Language-based software security

Xavier Leroy

Collège de France, chair of software sciences, 2021-2022

This is an English translation of Xavier Leroy's 2021-2022 lectures at Collège de France, "Sécurité du logiciel: quel rôle pour les langages de programmation?".

Abstract

How can a software system resist attacks and malicious use? The course addresses this question from the viewpoint of programming languages and their type systems, static analyses, formal verification and compilation techniques. We attempt to characterize what these techniques contribute to computer security and what their limitations are.

Lectures

1. Software security: introduction and case studies.
2. Information flow.
3. Software isolation.
4. Tempus fugit: timing attacks and cache attacks.
5. Typing and security.
6. Compilation and security.
7. Computing over encrypted or private data.
8. Summary and concluding remarks.

Seminar talks

Some talks were given in English, others in French. Video recordings and slides can be found on the seminar course pages.

1. Olivier Levillain: Influence de la qualité des spécifications sur la sécurité logicielle.
2. Catuscia Palamidessi: Differential Privacy: From the Central Model to the Local Model and their Generalization.
3. Karthikeyan Bhargavan: Verified Implementations for Real-World Cryptographic Protocols.
4. Karine Heydemann: Attaques par injection de faute et protections logicielles.
5. Sandrine Blazy: Obfuscation du logiciel : brouiller le code pour protéger les programmes.
6. Frank Piessens: Transient Execution Attacks and Defenses.