CS 7301-002: Language-based Security

Course Information

Title: CS 7301-002: Language-based Security
Course Registration Number: 21422
Times: TR 2:30-3:45
Location: ECSS 2.203
Instructor: Dr. Kevin Hamlen (hamlen AT utdallas)
Instructor's Office Hours: TBA, ECSS 3.704

Course Summary

This course will introduce and survey the emerging field of Language-based Security, in which techniques from compilers and programming language theory are leveraged to address issues in computer security. Topics include:

Certifying Compilers
In-lined Reference Monitors
Typed Intermediate Languages
Typed Assembly Languages
Automated Theorem Provers
Model-checking
Software Fault Isolation

The aim of the course is to allow each student to develop a solid understanding of at least one of these topics, along with a more general familiarity with the range of research in the field. In-course discussion will highlight opportunities for cutting-edge research in each area. If you do research involving software security, this course will provide you with an array of powerful tools for addressing software security issues. If you do research involving programming languages or compilers, this course will show you how to take techniques that you already know and apply them to a new and important problem domain. If your career involves management or development of high-assurance software systems, this course will provide a comparative analysis of traditional versus language-based techniques.

The course is open to Ph.D. students and Masters students. Interested undergraduates should see the instructor for permission to take the course.

Suggested (non-mandatory) prerequisite: CS 6371 Advanced Programming Languages (or taken concurrently)

Grading

Homework: Homeworks will consist of assigned readings, usually one required paper per class session. Students must thoroughly read each paper before class in order to adequately prepare for in-class quizzes and discussions.

Quizzes (25%): Each class will begin with a short quiz testing the students comprension of the assigned reading for the day. Questions will typically be multiple choice or short answer. The easier questions will be designed to test whether the student has read the material at all, and the harder ones will test deep understanding of more subtle points.

Presentations (25%): Each student will be assigned 1-2 days during the semester during which they will present the assigned reading for that day in a 45-minute lecture. Each presentation should provide a technical overview of the paper, a description of how the paper fits into the broader context of the material covered in the course, and should pose interesting questions or challenges for in-class discussion. Students will also present their class projects at the conclusion of the class (see below), and this constitutes part of their presentation grade.

Class Participation (10%): Students are expected to come to class having read the assigned paper(s), and prepared with questions, critiques, and discussion topics. Regular attendance and class participation will count 10% towards their grades in the course.

Project (40%): Students will work individually or in a team of two to four to complete a course-related project. All project ideas are individually approved by the instructor. Project proposals will be due early in the semester (deadline to be announced). A typical project involves implementing one of the concepts described in one of the assigned readings, or by using one or more of the research-level software packages covered in class to do an interesting program analysis or to address a non-trivial vulnerability. Some overlap of class projects with the student's doctoral or masters thesis research is both permitted and encouraged.

Texts

The course has no required textbook, but two electronic texts available through the UTD library may be useful:

Benjamin C. Pierce, ed., Advanced Topics in Types and Programming Languages. MIT Press, Cambridge, MA 2005. (available online from UTD computers)
Matt Bishop. Computer Security: Art and Science. Addison-Wesley, 2003. (available online from UTD computers)

