CS 7301: Seminar on Language-based Security

Course Information

Title: CS 7301: Language-based Security
Course Registration Number: 13769
Times: TR 11:30-12:45
Location: ECSS 2.311
Instructor: Dr. Kevin Hamlen (hamlen AT utdallas)
Office Hour: TR 1:00-2:00

Course Summary

This course will introduce and survey the emerging field of "Language-based Security", in which techniques from compilers and programming language theory are leveraged to address issues in computer security. Topics include: Proof-Carrying Code, In-lined Reference Monitoring, Typed Intermediate Languages, Typed Assembly Language, Certifying Compilers, and Software Fault Isolation.

The aim of the course is to allow each student to develop a solid understanding of at least one of these topics, along with a more general familiarity with the range of research in the field. In-course discussion will highlight opportunities for cutting-edge research in each area. If your research involves computer security, this course will provide you with an array of powerful tools for addressing software security issues. If your research involves programming languages and compilers, this course will show you how to take techniques that you might already know and apply them in new and interesting ways.

The course is open to Ph.D. students, and to Masters students with permission of instructor.

Suggested prerequisite: CS 6371 Advanced Programming Languages (or concurrently), or a basic familiarity with type theory. (If not, the student is advised to consult one of the texts on type theory listed later on this page.)


Homework: Homeworks will consist of assigned readings—approximately two papers per class session. Material presented in class will assume that students have read the assigned material before coming to class, so please do the readings ahead of time!

Presentations (40%): Each student will be assigned two days during the semester during which they will present to the class a summary of the assigned readings for that day. The presentation should provide a technical overview of the paper, a description of how the paper fits into the broader context of the material covered in the course, and should pose some interesting questions or challenges for in-class discussion.

Class Participation (20%): Students are expected to come to each class having read the assigned papers, and prepared with questions, critiques, and discussion topics. Regular participation in in-class discussion will count 20% towards students' grades in the course.

Projects (40%): Students taking the course for a letter grade will work individually or in a team of two to four to complete a course-related project. All project ideas are individually approved by the instructor. Proposals are due by mid-semester. A typical project would involve implementing one of the concepts described in one of the assigned readings, or using one or more of the research-level software packages covered in class to do an interesting program analysis or to address a non-trivial security vulnerability.


The course has no required textbook, but several of the course topics will draw heavily from material in:

The following are also useful references for those not already familiar with type theory and/or security:

