Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due

CS 6335: Language-based Security

Course Summary

This course introduces and surveys the field of Language-based Software Security, in which techniques from compilers and programming language theory are leveraged to address issues in computer security. Topics include:

1. Formal Methods-based Software Development
2. In-lined Reference Monitors
3. Software Fault Isolation
4. Address Space Randomization
5. Binary Software Attack Surface Reduction
6. Certifying Compilation
7. Web Scripting Security
8. Information Flow Controls
9. Cyber-deceptive Software Engineering

Course learning objectives:

1. Ability to apply formal methods for software development
2. Ability to develop approaches for in-lining reference monitors for enforcing security policies
3. Ability to understand concepts in cyber deceptive software engineering
4. ability to develop approaches for binary software attack surface reduction

About half of the course is devoted to formal methods-based development of secure software, with a focus on program-proof co-development and higher-order functional programming. The remainder of the course surveys alternative and complementary cybersecurity solutions founded on programming language semantics-based analysis, transformation, monitoring, and compilation of code. In-course discussion will highlight opportunities for cutting-edge research in each area. If you conduct work involving software security, this course will provide you with an array of powerful tools for addressing software security issues. If your work involves programming language design and implementation, this course will show you how to take techniques that you already know and apply them to a new and important problem domain. If your career involves management or development of high-assurance software systems, this course will provide a comparative analysis of traditional versus language-based techniques.

The course is open to Ph.D. students and Masters students. Interested undergraduates should see the instructor for permission to take the course.

Suggested complementary course: Interested students may wish to consider taking CS 6371 Advanced Programming Languages before/after this course or concurrently, since it presents material that supplements and enhances several of the above topics.

Grading

Homework (30%): For the first 10 weeks of the course, students will complete a series of programming exercises assigned through eLearning. Background material helpful for completing the exercises can be found in the online textbook Software Foundations.

Quizzes (30%): Most classes will begin with a short quiz testing the students comprension of an assigned reading for the day. Questions will typically be multiple choice or short answer. The easier questions will be designed to test whether the student has read the material, and the harder ones will test deeper understanding of more subtle points.

Class Participation (10%): Students are expected to come to class or attend online having read the assigned paper(s), and prepared with questions, critiques, and discussion topics. Regular attendance and class participation will count 10% towards their grades in the course.

Project (30%): Students will work individually or in a small team for the last 6 weeks of the course to complete a small project. A typical project will involve implementing and/or formally verifying a language-based security mechanism covered in the class or related to class material. Students conducting research are encouraged to choose projects that synergize with their research activities. Students will present their projects in class, with the presentation counting toward their project grade.

Attendance policy: This course is taught in an in-person modality with the expectation that students will typically interact with the instructor and other students during class through live discussion. Students should therefore only rely upon remote learning materials (e.g., recorded lectures) as a supplement to the in-person lectures, or to cover university-recognized abences (e.g., health and safety concerns, religious observances, etc.).

Texts

In our study of the Coq theorem proving system, we will be using the following online textbook:

• Benjamin C. Pierce, Arthur Azevedo de Amorim, Chris Casinghino, Marco Gaboardi, Michael Greenberg, Cătălin Hriţcu, Vilhelm Sjöberg, and Brent Yorgey. Software Foundations, Version 6.3. University of Pennsylvania, August 2023.

For those who wish to explore Coq in greater depth (e.g., for developing projects), the following book by the Coq developers is recommended:

• Yves Bertot and Pierre Castéran. Interactive Theorem Proving and Program Development. Springer-Verlag, 2004.

Additionally, the following text available through the UTD library may be useful for general background on type theory and functional programming:

• Benjamin C. Pierce, ed., Advanced Topics in Types and Programming Languages. MIT Press, Cambridge, MA 2005.

Tentative Course Schedule