Professional Documents
Culture Documents
Course Summary
This course will introduce and survey the emerging field of "Language-based Security", in which
techniques from compilers and programming language theory are leveraged to address issues in
computer security. Topics include: Proof-Carrying Code, In-lined Reference Monitoring, Typed
Intermediate Languages, Typed Assembly Language, Certifying Compilers, and Software Fault Isolation.
The aim of the course is to allow each student to develop a solid understanding of at least one of these
topics, along with a more general familiarity with the range of research in the field. In-course discussion
will highlight opportunities for cutting-edge research in each area. If your research involves computer
security, this course will provide you with an array of powerful tools for addressing software security
issues. If your research involves programming languages and compilers, this course will show you how
to take techniques that you might already know and apply them in new and interesting ways.
The course is open to Ph.D. students, and to Masters students with permission of instructor.
Grading
Homework: Homeworks will consist of assigned readings—approximately two papers per class session.
Material presented in class will assume that students have read the assigned material before coming to
class, so please do the readings ahead of time!
Presentations (40%): Each student will be assigned two days during the semester during which they
will present to the class a summary of the assigned readings for that day. The presentation should
provide a technical overview of the paper, a description of how the paper fits into the broader context of
the material covered in the course, and should pose some interesting questions or challenges for in-class
discussion.
Class Participation (20%): Students are expected to come to each class having read the assigned
papers, and prepared with questions, critiques, and discussion topics. Regular participation in in-class
discussion will count 20% towards students' grades in the course.
Projects (40%): Students taking the course for a letter grade will work individually or in a team of two
to four to complete a course-related project. All project ideas are individually approved by the instructor.
Proposals are due by mid-semester. A typical project would involve implementing one of the concepts
described in one of the assigned readings, or using one or more of the research-level software packages
covered in class to do an interesting program analysis or to address a non-trivial security vulnerability.
Texts
The course has no required textbook, but several of the course topics will draw heavily from material in:
● Benjamin C. Pierce, ed., Advanced Topics in Types and Programming Languages. MIT Press,
Cambridge, MA, 2005. (available online from UTD computers)
The following are also useful references for those not already familiar with type theory and/or security:
● Benjamin C. Pierce. Types and Programming Languages. MIT Press, Cambridge, MA, 2002.
● Glynn Winskel. The Formal Semantics of Programming Languages. MIT Press, Cambridge, MA,
1993.
● Matt Bishop. Computer Security: Art and Science. Addison-Wesley, 2003. (available online from
UTD computers)
Proof-Carrying Code
Proof-Carrying Code
Tue
Spring Break N/A
3/6
Thur
Spring Break N/A
3/8
Composable Policies
Information Flow
Tue
TBA TBA
4/10
Thur
TBA TBA
4/12
Tue
Project Presentations TBA
4/17
Thur
Project Presentations TBA
4/19