Tentative Course Schedule

Date Topic Presenter(s)
Introduction and Review
Tue 1/9 Course overview and introduction to Language-based Security
  • Fred B. Schneider, Greg Morrisett, Robert Harper. A language-based approach to security. Informatics: 10 Years Back, 10 Years Ahead, Lecture Notes in Computer Science, Vol. 2000, Springer-Verlag, Heidelberg, 86-101.
Thur 1/11 A Crash Course in Type Theory: Part I
Simple Types, Operational Semantics
Properties of Type Systems: Preservation, Progress, Soundness, Completeness
Suggested (non-mandatory) readings:
  • Glynn Winskel. The Formal Semantics of Programming Languages: Chapter 2. MIT Press, Cambridge, MA, 1993.
  • Benjamin C. Pierce. Types and Programming Languages: Chapters 8 and 11. MIT Press, Cambridge, MA, 2002.
Tue 1/16 A Crash Course in Type Theory: Part II
First-class Functions, Parametric Polymorphism, and Dependent Types
Types as Logical Predicates: Hoare Logic, Curry-Howard Isomorphism
Suggested (non-mandatory) readings:
  • Benjamin C. Pierce. Types and Programming Languages: Chapters 23 and 24. MIT Press, Cambridge, MA, 2002.
  • Benjamin C. Pierce, ed., Advanced Topics in Types and Programming Languages: Chapter 2. MIT Press, Cambridge, MA, 2005. (available online from UTD computers)
  • Glynn Winskel. The Formal Semantics of Programming Languages: Chapter 6. MIT Press, Cambridge, MA, 2002.
Thur 1/18 A Crash Course in Computer Security
Security Goals: Confidentiality, Integrity, Availability
Security Principles: Least Privilege, Minimal Trusted Computing Base
Security Policies: Memory Safety, Control Flow Safety, Coarse-grained RBAC
Attacks: Buffer Overrun, Privilege Escalation, Denial of Service, Dictionary Attacks, Phishing
Suggested (non-mandatory) readings:
Memory Safety and Control-Flow Safety
Tue 1/23 Software Fault Isolation
Thur 1/25 Control Flow Integrity
Minimizing the Trusted Computing Base
Tue 1/30 Proof-Carrying Code
Thur 2/1 Proof-Carrying Code
Tue 2/6 Typed Assembly Language Instructor
Thur 2/8 Dependently Typed Assembly Language
  • David Aspinall and Martin Hofmann. Dependent Types. In Benjamin C. Pierce, ed., Advanced Topics in Types and Programming Languages: Chapter 2.1, pp. 45-47 (up to exercise 2.1.1), MIT Press, Cambridge, MA, 2005. (available online from UTD computers)
  • Hongwei Xi and Robert Harper. A Dependently Typed Assembly Language. In Proceedings of the International Conference on Functional Programming (ICFP'01), Florence, Italy, September 2001.
Tue 2/13 Foundational Proof-Carrying Code
  • Andrew W. Appel. Foundational Proof-Carrying Code. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS'01), Boston, MA, June 2001.
Thur 2/15 Combining TAL and PCC
Securing Legacy Code
Tue 2/20 Cyclone: A TAL-Targeting, C-like Language
Thur 2/22 CCured: A PCC-Targeting, C-like Language
  • George C. Necula, Scott McPeak, Westley Weimer. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL'02). Portland, OR, 2002.
  • Jeremy Condit, Matthew Harren, Scott McPeak, George C. Necula, Westley Weimer. CCured in the Real World. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI'03), San Diego, CA, June 2003.
In-lined Reference Monitors
Tue 2/27 In-lined Reference Monitoring
Thur 3/1 Certified In-lined Reference Monitoring
Tue 3/6 Spring Break N/A
Thur 3/8 Spring Break N/A
Tue 3/13 Composable Policies
Thur 3/15 Computational Theory of In-lined Reference Monitors Instructor
Information Flow
Tue 3/20 Overview of Language-based Information Flow
Thur 3/22 Information Flow for Java
Tue 3/27 Distributed Information Flow
Obfuscation and Randomization
Thur 3/29 Address Space Randomization
Tue 4/3 Instruction Set Randomization
Thur 4/5 Obfuscation and Type Systems
Wrap-up and Conclusions
Tue 4/10 Course Evaluations
Course summary, Q&A, Extended discussion
Thur 4/12 Guest speaker: Dr. Gopal Gupta
Buffer overflow protection research at UTD
Dr. Gupta
Tue 4/17 Project Presentations
  • Slot 1: Mohammad
  • Slot 2: Ryan
  • Slot 3: Jungin
Thur 4/19 Project Presentations
  • Slot 4: Vishwath
  • Slot 5: Ajay & Srividya
  • Slot 6: Sandeep


The HARD deadline for final projects is Monday, April 30th, 5:00pm. I will base your project grades on whatever I have from you at that point. Students are therefore strongly encouraged to submit their projects before the hard deadline (preferably during the last week of April) to allow for submission errors. For example, if I discover before the deadline that I can't open your .zip file or something won't compile, I will email you to let you know and you can submit a correction. I will grade projects in the order that I receive them, so the earlier you submit, the more flexibility you will have. When submitting, you should email me the following: UTD's email system bounces email messages containing .zip, .exe, .bat, and lots of other files with known extensions. (Optional homework: Explain why this is an extremely ineffective method of protecting a system against malicious mobile code!) To bypass this restriction, I recommend renaming your file extensions to .xxx before attaching them. Tell me in the body of your email what the "real" extensions should be so I can rename them after downloading.