Tentative Course Schedule

Date	Topic	Presenter(s)
Introduction and Review
Tue 1/11	Introduction: Software Security	Instructor
Thu 1/13	Introduction: Language-based Security Foundations and Notations Assigned Reading: Christey, Steve. Unforgivable Vulnerabilities. Whitepaper, MITRE Corporation, 2007.	Instructor
Tue 1/18	Introduction: Static vs. Dynamic Analysis Assigned Reading: Fred B. Schneider, Greg Morrisett, and Robert Harper. A Language-based Approach to Security. Informatics: 10 Years Back, 10 Years Ahead, Lecture Notes in Computer Science, 2000.	Instructor
Automated Theorem-proving
Thu 1/20	ACL2 Assigned Reading: David Greve, Matthew Wilding, and W. Mark Vanfleet. A Separation Kernel Formal Security Policy. In Proceedings of ACL2, 2003.	Vishwath (ACL2 tutorial)
Tue 1/25	Coq Assigned Reading: Xavier Leroy. Coinductive Big-step Operational Semantics. In Proceedings of the European Symposium on Programming (ESOP), 2006. Supplemental reference: Xavier Leroy and Hervé Grall. Coinductive Big-step Operational Semantics. Information and Computation, 207(2):284-304, 2009. Supplemental reference on co-induction: Bart Jacobs and Jan Rutten. A Tutorial on (Co)Algebras and (Co)Induction. Bulletin for the Europeant Association for Theoretical Computer Science (EATCS) 62, pp. 222-259, 1997.	Vishwath (ACL2 tutorial cont.)
Thu 1/27	No Class (POPL Conference)
Tue 2/1	No Class: University closed due to weather
Thu 2/3	No Class: University closed due to weather
In-lined Reference Monitors
Tue 2/8	SASI Assigned Reading: Úlfar Erlingsson and Fred B. Schneider. IRM Enforcement of Java Stack Inspection. In IEEE Symposium on Security & Privacy, pp. 246-255, 2000. Supplemental Reference: Úlfar Erlingsson. The Inlined Reference Monitor Approach to Security Policy Enforcement. Ph.D. Thesis, Cornell University, 2004.	Micah Slides
Thu 2/10	SPoX Assigned Reading: Micah Jones and Kevin W. Hamlen. Disambiguating Aspect-Oriented Security Policies. In Aspect Oriented Software Development, pp. 312-327, 2010. Supplemental Reading: Kevin W. Hamlen and Micah Jones. Aspect-Oriented In-lined Reference Monitors. In ACM Workshop on Programming Languages and Analysis for Security, 11-20, 2008.	Micah Slides
Tue 2/15	Type-based IRM Certification Assigned Reading: David Walker. A Type System for Expressive Security Policies. In ACM Principles of Programming Languages, 2000. The quiz will only cover sections prior to 4.1.	Instructor
Thu 2/17	Mobile Assigned Reading: Kevin W. Hamlen, Greg Morrisett, and Fred B. Schneider. Certified In-lined Reference Monitoring on .NET. In ACM Workshop on Programming Languages and Analysis for Security, 7-16, 2006.	Instructor
Tue 2/22	Model Checking Assigned Reading: Stephan Merz. Model Checking: A Tutorial Overview. In F. Cassez et al. (eds): Modeling and Verification of Parallel Processes, LNCS 2067, 3-38, 2001. Please read Section 1, Section 3 before Theorem 7, and Section 4.	Meera
Thu 2/24	Model-Checking IRM's Assigned Reading: Meera Sridhar and Kevin W. Hamlen. Model-Checking In-lined Reference Monitors. In Proc. 11th Int. Conf. on Verification, Model Checking, and Abstract Interpretation (VMCAI), 312-327, 2010. Supplemental Reading: Mads Rosendahl. Introduction to Abstract Interpretation. DIKU, Computer Science, University of Copenhagen, 1995.	Meera
Software Fault Isolation
Tue 3/1	Google Native Client Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. Communications of the ACM, 53(1), 2010.	Richard
Thu 3/3	CISC SFI Without Source Code Kevin W. Hamlen, Vishwath Mohan, and Richard Wartell. Reining In Windows API Abuses with In-lined Reference Monitors". Technical Report UTDCS-18-10, Computer Science Department, The University of Texas at Dallas, Richardson, Texas, June 2010.	Richard
Tue 3/8	Intro to Information Flow Andrei Sabelfeld and Andrew C. Myers. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1), 2003.	Instructor Slides
Thu 3/10	Robusta Joseph Siefers, Gang Tan, and Greg Morrisett. Robusta: Taming the Native Beast of the JVM. CCS 2010.	Elmer
Tue 3/15	No Class (Spring Break)
Thu 3/17	No Class (Spring Break)
Malware
Tue 3/22	Mimimorphism Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, and Haining Wang. Mimimorphism: A New Approach to Binary Code Obfuscation, CCS 2010.	Trev
Thu 3/24	Hybrid Static-Dynamic Analysis Paolo Milani Comparetti, Guido Salvaneschi, Engrin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero. Identifying Dormant Functionality in Malware Programs. IEEE Symposium on Security and Privacy, 2010.	Joseph
Tue 3/29	Exploiting Malware Bugs for Defense Juan Caballero, Pongsin Poosankam, Stephen McCamant, Domagoj Babić, and Dawn Song. Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware, CCS 2010.	John
Thu 3/31	Instruction Set Obfuscation Sang Kil Cha, Brian Pak, David Brumley, and Richard J. Lipton. Platform-Independent Programs, CCS 2010.	Erik
Information Flow
Tue 4/5	Info Flow Vulnerabilities Dongseok Jang, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. An Emperical Study of Privacy-Violating Information Flows in JavaScript Web Applications, CCS 2010.	Lily
Thu 4/7	IRM-based Info Flow Enforcement Benjamin Livshits and Leo Meyerovich. ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser, IEEE Symposium on Security and Privacy, 2010.	Kevin
Tue 4/12	Declassification Bruno P. S. Rocha, Sruthi Bandhakavi, Jerry den Hartog, William H. Winsborough, and Sandro Etalle. Towards Static Flow-Based Declassification for Legacy and Untrusted Programs, IEEE Symposium on Security and Privacy, 2010.	Eric
Thu 4/14	Distributed Info Flow William R. Harris, Somesh Jha, and Thomas Reps. DIFC Programs by Automatic Instrumentation, CCS 2010.	Gil
Project Presentations
Tue 4/19	Project Presentation Course Evaluations	Joseph, Vishwath, and Trevor
Thu 4/21	Project Presentation	Kevin, Eric, and Meera
Tue 4/26	Project Presentation	Erik, Gil, and Richard
Thu 4/28	Project Presentation	Micah, Lily, and Elmer