CS 7301: Language-based Security

CS 7301: Seminar on Language-based Security

Course Information
Title: CS 7301: Language-based Security
Course Registration Number: 13769
Times: TR 11:30-12:45
Location: ECSS 2.311
Instructor: Dr. Kevin Hamlen (hamlen AT utdallas)

Course Summary
This course will introduce and survey the emerging field of "Language-based Security", in which
techniques from compilers and programming language theory are leveraged to address issues in
computer security. Topics include: Proof-Carrying Code, In-lined Reference Monitoring, Typed
Intermediate Languages, Typed Assembly Language, Certifying Compilers, and Software Fault Isolation.

The aim of the course is to allow each student to develop a solid understanding of at least one of these
topics, along with a more general familiarity with the range of research in the field. In-course discussion
will highlight opportunities for cutting-edge research in each area. If your research involves computer
security, this course will provide you with an array of powerful tools for addressing software security
issues. If your research involves programming languages and compilers, this course will show you how
to take techniques that you might already know and apply them in new and interesting ways.

The course is open to Ph.D. students, and to Masters students with permission of instructor.

Suggested prerequisite: CS 6371 Advanced Programming Languages (or concurrently), or a basic

familiarity with type theory. (If not, the student is advised to consult one of the texts on type theory
listed later on this page.)

Grading
Homework: Homeworks will consist of assigned readings—approximately two papers per class session.
Material presented in class will assume that students have read the assigned material before coming to
class, so please do the readings ahead of time!

Presentations (40%): Each student will be assigned two days during the semester during which they
will present to the class a summary of the assigned readings for that day. The presentation should
provide a technical overview of the paper, a description of how the paper fits into the broader context of

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (1 of 11)2/15/2007 8:54:44 AM

 CS 7301: Language-based Security

the material covered in the course, and should pose some interesting questions or challenges for in-class
discussion.

Class Participation (20%): Students are expected to come to each class having read the assigned
papers, and prepared with questions, critiques, and discussion topics. Regular participation in in-class
discussion will count 20% towards students' grades in the course.

Projects (40%): Students taking the course for a letter grade will work individually or in a team of two
to four to complete a course-related project. All project ideas are individually approved by the instructor.
Proposals are due by mid-semester. A typical project would involve implementing one of the concepts
described in one of the assigned readings, or using one or more of the research-level software packages
covered in class to do an interesting program analysis or to address a non-trivial security vulnerability.

Texts
The course has no required textbook, but several of the course topics will draw heavily from material in:

● Benjamin C. Pierce, ed., Advanced Topics in Types and Programming Languages. MIT Press,
Cambridge, MA, 2005. (available online from UTD computers)

The following are also useful references for those not already familiar with type theory and/or security:

● Benjamin C. Pierce. Types and Programming Languages. MIT Press, Cambridge, MA, 2002.
● Glynn Winskel. The Formal Semantics of Programming Languages. MIT Press, Cambridge, MA,
1993.
● Matt Bishop. Computer Security: Art and Science. Addison-Wesley, 2003. (available online from
UTD computers)

Tentative Course Schedule

Date Topic Presenter(s)

Introduction and Review

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (2 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Course overview and introduction to Language-based Security

● Fred B. Schneider, Greg Morrisett, Robert Harper. A

Tue Instructor
language-based approach to security. Informatics: 10 Years
1/9 [slides]
Back, 10 Years Ahead, Lecture Notes in Computer Science,
Vol. 2000, Springer-Verlag, Heidelberg, 86-101.

A Crash Course in Type Theory: Part I

Simple Types, Operational Semantics
Properties of Type Systems: Preservation, Progress, Soundness,
Completeness
Suggested (non-mandatory) readings:
Thur
Instructor
1/11
● Glynn Winskel. The Formal Semantics of Programming
Languages: Chapter 2. MIT Press, Cambridge, MA, 1993.
● Benjamin C. Pierce. Types and Programming Languages:
Chapters 8 and 11. MIT Press, Cambridge, MA, 2002.

A Crash Course in Type Theory: Part II

Universal, Existential, and Dependent Types
Types as Logical Predicates: Hoare Logic, Curry-Howard
Isomorphism
Suggested (non-mandatory) readings:

Tue ● Benjamin C. Pierce. Types and Programming Languages:

Chapters 23 and 24. MIT Press, Cambridge, MA, 2002. Instructor
1/16
● Benjamin C. Pierce, ed., Advanced Topics in Types and
Programming Languages: Chapter 2. MIT Press, Cambridge,
MA, 2005. (available online from UTD computers)
● Glynn Winskel. The Formal Semantics of Programming
Languages: Chapter 6. MIT Press, Cambridge, MA, 2002.

