|
The course is mainly based on results presented in research articles.
The list below shows the recommended readings to be done for each day.
If you read the material before comming to the lecture, you will get
much more out from the lecture than if you do not. Bare in mind that
it is not mandatory to understand 100% of each paper associated to
the lecture . The papers would give you a good impression
about what the lecture is about and, after each
day, you can come back to the paper and hopefully understand most of it!
Often, an depending of the student background,
some complementary reading is necessary and therefore is also indicated below.
Literature for the course
Day 1 and 2
- Haskell:
Haskell:
The Craft of Functional Programming
Second Edition, Simon Thompson Addison-Wesley, ISBN 0-201-34275-8.
From this book, you might want to take a look at the following subjects:
Definition of functions (Chapter 1),
Type classes (Chapter 12),
Data types (Chapter 16),
Lazyness (Chapter 17), Monad IO (Chapter 18).
Unfortunately, this book in now available online.
-
A Library for Light-weight Information-Flow Security in Haskell,
Alejandro Russo, Koen Claessen and John Hughes.
In Proceedings of the ACM SIGPLAN 2008 Haskell Symposium, Victoria, British Columbia, Canada, September 2008.
Complementary reading
- Monads: A very known paper:
Monads for functional programming, Philip Wadler, In Advanced Functional Programming, First International
Spring School on Advanced Functional Programming Techniques-Tutorial Text, pages 24–52, London, UK, 1995.
Springer-Verlag.
If the paper is difficult to follow, you migth want to check the whole
Chapter 18 from Haskell: The Craft of Functional Programming (see above).
- Language-based security :
Language-Based Security,
Dexter Kozen, In Mathematical Foundations of Computer Science, 1999.
(easy reading)
- Information-flow security :
Language-Based Information-Flow Security,
Andrei Sabelfeld and Andrew C. Myers,
IEEE Journal on Selected Areas in Communications, 2003.
(a very well-known survey)
- Declassification :
Declassification: Dimensions and principles,
Andrei Sabelfeld and David Sands,
In Proceedings of the 18th IEEE Workshop on Computer Security Foundations,
2005.
(a nice survey of the area)
Day 3
-
A Taint Mode for Python via a Library
, Juan José Conti and Alejandro Russo.
OWASP AppSec Research 2010, Stockholm, June 21-24, Sweden, 2010. LNCS.
-
Implementing Erasure Policies Using Taint Analysis
, Filippo del Tedesco, Alejandro Russo, and David Sands.
Nordic Conference in Secure IT Systems (NORDSEC 2010), Espoo, Finland, 2010.
LNCS.
Complementary reading
Day 4
Complementary reading
-
Flexible Dynamic Information Flow Control in Haskell (extended version including more technical material as complete definitions, proofs, etc)
, Deian Stefan, Alejandro Russo, John Mitchell, and David Mazieres.
In ACM SIGPLAN Haskell Symposium 2011, Tokyo, Japan, September 2011.
-
Protecting privacy using the decentralized label model
, Andrew C. Myers and Barbara Liskov.
ACM Transactions on Software Engineering and Methodology, October 2000.
Day 5
-
Secure Multi-Execution in Haskell
, Mauro Jaskelioff and Alejandro Russo.
In Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics (PSI'11), Akademgorodok, Novosibirsk, Russia, June 27-July 1, 2011. LNCS, Springer-Verlag.
Complementary reading
Last modified:
Thursday, 14-Jul-2011 11:57:18 CEST
|