Skip to main content





Announcements

None.

Overview

Users of software and hardware products are consistently placed in the untenable position of reacting to cyber emergencies. Responding on a crisis-by-crisis basis often leaves them on their heels, and those securing systems on the front lines should not be expected to bear the full weight of this burden. The intense reactive posture demanded by the current status quo reduces defenders’ ability to predict and prepare for the next wave of incoming attacks.

However, even if every known vulnerability were to be fixed, the prevalence of undiscovered vulnerabilities across the software ecosystem would still present additional risk. A proactive approach that focuses on eliminating entire classes of vulnerabilities reduces the potential attack surface and results in more reliable code, less downtime, and more predictable systems. Ultimately, this approach enables the United States to foster economic growth, accelerate technical innovation, and protect national security. Leaving these risks unmitigated comes with a costly price tag and may allow America’s adversaries to attempt to take advantage of the circumstances.
Back to the Building Blocks: a Path Toward Secure and Measurable Software

This course explores a proactive approach that focuses on eliminating entire classes of vulnerabilities. In particular, we focus on methods for using programming languages and language semantics to build provably secure software. We will cover the techniques, such as

  • program Semantics
  • security type systems
  • runtime monitoring
  • formal methods
  • symbolic execution

as well as their applications to enforcing security, such as

  • information flow security
  • quantitative security measures
  • differential privacy
  • side channel mitigation

We will read papers for each topic in this course.

Coursework

There will be no examinations for this course. The main work for students will be:

  • Assignments checking your understanding of the foundations of language-based security, as well as programming assignments providing hands-on experience of using those techniques.
  • A couple of recent and classic papers for selected topics. You will be reading these papers and being prepared to discuss them in depth in class. Students will be responsible for periodically presenting papers and leading discussion.
  • A final project with two options. Implementation track: implement any language-based security mechanism that we cover in this course. You will be submitting the source code, as well as a project report. Research track: conduct research in any topic covered in this course. Ideally, your project should, to some extent, advance the state-of-the-art in the topic of your choice. But a comprehensive survey that goes beyond the papers we discussed in this course is also acceptable.

Instructor: Danfeng Zhang

Placeholder for schedule