CS255: Topics in Language-Based Security

Greg Morrisett

Mondays & Wednesdays 2:30-4:00pm, Maxwell Dworkin 221

Note:  If you are taking the course for credit, then you must hand in a two paragraph summary and critical evaluation for each paper listed.  The schedule is likely to change dynamically based on the interests of the participants, so try to read ahead. 

Wed 4 Feb:  Overview

Mon. 9 Feb:  Software-Based Fault Isolation

R.Wahbe, S.Lucco, T.E.Anderson, and S.L.Graham.  Efficient Software-Based Fault Isolation, ACM SIGOPS Operating Systems Review, 27(5):203-216, December 1993.

C.Small.  MiSFIT:  A Tool for Constructing Safe Extensible C++ Systems, Proceedings of the Third USENIX Conference on Object-Oriented Technologies, Portland, Oregon, June 1997.

Wed 11 Feb:  Typed Assembly Language (Pt 1)

G.Morrisett, Typed Assembly Language.  To appear in B.C.Pierce editor., Advanced Topics in Types and Programming Languages, MIT Press. (Contact Greg for a draft copy of the book.)

G.Morrisett, D.Walker, K.Crary, and N.Glew.  From System-F to Typed Assembly Language.  In ACM Symposium on Principles of Programming Languages (POPL), January 1988, San Diego, pp. 85-97.

Mon 16 Feb:  No class.

Wed 18 Feb:  Typed Assembly Language (Pt 2)

H.Xi and R.Harper.  Dependently Typed Assembly Language, In Proceedings of the International Conference on Functional Programming (ICFP), September 2001, Florence, pp. 169-180.

G.Morrisett et al.  TALx86:  A Realistic Typed Assembly Language, In ACM SIGPLAN Workshop on Compiler Support for System Software, May 1999, Atlanta, pp. 23-35.

Wed 25 Feb:  Proof-Carrying Code (Pt 1)

G.C.Necula.  Proof-Carrying Code.  To appear in B.C.Pierce editor, Advanced Topics in Types and Programming Languages, MIT Press. (Contact Greg for a draft copy of the book.)

Mon 1 Mar:  Proof-Carrying Code (Pt 2)

G.C.Necula and P.Lee.  The Design and Implementation of a Certifying Compiler, Proceedings of the 1998 ACM SIGPLAN Conference on Prgramming Language Design and Implementation (PLDI), June 1998, pp. 333-344.

Wed 3 Mar:  No Class

Mon 8 March:  Stack Inspection

Cedric Fournet and Andrew D. Gordon. Stack inspection: theory and variants, ACM Symposium on Principles of Programming Languages (POPL), January 2002, pp. 307-318.

Wed 10 March:  Inlined Reference Monitors

Ulfar Erlingsson and Fred B. Schneider. IRM enforcement of Java stack inspection. Proceedings 2000 IEEE Symposium on Security and Privacy (Oakland, California, May 2000), IEEE Computer Society, Los Alamitos,California, 246-255.

Mon 15 March:  Model Checking

Hao Chen and David Wagner. MOPS: an Infrastructure for Examining Security Properties of Software. ACM Conference on Computer and Communications Security (CCS), 2002?

Mon 17 March:  Static Analysis for C/C++

William R. Bush, Jonathan D. Pincus and David J. Sielaff. A Static Analyzer for Finding Dynamic Programming Errors. Software Practice and Experience 2000, 30:775-802.

Mon 22 March:  Simple Information Flow

Nevin Heintze and Jon G. Riecke. The SLam Calculus: Programming with Secrecy and Integrity. Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), San Diego, CA, January 1998.

Wed 24 March:  Modeling Protocols

Martin Abadi and Andrew D. Gordon. A Calculus for Cryptographic Protocols: The Spi Calculus. Proceedings of the Fourth ACM Conference on Computer and Communications Security, ACM Press, April 1997, 36-47.

Mon 29 March:  no class (spring break).

Wed 31 March:  no class (spring break).

Mon 5 April:  Language-Based Extensible Operating Systems

Brian Bershad et al. Extensibility, Safety and Performance in the SPIN Operating System. Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP-15), Copper Mountain, CO, December 1995, 267-284.

Wed 7 April:  Language-Based Extensible Operating Systems II

Chris Hawblitzel et al. Implementing Multiple Protection Domains in Java. Usenix Annual Technical Conference, New Orleans, LA, June 1998.

Mon 12 April:  no class.

Wed 13 April:  Securing Legacy Code

George Necula et al. Ccured: Type-safe Retrofitting of Legacy Code. Proceedings of ACM Symposium on Principles of Programming Languages (POPL'02), January 2002.

Mon 19 April:  Foundational PCC

Andrew W. Appel. Foundational Proof-Carrying Code. In 16th Annual IEEE Symposium on Logic in Computer Science (LICS'01). June 2001.

Andrew W. Appel and Amy Felty. A Semantic Model of Types and Machine Instructions for Proof-Carrying Code, In 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'00). pp. 243-253, January 2000.

Wed 21 April:  Foundational PCC II

Amal J. Ahmed et al. A Statified Semantics of General References Embeddable in Higher-Order Logic. In 17th Annual IEEE Symposium on Logic in Computer Science (LICS 2002), pp. 75-86, Copenhagen, Denmark, July 2002.

Amal suggests that you instead read these draft chapters from her thesis.

Mon 26 April:  Information Flow Overview

Andrei Sabelfeld and Andrew C. Myers. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1), January 2003.

Wed 28 April:  Secure Program Partitioning

Steve Zdancewic et al. Secure Program Partioning. ACM Transactions on Computing Systems, 20(3):283-328, August 2002.

Mon 3 May:  Bytecode Design

Michael Franz et al. Making Moblie Code both Safe andEfficient. In J. Lala (Ed.) Foundations of Intrustion-Tolerant Systems, IEEE Computer Society Press, to appear.

Wed 5 May;  Making Real Kernels More Secure

Michael Swoft, Brian N. Bershad, and Henry M. Levy. Improving the Reliability of Commodity Operating Systems. In 19th ACM Symposium on Operating Systems Principles, Bolton Landing, NY, Oct. 2003.