CMSC 838F, Spring 2008

Language-Based Security

Location CSIC 1121, MW 3:30-4:45pm
Final Exam Available May 7-16; 24 hour take-home
Projects Due May 20, 5pm
Instructor Jeff Foster
4129 A.V. Williams
Hours: MW 10:00-11:00am, or by appointment
Textbook None
  • Apr 15. All slides from student and guest talks to date are now posted.
  • Mar 10. Slides from the student and guest talks are now posted.
  • Mar 3. The papers for March 5 and March 10 have been swapped---please see the revised schedule below.
  • Feb 4. Project 1 is now available.
  • Jan 28. Papers for the next couple of lectures have now been chosen. Please see the bold-faced entries in the schedule below. If an entry has a date that's bolded, then that paper's schedule is firm.
  • Jan 28. Welcome to CMSC 838F.

Please fill out an online course evaluation for this and all your other classes.

[   Description   |   Schedule   |   Homework   |   Policies   |   Web Forum   ]


Traditionally, computer security is enforced by the operating system, which uses special hardware support to ensure security properties at application boundaries. However, the proliferation of successful attacks, such as viruses, worms, SQL injection, and cross-site scripting, shows that traditional approaches to security are insufficient. Adversaries exploit weaknesses both in the operating system itself, bypassing any protection mechanisms, and at the application level, where the operating system provides limited guarantees.

In this class, we will study language-based approaches to computer security. Topics include:


Homework and Projects

Course Policies


CMSC 631, another grad-level PL class, or permission of the instructor

Class structure and grading

The course will consist mostly of reading and discussing technical papers on the above topics, as well as a research project. There may also be short homework or programming assignments during the semester.

Academic Dishonesty

The university policy on academic dishonesty is strictly followed. All graded materials (whether exams, summaries, presentations, or projects) must be strictly individual efforts. In the case of a group project or assignment, only collaborations within the group are permitted.