Course description
This course will focus on language-based information security: using programming language techniques and abstractions to specify, reason about, and enforce, information security. Most of the course will focus on information-flow control: controlling the flow of information within a system to enforce strong security guarantees.
The course will be a combination of lectures and paper discussion. We will focus primarily on recent papers, from the last 3-4 years.
For those taking the course for credit, evaluation will be based on class participation, and a final project. More information about the final project is available here. Auditors are welcome.
The course is intended for graduate students at all levels as well as advanced undergraduates. It is expected that students have taken a course in the foundations of programming languages, such as CS 152.
Schedule
Note 1: Schedule is subject to change. All readings are required except for those marked "Optional". Optional readings duplicate and/or extend material discussed in class.
Note 2: Some brief notes on how to read a research paper are available here.
Date | Lec. | Topic | Readings | Presenter |
---|---|---|---|---|
Tu 24-Jan | 1 | Introduction |
|
Steve Chong slides.pdf |
Th 26-Jan | 2 | Security policies for information flow |
|
Steve Chong |
Tu 31-Jan | 3 | Dependency Core Calculus |
|
Aslan Askarov |
Th 2-Feb | 4 | Confidentiality and integrity |
|
Aslan Askarov |
Tu 7-Feb | 5 | Semantic security conditions beyond noninterference: Declassification and Erasure |
|
Steve Chong |
Th 9-Feb | 6 | Provenance |
|
Andrew Johnson |
Tu 14-Feb | 7 | Inferring security policies |
|
George Kulakowski |
Th 16-Feb | 8 | Timing and termination channels |
|
Joe Tassarotti |
Tu 21-Feb | 9 | Project proposals due Quantitative information flow |
|
Scott Moore |
Th 23-Feb | 10 | Static enforcement/analysis |
|
Hannah Gommerstadt |
Tu 28-Feb | 11 | Static enforcement/analysis |
|
George Kulakowski |
Th 1-Mar | 12 | Static enforcement/analysis |
|
Devon Long |
Tu 6-Mar | 13 | Dynamic/hybrid enforcement |
|
Carl Jackson |
Th 8-Mar | 14 | Dynamic/hybrid enforcement |
|
Andrew Johnson |
Spring Recess |
||||
Tu 20-Mar | 15 | Dynamic/hybrid enforcement |
|
Steve Chong |
Th 22-Mar | 16 | Dynamic/hybrid enforcement |
|
Stefan Muller |
Tu 27-Mar | 17 | Privacy |
|
Max Wang |
Th 29-Mar | 18 | Privacy |
|
Aslan Askarov |
Tu 3-Apr | 19 | Privacy |
|
George Kulakowski |
Th 5-Apr | 20 | Language-based security for Android |
|
Hannah Gommerstadt/Devon Long |
Tu 10-Apr | 21 | Software fault isolation |
|
Joe Tassarotti |
Th 12-Apr | 22 | Software fault isolation |
|
Stefan Muller |
Tu 17-Apr | 23 | Software fault isolation |
|
Max Wang |
Th 19-Apr | 24 | Project presentations |
|
|
Tu 24-Apr | 25 | Project presentations |
|
|
Th 3-May | Final project due |