ACM SIGPLAN Workshop on
Programming Languages and Analysis for Security

San Diego, California, June 14, 2007

Sponsored by ACM SIGPLAN with support from IBM Research

Co-located with PLDI'07 as part of FCRC.

Important Dates and Announcements

  • Submission Deadline: April 1, 2007 (23:59:59 PDT) closed
  • Notification of acceptance: April 27, 2007
  • Final version due: May 10, 2007
  • Early registration deadline: May 11, 2007
  • Travel grant application deadline: May 25, 2007
  • Workshop meeting: June 14, 2007
June 6, 2007: The full program is available.
April 29, 2007: student travel grant applications available, deadline May 25.

On-line registration (registration is via FCRC)
Hotel information (conference rate expires May 9)


8:15 - 8:45 Boniface Hicks, Dave King and Patrick McDaniel Jifclipse: Development Tools for Security-Typed Applications
8:45-9:15 Mark Thober and Scott F Smith Improving Usability of Information Flow Security in Java
9:15-9:45 Janus Dam Nielsen and Michael I. Schwartzbach A Domain-Specific Programming Language for Secure Multiparty Computation
9:45-10:15 Break
10:15-10:45 Pasquale Malacaria and Han Chen Quantitative Analysis of Leakage for Multi-threaded Programs
10:45-11:15 Stephen McCamant and Michael Ernst A Simulation-based Proof Technique for Dynamic Information Flow
11:30-12:30 Guy Steele FCRC Plenary talk: Designing by Accident
12:30-1:30 Lunch
1:30-2:00 Hassen Saidi Guarded Models For Intrusion Detection
2:00-2:15 John Case and Samuel Moelius Cautious Virus Detection in the Extreme (Short Paper)
2:15-2:45 Aslan Askarov and Andrei Sabelfeld Localized Delimited Release: Combining the What and Where Dimensions of Information Release
2:45-3:00 Anindya Banerjee, David Naumann and Stan Rosenberg Towards a Logical Account of Declassification (Short Paper)
3:00-3:15 Geoffrey Smith and Rafael Alpizar Fast Probabilistic Simulation, Nontermination, and Secure Information Flow (Short Paper)
3:15-3:30 Sruthi Bandhakavi, William Winsborough and Marianne Winslett Informal Presentation: A Trust Management Perspective on Managing Policy Updates in Security-Typed Languages
3:30-4:00 Break
4:00-4:30 Karl Chen and David Wagner Large-scale analysis of format string vulnerabilities in Debian Linux
4:30-5:00 Benjamin Livshits and Ulfar Erlingsson Using Web Application Construction Frameworks To Protect Against Code Injection Attacks
5:00-5:30 Karl Mazurak and Steve Zdancewic Abash: Finding Bugs in Bash Scripts

Call For Papers

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas; evaluations of new or known techniques in practical settings; and discussions of emerging threats and important problems.

The scope of PLAS includes, but is not limited to:

  • Language-based techniques for security
  • Verification of security properties in software
  • Automated introduction and/or verification of security enforcement mechanisms
  • Program analysis techniques for discovering security vulnerabilities
  • Compiler-based security mechanisms, such as host-based intrusion detection and in-line reference monitors
  • Specifying and enforcing security policies for information flow and access control
  • Model-driven approaches to security
  • Applications, examples, and implementations of these security techniques

Submission Guidelines

Papers were due on April 1, 2007 (23:59:59 PDT).

We invite papers of two kinds: (1) Technical papers for long presentations during the workshop, and (2) papers for short presentations (10 minutes). Papers submitted for the long format should contain relatively mature content. Short format papers can also contain mature work, but may present more preliminary work, position statements, or work that is more exploratory in nature. Long papers will appear in a formal proceedings. Short papers fall into two categories: formal short papers to appear in the proceedings, and informal short papers that will not; authors choose the category at the time of submission. The idea is to allow prospective participants to talk about less mature work that is not yet ready for formal publication.

Papers to appear in the proceedings must describe work unpublished in refereed venues, and not submitted for publication elsewhere (including journals and formal proceedings of conferences and workshops). See the SIGPLAN republication policy for more details The printed proceedings will be made available to the participants at the workshop, and its papers will be available in the ACM Digital Library.

Informal short presentations will have their abstracts included in the final proceedings, and may include previously-published material (which should be cited in the submission). Informal short presentations are not precluded for future publication at other conference venues or journals. Authors must indicate that they do not intend their paper to appear in the proceedings by prepending Informal Presentation: to the title of the submitted paper.

Submitted papers must be formatted according the ACM proceedings format using 10pt fonts: long submissions should not exceed 12 pages in this format; short submissions should not exceed 6 pages. These page limits include everything (i.e., they are the total length of the paper). Papers submitted for the long category may be accepted as short presentations at the program committee's discretion.

Submissions should be in PDF (preferably) or Postscript that is interpretable by Ghostscript and printable on US Letter and A4 sized paper. Templates for SIGPLAN-approved LaTeX format can be found at We recommend using this format, which improves greatly on the ACM LaTeX format.

Student Travel Grants

Generous support from IBM Research has made it possible for us to offer travel grants for students attending PLAS. (Note that FCRC is providing travel support as well; PLAS support would supplement FCRC support.) See Application form for further instructions (here is the Word version of the materials). The first round of decisions will be made by Friday, May 25. We will consider applications beyond that date if funds remain.

Program Committee

Michael Hicks, University of Maryland, College Park (PC and General Chair)
Martín Abadi, Microsoft Research and University of California, Santa Cruz
Steve Chong, Cornell University
Adriana Compagnoni, Stevens Institute of Technology
Jeff Foster, University of Maryland, College Park
K. Rustan M. Leino, Microsoft Research, Redmond
Marco Pistoia, IBM T. J. Watson Research Center
Andrei Sabelfeld, Chalmers University of Technology
Dawn Xiaodong Song, Carnegie-Mellon University
Eijiro Sumii, Tohoku University
Jan Vitek, Purdue University
David Walker, Princeton University
Xialolan (Catherine) Zhang, IBM T. J. Watson Research Center

Sponsored by 
ACM Logo
Association for 
Computing Machinery (ACM)
Sponsored by


ACM Special Interest Group on
Programming Languages (SIGPLAN)

With support from 
IBM Logo Research

ACM | SIGPLAN | U. Md | Copyright 2006 Boniface Patrick Hicks, OSB