CS-342: Security and Programming Languages

Coursework

Summary: From a student's viewpoint, this course has four major components:

Presentation (40 points). You will present a group of papers, drawing the best elements from each paper into a well-rounded 45-minute presentation.
Discussion (15 points). You will participate in discussing papers in class.
Homeworks (20 points). There will be two or three minor homework assignments. These are intended to get you thinking about your final project.
Final project(35 points) You will pick a topic to work on for your final project, which will be due towards the end of the semester. You will also briefly present your project to the class.

Presentations:

You will present a collection of papers under one theme or group, as arranged in this list of papers.
You should not simply dump the paper's contents onto powerpoint slides and talk through them, but should instead explain the papers' contents. Points will be awarded for effectivness in presentation, creativity and willingness to "go the extra mile" in explaining.

Discussion:

Each presentation will be followed by a short 10-15 discussion, conducted and led by students. You will sign up as "lead discusser" for one presentation other than your own presentation. You will also sign up as "discusser" for three additional presentations (not counting your own presentation or the one you've selected as "lead discusser").
To be a lead discusser, you will need to read all papers in the given group, and perhaps try to meet the presenter before the class. For a "discusser", you'll need to read at least one paper thoroughly, and be somewhat familiar (get the gist) with the others.

Homeworks:

Homework 1 (Due in class Feb 8): For this homework, take any parser for either C or Java and write a static analyzer to detect assignments from variables that are uninitialized. Thus, as test code you can use something like (in C):
```
     int main () 
     {
        int x, y, z;

        x = 5;   // Allowed.
        z = y;   // Not allowed because y is not initialized.
        y = x;   // Allowed, because x has a value.
        x = z;   // Not allowed.
     }
     
```
You don't really need to understand parsers in great detail, but you will need to read parser code. Some of this code is reasonably accessible even if you've never had a course on compilers. For example, the parser produced by antlr is fairly readable for this exercise. You will demonstrate your code in class; thus, you should plan on testing your code before class.
Homework 2 (Due in class Mar 1): For this homework, identify any software tool relevant to the course that is not covered in class. Then, download the tool, get it working with a few examples (that you create) and demonstrate its use. Submit a 2-page summary of your findings. Your write-up should include:
- A brief description of the tool (2 paragraphs).
- How you installed and used the tool (2 paragraphs).
- Your experience using the tool, what you tested it with (1 paragraph).
- A list of advantages/disadvantages of the tool.
You will present your findings in class along with a demo. Please set up your demo before class.

Final project:

For your final project, you will either modify an existing tool or implement one of your own. Alternatively, you can use a tool to obtain new results. Since this is a research class, your project can stray away from the themes in the course, but should stay within the general area of "languages".
You will present your project in class (April 19 and 26) and submit a 3-page paper describing your project.
Examples of projects:
- Combine CQual and Cyclone into a single tool.
- Implement a static analyzer for JDBC code, along the lines in this paper.
- Implement a static analyzer for webservices.
- Augment a JVM to perform information-tracking.
Wild ideas are welcome and encouraged, but please discuss them with me before investing serious time.

Due dates: