PLAS 2016

The 11th Workshop on Programming Languages and Analysis for Security

Co-located with ACM CCS 2016
October 24, 2016, Vienna, Austria

Overview

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems. We are especially interested in position papers that are radical, forward-looking, and likely to lead to lively and insightful discussions that will influence future research that lies at the intersection of programming languages and security.

The scope of PLAS includes, but is not limited to:

  • Compiler-based security mechanisms (e.g., security type systems) or runtime-based security mechanisms (e.g., inline reference monitors)
  • Program analysis techniques for discovering security vulnerabilities
  • Automated introduction and/or verification of security enforcement mechanisms
  • Language-based verification of security properties in software, including verification of cryptographic protocols
  • Specifying and enforcing security policies for information flow and access control
  • Model-driven approaches to security
  • Security concerns for Web programming languages
  • Language design for security in new domains such as cloud computing and IoT
  • Applications, case studies, and implementations of these techniques

Invited Talks

Avik Chaudhuri

Avik Chaudhuri (Facebook)

Flow: Abstract Interpretation of JavaScript for Type Checking and Beyond
Cédric Fournet

Cédric Fournet (MSR)

Verified Secure Implementations for the HTTPS Ecosyste

Program Committee

Stephen Chong

Stephen Chong

Harvard University
Marco Gaboardi

Marco Gaboardi

University at Buffalo
Christian Hammer

Christian Hammer

Saarland University
Limin Jia

Limin Jia

Carnegie Mellon University
Toby Murray

Toby Murray Co-chair

University of Melbourne and Data61
Benjamin Pierce

Benjamin Pierce

University of Pennsylvania
Tamara Rezk

Tamara Rezk

INRIA
Deian Stefan

Deian Stefan Co-chair

UC San Diego and Intrinsic
Vanessa Teague

Vanessa Teague

University of Melbourne
Xi Wang

Xi Wang

University of Washington

Sponsors

Call for Papers

We invite both full papers and short papers. For short papers we especially encourage the submission of position papers that are likely to generate lively discussion.

  • Full papers should be at most 11 pages long, plus as many pages as needed for references and appendices. Papers in this category are expected to have relatively mature content. Full paper presentations will be 25 minutes each.
  • Short papers should be at most 5 pages long, plus as many pages as needed for references. Papers that present radical, open-ended and forward-looking ideas are particularly welcome in this category, as are papers presenting preliminary and exploratory work. Authors submitting papers in this category must prepend the phrase "Short Paper:" to the title of the submitted paper. Short paper presentations will be 15 minutes each.

Submissions should be PDF documents typeset in the ACM proceedings format using 10pt fonts. We recommend using the SIGPLAN-approved template.

Both full and short papers must describe work not published in other refereed venues (see the SIGPLAN republication policy for more details). Accepted papers will appear in workshop proceedings, which will be distributed to the workshop participants and be available in the ACM Digital Library.

All papers must be submitted via the Web submission form.

All camera-ready papers must be prepared according to and submitted via the publisher web site. Note that all papers have a hard page limit.

Important Dates

Submissions due:
3 August 2016 25 July 2016 (anywhere on Earth)
Author notification:
29 August 2016
Final papers due:
15 September 2016

Student Travel Grant Application

Thanks to generous support from our sponsors, student attendees of PLAS 2016 can apply for a travel grant. To be eligible for a travel grant, the applicant must be a full-time student. The applicant need not present a paper at PLAS, but must register for, and attend the workshop. The applicant may, in addition, apply for CCS travel grants.

Application deadline: October 7, 2016

Travel grants can be used towards expenses on PLAS registration, travel, and accommodation. All reimbursements will be processed by ACM. Please note that original receipts will be needed for reimbursement and email the chairs for any clarifications.

