Programming language technologies, including type systems, proof systems, static analyses, interpreters, rewriters, and compilers are the key components of next generation security systems, such as Microsoft's .NET initiative. In this tutorial, we will examine why language-based mechanisms are so promising for enforcing fine-grained, least-privelege security policies by surveying recent research results. Some of the topics we will touch on include software fault isolation, inlined reference monitors, typed assembly languages, and proof-carrying code.
Greg Morrisett is an Associate Professor in the Computer Science Department at Cornell University, where he has been on the faculty since 1996. He is best known for his work on type sytems for low-level languages, such as Typed Assembly Language (TAL) and Cyclone, as well as his work on certifying compilers. He currently serves on the Microsoft Security Advisory Board, as an editor for the Journal of Functional Programming, and an associate editor for ACM Transactions on Programming Languages and Systems. He is the recipient of the Presidential Early Career Award for Scientists and Engineers, a Sloan Foundation Fellowship, an NSF Career Award, and the Allen Newell Medal of Research Excellence.