Language-Based Security

Comp Sci 839, Fall 2023


Date Topic Presenter Required Reading Recommended Reading
Sept 7 Welcome + λ-calculus (Cecchetti) OCaml Programming: Correct + Efficient + Beautiful
Michael R. Clarkson
Sept 12 λ-calculus (Cecchetti)
Sept 14 Operational semantics (Cecchetti)
Sept 19 Imp (Cecchetti)
Sept 21 State and traces (Cecchetti)
Sept 26 Simply-typed λ-calculus (Cecchetti) A Language-Based Approach to Security
Fred B. Schneider, Greg Morrisett, and Robert Harper
Informatics: 10 Years Back, 10 Years Ahead, 2001
IFC Overview
Sept 28 Intro to IFC and IFC Types Ethan Cecchetti
Butler Lampson
CACM 1973
Andrei Sabelfeld and Andrew C. Myers
Journal on Selected Areas in Communications 2003
Oct 3 Proving Noninterference in a Functional Language Kanghee Park
François Pottier and Vincent Simonet
POPL 2002 (and TOPLAS 2003)
Note: Feel free to skip Sections 8 and 9
Security Properties
Oct 5 EM-Enforceable Properties
Fred B. Schneider
Oct 10 Hyperproperties Andrey Yao
Michael R. Clarkson and Fred B. Schneider
JCS 2010 (and CSF 2008)
Oct 12 Secure Compilation
Carmine Abate, Roberto Blanco, Deepak Garg, Cătălin Hriţcu, Marco Patrignani, Jérémy Thibault
CSF 2019
Marco Patrignani, Amal Ahmed, and Dave Clarke
ACM Computing Surveys 2019
(Oct 13) Project Proposals Due
More Expressive Static IFC
Oct 17 Secure Declassification Brandon Cegelski
Andrei Sabelfeld and David Sands
JCS 2009 (and CSFW 2005)
Some of the various cited papers
Oct 19 Robust Declassification Jack Stanek
Andrew C. Myers, Andrei Sabelfeld, and Steve Zdancewic
JCS 2006
Ethan Cecchetti, Andrew C. Myers, and Owen Arden
CCS 2017
Dynamic IFC and Notions of Noninterference
Oct 24 Progress-(in)sensitivity Shengyuan Yang
Johan Bay and Aslan Askarov
CSF 2020
Aslan Askarov, Sebastian Hunt, Andrei Sabelfeld, and David Sands
Oct 26 Secure Multi-execution Robert Nagel
Thomas Schmitz, Maximilian Algehed, Cormac Flanagan, and Alejandro Russo
CCS 2018
Dominique Devriese and Frank Piessens
IEEE S&P 2010
Securing Systems
Oct 31
  • Speculative Execution Security
Jiangyi Liu
Marco Guarnieri, Boris Köpf, José F. Morales, Jan Reineke, and Andrés Sánchez
IEEE S&P 2020
Also look at the recommended paper and get the general idea. Reading it in detail is optional.
Xaver Fabian, Marco Guarnieri, and Marco Patrignani
CCS 2022
Nov 2 Reentrancy Protection Fangzhou Wu
Ethan Cecchetti, Siqiu Yao, Haobin Ni, and Andrew C. Myers
IEEE S&P 2021
Nov 7 Web Security Rahul Krishnan
Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan
USENIX Security 2020
James Parker, Niki Vazou, and Michael Hicks
POPL 2019
Nov 9 Capabilities Ante Tonkovic-Capin
Arnar Birgisson, Joe Gibbs Politz, Úlfar Erlingsson, Ankur Taly, Michael Vrable, and Mark Lentczner
NDSS 2014
Scott Moore, Christos Dimoulas, Dan King, and Stephen Chong
OSDI 2014
Probabilistic and Quantitative Security
Nov 14 Probabilistic Noninterference Julia Nakhleh
David Darais, Ian Sweet, Chang Liu, and Michael Hicks
POPL 2020
Nov 16 Quantitative Information Flow Ashley Samuelson
Geoffrey Smith
FoSSaCS 2009
Michael R. Clarkson, Andrew C. Myers, and Fred B. Schneider
JSC 2009
Nov 21 (Canceled due to illness)
Nov 23 (Thanksgiving Break)
Nov 28 Differential Privacy Ben Jacobsen
Yuxin Wang, Zeyu Ding, Daniel Kifer, and Danfeng Zhang
CCS 2020
Danfeng Zhang and Daniel Kifer
POPL 2017
Language-Based Cryptography
Nov 30 Synthesizing Cryptography Muhammad Musa
Coşku Acay, Rolph Recto, Joshua Gancher, Andrew C. Myers, and Elaine Shi
PLDI 2021
Lantian Zheng, Stephen Chong, Andrew C. Myers, and Steve Zdancewic
IEEE S&P 2003
Multiparty Computation Languages
Ian Sweet, David Darais, David Heath, William Harris, Ryan Estes, and Michael Hicks
‹Programming› 2023
Aseem Rastogi, Matthew Hammer, and Michael Hicks
IEEE S&P 2014
Dec 5 Project Presentations
(2:30 – 2:40)Jiangyi Liu
(2:42 – 2:57)Kanghee Park and Rahul Krishnan
(3:00 – 3:10)Fangzhou Wu
(3:12 – 3:22)Robert Nagel
(3:25 – 3:40)Ben Jacobsen and Julia Nakhleh
Dec 7 Project Presentations
(2:30 – 2:40)Ante Tonkovic-Capin
(2:42 – 2:52)Jack Stanek
(2:55 – 3:05)Ashley Samuelson
(3:07 – 3:17)Brandon Cegelski
(3:20 – 3:30)Muhammad Musa
(3:32 – 3:42)Andrey Yao
(Dec 12) Project Writeups Due


