Securing Software: Languages

Goals

• Type systems
  • Connect type safety to security
• Verification
  • Explain what it means to verify a program
  • Understand basic techniques for program verification
  • Calculate a weakest precondition

Types

• From safety to security
  • How can types be used to encode safety properties?
  • What is non-interference? Why does it match our intuitive notion of secrecy?

Verification

• Why can’t program analysis be sound and complete?
  • How does verification circumvent this result?
• How can you specify that a program is correct?
• What is a valid Hoare triple?
• What is the definition of a weakest precondition?
  • How can we calculate a weakest precondition?
  • How are weakest preconditions used in verification?
• What are some limitations of verification?
• Where/when is verification used in the real world?