"Minimal Security-Type Inference for Information-Flow Control in Java" 

Ensuring the confidentiality of information processed by computer 
programs is a long-standing problem. An established approach for 
ensuring end-to-end confidentiality in a program is the certification 
of the program for secure information flow, e.g, with security type 
systems. Security type systems require type annotations for fields, 
method parameters, etc. in order to check a program for violations of
confidentiality. We relieve the developer of the burden of manually 
annotating the whole program to analyze with security types. We 
provide a security type inference algorithm that infers all necessary 
types from annotations of only the security critical sources and sinks 
of information in the program. In this talk, we will present our 
security type inference algorithm and its underlying security type 
system, formal properties of the algorithm, and its implementation.