(A pdf version of this syllabus is available here.)

Learning Outcomes

The goal of this course is that, after successful completion, students should be able to demonstrate the following skills.

  • Articulate the core concepts and ideas in modern research papers in the field of language-based security, and situate those results within the broader literature of the field.
  • Present cutting-edge research ideas to other researchers in a way that is clear, understandable, and well-motivated.
  • Investigate new research questions in the area of language-based security and progress our understanding of those questions and associated ideas.


There will be four types of assignments. All non-presentation assignments will be handed in on Canvas.

Problem Sets

Only during the lecture portion of the class. These are to help build comfort and familiarity with the background material.

Paper Reviews

Each class (after the first three weeks) will have a paper that is required reading, and possibly a paper that is recommended as well. For each required reading, students must submit a short review summarizing the paper and explaining core concepts. These reviews should also note any confusion or questions you have, as well as describe anything about the paper you did or didn't like. Reviews for recommended readings are optional.

Reviews are due at 11:00am on the day of class.

Paper Presentations

Each class (after the background lectures), one or two students will give a 30–45 minute presentation on that day's topic. The student(s) presenting must read both the required and recommended reading for that day well in advance. They must also meet with the instructor (Ethan) to discuss the paper and a draft of their presentation at least 3 days in advance (no later than Monday if the presentation is on a Thursday, or Friday of the previous week if the presentation is on a Tuesday).

Students will sign up to present papers in the 3rd week of class (after add/drop period has ended).

Research Project

Each student must conduct a small research project in the area of language-based security. These projects may be individual, or in groups of up to three. The goal of the project is for every student in the class to have experience doing research in the area of language-based security. It is not to produce a publishable piece of research, although a good project would have promise to be the first step toward that goal. Students already working on projects that could reasonably be construed as language-based security research are welcome to use part or all of that work as the project for this course.

The topic of the project is up to each student. The schedule is front-loaded with background material and papers on language-based information flow, but projects can be centered around whatever area of language-based security that most interests each student. Other options include capabilities, model checking, and synthesis of secure code.

Projects can be implementation-based, such as implementing a language-based security technique or using one to build software more securely, theory-based, such as developing formal (perhaps machine-checked) proofs of security for some system, or even based on deeply surveying the state of a section of the field in the style of a Systematization of Knowledge (SoK) paper.

Students will be required to submit a 1-page proposal in October. The proposal should motivate the project and explain what concretely you plan to do to complete it. It should discuss how the proposed project relates to prior published research and provide citations.

In December, each project group will give a 10–15 minute presentation on their project to the class and produce a written report on their results, insights, and progress. There is no fixed length for these reports, but I expect the will be a few pages long.

Additionally, any students working in a group will be required to turn in a peer evaluation for their project group. The peer evaluation must answer the following questions for each team member (including yourself).

  • How did the team member's work positively contribute to the group?
  • How did the team member's work negatively contribute to the group?
  • For each stage of the project, what percentage of the total work of the group did the team member do? Please consider all work that team member did, not just work that was successful or ended up in the final product.

