2008X3168A296 [tooltip="Cloaker: Hardware Supported Rootkit Concealment",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A296 -> Y2004_04_08_02; Y2006_06_03_01 -> Y2003_03_01_01; Y2007_oakland07h8 [tooltip="DSSS-Based Flow Marking Technique for Invisible Traceback",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h8 -> Y2003_03_01_01; Y2007_oakland07h9 [tooltip="Endorsed E-Cash",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h9 -> Y2003_03_01_01; Y2009_2009Xoakland2009h11 [tooltip="Sphinx: A Compact and Provably Secure Mix Format",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h11 -> Y2003_03_01_01; Y2008_2008X3168A018 [tooltip="Anonymous Networking with Minimum Latency in Multihop Networks",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A018 -> Y2003_03_01_01; Y2004_04_01_01 -> Y2002_02_01_01; Y2005_05_03_03 -> Y2002_02_01_01; Y2009_2009Xoakland2009h02 [tooltip="Tempest in a Teapot: Compromising Reflections Revisited",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h02 -> Y2002_02_01_01; Y2008_2008X3168A158 -> Y2002_02_01_01; Y2008_2008X3168A170 [tooltip="ClearShot: Eavesdropping Keyboard Input from Video",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A170 -> Y2002_02_01_01; Y1986_00044478 -> Y1980_00044725; Y1981_00044692 -> Y1980_00044725; Y1982_00044698 [tooltip="Pooling, Splitting, and Restituting Information to Overcome Total Failure of Some Channels of Communication ",shape=box,style=filled,color="#1120ee"]; Y1982_00044698 -> Y1980_00044725; Y1981_00044701 [tooltip=" The Design of Secure CPU-Multiplexed Computer Systems: The Master/ Slave Architecture",shape=box,style=filled,color="#0820f6"]; Y1981_00044701 -> Y1980_00044725; Y1999_S04_01 [tooltip="Twenty Years of Cryptography in the Open Literature",shape=box,style=filled,color="#a1205d"]; Y1999_S04_01 -> Y1980_00044725; Y1997_00043944 [tooltip="Toward Acceptable Metrics of Authentication",shape=box,style=filled,color="#90206e"]; Y1997_00043944 -> Y1986_00044481; Y1993_00044163 -> Y1986_00044481; Y1992_00044182 -> Y1986_00044481; Y1990_00044345 -> Y1986_00044481; Y1988_00044413 -> Y1986_00044481; Y1995_00044077 -> Y1988_00044413; Y1992_00044183 [tooltip="Integrating Security in a Group Oriented Distributed System",shape=box,style=filled,color="#662099"]; Y1992_00044183 -> Y1988_00044413; Y1991_00044253 -> Y1988_00044413; Y1990_00044284 -> Y1988_00044413; Y1989_00044304 -> Y1988_00044413; Y1996_00044013 [tooltip="A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification",shape=box,style=filled,color="#882077"]; Y1996_00044013 -> Y1988_00044384; Y1992_00044184 -> Y1988_00044384; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1988_00044384; Y1990_00044325 -> Y1988_00044384; Y2004_04_02_01 [tooltip="Access Control by Tracking Shallow Execution History",shape=box,style=filled,color="#cc2033"]; Y2004_04_02_01 -> Y1988_00044384; Y1993_00044160 [tooltip="A Model of Atomicity for Multilevel Transactions",shape=box,style=filled,color="#6e2090"]; Y1993_00044160 -> Y1990_00044381; Y1993_00044161 [tooltip="Achieving Stricter Correctness Requirements in Multilevel Secure Databases",shape=box,style=filled,color="#6e2090"]; Y1993_00044161 -> Y1990_00044381; Y1992_00044204 -> Y1990_00044381; Y1992_00044206 -> Y1990_00044381; Y1990_00044387 -> Y1990_00044381; Y1993_00044141 -> Y1989_00044353; Y1991_00044262 [tooltip="A Pattern-Oriented Intrusion-Detection Model and Its Applications",shape=box,style=filled,color="#5d20a1"]; Y1991_00044262 -> Y1989_00044353; Y1990_00044367 -> Y1989_00044353; Y2000_0006_16 -> Y1989_00044353; Y1999_S05_03 -> Y1989_00044353; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1990_00044345; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1990_00044345; Y1991_00044244 -> Y1990_00044345; Y1991_00044245 -> Y1990_00044345; Y1991_00044246 [tooltip="A System for the Specification and Analysis of Key Management Protocols",shape=box,style=filled,color="#5d20a1"]; Y1991_00044246 -> Y1990_00044345; Y1991_00044244 -> Y1989_00044328; Y1991_00044245 -> Y1989_00044328; Y1991_00044246 [tooltip="A System for the Specification and Analysis of Key Management Protocols",shape=box,style=filled,color="#5d20a1"]; Y1991_00044246 -> Y1989_00044328; Y2005_05_05_01 -> Y1989_00044328; Y2008_2008X3168A202 -> Y1989_00044328; Y1997_00043969 [tooltip="Catalytic Inference Analysis: Detecting Inference Threats Due to Knowledge Discovery",shape=box,style=filled,color="#90206e"]; Y1997_00043969 -> Y1989_00044312; Y1992_00044212 -> Y1989_00044312; Y1991_00044238 -> Y1989_00044312; Y1990_00044316 -> Y1989_00044312; Y1990_00044320 -> Y1989_00044312; Y1997_00043953 -> Y1989_00044306; Y1995_00044047 -> Y1989_00044306; Y1993_00044168 -> Y1989_00044306; Y1992_00044210 [tooltip="An Optimal Solution to the Secure Reader-Writer Problem",shape=box,style=filled,color="#662099"]; Y1992_00044210 -> Y1989_00044306; Y1999_S01_01 -> Y1989_00044306; Y1997_00043945 [tooltip="An Authorization Scheme for Distributed Object Systems",shape=box,style=filled,color="#90206e"]; Y1997_00043945 -> Y1990_00044284; Y1995_00044044 -> Y1990_00044284; Y1992_00044183 [tooltip="Integrating Security in a Group Oriented Distributed System",shape=box,style=filled,color="#662099"]; Y1992_00044183 -> Y1990_00044284; Y1990_00044285 -> Y1990_00044284; Y2004_04_06_01 -> Y1990_00044284; Y1991_00044227 -> Y1990_00044283; Y1991_00044232 -> Y1990_00044283; Y1991_00044236 -> Y1990_00044283; Y1991_00044242 [tooltip="Applying a Theory of Modules and Interfaces to Security Verification",shape=box,style=filled,color="#5d20a1"]; Y1991_00044242 -> Y1990_00044283; Y1999_S07_01 [tooltip="A Multi-Threading Architecture for Multilevel Secure Transaction Processing",shape=box,style=filled,color="#a1205d"]; Y1999_S07_01 -> Y1990_00044283; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1992_00044191; Y1995_00044077 -> Y1992_00044191; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1992_00044191; Y1993_00044164 -> Y1992_00044191; Y2007_oakland07h24 [tooltip="Extended abstract: Provable-Security Analysis of Authenticated Encryption in Kerberos",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h24 -> Y1992_00044191; Y1997_00043983 -> Y1992_00044190; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1992_00044190; Y2001_0101_02 [tooltip="Networked Cryptographic Devices Resilient to Capture (Extended Abstract)",shape=box,style=filled,color="#b2204c"]; Y2001_0101_02 -> Y1992_00044190; Y2005_05_03_03 -> Y1992_00044190; Y1999_S08_01 -> Y1992_00044190; Y2000_0009_24 -> Y1999_S01_03; Y2003_03_07_03 -> Y1999_S01_03; Y2004_04_02_01 [tooltip="Access Control by Tracking Shallow Execution History",shape=box,style=filled,color="#cc2033"]; Y2004_04_02_01 -> Y1999_S01_03; Y2006_06_06_03 [tooltip="Retrofitting Legacy Code for Authorization Policy Enforcement",shape=box,style=filled,color="#dd2022"]; Y2006_06_06_03 -> Y1999_S01_03; Y2000_0006_16 -> Y1999_S01_01; Y2000_0009_23 -> Y1999_S01_01; Y2000_0009_24 -> Y1999_S01_01; Y2001_0105_12 -> Y1999_S01_01; Y2004_04_04_01 [tooltip="An Empirical Analysis of Target-Resident DoS Filters",shape=box,style=filled,color="#cc2033"]; Y2004_04_04_01 -> Y2003_03_03_02; Y2004_04_04_02 -> Y2003_03_03_02; Y2004_04_04_03 [tooltip="SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks",shape=box,style=filled,color="#cc2033"]; Y2004_04_04_03 -> Y2003_03_03_02; Y2006_06_09_03 -> Y2003_03_03_02; Y2003_03_04_03 -> Y2001_0106_15; Y2004_04_03_01 -> Y2001_0106_15; Y2005_05_05_01 -> Y2001_0106_15; Y2006_06_05_03 [tooltip="Simulatable Security and Polynomially Bounded Concurrent Composability",shape=box,style=filled,color="#dd2022"]; Y2006_06_05_03 -> Y2001_0106_15; Y2003_03_02_02 -> Y2001_0105_12; Y2004_04_06_02 -> Y2001_0105_12; Y2005_05_01_02 [tooltip="Efficient Intrusion Detection Using Automaton Inlining",shape=box,style=filled,color="#d4202a"]; Y2005_05_01_02 -> Y2001_0105_12; Y2006_06_02_01 [tooltip="Dataflow Anomaly Detection",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_01 -> Y2001_0105_12; Y2002_02_04_01 -> Y2001_0104_09; Y2002_02_04_02 -> Y2001_0104_09; Y2004_04_06_01 -> Y2001_0104_09; Y2005_05_03_01 [tooltip="Distributed Proving in Access-Control Systems",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_01 -> Y2001_0104_09; Y2004_04_02_01 [tooltip="Access Control by Tracking Shallow Execution History",shape=box,style=filled,color="#cc2033"]; Y2004_04_02_01 -> Y2000_0009_23; Y2007_oakland07h28 -> Y2000_0009_23; Y2009_2009Xoakland2009h15 [tooltip="Non-Interference for a Practical DIFC-Based Operating System",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h15 -> Y2000_0009_23; Y2008_2008X3168A248 [tooltip="Practical Proactive Integrity Preservation: A Basis for Malware Defense",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A248 -> Y2000_0009_23; Y2000_0002_05 -> Y1980_00044729; Y1981_00044701 [tooltip=" The Design of Secure CPU-Multiplexed Computer Systems: The Master/ Slave Architecture",shape=box,style=filled,color="#0820f6"]; Y1981_00044701 -> Y1980_00044729; Y2003_03_06_02 -> Y1980_00044729; Y2005_05_02_01 [tooltip="Distributed Detection of Node Replication Attacks in Sensor Networks",shape=box,style=filled,color="#d4202a"]; Y2005_05_02_01 -> Y1980_00044729; Y1996_00044004 [tooltip="Ensuring Atomicity of Multilevel Transactions",shape=box,style=filled,color="#882077"]; Y1996_00044004 -> Y1983_00044599; Y1996_00044006 [tooltip="View-Based Access Control with High Assurance",shape=box,style=filled,color="#882077"]; Y1996_00044006 -> Y1983_00044599; Y1988_00044399 -> Y1983_00044599; Y1988_00044401 -> Y1983_00044599; Y1995_00044079 [tooltip="The Interrogator Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044079 -> Y1984_00044565; Y1991_00044244 -> Y1984_00044565; Y2005_05_05_01 -> Y1984_00044565; Y2008_2008X3168A202 -> Y1984_00044565; Y1989_00044309 [tooltip="The Incorporation of Multi-Level IPC into UNIX",shape=box,style=filled,color="#4c20b2"]; Y1989_00044309 -> Y1986_00044466; Y1987_00044418 -> Y1986_00044466; Y1987_00044419 [tooltip="The Design of an Effective Auditing Subsystem",shape=box,style=filled,color="#3b20c3"]; Y1987_00044419 -> Y1986_00044466; Y1987_00044423 -> Y1986_00044466; Y1993_00044167 -> Y1988_00044437; Y1992_00044212 -> Y1988_00044437; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1988_00044437; Y1990_00044391 -> Y1988_00044437; Y1995_00044058 [tooltip="The Semantics and Expressive Power of the MLR Data Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044058 -> Y1988_00044433; Y1991_00044257 -> Y1988_00044433; Y1990_00044318 -> Y1988_00044433; Y1990_00044320 -> Y1988_00044433; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1988_00044428; Y1991_00044244 -> Y1988_00044428; Y1991_00044245 -> Y1988_00044428; Y1991_00044246 [tooltip="A System for the Specification and Analysis of Key Management Protocols",shape=box,style=filled,color="#5d20a1"]; Y1991_00044246 -> Y1988_00044428; Y1996_00044013 [tooltip="A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification",shape=box,style=filled,color="#882077"]; Y1996_00044013 -> Y1987_00044421; Y1991_00044238 -> Y1987_00044421; Y1990_00044333 -> Y1987_00044421; Y1987_00044418 -> Y1987_00044421; Y1993_00044160 [tooltip="A Model of Atomicity for Multilevel Transactions",shape=box,style=filled,color="#6e2090"]; Y1993_00044160 -> Y1990_00044387; Y1993_00044161 [tooltip="Achieving Stricter Correctness Requirements in Multilevel Secure Databases",shape=box,style=filled,color="#6e2090"]; Y1993_00044161 -> Y1990_00044387; Y1992_00044204 -> Y1990_00044387; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1990_00044387; Y1994_00044103 -> Y1989_00044347; Y1992_00044201 -> Y1989_00044347; Y2001_0103_07 -> Y1989_00044347; Y2009_2009Xoakland2009h15 [tooltip="Non-Interference for a Practical DIFC-Based Operating System",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h15 -> Y1989_00044347; Y1995_00044071 -> Y1992_00044206; Y1994_00044107 -> Y1992_00044206; Y1993_00044160 [tooltip="A Model of Atomicity for Multilevel Transactions",shape=box,style=filled,color="#6e2090"]; Y1993_00044160 -> Y1992_00044206; Y1993_00044161 [tooltip="Achieving Stricter Correctness Requirements in Multilevel Secure Databases",shape=box,style=filled,color="#6e2090"]; Y1993_00044161 -> Y1992_00044206; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1993_00044165; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1993_00044165; Y2006_06_05_01 -> Y1993_00044165; Y2008_2008X3168A417 [tooltip="Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A417 -> Y1993_00044165; Y1997_00043968 -> Y1993_00044141; Y1994_00044117 [tooltip="A Secure Group Membership Protocol",shape=box,style=filled,color="#772088"]; Y1994_00044117 -> Y1993_00044141; Y2002_02_06_01 -> Y1993_00044141; Y1999_S01_01 -> Y1993_00044141; Y1996_00043992 [tooltip="An Analysis of the Timed Z-Channel",shape=box,style=filled,color="#882077"]; Y1996_00043992 -> Y1994_00044099; Y1995_00044060 -> Y1994_00044099; Y1995_00044070 [tooltip="Capacity Estimation and Auditibility of Network Covert Channels",shape=box,style=filled,color="#7f207f"]; Y1995_00044070 -> Y1994_00044099; Y2007_oakland07h17 [tooltip="Information Flow in the Peer-Reviewing Process (Extended Abstract)",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h17 -> Y1994_00044099; Y1996_00043992 [tooltip="An Analysis of the Timed Z-Channel",shape=box,style=filled,color="#882077"]; Y1996_00043992 -> Y1995_00044060; Y2003_03_04_03 -> Y1995_00044060; Y2009_2009Xoakland2009h05 [tooltip="Quantifying Information Leaks in Outbound Web Traffic",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h05 -> Y1995_00044060; Y2008_2008X3168A311 [tooltip="Predictable Design of Network-Based Covert Communication Systems",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A311 -> Y1995_00044060; Y1998_00043905 -> Y1996_00044020; Y1997_00043960 [tooltip="Ensuring Assurance in Mobile Computing",shape=box,style=filled,color="#90206e"]; Y1997_00043960 -> Y1996_00044020; Y2003_03_05_02 [tooltip="Using Memory Errors to Attack a Virtual Machine",shape=box,style=filled,color="#c3203b"]; Y2003_03_05_02 -> Y1996_00044020; Y1999_S01_03 -> Y1996_00044020; Y1998_00043902 [tooltip="Composing Partially-Specified Systems",shape=box,style=filled,color="#992066"]; Y1998_00043902 -> Y1997_00043957; Y2001_0103_07 -> Y1997_00043957; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y1997_00043957; Y2003_03_04_03 -> Y1997_00043957; Y2000_0009_24 -> Y1998_00043905; Y2004_04_06_01 -> Y1998_00043905; Y1999_S03_02 -> Y1998_00043905; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y1998_00043905; Y2001_0108_18 -> Y2000_0002_05; Y2002_02_07_01 -> Y2000_0002_05; Y2004_04_07_02 [tooltip="On-the-Fly Verification of Rateless Erasure Codes for Efficient Content Distribution",shape=box,style=filled,color="#cc2033"]; Y2004_04_07_02 -> Y2000_0002_05; Y2004_04_07_03 [tooltip="Multicast Authentication in Fully Adversarial Networks",shape=box,style=filled,color="#cc2033"]; Y2004_04_07_03 -> Y2000_0002_05; Y2005_05_01_03 -> Y1999_S03_02; Y2006_06_07_04 -> Y1999_S03_02; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y1999_S03_02; Y2006_06_02_03 -> Y2006_06_09_01; Y2008_2008X3168A233 [tooltip="Lares: An Architecture for Secure Active Monitoring Using Virtualization",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A233 -> Y2006_06_09_01; Y2008_2008X3168A296 [tooltip="Cloaker: Hardware Supported Rootkit Concealment",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A296 -> Y2006_06_09_01; Y2007_oakland07h11 -> Y2006_06_01_01; Y2008_2008X3168A143 [tooltip="Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A143 -> Y2006_06_01_01; Y2008_2008X3168A187 [tooltip="XFA: Faster Signature Matching with Extended Automata",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A187 -> Y2006_06_01_01; Y2006_06_03_01 -> Y2005_05_05_02; Y2006_06_09_03 -> Y2005_05_05_02; Y2007_oakland07h21 [tooltip="Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h21 -> Y2005_05_05_02; Y2006_06_08_04 [tooltip="Secure Device Pairing Based on a Visual Channel",shape=box,style=filled,color="#dd2022"]; Y2006_06_08_04 -> Y2005_05_03_03; Y2008_2008X3168A064 [tooltip="Jamming-resistant Key Establishment Using Uncoordinated Frequency Hopping",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A064 -> Y2005_05_03_03; Y2008_2008X3168A129 [tooltip="Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A129 -> Y2005_05_03_03; Y2006_06_01_03 [tooltip="Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience",shape=box,style=filled,color="#dd2022"]; Y2006_06_01_03 -> Y2005_05_01_03; Y2006_06_07_04 -> Y2005_05_01_03; Y2007_oakland07h11 -> Y2005_05_01_03; Y2009_2009Xoakland2009h02 [tooltip="Tempest in a Teapot: Compromising Reflections Revisited",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h02 -> Y2004_04_01_01; Y2008_2008X3168A158 -> Y2004_04_01_01; Y2008_2008X3168A170 [tooltip="ClearShot: Eavesdropping Keyboard Input from Video",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A170 -> Y2004_04_01_01; Y2004_04_03_02 -> Y2003_03_04_03; Y2005_05_05_01 -> Y2003_03_04_03; Y2006_06_05_03 [tooltip="Simulatable Security and Polynomially Bounded Concurrent Composability",shape=box,style=filled,color="#dd2022"]; Y2006_06_05_03 -> Y2003_03_04_03; Y2004_04_06_02 -> Y2003_03_02_02; Y2005_05_01_02 [tooltip="Efficient Intrusion Detection Using Automaton Inlining",shape=box,style=filled,color="#d4202a"]; Y2005_05_01_02 -> Y2003_03_02_02; Y2006_06_02_01 [tooltip="Dataflow Anomaly Detection",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_01 -> Y2003_03_02_02; Y2006_06_02_02 [tooltip="A Framework for the Evaluation of Intrusion Detection Systems",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_02 -> Y2003_03_02_01; Y2008_2008X3168A096 [tooltip="Efficient and Robust TCP Stream Normalization",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A096 -> Y2003_03_02_01; Y2008_2008X3168A187 [tooltip="XFA: Faster Signature Matching with Extended Automata",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A187 -> Y2003_03_02_01; Y2005_05_01_03 -> Y2002_02_05_02; Y2006_06_07_04 -> Y2002_02_05_02; Y2009_2009Xoakland2009h06 [tooltip="Exploiting Unix File-System Races via Algorithmic Complexity Attacks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h06 -> Y2002_02_05_02; Y2003_03_04_02 -> Y2002_02_04_02; Y2004_04_05_01 [tooltip="Safety in Automated Trust Negotiation",shape=box,style=filled,color="#cc2033"]; Y2004_04_05_01 -> Y2002_02_04_02; Y2005_05_03_01 [tooltip="Distributed Proving in Access-Control Systems",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_01 -> Y2002_02_04_02; Y2002_02_07_01 -> Y2001_0108_18; Y2004_04_07_02 [tooltip="On-the-Fly Verification of Rateless Erasure Codes for Efficient Content Distribution",shape=box,style=filled,color="#cc2033"]; Y2004_04_07_02 -> Y2001_0108_18; Y2004_04_07_03 [tooltip="Multicast Authentication in Fully Adversarial Networks",shape=box,style=filled,color="#cc2033"]; Y2004_04_07_03 -> Y2001_0108_18; Y2004_04_02_01 [tooltip="Access Control by Tracking Shallow Execution History",shape=box,style=filled,color="#cc2033"]; Y2004_04_02_01 -> Y2000_0009_24; Y2005_05_01_03 -> Y2000_0009_24; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y2000_0009_24; Y1991_00044238 -> Y1981_00044673; Y1988_00044410 -> Y1981_00044673; Y1984_00044543 [tooltip="Toward an Understanding of Extensible Architectures for Evaluated Trusted Computer System Products",shape=box,style=filled,color="#2220dd"]; Y1984_00044543 -> Y1981_00044673; Y1991_00044237 -> Y1985_00044624; Y1990_00044319 -> Y1985_00044624; Y2005_05_03_02 [tooltip="On Safety in Discretionary Access Control",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_02 -> Y1985_00044624; Y1995_00044079 [tooltip="The Interrogator Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044079 -> Y1985_00044589; Y1991_00044246 [tooltip="A System for the Specification and Analysis of Key Management Protocols",shape=box,style=filled,color="#5d20a1"]; Y1991_00044246 -> Y1985_00044589; Y1987_00044491 -> Y1985_00044589; Y1991_00044235 [tooltip="Modeling Nondisclosure in Terms of the Subject-Instruction Stream",shape=box,style=filled,color="#5d20a1"]; Y1991_00044235 -> Y1984_00044576; Y1989_00044301 [tooltip="Symbol Security Condition Considered Harmful",shape=box,style=filled,color="#4c20b2"]; Y1989_00044301 -> Y1984_00044576; Y1990_00044325 -> Y1984_00044576; Y1992_00044215 -> Y1984_00044545; Y1986_00044471 [tooltip="Encrypted Database Design: Specialized Approaches",shape=box,style=filled,color="#3320cc"]; Y1986_00044471 -> Y1984_00044545; Y1987_00044496 [tooltip="A Basis for Secure Communication in Large Distributed Systems",shape=box,style=filled,color="#3b20c3"]; Y1987_00044496 -> Y1984_00044545; Y1989_00044309 [tooltip="The Incorporation of Multi-Level IPC into UNIX",shape=box,style=filled,color="#4c20b2"]; Y1989_00044309 -> Y1984_00044540; Y1987_00044418 -> Y1984_00044540; Y1985_00044615 [tooltip="Design Overview for Retrofitting Integrity-Lock Architecture onto a Commercial DBMS",shape=box,style=filled,color="#2a20d4"]; Y1985_00044615 -> Y1984_00044540; Y1994_00044115 [tooltip="Elimination of Inference Channels by Optimal Upgrading",shape=box,style=filled,color="#772088"]; Y1994_00044115 -> Y1987_00044505; Y1988_00044403 -> Y1987_00044505; Y1988_00044437 -> Y1987_00044505; Y1996_00044006 [tooltip="View-Based Access Control with High Assurance",shape=box,style=filled,color="#882077"]; Y1996_00044006 -> Y1987_00044504; Y1990_00044320 -> Y1987_00044504; Y1988_00044399 -> Y1987_00044504; Y1995_00044053 [tooltip="Absorbing Covers and Intransitive Non-Interference",shape=box,style=filled,color="#7f207f"]; Y1995_00044053 -> Y1986_00044483; Y1986_00044451 -> Y1986_00044483; Y1987_00044484 [tooltip="A Graph-Theoretic Formulation of Multilevel Secure Distributed Systems: An Overview",shape=box,style=filled,color="#3b20c3"]; Y1987_00044484 -> Y1986_00044483; Y1996_00044020 -> Y1987_00044423; Y1989_00044359 [tooltip="A Proposal for a Verfication-Based Virus Filter",shape=box,style=filled,color="#4c20b2"]; Y1989_00044359 -> Y1987_00044423; Y2000_0006_16 -> Y1987_00044423; Y1989_00044308 [tooltip="Policy vs. Mechanism in the Secure TUNIS Operating System",shape=box,style=filled,color="#4c20b2"]; Y1989_00044308 -> Y1987_00044418; Y1988_00044412 [tooltip="The Trusted Path between SMITE and the User",shape=box,style=filled,color="#4420bb"]; Y1988_00044412 -> Y1987_00044418; Y1987_00044419 [tooltip="The Design of an Effective Auditing Subsystem",shape=box,style=filled,color="#3b20c3"]; Y1987_00044419 -> Y1987_00044418; Y1997_00043969 [tooltip="Catalytic Inference Analysis: Detecting Inference Threats Due to Knowledge Discovery",shape=box,style=filled,color="#90206e"]; Y1997_00043969 -> Y1988_00044403; Y1988_00044399 -> Y1988_00044403; Y1999_S02_01 [tooltip="Local Reconfiguration Policies",shape=box,style=filled,color="#a1205d"]; Y1999_S02_01 -> Y1988_00044403; Y1996_00044006 [tooltip="View-Based Access Control with High Assurance",shape=box,style=filled,color="#882077"]; Y1996_00044006 -> Y1988_00044401; Y1990_00044391 -> Y1988_00044401; Y1988_00044399 -> Y1988_00044401; Y1996_00044006 [tooltip="View-Based Access Control with High Assurance",shape=box,style=filled,color="#882077"]; Y1996_00044006 -> Y1988_00044399; Y1988_00044401 -> Y1988_00044399; Y1999_S07_02 [tooltip="Specification and Enforcement of Classification and Inference Constraints ",shape=box,style=filled,color="#a1205d"]; Y1999_S07_02 -> Y1988_00044399; Y1991_00044262 [tooltip="A Pattern-Oriented Intrusion-Detection Model and Its Applications",shape=box,style=filled,color="#5d20a1"]; Y1991_00044262 -> Y1990_00044367; Y2000_0006_16 -> Y1990_00044367; Y2004_04_06_02 -> Y1990_00044367; Y1998_00043926 -> Y1990_00044333; Y1992_00044194 -> Y1990_00044333; Y1991_00044237 -> Y1990_00044333; Y1991_00044266 -> Y1990_00044324; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1990_00044324; Y2001_0103_06 [tooltip="On Confidentiality and Algorithms",shape=box,style=filled,color="#b2204c"]; Y2001_0103_06 -> Y1990_00044324; Y1996_00044013 [tooltip="A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification",shape=box,style=filled,color="#882077"]; Y1996_00044013 -> Y1990_00044316; Y1991_00044238 -> Y1990_00044316; Y1999_S02_01 [tooltip="Local Reconfiguration Policies",shape=box,style=filled,color="#a1205d"]; Y1999_S02_01 -> Y1990_00044316; Y1996_00044009 [tooltip="An Immunological Approach to Change Detection: Algorithms, Analysis and Implications",shape=box,style=filled,color="#882077"]; Y1996_00044009 -> Y1994_00044264; Y1999_S01_01 -> Y1994_00044264; Y2008_2008X3168A233 [tooltip="Lares: An Architecture for Secure Active Monitoring Using Virtualization",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A233 -> Y1994_00044264; Y1998_00043918 -> Y1991_00044232; Y1997_00043952 [tooltip="The Design and Implementation of a Multilevel Secure Log Manager",shape=box,style=filled,color="#90206e"]; Y1997_00043952 -> Y1991_00044232; Y1991_00044227 -> Y1991_00044232; Y1994_00044094 -> Y1992_00044192; Y1994_00044109 -> Y1992_00044192; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1992_00044192; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1993_00044164; Y1994_00044092 -> Y1993_00044164; Y1994_00044110 [tooltip="Generating Formal Cryptographic Protocol Specifications",shape=box,style=filled,color="#772088"]; Y1994_00044110 -> Y1993_00044164; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1994_00044109; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1994_00044109; Y2002_02_04_01 -> Y1994_00044109; Y2003_03_03_02 -> Y1997_00043978; Y2004_04_01_02 [tooltip="Effects of Mobility and Multihoming on Transport-Protocol Security",shape=box,style=filled,color="#cc2033"]; Y2004_04_01_02 -> Y1997_00043978; Y1999_S05_03 -> Y1997_00043978; Y2000_0006_16 -> Y1997_00043968; Y2001_0105_13 -> Y1997_00043968; Y1999_S01_01 -> Y1997_00043968; Y2005_05_06_03 [tooltip="Worm Origin Identification Using Random Moonwalks",shape=box,style=filled,color="#d4202a"]; Y2005_05_06_03 -> Y2000_0002_04; Y2006_06_03_05 -> Y2000_0002_04; Y2007_oakland07h20 [tooltip="Multi-Dimensional Range Query over Encrypted Data",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h20 -> Y2000_0002_04; Y2001_0104_09 -> Y2000_0001_03; Y2002_02_04_01 -> Y2000_0001_03; Y2002_02_04_02 -> Y2000_0001_03; Y2009_2009Xoakland2009h07 [tooltip="Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h07 -> Y2007_oakland07h26; Y2009_2009Xoakland2009h20 [tooltip="",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h20 -> Y2007_oakland07h26; Y2009_2009Xoakland2009h21 [tooltip="Automatic Reverse Engineering of Malware Emulators",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h21 -> Y2007_oakland07h11; Y2008_2008X3168A233 [tooltip="Lares: An Architecture for Secure Active Monitoring Using Virtualization",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A233 -> Y2007_oakland07h11; Y2009_2009Xoakland2009h07 [tooltip="Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h07 -> Y2007_oakland07h0; Y2008_2008X3168A402 [tooltip="Secure Web Browsing with the OP Web Browser",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A402 -> Y2007_oakland07h0; Y2006_06_06_02 -> Y1999_S01_02; Y2007_oakland07h23 [tooltip="On the Safety and Efficiency of Firewall Policy Deployment",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h23 -> Y1999_S01_02; Y2009_2009Xoakland2009h02 [tooltip="Tempest in a Teapot: Compromising Reflections Revisited",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h02 -> Y2008_2008X3168A158; Y2008_2008X3168A170 [tooltip="ClearShot: Eavesdropping Keyboard Input from Video",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A170 -> Y2008_2008X3168A158; Y2007_oakland07h0 -> Y2006_06_10_01; Y2008_2008X3168A402 [tooltip="Secure Web Browsing with the OP Web Browser",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A402 -> Y2006_06_10_01; Y2007_oakland07h21 [tooltip="Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h21 -> Y2006_06_09_03; Y2007_oakland07h8 [tooltip="DSSS-Based Flow Marking Technique for Invisible Traceback",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h8 -> Y2006_06_09_03; Y2009_2009Xoakland2009h17 [tooltip="Blueprint: Precise Browser-Neutral Prevention of Cross-site Scripting Attacks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h17 -> Y2006_06_07_03; Y2008_2008X3168A387 -> Y2006_06_07_03; Y2006_06_01_03 [tooltip="Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience",shape=box,style=filled,color="#dd2022"]; Y2006_06_01_03 -> Y2006_06_01_02; Y2007_oakland07h4 [tooltip="ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h4 -> Y2006_06_01_02; Y2006_06_05_01 -> Y2005_05_05_01; Y2006_06_05_03 [tooltip="Simulatable Security and Polynomially Bounded Concurrent Composability",shape=box,style=filled,color="#dd2022"]; Y2006_06_05_03 -> Y2005_05_05_01; Y2005_05_06_03 [tooltip="Worm Origin Identification Using Random Moonwalks",shape=box,style=filled,color="#d4202a"]; Y2005_05_06_03 -> Y2004_04_07_01; Y2006_06_02_02 [tooltip="A Framework for the Evaluation of Intrusion Detection Systems",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_02 -> Y2004_04_07_01; Y2005_05_01_02 [tooltip="Efficient Intrusion Detection Using Automaton Inlining",shape=box,style=filled,color="#d4202a"]; Y2005_05_01_02 -> Y2004_04_06_02; Y2006_06_02_01 [tooltip="Dataflow Anomaly Detection",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_01 -> Y2004_04_06_02; Y2006_06_10_02 [tooltip="Tamper-Evident, History-Independent, Subliminal-Free Data Structures on PROM Storage -or- How to Store Ballots on a Voting Machine",shape=box,style=filled,color="#dd2022"]; Y2006_06_10_02 -> Y2004_04_01_03; Y2008_2008X3168A354 -> Y2004_04_01_03; Y2005_05_02_01 [tooltip="Distributed Detection of Node Replication Attacks in Sensor Networks",shape=box,style=filled,color="#d4202a"]; Y2005_05_02_01 -> Y2003_03_06_02; Y2005_05_05_03 [tooltip="Leap-Frog Packet Linking and Diverse Key Distributions for Improved Integrity in Network Broadcasts",shape=box,style=filled,color="#d4202a"]; Y2005_05_05_03 -> Y2003_03_06_02; Y2004_04_05_01 [tooltip="Safety in Automated Trust Negotiation",shape=box,style=filled,color="#cc2033"]; Y2004_04_05_01 -> Y2003_03_04_01; Y2007_oakland07h6 [tooltip="Ciphertext-Policy Attribute-Based Encryption",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h6 -> Y2003_03_04_01; Y2006_06_03_01 -> Y2003_03_01_03; Y2006_06_09_03 -> Y2003_03_01_03; Y2005_05_05_02 -> Y2003_03_01_02; Y2006_06_03_01 -> Y2003_03_01_02; Y2003_03_01_03 -> Y2002_02_02_02; Y2007_oakland07h21 [tooltip="Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h21 -> Y2002_02_02_02; Y2007_oakland07h21 [tooltip="Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h21 -> Y2002_02_01_02; Y2008_2008X3168A035 [tooltip="Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A035 -> Y2002_02_01_02; Y2002_02_03_02 [tooltip="On the Composition of Secure Systems",shape=box,style=filled,color="#bb2044"]; Y2002_02_03_02 -> Y2001_0103_07; Y2009_2009Xoakland2009h15 [tooltip="Non-Interference for a Practical DIFC-Based Operating System",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h15 -> Y2001_0103_07; Y2001_0108_19 -> Y2000_0008_22; Y2002_02_07_02 [tooltip="Self-Healing Key Distribution with Revocation",shape=box,style=filled,color="#bb2044"]; Y2002_02_07_02 -> Y2000_0008_22; Y2000_0007_17 -> Y2000_0007_19; Y2006_06_06_02 -> Y2000_0007_19; Y1981_00044692 -> Y1980_00044727; Y1982_00044698 [tooltip="Pooling, Splitting, and Restituting Information to Overcome Total Failure of Some Channels of Communication ",shape=box,style=filled,color="#1120ee"]; Y1982_00044698 -> Y1980_00044727; Y1983_00044606 [tooltip="Verification of Treaty Compliance -- Revisited",shape=box,style=filled,color="#1920e5"]; Y1983_00044606 -> Y1980_00044723; Y1981_00044701 [tooltip=" The Design of Secure CPU-Multiplexed Computer Systems: The Master/ Slave Architecture",shape=box,style=filled,color="#0820f6"]; Y1981_00044701 -> Y1980_00044723; Y1995_00044079 [tooltip="The Interrogator Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044079 -> Y1982_00044679; Y1985_00044589 -> Y1982_00044679; Y1989_00044301 [tooltip="Symbol Security Condition Considered Harmful",shape=box,style=filled,color="#4c20b2"]; Y1989_00044301 -> Y1982_00044668; Y1983_00044652 -> Y1982_00044668; Y1992_00044195 -> Y1983_00044651; Y1988_00044426 [tooltip="A Formal Specification and Verification Method for the Prevention of Denial of Service",shape=box,style=filled,color="#4420bb"]; Y1988_00044426 -> Y1983_00044651; Y1988_00044385 -> Y1984_00044575; Y1987_00044489 -> Y1984_00044575; Y1991_00044242 [tooltip="Applying a Theory of Modules and Interfaces to Security Verification",shape=box,style=filled,color="#5d20a1"]; Y1991_00044242 -> Y1985_00044571; Y1986_00044480 [tooltip="Factors Affecting Distributed System Security",shape=box,style=filled,color="#3320cc"]; Y1986_00044480 -> Y1985_00044571; Y1986_00044471 [tooltip="Encrypted Database Design: Specialized Approaches",shape=box,style=filled,color="#3320cc"]; Y1986_00044471 -> Y1984_00044546; Y1985_00044615 [tooltip="Design Overview for Retrofitting Integrity-Lock Architecture onto a Commercial DBMS",shape=box,style=filled,color="#2a20d4"]; Y1985_00044615 -> Y1984_00044546; Y1988_00044408 -> Y1987_00044509; Y1988_00044437 -> Y1987_00044509; Y1997_00043957 -> Y1987_00044488; Y1988_00044386 -> Y1987_00044488; Y1991_00044240 -> Y1986_00044478; Y2002_02_06_04 [tooltip="Intrusion-Tolerant Enclaves",shape=box,style=filled,color="#bb2044"]; Y2002_02_06_04 -> Y1986_00044478; Y1990_00044285 -> Y1986_00044459; Y1990_00044337 -> Y1986_00044459; Y1990_00044325 -> Y1986_00044451; Y1987_00044484 [tooltip="A Graph-Theoretic Formulation of Multilevel Secure Distributed Systems: An Overview",shape=box,style=filled,color="#3b20c3"]; Y1987_00044484 -> Y1986_00044451; Y1990_00044318 -> Y1988_00044435; Y1990_00044320 -> Y1988_00044435; Y1990_00044288 [tooltip="The Army Secure Operating System",shape=box,style=filled,color="#5520aa"]; Y1990_00044288 -> Y1990_00044372; Y1990_00044297 -> Y1990_00044372; Y1995_00044070 [tooltip="Capacity Estimation and Auditibility of Network Covert Channels",shape=box,style=filled,color="#7f207f"]; Y1995_00044070 -> Y1990_00044369; Y1991_00044262 [tooltip="A Pattern-Oriented Intrusion-Detection Model and Its Applications",shape=box,style=filled,color="#5d20a1"]; Y1991_00044262 -> Y1990_00044369; Y1995_00044047 -> Y1989_00044351; Y1991_00044249 [tooltip="On the Buzzword Security Policy",shape=box,style=filled,color="#5d20a1"]; Y1991_00044249 -> Y1989_00044351; Y1992_00044196 -> Y1989_00044349; Y1994_00044269 [tooltip="On the Minimality of Testing for Rights in Transformation Models",shape=box,style=filled,color="#772088"]; Y1994_00044269 -> Y1989_00044349; Y1991_00044249 [tooltip="On the Buzzword Security Policy",shape=box,style=filled,color="#5d20a1"]; Y1991_00044249 -> Y1990_00044337; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1990_00044337; Y1995_00044047 -> Y1989_00044332; Y1993_00044168 -> Y1989_00044332; Y1996_00043993 [tooltip="Defining Noninterference in the Temporal Logic of Actions",shape=box,style=filled,color="#882077"]; Y1996_00043993 -> Y1990_00044323; Y1995_00044053 [tooltip="Absorbing Covers and Intransitive Non-Interference",shape=box,style=filled,color="#7f207f"]; Y1995_00044053 -> Y1990_00044323; Y1995_00044047 -> Y1990_00044319; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1990_00044319; Y1995_00044044 -> Y1990_00044285; Y1991_00044251 -> Y1990_00044285; Y1994_00044099 -> Y1991_00044266; Y1992_00044187 [tooltip="The Influence of Delay Upon an Idealized Channel's Bandwidth",shape=box,style=filled,color="#662099"]; Y1992_00044187 -> Y1991_00044266; Y2000_0006_16 -> Y1991_00044259; Y1999_S05_03 -> Y1991_00044259; Y1995_00044058 [tooltip="The Semantics and Expressive Power of the MLR Data Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044058 -> Y1991_00044257; Y1992_00044213 [tooltip="A "Natural" Decomposition of Multi-level Relations",shape=box,style=filled,color="#662099"]; Y1992_00044213 -> Y1991_00044257; Y1994_00044109 -> Y1991_00044253; Y1994_00044267 -> Y1991_00044253; Y1992_00044182 -> Y1991_00044251; Y1992_00044190 -> Y1991_00044251; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1991_00044245; Y1991_00044244 -> Y1991_00044245; Y1997_00043945 [tooltip="An Authorization Scheme for Distributed Object Systems",shape=box,style=filled,color="#90206e"]; Y1997_00043945 -> Y1991_00044240; Y2002_02_06_04 [tooltip="Intrusion-Tolerant Enclaves",shape=box,style=filled,color="#bb2044"]; Y2002_02_06_04 -> Y1991_00044240; Y1992_00044194 -> Y1991_00044237; Y2005_05_03_02 [tooltip="On Safety in Discretionary Access Control",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_02 -> Y1991_00044237; Y1997_00043960 [tooltip="Ensuring Assurance in Mobile Computing",shape=box,style=filled,color="#90206e"]; Y1997_00043960 -> Y1992_00044212; Y1994_00044107 -> Y1992_00044212; Y1996_00044013 [tooltip="A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification",shape=box,style=filled,color="#882077"]; Y1996_00044013 -> Y1994_00044107; Y2003_03_07_05 [tooltip="Garbage Collector Memory Accounting in Language-Based Systems",shape=box,style=filled,color="#c3203b"]; Y2003_03_07_05 -> Y1994_00044107; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1994_00044094; Y1995_00044079 [tooltip="The Interrogator Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044079 -> Y1994_00044094; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1995_00044077; Y2001_0104_10 [tooltip="Formal Treatment of Certificate Revocation Under Communal Access Control",shape=box,style=filled,color="#b2204c"]; Y2001_0104_10 -> Y1995_00044077; Y1997_00043975 [tooltip="Access Control for the SPIN Extensible Operating System",shape=box,style=filled,color="#90206e"]; Y1997_00043975 -> Y1995_00044047; Y2007_oakland07h28 -> Y1995_00044047; Y1997_00043960 [tooltip="Ensuring Assurance in Mobile Computing",shape=box,style=filled,color="#90206e"]; Y1997_00043960 -> Y1995_00044044; Y1996_00044022 -> Y1995_00044044; Y2005_05_06_03 [tooltip="Worm Origin Identification Using Random Moonwalks",shape=box,style=filled,color="#d4202a"]; Y2005_05_06_03 -> Y1995_00044043; Y2006_06_09_03 -> Y1995_00044043; Y1998_00043905 -> Y1996_00044022; Y1999_S03_01 [tooltip="Secure Communications Processing for Distributed Languages",shape=box,style=filled,color="#a1205d"]; Y1999_S03_01 -> Y1996_00044022; Y2003_03_05_01 [tooltip="Specifying and Verifying Hardware for Tamper-Resistant Software",shape=box,style=filled,color="#c3203b"]; Y2003_03_05_01 -> Y1996_00044016; Y2005_05_05_01 -> Y1996_00044016; Y1997_00043958 [tooltip="Analyzing Consistency of Security Policies",shape=box,style=filled,color="#90206e"]; Y1997_00043958 -> Y1996_00044007; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1996_00044007; Y1998_00043908 [tooltip="Efficient and Practical Fair Exchange Protocols with Off-Line TTP",shape=box,style=filled,color="#992066"]; Y1998_00043908 -> Y1996_00044001; Y1996_00044000 [tooltip="What Do We Mean by Entity Authentication?",shape=box,style=filled,color="#882077"]; Y1996_00044000 -> Y1996_00044001; Y2000_0001_03 -> Y1996_00043998; Y2000_0003_07 [tooltip="Privacy Technology Lessons from Healthcare",shape=box,style=filled,color="#aa2055"]; Y2000_0003_07 -> Y1996_00043998; Y2000_0007_17 -> Y1997_00043964; Y2003_03_05_01 [tooltip="Specifying and Verifying Hardware for Tamper-Resistant Software",shape=box,style=filled,color="#c3203b"]; Y2003_03_05_01 -> Y1997_00043964; Y1998_00043902 [tooltip="Composing Partially-Specified Systems",shape=box,style=filled,color="#992066"]; Y1998_00043902 -> Y1997_00043962; Y2006_06_06_02 -> Y1997_00043962; Y2004_04_03_02 -> Y1998_00043926; Y2004_04_06_01 -> Y1998_00043926; Y1999_S03_01 [tooltip="Secure Communications Processing for Distributed Languages",shape=box,style=filled,color="#a1205d"]; Y1999_S03_01 -> Y1998_00043923; Y2008_2008X3168A202 -> Y1998_00043923; Y2001_0107_16 [tooltip="Cryptographic Key Generation from Voice (Extended Abstract)",shape=box,style=filled,color="#b2204c"]; Y2001_0107_16 -> Y1998_00043921; Y2009_2009Xoakland2009h22 [tooltip="Privacy Weaknesses in Biometric Sketches",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h22 -> Y1998_00043921; Y2000_0006_15 [tooltip="Using Conservation of Flow as a Security Mechanism in Network Protocols",shape=box,style=filled,color="#aa2055"]; Y2000_0006_15 -> Y1998_00043917; Y2005_05_05_03 [tooltip="Leap-Frog Packet Linking and Diverse Key Distributions for Improved Integrity in Network Broadcasts",shape=box,style=filled,color="#d4202a"]; Y2005_05_05_03 -> Y1998_00043917; Y2001_0104_09 -> Y1998_00043900; Y2001_0104_10 [tooltip="Formal Treatment of Certificate Revocation Under Communal Access Control",shape=box,style=filled,color="#b2204c"]; Y2001_0104_10 -> Y1998_00043900; Y2001_0104_08 [tooltip="Understanding Trust Management Systems",shape=box,style=filled,color="#b2204c"]; Y2001_0104_08 -> Y2000_0001_02; Y2005_05_03_01 [tooltip="Distributed Proving in Access-Control Systems",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_01 -> Y2000_0001_02; Y2009_2009Xoakland2009h01 [tooltip="Plaintext Recovery Attacks Against SSH",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h01 -> Y2007_oakland07h3; Y2008_2008X3168A248 [tooltip="Practical Proactive Integrity Preservation: A Basis for Malware Defense",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A248 -> Y2007_oakland07h28; Y2001_0101_02 [tooltip="Networked Cryptographic Devices Resilient to Capture (Extended Abstract)",shape=box,style=filled,color="#b2204c"]; Y2001_0101_02 -> Y1999_S08_01; Y2000_0006_16 -> Y1999_S05_03; Y2008_2008X3168A311 [tooltip="Predictable Design of Network-Based Covert Communication Systems",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A311 -> Y1999_S04_04; Y2009_2009Xoakland2009h17 [tooltip="Blueprint: Precise Browser-Neutral Prevention of Cross-site Scripting Attacks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h17 -> Y2008_2008X3168A387; Y2009_2009Xoakland2009h16 [tooltip="An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h16 -> Y2008_2008X3168A354; Y2009_2009Xoakland2009h03 [tooltip="Automatic Discovery and Quantification of Information Leaks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h03 -> Y2008_2008X3168A339; Y2009_2009Xoakland2009h14 [tooltip="The Mastermind Attack on Genomic Data",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h14 -> Y2008_2008X3168A216; Y2009_2009Xoakland2009h16 [tooltip="An Epistemic Approach to Coercion-Resistance for Electronic Voting Protocols",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h16 -> Y2008_2008X3168A202; Y2009_2009Xoakland2009h07 [tooltip="Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h07 -> Y2006_06_10_04; Y2007_oakland07h18 [tooltip="Lurking in the Shadows: Identifying Systemic Threats to Kernel Data",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h18 -> Y2006_06_10_03; Y2007_oakland07h7 [tooltip="Cryptanalysis of a Cognitive Authentication Scheme",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h7 -> Y2006_06_08_02; Y2007_oakland07h11 -> Y2006_06_07_04; Y2009_2009Xoakland2009h09 [tooltip="Prospex: Protocol Specification Extraction",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h09 -> Y2006_06_07_02; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y2006_06_07_01; Y2007_oakland07h23 [tooltip="On the Safety and Efficiency of Firewall Policy Deployment",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h23 -> Y2006_06_06_02; Y2009_2009Xoakland2009h26 [tooltip="Formally Certifying the Security of Digital Signature Schemes",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h26 -> Y2006_06_05_01; Y2007_oakland07h20 [tooltip="Multi-Dimensional Range Query over Encrypted Data",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h20 -> Y2006_06_03_05; Y2007_oakland07h8 [tooltip="DSSS-Based Flow Marking Technique for Invisible Traceback",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h8 -> Y2006_06_03_02; Y2007_oakland07h21 [tooltip="Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h21 -> Y2006_06_03_01; Y2007_oakland07h11 -> Y2006_06_02_03; Y2007_oakland07h1 [tooltip="Accurate Real-time Identification of IP Prefix Hijacking",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h1 -> Y2005_05_06_01; Y2007_oakland07h18 [tooltip="Lurking in the Shadows: Identifying Systemic Threats to Kernel Data",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h18 -> Y2005_05_04_03; Y2005_05_02_01 [tooltip="Distributed Detection of Node Replication Attacks in Sensor Networks",shape=box,style=filled,color="#d4202a"]; Y2005_05_02_01 -> Y2005_05_02_02; Y2008_2008X3168A187 [tooltip="XFA: Faster Signature Matching with Extended Automata",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A187 -> Y2005_05_01_01; Y2007_oakland07h25 [tooltip="A Cryptographic Decentralized Label Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h25 -> Y2004_04_06_01; Y2006_06_03_03 [tooltip="Practical Inference Control for Data Cubes",shape=box,style=filled,color="#dd2022"]; Y2006_06_03_03 -> Y2004_04_05_02; Y2006_06_09_03 -> Y2004_04_04_02; Y2006_06_05_01 -> Y2004_04_03_02; Y2006_06_05_01 -> Y2004_04_03_01; Y2005_05_03_02 [tooltip="On Safety in Discretionary Access Control",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_02 -> Y2004_04_02_02; Y2007_oakland07h25 [tooltip="A Cryptographic Decentralized Label Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h25 -> Y2003_03_07_03; Y2005_05_04_03 -> Y2003_03_07_01; Y2005_05_03_02 [tooltip="On Safety in Discretionary Access Control",shape=box,style=filled,color="#d4202a"]; Y2005_05_03_02 -> Y2003_03_04_02; Y2004_04_04_03 [tooltip="SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks",shape=box,style=filled,color="#cc2033"]; Y2004_04_04_03 -> Y2003_03_03_01; Y2004_04_07_03 [tooltip="Multicast Authentication in Fully Adversarial Networks",shape=box,style=filled,color="#cc2033"]; Y2004_04_07_03 -> Y2002_02_07_03; Y2004_04_07_03 [tooltip="Multicast Authentication in Fully Adversarial Networks",shape=box,style=filled,color="#cc2033"]; Y2004_04_07_03 -> Y2002_02_07_01; Y2008_2008X3168A081 [tooltip="Casting Out Demons: Sanitizing Training Data for Anomaly Sensors",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A081 -> Y2002_02_06_02; Y2009_2009Xoakland2009h06 [tooltip="Exploiting Unix File-System Races via Algorithmic Complexity Attacks",shape=box,style=filled,color="#f62008"]; Y2009_2009Xoakland2009h06 -> Y2002_02_06_01; Y2006_06_06_01 [tooltip="Privacy and Contextual Integrity - Framework and Applications",shape=box,style=filled,color="#dd2022"]; Y2006_06_06_01 -> Y2002_02_04_01; Y2007_oakland07h6 [tooltip="Ciphertext-Policy Attribute-Based Encryption",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h6 -> Y2002_02_03_01; Y2002_02_07_02 [tooltip="Self-Healing Key Distribution with Revocation",shape=box,style=filled,color="#bb2044"]; Y2002_02_07_02 -> Y2001_0108_19; Y2006_06_02_02 [tooltip="A Framework for the Evaluation of Intrusion Detection Systems",shape=box,style=filled,color="#dd2022"]; Y2006_06_02_02 -> Y2001_0102_05; Y2003_03_07_04 [tooltip="Vulnerabilities in Synchronous IPC Designs",shape=box,style=filled,color="#c3203b"]; Y2003_03_07_04 -> Y2000_0007_18; Y2002_02_08_01 [tooltip="Automated Generation and Analysis of Attack Graphs",shape=box,style=filled,color="#bb2044"]; Y2002_02_08_01 -> Y2000_0007_17; Y2001_0105_13 -> Y2000_0006_16; Y1980_00044715 [tooltip="The Secure Relational Database Management System Kernel: Three Years After",shape=box,style=filled,color="#0020ff"]; Y1980_00044715 -> Y1980_00044733; Y1981_00044701 [tooltip=" The Design of Secure CPU-Multiplexed Computer Systems: The Master/ Slave Architecture",shape=box,style=filled,color="#0820f6"]; Y1981_00044701 -> Y1980_00044731; Y1981_00044701 [tooltip=" The Design of Secure CPU-Multiplexed Computer Systems: The Master/ Slave Architecture",shape=box,style=filled,color="#0820f6"]; Y1981_00044701 -> Y1980_00044722; Y1981_00044666 -> Y1980_00044714; Y1981_00044701 [tooltip=" The Design of Secure CPU-Multiplexed Computer Systems: The Master/ Slave Architecture",shape=box,style=filled,color="#0820f6"]; Y1981_00044701 -> Y1980_00044711; Y1983_00044648 [tooltip="A Distributed Secure System",shape=box,style=filled,color="#1920e5"]; Y1983_00044648 -> Y1982_00044694; Y1986_00044480 [tooltip="Factors Affecting Distributed System Security",shape=box,style=filled,color="#3320cc"]; Y1986_00044480 -> Y1981_00044693; Y1982_00044698 [tooltip="Pooling, Splitting, and Restituting Information to Overcome Total Failure of Some Channels of Communication ",shape=box,style=filled,color="#1120ee"]; Y1982_00044698 -> Y1981_00044692; Y2008_2008X3168A035 [tooltip="Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A035 -> Y1982_00044682; Y1986_00044471 [tooltip="Encrypted Database Design: Specialized Approaches",shape=box,style=filled,color="#3320cc"]; Y1986_00044471 -> Y1982_00044681; Y2000_0003_06 [tooltip="Is Electronic Privacy Achievable?",shape=box,style=filled,color="#aa2055"]; Y2000_0003_06 -> Y1982_00044672; Y2007_oakland07h5 [tooltip="Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model",shape=box,style=filled,color="#e52019"]; Y2007_oakland07h5 -> Y1981_00044669; Y2003_03_07_03 -> Y1981_00044666; Y1983_00044652 -> Y1982_00044659; Y1984_00044542 [tooltip="Hardware Requirements for Secure Computer Systems: A Framework",shape=box,style=filled,color="#2220dd"]; Y1984_00044542 -> Y1982_00044658; Y1983_00044599 -> Y1982_00044655; Y1989_00044301 [tooltip="Symbol Security Condition Considered Harmful",shape=box,style=filled,color="#4c20b2"]; Y1989_00044301 -> Y1983_00044652; Y1983_00044612 [tooltip="Evaluating Security Properties of Computer Systems",shape=box,style=filled,color="#1920e5"]; Y1983_00044612 -> Y1983_00044640; Y1990_00044391 -> Y1985_00044629; Y1990_00044297 -> Y1985_00044619; Y1987_00044492 [tooltip="Coding for a Believable Specification to Implementation Mapping",shape=box,style=filled,color="#3b20c3"]; Y1987_00044492 -> Y1985_00044618; Y1991_00044268 [tooltip="The Turing Test and Non-Information Flow",shape=box,style=filled,color="#5d20a1"]; Y1991_00044268 -> Y1985_00044613; Y1986_00044471 [tooltip="Encrypted Database Design: Specialized Approaches",shape=box,style=filled,color="#3320cc"]; Y1986_00044471 -> Y1983_00044609; Y1984_00044550 [tooltip="Searching for Public-Key Cryptosystems",shape=box,style=filled,color="#2220dd"]; Y1984_00044550 -> Y1983_00044607; Y1992_00044191 -> Y1983_00044604; Y1986_00044471 [tooltip="Encrypted Database Design: Specialized Approaches",shape=box,style=filled,color="#3320cc"]; Y1986_00044471 -> Y1985_00044591; Y1986_00044459 -> Y1985_00044588; Y1991_00044236 -> Y1984_00044581; Y1986_00044480 [tooltip="Factors Affecting Distributed System Security",shape=box,style=filled,color="#3320cc"]; Y1986_00044480 -> Y1985_00044577; Y1987_00044440 -> Y1984_00044563; Y1986_00044452 [tooltip="MUSE - A Computer Assisted Verification