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (3 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

A Crash Course in Computer Security

Security Goals: Confidentiality, Integrity, Availability
Security Principles: Least Privilege, Minimal Trusted Computing
Base
Vulnerabilities: Memory Safety, Control Flow Safety, Coarse-
grained RBAC
Thur Attacks: Buffer Overrun, Privilege Escalation, Denial of Service, Instructor
1/18 Dictionary Attacks, Phishing [slides]
Suggested (non-mandatory) readings:

● Matt Bishop. Computer Security: Art and Science: Chapter 1.

Addison-Wesley, 2003. (available online from UTD
computers)

Memory Safety and Control-Flow Safety

Software Fault Isolation

● Robert Wahbe, Steven Lucco, Thomas E. Anderson, and

Susan L. Graham. Efficient Software-Based Fault Isolation.
Tue ACM SIGOPS Operating Systems Review, 27(5):203-216, Sandeep [slides,
1/23 December 1993. handout]
● Stephen McCamant and Greg Morrisett. Evaluating SFI for a
CISC Architecture. In Proceedings of the 15th USENIX
Security Symposium, Vancouver, BC, August 2006.

Control Flow Integrity

● Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti.

Control-Flow Integrity: Principles, Implementations, and
Applications. ACM Conference on Computer and
Thur
Communication Security, Alexandria, VA, November 2005. Nathalie [slides]
1/25
● Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay
Ligatti. A Theory of Secure Control-Flow. International
Conference on Formal Engineering Methods, Manchester,
UK, November 2005.

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (4 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Minimizing the Trusted Computing Base

Proof-Carrying Code

● George Necula. Proof-Carrying Code. In Benjamin C. Pierce,

Tue Instructor
ed., Advanced Topics in Types and Programming Languages:
1/30 [slides]
Chapter 5, MIT Press, Cambridge, MA, 2005. (available
online from UTD computers)

Proof-Carrying Code

● George Necula. Proof-Carrying Code. In Proceedings of the

Thur 24th Annual ACM SIGPLAN-SIGACT Symposium on
Srividya [slides]
2/1 Principles of Programming Languages (POPL'97), Paris,
France, January 1997.
● See also: George Necula's PCC Page

Typed Assembly Language

● Greg Morrsett. Typed Assembly Language. In Benjamin C.

Tue Instructor
Pierce, ed., Advanced Topics in Types and Programming
2/6 [slides]
Languages: Chapters 4.1-4.5, MIT Press, Cambridge, MA,
2005. (available online from UTD computers)

Dependently Typed Assembly Language

● David Aspinall and Martin Hofmann. Dependent Types. In

Benjamin C. Pierce, ed., Advanced Topics in Types and
Programming Languages: Chapter 2.1, pp. 45-47 (up to
Thur exercise 2.1.1), MIT Press, Cambridge, MA, 2005. (available
Ryan
2/8 online from UTD computers)
● Hongwei Xi and Robert Harper. A Dependently Typed
Assembly Language. In Proceedings of the International
Conference on Functional Programming (ICFP'01),
Florence, Italy, September 2001.

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (5 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Foundational Proof-Carrying Code

Tue ● Andrew W. Appel. Foundational Proof-Carrying Code. In Instructor

2/13 Proceedings of the 16th Annual IEEE Symposium on Logic in [slides]
Computer Science (LICS'01), Boston, MA, June 2001.

Combining TAL and PCC

● Nadeem A. Hamid, Zhong Shao, Valery Trifonov, Stefan

Thur Monnier, and Zhaozhong Ni. A Syntactic Approach to
Jungin
2/15 Foundational Proof-Carrying Code. In Proceedings of the
17th Annual IEEE Symposium on Logic in Computer Science
(LICS'02), Copenhagen, Denmark, July 2002.

Securing Legacy Code

Cyclone: A TAL-Targeting, C-like Language

● Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks,

James Cheney, and Yanling Wang. Cyclone: A Safe Dialect
of C. In Proceedings of the USENIX Annual Technical
Tue
Conference, Monterey, CA, June 2002. Ryan
2/20
● Michael Hicks, Greg Morrisett, Dan Grossman, and Trevor
Jim. Experience with Safe Manual Memory-management in
Cyclone. In Proceedings of the 4th International Symposium
on Memory Management, Vancouver, BC, 2004.

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (6 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

CCured: A PCC-Targeting, C-like Language

● George C. Necula, Scott McPeak, Westley Weimer. CCured:

Type-Safe Retrofitting of Legacy Code. In Proceedings of the
29th ACM Symposium on Principles of Programming
Thur Languages (POPL'02). Portland, OR, 2002.
Srividya
2/22 ● Jeremy Condit, Matthew Harren, Scott McPeak, George C.
Necula, Westley Weimer. CCured in the Real World. In
Proceedings of the ACM Conference on Programming
Language Design and Implementation (PLDI'03), San Diego,
CA, June 2003.

