CIS 670 Advanced Topics in Programming Languages
Spring 2003: Safety and Security
Monday and Wednesday 3:00 - 4:30
Towne 305

Steve Zdancewic (
Office: Moore/GRW 174
Office Hours: Mon. 10-11 a.m., Tues. 10-11 a.m., by appointment

1/13 - Class begins

1/15 - No Class (POPL)

2/7 - Deadline for forming groups & projects

Course Description


      This course focuses on the intersection of programming languages and computer security, with the emphasis on how advanced language design, type systems, and program analyses can improve the safety and security of software. The course should appeal both to students interested in advanced programming language topics and to students interested in how such technology can be applied to computer systems.

     No textbook for the course is required. Instead, students will be expected to read and discuss papers from the literature.

      Prerequisites: CIS 500 (Software Foundations) or permission of the instructor.


      Grades will be based on a group research project. The research project is to port a secure bank simulation written in Java to the Jif programming language. The research aspects of this project include: (1) Developing a cryptographic library interface using the decentralized label model. (2) Using Jif's type system to encode invariants of an authentication protocol. (3) Investigating the use of event-based programming models (as opposed to threaded programming models) for information-flow security. (4) Implementing a reasonably large system in Jif.

Project information


Writing Style

Motivation and Introduction

Information Flow

Software Fault Isolation

Reference Monitors

Stack Inspection

Typed Assembly Language / PCC

Cryptographic Protocols