NSCPHD1237 Static program analysis and language-based security

The overall goal of the course is to introduce students to (1) semantics-based methods for program analysis, with (2) applications to software security. 

Part 1. Static program analysis

This part provides the student with the fundamental notions of static program analysis (operational semantics, abstract interpretation, type systems) and shows how these techniques can be used to reason about the behavior of  software. The goal of the course is to enable the students to define the operational semantics of a simple programming language and to design type systems and data flow analyses for this language in a systematic way. We present a variety of analyses, including the Java byte code verifier, alias analysis and relational analysis based on polyhedra.

Part 2. Language-based security

In the second half of the course we give a detailed presentation of the theory of abstract interpretation and study the JavaScript language from a semantics-based point of view.  This part provides shows how program analysis techniques can be used to improve the security of software. The goal of the course is to enable the students to define the operational semantics of a programming language and to design type systems and data flow analyses for this language. In the second part of the course we will present a variety of analyses used for improving software security, including the Java byte code verifier, information flow analysis and analysis problems related to binary code and JavaScript.