CS-342: Security and Programming Languages

Coursework

• Summary: From a student's viewpoint, this course has three major components:
  • Presentation (50 points). You will present two groups of papers, drawing the best elements from each paper into a well-rounded 45-minute presentation.
  • Discussion (15 points). You will participate in discussing papers in class.
  • Final project(35 points) You will pick a topic to work on for your final project, which will be due towards the end of the semester. You will also briefly present your project to the class.

• Presentations:
  • You will pick three topic areas to present, from among those in this list of papers.
  • For each topic area (group of papers), you will present a collection of papers in that topic area.
  • You should not simply dump the paper's contents onto powerpoint slides and talk through them, but should instead explain the papers' contents. Points will be awarded for effectivness in presentation, creativity and willingness to "go the extra mile" in explaining.

• Discussion:
  • Each presentation will be followed by a short 10-15 discussion, conducted and led by students. You will sign up as a "discusser" for six groups other than your own presentation.
  • As discusser you will be expected to read at least one paper thoroughly, and be somewhat familiar (get the gist) with the others.
  • In general, you should be engaged in the class and not just read the papers explicitly assigned to you and "switch off" the rest of the time.

• Final project:
  • For your final project, you will either modify an existing tool or implement one of your own. Alternatively, you can use a tool to obtain new results. Since this is a research class, your project can stray away from the themes in the course, but should stay within the general area of "languages".
  • You will present your project in class and submit a 3-page paper describing your project.
  • Examples of projects:
    • Combine CQual and Cyclone into a single tool.
    • Implement a static analyzer for JDBC code, along the lines in this paper.
    • Implement a static analyzer for webservices.
    • Augment a JVM to perform information-tracking.
    Wild ideas are welcome and encouraged, but please discuss them with me before investing serious time.

• Due dates:
  • Mar 12 Project proposal (1 page write up).
  • Mar 12: project proposal presentations (5 minutes).
  • April 16, 23: Final project presentations.
  • April 30: Final project report (3 pages max).