Traditionally, computer security has been largely enforced at the level of operating systems. However, operating-system security policies are low-level (such as access control policies, protecting particular files), while many attacks are high-level, or application-level (such as email worms that pass by access controls pretending to be executed on behalf of a mailer application). The key to defending against application-level attacks is application-level security. Because applications are typically specified and implemented in programming languages, this area is generally known as language-based security. A direct benefit of language-based security is the ability to naturally express security policies and enforcement mechanisms using the developed techniques of programming languages.

Ongoing assessment in the form of programming tests or discussion gruops between the lecturer and students will be carried out to monitor the learning progress of students.

The aim of the course is to allow each student to develop a solid understanding of application level security, along with a more general familiarity with the range of research in the field. In-course discussion will highlight opportunities for cutting-edge research in each area.  The course intends to provide a variety of powerful tools for addressing software security issues
   • To obtain a deeper understanding of programming language-based concepts for computer security.
   • To understand the design and implementation of security mechanisms.
   • To understand and move inside the research in the area of programming languages and security. 

After the course, students should be able to apply practical knowledge of security for modern programming languages. This includes the ability to identify application- and language-level security threats, design and argue for application- and language-level security policies, and design and argue for the security, clarity, usability, and efficiency of solutions, as well as implement such solutions in expressive programming languages. Student should be able to demonstrate the critical knowledge of principles behind such application-level attacks as race conditions, buffer overruns, and code injections. You should be able to master the principles behind such language-based protection mechanisms as static security analysis, program transformation, and reference monitoring.

There are lab assignments.  The lab assignments are experimental activities about specific problems. To pass the course, students must pass the labs by making a presentation of the assignments in class and pass the requirements on a written report that documents the activities done.

Students will acquire the techniques to detect and prevent vulnerabilies of software systems by exploiting a variety of programming language-based machineries.

The discusssion groups and the expermental activities (lab) will asses the echniques to prevent or detect security vulnerabilities. This will include include threat modeling, coding standards, code reviews, "safe" programming languages, LangSec (language-theoretic security), security testing, static analysis tools and source code analyzers, information flow analysis (incl. tainting), program verification, and secure compilation.