Building Secure Systems using Programming Languages and Analysis

CSE 291

CSE 291 is a graduate course on language-based systems security. Most software we rely upon is plagued by security vulnerabilities—the common occurrence of large-scale private data theft alone serves to highlight the magnitude of the problem. Yet the rise of new application domains and platforms (e.g., crypto currencies and IoT) is making software ever more integral to daily life. It is prudent for us to build more secure software systems.

One promising approach to building secure systems is to leverage ideas from programming languages and program analysis. The recent industry trend of adopting new languages, type systems, and tools—as exemplified by Mozilla’s Rust and Facebook’s Flow—also makes this approach very timely.

This course explores the use of various programming languages and program analysis methods to (1) enforce security, and (2) to rigorously specify and reason about security. We will study recent systems (e.g., operating systems, web servers, hardware architectures) and the underlying techniques used to make them secure (e.g., language-level information flow control, capabilities, symbolic execution, linear type systems).




While this course is mostly self contained, students should have knowledge of programming languages (e.g., CSE 130), operating systems (e.g., CSE 120), and security (e.g., CSE 127). We will be reading research papers on advanced topics with very brief introductions, so students should be familiar with topics in these areas (e.g., language semantics, virtual memory management, basic web security).