Building Secure Systems using Programming Languages and Analysis

Syllabus

Date Topic Lead
Sept 22
Overview and introduction
Confused deputy [ slides, notes ]
Deian
A sample of language-based techniques
Sept 27
Contracts and object capabilities
Shill [ questions, notes, annotated ]
Deian
Sept 29
Type systems for information flow control
JIF [ questions, notes, annotated ]
Sunjay
Oct 04
Runtime monitors for information flow control
LIO [ questions, annotated ]
Deian
Oct 06
Structural Operational Semantics
Sequential LIO [excellent supplemental material]
Deian
Server-side web security
Oct 11
Taint tracking and data flow assertions
Resin [ questions, notes, annotated ]
Caroline
Oct 13
Information flow control and policy specification
Hails [ questions, notes ]
Matt
Oct 18
Integrity and authenticated data structures
Verena [ questions, annotated, notes ]
Zhaomo
Browser and client-side web security
Oct 20
Software-based fault isolation
NaCl [ questions, annotated, notes ]
Shravan
Oct 25 Hack time (no class, Deian at PLAS 2016)
Oct 27
Permissions and privilege separation
Chrome extension system [ questions, annotated, notes ]
Ariana
Nov 01
Label-based mandatory access control
COWL [ questions, notes ]
Rohit
Operating systems security
Nov 03
Micro-grammars and static bug checkers
µchex [ questions, annotated, notes ]
Gary
Nov 08
Symbolic execution
S2E [ annotated, notes ]
Brian
Nov 10 Hack time (no class, Oakland deadline)
Nov 15
Software-isolated processes and manifest-based programs
Singularity [ questions, annotated, notes, broader-overview paper ]
Deian
Nov 17
Full-system verification
Ironclad Apps [ questions, annotated, notes ]
Frank
Hardware security
Nov 22
Type systems for secure hardware development
SecVerilog [ questions, annotated, notes ]
Abdul
Nov 24 Thanksgiving break
Nov 29
Security monitors for tagged hardware
Micro-policies [ annotated, notes ]
Hannah
Cryptography
Dec 01
Refinement types and verified protocols
miTLS [ notes ]
AJ
Dec 09 Project presentations

Please note that this syllabus is subject to change.