ACM SIGPLAN Seventh Workshop on

Programming Languages and Analysis for Security
(PLAS 2012)

Beijing, China
June 15, 2012

Co-located with PLDI 2012

Important Dates

Invited Speakers

• Andrew Myers (Cornell University)

How languages can secure the future distributed environment.

The trend is clear: people are exchanging code and data increasingly freely across the Internet and the Web. But both code and data are vectors for attacks on confidentiality and integrity. The Fabric project is developing a new system to support the kinds of activities now happening on the Web: the free exchange of code and data across a decentralized, distributed system. Unlike the Web, Fabric has a principled basis for security: language-based information flow. By raising the level of abstraction for programmers, Fabric also makes it easier to reason clearly about security, even in the presence of distrusted mobile code. However, some interesting problems must be solved before a system like Fabric sees widespread adoption.

• Gilles Barthe (IMDEA)

  Computer-Aided Cryptographic Proofs.

  EasyCrypt is a toolset that assists the construction and verification of cryptographic proofs; it supports common patterns of reasoning in cryptography, and has been used successfully to prove the security of many examples, including encryption schemes, signature schemes, zero-knowledge protocols and hash functions. I will present recent developments in the tool and survey new applications.

Student Travel Grants

Thanks to our sponsors, we are offering some travel grants to student attendees of PLAS. Precedence will be given to applicants from developing contries or authors of accepted papers. The application is handled by the PLDI travel grants system.

Accepted Papers

• Position Paper: Static Flow-Sensitive & Context-Sensitive Information-flow Analysis for Software Product Lines Eric Bodden.
• Security-Policy Monitoring and Enforcement with JavaMOP. Soha Hussein, Patrick Meredith and Grigore Rosu.
• Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment. Damien Doligez, Mathieu Jaume and Renaud Rioboo.
• Hash-Flow Taint Analysis of Higher-Order Programs. Shuying Liang and Matthew Might.
• Typing Illegal Information Flows as Program Effects. Ana Almeida Matos and José Fragoso Santos.
• Towards a Taint Mode for Cloud Computing Web Applications. Luciano Bello and Alejandro Russo.
• Position Paper: Security Correctness for Secure Nested Transactions. Dominic Duggan and Ye Wu.
• Knowledge-Oriented Secure Multiparty Computation. Piotr Mardziel, Michael Hicks, Jonathan Katz and Mudhakar Srivatsa.
• Position Paper: A generic approach for security policies composition. Alejandro Hernandez and Flemming Nielson.

Call For Papers

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems.

The scope of PLAS includes, but is not limited to:

• Compiler-based security mechanisms or runtime-based security mechanisms such as inline reference monitors
• Program analysis techniques for discovering security vulnerabilities
• Automated introduction and/or verification of security enforcement mechanisms
• Language-based verification of security properties in software, including verification of cryptographic protocols
• Specifying and enforcing security policies for information flow and access control
• Model-driven approaches to security
• Security concerns for web programming languages
• Language design for security in new domains such as cloud computing and embedded platforms
• Applications, case studies, and implementations of these techniques

Submission Guidelines

We invite papers in two categories:

• Full papers should be at most 12 pages long including bibliography and appendices. Papers in this category are expected to have relatively mature content. Full paper presentations will be 25 minutes each.
• Position papers should be at most 6 pages long including bibliography and appendices. Preliminary and exploratory work are welcome in this category. Position paper presentations will be 10 minutes each. Authors submitting papers in this category must prepend the phrase Position Paper: to the title of the submitted paper.

Submissions should be PDF documents typeset in the ACM proceedings format using 10pt fonts. SIGPLAN-approved templates can be found at http://www.acm.org/sigs/sigplan/authorInformation.htm. We recommend using this format, which improves greatly on the ACM LaTeX format. All submissions must be in English. Page limits are strict.

Both full and position papers must describe work not published in other refereed venues (see the SIGPLAN republication policy at http://www.acm.org/sigs/sigplan/republicationpolicy.htm for more details). Accepted papers will appear in the workshop proceedings which will be distributed to workshop participants and be available in the ACM Digital Library.

Submission is now close.

Program Committee

Sponsors