System",shape=box,style=filled,color="#3320cc"]; Y1986_00044452 -> Y1985_00044558; Y1987_00044440 -> Y1985_00044557; Y1991_00044236 -> Y1984_00044538; Y1995_00044075 -> Y1985_00044529; Y1997_00043956 [tooltip="Secure Software Architectures",shape=box,style=filled,color="#90206e"]; Y1997_00043956 -> Y1985_00044521; Y1988_00044408 -> Y1987_00044494; Y1991_00044244 -> Y1987_00044491; Y1987_00044492 [tooltip="Coding for a Believable Specification to Implementation Mapping",shape=box,style=filled,color="#3b20c3"]; Y1987_00044492 -> Y1987_00044487; Y1990_00044320 -> Y1986_00044473; Y1991_00044240 -> Y1986_00044467; Y1997_00043960 [tooltip="Ensuring Assurance in Mobile Computing",shape=box,style=filled,color="#90206e"]; Y1997_00043960 -> Y1986_00044464; Y1995_00044047 -> Y1986_00044463; Y1996_00044014 -> Y1986_00044454; Y1988_00044407 -> Y1987_00044440; Y1991_00044238 -> Y1988_00044430; Y1987_00044429 [tooltip="Physical Security for the µABYSS System",shape=box,style=filled,color="#3b20c3"]; Y1987_00044429 -> Y1987_00044424; Y1995_00044075 -> Y1988_00044416; Y1990_00044337 -> Y1988_00044410; Y1991_00044244 -> Y1988_00044408; Y1990_00044369 -> Y1988_00044407; Y1989_00044359 [tooltip="A Proposal for a Verfication-Based Virus Filter",shape=box,style=filled,color="#4c20b2"]; Y1989_00044359 -> Y1988_00044395; Y1999_S07_02 [tooltip="Specification and Enforcement of Classification and Inference Constraints ",shape=box,style=filled,color="#a1205d"]; Y1999_S07_02 -> Y1990_00044391; Y1997_00043957 -> Y1988_00044386; Y1991_00044249 [tooltip="On the Buzzword Security Policy",shape=box,style=filled,color="#5d20a1"]; Y1991_00044249 -> Y1988_00044385; Y1995_00044075 -> Y1990_00044375; Y1995_00044075 -> Y1990_00044374; Y2004_04_07_01 -> Y1990_00044370; Y1996_00044011 [tooltip="Cryptovirology: Extortion-Based Security Threats and Countermeasures",shape=box,style=filled,color="#882077"]; Y1996_00044011 -> Y1989_00044366; Y1997_00043953 -> Y1989_00044357; Y1990_00044337 -> Y1989_00044342; Y1994_00044114 [tooltip=" Inference Channel-Free Integrity Constraints in Multilevel Relational Databases",shape=box,style=filled,color="#772088"]; Y1994_00044114 -> Y1990_00044320; Y1992_00044213 [tooltip="A "Natural" Decomposition of Multi-level Relations",shape=box,style=filled,color="#662099"]; Y1992_00044213 -> Y1990_00044318; Y1990_00044320 -> Y1989_00044315; Y1990_00044300 -> Y1989_00044314; Y1996_00043995 [tooltip="Panel: Goals for Computer Security Education",shape=box,style=filled,color="#882077"]; Y1996_00043995 -> Y1989_00044307; Y1992_00044212 -> Y1990_00044300; Y1991_00044266 -> Y1989_00044299; Y1990_00044288 [tooltip="The Army Secure Operating System",shape=box,style=filled,color="#5520aa"]; Y1990_00044288 -> Y1990_00044297; Y1997_00043958 [tooltip="Analyzing Consistency of Security Policies",shape=box,style=filled,color="#90206e"]; Y1997_00043958 -> Y1994_00044267; Y1993_00044140 [tooltip="Measuring and Modeling Computer Virus Prevalence",shape=box,style=filled,color="#6e2090"]; Y1993_00044140 -> Y1991_00044263; Y1998_00043901 [tooltip="Ensuring Continuity During Dynamic Security Policy Reconfiguration in DTE",shape=box,style=filled,color="#992066"]; Y1998_00043901 -> Y1994_00044260; Y1998_00043926 -> Y1991_00044238; Y2008_2008X3168A233 [tooltip="Lares: An Architecture for Secure Active Monitoring Using Virtualization",shape=box,style=filled,color="#ee2011"]; Y2008_2008X3168A233 -> Y1991_00044236; Y1992_00044199 [tooltip=" A Logical Approach to Multilevel Security of Probabilistic Systems ",shape=box,style=filled,color="#662099"]; Y1992_00044199 -> Y1991_00044229; Y1996_00043995 [tooltip="Panel: Goals for Computer Security Education",shape=box,style=filled,color="#882077"]; Y1996_00043995 -> Y1992_00044215; Y1999_S05_03 -> Y1992_00044209; Y1993_00044160 [tooltip="A Model of Atomicity for Multilevel Transactions",shape=box,style=filled,color="#6e2090"]; Y1993_00044160 -> Y1992_00044205; Y1993_00044160 [tooltip="A Model of Atomicity for Multilevel Transactions",shape=box,style=filled,color="#6e2090"]; Y1993_00044160 -> Y1992_00044204; Y1994_00044103 -> Y1992_00044201; Y1994_00044269 [tooltip="On the Minimality of Testing for Rights in Transformation Models",shape=box,style=filled,color="#772088"]; Y1994_00044269 -> Y1992_00044196; Y1995_00044047 -> Y1992_00044195; Y1993_00044153 [tooltip="Modelling a Fuzzy Time System",shape=box,style=filled,color="#6e2090"]; Y1993_00044153 -> Y1992_00044186; Y1993_00044156 -> Y1992_00044184; Y1995_00044044 -> Y1992_00044182; Y1995_00044047 -> Y1993_00044168; Y1999_S07_02 [tooltip="Specification and Enforcement of Classification and Inference Constraints ",shape=box,style=filled,color="#a1205d"]; Y1999_S07_02 -> Y1993_00044167; Y1994_00044109 -> Y1993_00044163; Y1994_00044102 [tooltip="Asynchronous Composition and Required Security Conditions",shape=box,style=filled,color="#772088"]; Y1994_00044102 -> Y1993_00044156; Y1996_00043992 [tooltip="An Analysis of the Timed Z-Channel",shape=box,style=filled,color="#882077"]; Y1996_00043992 -> Y1993_00044154; Y1995_00044077 -> Y1993_00044147; Y1995_00044070 [tooltip="Capacity Estimation and Auditibility of Network Covert Channels",shape=box,style=filled,color="#7f207f"]; Y1995_00044070 -> Y1994_00044097; Y1995_00044079 [tooltip="The Interrogator Model",shape=box,style=filled,color="#7f207f"]; Y1995_00044079 -> Y1994_00044092; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1995_00044078; Y1999_S07_01 [tooltip="A Multi-Threading Architecture for Multilevel Secure Transaction Processing",shape=box,style=filled,color="#a1205d"]; Y1999_S07_01 -> Y1995_00044075; Y1996_00043992 [tooltip="An Analysis of the Timed Z-Channel",shape=box,style=filled,color="#882077"]; Y1996_00043992 -> Y1995_00044071; Y1997_00043952 [tooltip="The Design and Implementation of a Multilevel Secure Log Manager",shape=box,style=filled,color="#90206e"]; Y1997_00043952 -> Y1995_00044065; Y1996_00043993 [tooltip="Defining Noninterference in the Temporal Logic of Actions",shape=box,style=filled,color="#882077"]; Y1996_00043993 -> Y1995_00044055; Y1999_S07_01 [tooltip="A Multi-Threading Architecture for Multilevel Secure Transaction Processing",shape=box,style=filled,color="#a1205d"]; Y1999_S07_01 -> Y1995_00044048; Y2003_03_01_02 -> Y1995_00044042; Y1996_00044002 [tooltip="Limitations on Design Principles for Public Key Protocols",shape=box,style=filled,color="#882077"]; Y1996_00044002 -> Y1995_00044039; Y2001_0104_10 [tooltip="Formal Treatment of Certificate Revocation Under Communal Access Control",shape=box,style=filled,color="#b2204c"]; Y2001_0104_10 -> Y1996_00044014; Y1998_00043923 -> Y1997_00043983; Y1998_00043926 -> Y1997_00043963; Y2006_06_09_03 -> Y1997_00043951; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1997_00043949; Y2000_0002_04 -> Y1998_00043927; Y1999_S02_02 [tooltip="A User-Centered, Modular Authorization Service Built on an RBAC Foundation",shape=box,style=filled,color="#a1205d"]; Y1999_S02_02 -> Y1998_00043924; Y2004_04_01_01 -> Y1998_00043918; Y2000_0005_14 [tooltip="Will Openish Source Really Improve Security?",shape=box,style=filled,color="#aa2055"]; Y2000_0005_14 -> Y1998_00043914; Y2003_03_07_05 [tooltip="Garbage Collector Memory Accounting in Language-Based Systems",shape=box,style=filled,color="#c3203b"]; Y2003_03_07_05 -> Y1998_00043904; }