Title: CS 6301-004: Language-based Security
Course Registration Number: 87595
Times: MW 1:00–2:15
Location: CB 1.102
Instructor: Dr. Kevin Hamlen (hamlen AT utdallas)
Instructor's Office Hours: MW 2:15–3:15, ECSS 3.704
This course will introduce and survey the field of Language-based Software Security, in which techniques from compilers and programming language theory are leveraged to address issues in computer security. Topics include:
The aim of the course is to allow each student to develop a solid understanding of at least one of these topics, along with a more general familiarity with the range of research in the field. In-course discussion will highlight opportunities for cutting-edge research in each area. If you do research involving software security, this course will provide you with an array of powerful tools for addressing software security issues. If you do research involving programming languages or compilers, this course will show you how to take techniques that you already know and apply them to a new and important problem domain. If your career involves management or development of high-assurance software systems, this course will provide a comparative analysis of traditional versus language-based techniques.
The course is open to Ph.D. students and Masters students. Interested undergraduates should see the instructor for permission to take the course.
Suggested complementary course: Interested students may wish to consider taking CS 6371 Advanced Programming Languages before/after this course or concurrently, since it presents material that supplements and enhances several of the above topics.
Homework (30%): For the first 10 weeks of the course, students will complete a series of programming exercises assigned through eLearning. Background material helpful for completing the exercises can be found in the online textbook Software Foundations.
Quizzes (30%): Most classes will begin with a short quiz testing the students comprension of an assigned reading for the day. Questions will typically be multiple choice or short answer. The easier questions will be designed to test whether the student has read the material, and the harder ones will test deeper understanding of more subtle points.
Class Participation (10%): Students are expected to come to class having read the assigned paper(s), and prepared with questions, critiques, and discussion topics. Regular attendance and class participation will count 10% towards their grades in the course.
Project (30%): Students will work individually or in a small team for the last 6 weeks of the course to complete a small project. A typical project will involve implementing and/or formally verifying a language-based security mechanism covered in the class or related to class material. Students conducting research are encourage to choose projects that synergize with their research activities. Students will present their projects in class, with the presentation counting toward their project grade.
In our study of the Coq theorem proving system, we will be using the following online textbook:
For those who wish to explore Coq in greater depth (e.g., for developing projects), the following book by the Coq developers is recommended:
Additionally, the following text available through the UTD library may be useful for general background on type theory and functional programming:
|Date||Topic||Assigned Reading(s)||Coq Exercises|
|Introduction to Language-based Security
|Assignment 1 due 8/29
|Functional Programming with Coq
|Software Foundations: Basics chapter, up to and including the first two exercises (nandb, andb3).|
|Programming Proofs in Coq
|F. Williams. Investigating SANS/CWE Top 25 Programming Errors. Tech. Rep. ICTN 6870, E. Carolina University, 2009.|
|J. Walden, J. Stuckman, and R. Scandariato. Predicting Vulnerable Components: Software Metrics vs Text Mining. In Proc. 25th Int. Sym. Software Reliability Engineering (ISSRE), pp. 23–33, November 2014.|
|No class: Labor Day||Assignment 2 due 9/12
Tactic Quick-Reference Sheet
|P. Hudak. Conception, Evolution, and Application of Functional Programming Languages. ACM Computing Surveys, 21(3):359–411, May 1989.
|X. Leroy. Formal Verification of a Realistic Compiler. Communications of the ACM, 52(7):107–115, 2009.|
|no assigned reading|
|Language-based Security Foundations|
|The Science of Software Security||J. Bau and J. C. Mitchell. Security Modeling and Analysis. IEEE Security & Privacy 9(3):18–25, 2011.||Assignment 3 due 9/24
|Software Model-checking||M. Müller-Olm, D. Schmidt, and B. Steffen. Model-Checking: A Tutorial Introduction. In Proc. 6th Int. Sym. Static Analysis (SAS), pp. 330–354, September 1999.
|Machine Code Validation||D. Brumley, I. Jager, T. Avgerinos, and E.J. Schwartz. BAP: A Binary Analysis Platform. In Proc. Int. Conf. Computer Aided Verification (CAV), 2011.|
|Code-reuse Attacks and Defenses|
|Return-oriented Programming||E.J. Schwartz, T. Avgerinos, and D. Brumley. Q: Exploit Hardening Made Easy. In Proc. 20th USENIX Security Symposium, 2011.||Assignment 4 due 10/1
|Artificial Diversity||H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address-Space Randomization. In Proc. ACM Conf. Computer and Communications Security (CCS), pp. 298–307, 2004.|
|Control-flow Integrity||M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. In Proc. ACM Conf. Computer and Communications Security, pp. 340–353, 2005.||Assignment 5 due 10/10
|Binary Stirring||R. Wartell, V. Mohan, K.W. Hamlen, and Z. Lin. Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code. In Proc. ACM Conf. Computer and Communications Security (CCS), 2012.|
|In-lined Reference Monitors|
|Theory of IRMs||F.B. Schneider. Enforceable Security Policies. ACM Transactions on Information and System Security, 3(1):30–50, 2000.|
|Aspect-oriented Programming||M. Jones and K.W. Hamlen. Disambiguating Aspect-oriented Security Policies. In Proc. 9th Int. Conf. Aspect-Oriented Software Development (AOSD), pp. 193–204, March 2010.||Assignment 6 due 10/29
|Cryptojacking||W. Wang, B. Ferrell, X. Xu, K.W. Hamlen, and S. Hao. SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks. In Proc. European Sym. on Research in Computer Security (ESORICS), 2018.|
|IRM Validation||K.W. Hamlen, M.M. Jones, and M. Sridhar. Aspect-oriented Runtime Monitor Certification. In Proc. 18th Int. Conf. Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pp. 126–140, March–April 2012.|
|Intro to Information Flow
|A. Sabelfeld and A.C. Myers. Language-Based Information-Flow Security. IEEE J. Selected Areas in Communications, 21(1):5–19, 2003.|
|Type-based Information Flow Controls||A.C. Myers. JFlow: Practical Mostly-Static Information Flow Control. In Proc. 26th ACM Sym. Principles of Programming Languages (POPL), pp. 228–241, 1999.||Project due 12/17
|Superset Disassembly||E. Bauman, Z. Lin, and K.W. Hamlen. Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics. In Proc. Network and Distributed Systmes Security Sym. (NDSS), 2018.|
|Object Flow Integrity||W. Wang, X. Xu, and K.W. Hamlen. Object Flow Integrity. In Proc. ACM Computer and Communications Security (CCS), 2017.|
|Cyber-deceptive Software Engineering||F. Araujo, K.W. Hamlen, S. Biedermann, and S. Katzenbeisser. From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation. In Proc. ACM Computer and Communications Security (CCS), 2014.|
|Reactively Adaptive Malware||V. Mohan and K.W. Hamlen. Frankenstein: Stitching Malware from Benign Binaries. In USENIX Workshop on Offensive Technologies (WOOT), pp. 78–84, 2012.|
|No class: Fall break|
|No class: Fall break|
|Q&A: Picinæ, Projects, Coq|