It is not necessary that every member of the team contribute equally to every component of the project. I will look at each team member's contribution in total across the whole project while making an evaluation.


Grades will be based on the following breakdown:

  • Problem sets and reviews: 40%
  • Paper presentation: 25%
  • Project: 30%
  • Participation: 5%

This is a graduate-level course. As such, the expectations are a bit different from what you may be used to in undergraduate-level courses. The focus of this course is on exposing you to new ideas and concepts and allowing you space to investigate and learn. To that end, problem sets and paper reviews will be graded on a "✓" / "✓−" scale, while presentations and projects will be graded with a simple letter grade (A, B, C, or F).

Problem sets and Reviews

If you engaged with the material and attempted to do the work, even if there were parts that were somewhat incomplete or you partially misunderstood, you will still receive a ✓. If you turn in something, but it is substantially incomplete or demonstrates very little understanding, you will receive a ✓−. If you turn in nothing or indicate no understanding at all or engagement with the material, you will receive no credit.

Presentations and Projects

The grade will be based on the quality of your work. For presentations, this will include reading the papers and discussing your presentation plan with Ethan far enough in advance (see the presentation description above).

For the research project, it means making progress towards solving the problem you propose. It is important to remember that the research projects are research. It is extremely difficult to know how large or difficult the projects will be before you dive into them. That means that you can fail to solve your proposed problem and still receive an A on the project by demonstrating effort and progress. For example, demonstrating that a promising approach fails to solve a problem for fundamental reasons could be an excellent result!


To receive participation points, you must stop by Ethan's office some time in the first two weeks of class to introduce yourself. You must also fill out the end-of-semester course evaluation. Active participation in class does not directly impact your grade, but it is highly encouraged and may indirectly improve your grade by helping you better understand and engage with the material.

A message for PhD students

Please try not to worry about your grade. I don't know how to put this delicately, but grades matter less as a PhD student than they did in undergrad. Focus on getting as much knowledge as you can out of the course, and your grade will be fine.

Academic Integrity

By virtue of enrollment, each student agrees to uphold the high academic standards of the University of Wisconsin-Madison; academic misconduct is behavior that negatively impacts the integrity of the institution. Cheating, fabrication, plagiarism, unauthorized collaboration, and helping others commit these previously listed acts are examples of misconduct which may result in disciplinary action. In this course, one example of misconduct would be using someone else's research results or writing without proper credit. Examples of disciplinary sanctions include, but are not limited to, failure on the assignment/course, written reprimand, disciplinary probation, suspension, or expulsion.

Accommodations for Students with Disabilities

The University of Wisconsin–Madison and this course support the right of all enrolled students to a full and equal educational opportunity. The Americans with Disabilities Act (ADA), Wisconsin State Statute (36.12), and UW–Madison policy (UW-855) require the university to provide reasonable accommodations to students with disabilities to access and participate in its academic programs and educational services. Faculty and students share responsibility in the accommodation process. Students are expected to inform faculty (Ethan) of their need for instructional accommodations during the beginning of the semester, or as soon as possible after being approved for accommodations. Faculty (Ethan) will work either directly with the student or in coordination with the McBurney Center to provide reasonable instructional and course-related accommodations. Disability information, including instructional accommodations as part of a student's educational record, is confidential and protected under FERPA. (See: McBurney Disability Resource Center)

Diversity & Inclusion

Diversity is a source of strength, creativity, and innovation for UW–Madison. The university and this course values the contributions of each person and respects the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university and classroom community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals. The University of Wisconsin–Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background—people who as students, faculty, and staff serve Wisconsin and the world.

Mental Health and Well-Being

Students, particularly graduate students, often experience stressors that can impact both their academic experience and personal well-being. These may include mental health concerns, substance misuse, sexual or relationship violence, family circumstances, campus climate, financial matters, among others.

Students are encouraged to learn about and utilize UW–Madison's mental health services and/or other resources as needed. Visit or call University Health Services at (608) 265-5600 to learn more.

Students are also encouraged to alert the instructor (Ethan) if their mental or physical health or that of a loved one or family member is negatively impacting their ability to succeed in the course. We can then make appropriate accommodations.


This course (and some of the language in this syllabus) is adapted from Andrew Myers's Language-Based Security seminar at Cornell University (CS 6113). The material in the lectures is adapted from Cornell University's Advanced Programming Languages course (CS 6110). The language for the sections on academic integrity, disability accommodations, diversity & inclusion, and mental health is taken from standard UW–Madison syllabus resources.