ACM SIGPLAN 2006 Conference on Programming Language Design and Implementation
Ottawa, Canada, June 10-16, 2006

Tutorial T1: Expressing and Enforcing Security with Programming Languages

Andrew Myers (Cornell)

An active area in computer security research concerns the use of language-based methods to express security requirements and to enforce them. This tutorial is an overview aimed at researchers and practitioners with a background in languages and compilers.


Computer security remains a fundamental, unsolved problem both because we lack good ways either to define precisely what security we need, or to enforce it. Because attackers can attack at any level of abstraction, computer security must similarly be enforced at every level of abstraction from the hardware on up. Enforcement at the language level offers a powerful set of tools for ensuring that our increasingly complex computing systems satisfy the security needs of their users. Language-based enforcement techniques include program analysis and transformation, which can be grounded in a formal semantics for program behavior, offering fundamentally stronger security assurance. Many of these techniques can be applied even to untrusted binary code. Language-based security also offers the opportunity to better express security requirements. When the programmer can express security policies as part of the programming language, it becomes possible to support application-specific security requirements that could not be described at or enforced by the operating system or the network.

This tutorial reviews the state of the art in using languages to obtain security assurance. We work our way up from lower-level security properties such as memory safety to higher-level properties such as encapsulation, access control, confidentiality, and integrity. At each level, we examine language-based approaches that have employed, such as security type systems and safe low-level programming languages, program rewriting techniques such as sandboxing, certifying compilation and other techniques for validating security of binaries, information flow analysis, and language-based protocol analysis and synthesis for building secure distributed systems.

Course slides

The slides from the presentation are now available


A bibliography of papers related to the tutorial is now available.


Andrew Myers is an Associate Professor in the Computer Science Department at Cornell University in Ithaca, NY. He received his Ph.D. in Electrical Engineering and Computer Science from MIT in 1999.

His research interests include computer security, programming languages, and distributed and persistent objects. His work on computer security has focused on practical, sound, expressive languages and systems for enforcing information security. The Jif programming language makes it possible to write programs which the compiler ensures are secure. The Polyglot extensible compiler framework is now widely used for programming language research.

Andrew is the recipient of an NSF CAREER award, an Alfred P. Sloan Fellowship, a Cornell College of Engineering Abraham T. C. Wong '72 Excellence in Teaching Award, a George M. Sprowls award for outstanding Ph.D. thesis from MIT, and a best paper award for a paper in SOSP 2001.