In-lined Reference Monitors

In-lined Reference Monitoring

● Úlfar Erlingsson and Fred B. Schneider. SASI Enforcement

of Security Policies: A Retrospective. In Proceedings of the
New Security Paradigms Workshop, Caledon Hills, ON,
Tue
September 1999. Ajay
2/27
● Úlfar Erlingsson and Fred B. Schneider. IRM Enforcement of
Java Stack Inspection. In Proceedings of the IEEE
Symposium on Security and Privacy, Oakland, CA, May
2000.

Certified In-lined Reference Monitoring

● Kevin W. Hamlen, Greg Morrisett, and Fred B. Schneider.

Certified In-lined Reference Monitoring on .NET. In
Proceedings of the ACM Workshop on Programming
Thur
Languages and Analysis for Security, Ottawa, ON, June Instructor
3/1
2006.
● Kevin W. Hamlen. Security Policy Enforcement by
Automated Program-rewriting: Chapter 3. PhD Thesis,
Cornell University, August 2006.

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (7 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Tue
Spring Break N/A
3/6

Thur
Spring Break N/A
3/8

Composable Policies

● Lujo Bauer, Jay Ligatti, and David Walker. Composing

Security Policies with Polymer. In Proceedings of the ACM
Conference on Programming Language Design and
Tue Implementation (PLDI'05), June 2005.
Ajay
3/13 ● Lujo Bauer, Jarred Ligatti, and David Walker. Types and
Effects for Non-interfering Program Monitors. In Software
Security—Theories and Systems. Mext-NSF-JSPS
International Symposium, Lecture Notes in Computer
Science, Vol. 2609, Tokyo, Japan, November 2002.

Computational Theory of In-lined Reference Monitors

● Fred B. Schneider. Enforceable Security Policies. ACM

Transactions on Information and System Security, 3(1):30-
Thur 50, February 2000.
Instructor
3/15 ● Kevin W. Hamlen, Greg Morrisett, and Fred B. Schneider.
Computability Classes for Enforcement Mechanisms. ACM
Transactions on Programming Languages and Systems, 28
(1):175-205, January 2006.

Information Flow

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (8 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Overview of Language-based Information Flow

● Andrei Sabelfeld and Andrew C. Myers. Language-Based

Information-Flow Security. IEEE Journal on Selected Areas
Tue in Communications, 21(1):5-19, January 2003.
Sandeep
3/20 ● Lantian Zheng and Andrew C. Myers. End-to-End
Availability Policies and Noninterference. In Proceedings of
the 18th IEEE Computer Security Foundations Workshop
(CSFW'05), 272-286, June 2005.

Information Flow for Java

● Andrew C. Myers. JFlow: Practical Mostly-Static

Information Flow Control. In Proceedings of the 26th ACM
Symposium on Principles of Programming Languages
Thur (POPL'99), San Antonio, TX, January 1999.
Nathalie
3/22 ● Christian Grothoff, Jens Palsberg, and Jan Vitek.
Encapsulating Objects with Confined Types. In Proceedings
of the ACM Conference on Object-Oriented Programming
Languages, Systems, and Applications (OOPSLA'01), Tampa
Bay, FL, October 2001.

Distributed Information Flow

● Lantian Zheng, Stephen Chong, Steve Zdancewic, and

Andrew C. Myers. Using Replication and Partitioning to
Build Secure Distributed Systems. In Proceedings of the
Tue
IEEE 2003 Symposium on Security and Privacy, Oakland Jungin
3/27
CA, May 2003.
● Stephen Chong and Andrew C. Myers. Decentralized
Robustness. In Proceedings of the 19th IEEE Computer
Security Foundations Workshop (CSFW'06), July 2006.

Obfuscation and Randomization

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (9 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Address Space Randomization

● The PaX Team. PaX Documentation: Address Space Layout

Randomization. http://pax.grsecurity.net/docs/aslr.txt, May
2003.
Thur
● Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Vishwath
3/29
Nagendra Modadugu, and Dan Boneh. On the Effectiveness
of Address-Space Randomization. In Proceedings of the 11th
ACM Conference on Computer and Communications
Security, October 2004.

Instruction Set Randomization

● Nora Sovarel, David Evans, and Nathanael Paul. Where's the

Tue
FEEB? The Effectiveness of Instruction Set Randomization. Vishwath
4/3
In Proceedings of the 14th USENIX Security Symposium,
Baltimore MD, August 2005.

Obfuscation and Type Systems

● Fred B. Schneider and Riccardo Pucella. Independence from

Thur
Obfuscation: A Semantic Framework for Diversity. In Mohammad
4/5
Proceedings of the 19th IEEE Computer Security
Foundations Workshops, Venice, Italy, July 2006.

Tue
TBA TBA
4/10

Thur
TBA TBA
4/12

Tue
Project Presentations TBA
4/17

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (10 of 11)2/15/2007 8:54:44 AM

CS 7301: Language-based Security

Thur
Project Presentations TBA
4/19

file:///W|/submissions-web/syllabus-tool/+syl-cs7301.002.07s-@kxh060100.html (11 of 11)2/15/2007 8:54:44 AM