CSE 291 is a graduate course on language-based security. Most software we rely upon is plagued by security vulnerabilities — the common occurrence of large-scale private data theft alone serves to highlight the magnitude of the problem. Yet the rise of new application domains and platforms (e.g., crypto currencies and IoT) is making software ever more integral to daily life. It is prudent for us to build more secure software systems.

One promising approach to building secure systems is to leverage ideas from programming languages and program analysis. The recent industry trend of adopting new languages, type systems, and tools — as exemplified by Mozilla's Rust and Facebook's Infer — also makes this approach very timely.

This course explores the use of various programming languages and program analysis methods to (1) enforce security, and (2) to rigorously specify and reason about security. We will study secure runtime systems (e.g., operating systems, web servers, hardware architectures) and the underlying techniques used to make them secure (e.g., language-level information flow control, capabilities, static checkers, symbolic execution, linear type systems).

This is a research-oriented class: students are expected to read papers in depth and work on a relatively large research project that can ideally lead to a conference publication.

Course prerequisites

Students should have knowledge of programming languages (e.g., CSE 130), operating systems (e.g., CSE 120), and security (e.g., CSE 127). We will be reading research papers on advanced topics with very brief introductions, so students should be familiar with topics in these areas (e.g., language semantics, virtual memory management, basic web security) or be willing to independently pick up these topics.

Meeting time and locating

  • Location: CSE 2154
  • Time: Mondays and Wednesdays 3:30-4:50PM