To apply for a travel grant, please fill out the form below (also available here):

Sponsorship Opportunities

PLAS is an academic workshop that brings together some of the brightest minds working on the intersection of programming languages and security. In previous years, PLAS was co-located with top programming languages conferences; this year, PLAS is co-located with a top security conference (CCS). As such, we anticipate participants from top universities all over the world with broad interests in security and programming languages.

If you are looking to expose your company's brand, logo, and messages to the world's leading researchers on security and programming languages (and potential future employees), PLAS is a great place to start. Your support will allow us to offer travel grants and reduced registration fees to students and underrepresented groups.

We offer several support levels for your consideration. Please contact the chairs at plas2016-chairs@programming.systems for more information on how your organization can participate or with any questions and requests (e.g., if you would like a custom sponsorship level).

Sponsorship Levels

Bronze - $1,000

  • Institution logo displayed on the workshop website
  • Links to sponsor website
  • Acknowledgment in the Chairs' statement for the proceedings

Silver - $2,500

  • Institution logo displayed on the workshop website
  • Links to sponsor website
  • Acknowledgment in the Chairs' statement for the proceedings
  • Shared table with supporter's materials available to attendees

Gold - $5,000

  • Institution logo displayed on the workshop website
  • Links to sponsor website
  • Acknowledgment in the Chairs' statement for the proceedings
  • Tabletop exhibit space at the workshop, if requested
SessionTimeTitle
Opening8:50Welcome and Opening Remarks
Session 1: JavaScript (Deian Stefan)9:00Invited Talk: Flow: Analysis of JavaScript for type checking and beyond
Avik Chaudhuri (Facebook)
10:00Static Detection of User-specified Security Vulnerabilities in Client-side JavaScript
Jens Nicolay, Valentijn Spruyt, and Coen De Roover (Vrije Universiteit Brussel)
Coffee Break10:30
Session 2: Information Flow (Tamara Rezk)11:00On Formalizing Information-Flow Control Libraries
Marco Vassena and Alejandro Russo (Chalmers University of Technology)
11:30Future-dependent Flow Policies with Prophetic Variables
Ximeng Li, Flemming Nielson, and Hanne Riis Nielson (Technical University of Denmark)
12:00In-Depth Enforcement of Dynamic Integrity Taint Analysis
Sepehr Amir-Mohammadian and Christian Skalka (University of Vermont)
Lunch12:30
Session 3: Program Analysis and Types (Marco Gaboardi)14:00JSPChecker: Static Detection of Context-Sensitive Cross-Site Scripting Flaws in Legacy Web Applications
Antonin Steinhauser (Oracle Labs) and Francois Gauthier (Charles University in Prague)
14:30Rusty Types for Solid Safety
Sergio Benitez (Stanford University)
14:50Bounding Information Leakage Using Implication Graph
Ziyuan Meng (University of Central Missouri)
15:10Dynamic Leakage - A Need for a New Quantitative Information Flow Measure
Nataliia Bielova (INRIA)
Coffee Break15:30
Session 4: Novel Applications (Toby Murray)16:00Invited Talk: Verified Secure Implementations for the HTTPS Ecosystem
Cédric Fournet (Microsoft Research)
17:00Formal Verification of Smart Contracts
Karthikeyan Bhargavan (INRIA), Antoine Delignat-Lavaud (Microsoft Research), Cédric Fournet (Microsoft Research), Anitha Gollamudi (Harvard University), Georges Gonthier (Microsoft Research), Nadim Kobeissi (INRIA), Natalia Kulatova (INRIA), Aseem Rastogi (Harvard University), Thomas Sibut-Pinote (INRIA), Nikhil Swamy (Microsoft Research), and Santiago Zanella-Béguelin (Microsoft Research)
17:20Automatic Trigger Generation for Rule-based Smart Homes
Chandrakana Nandi and Michael D. Ernst (University of Washington)
17:40Superhacks: Exploring and Preventing Vulnerabilities in Browser Binding Code
Fraser Brown (Stanford University)
Closing18:00

Program Chairs

Toby Murray

Toby Murray

University of Melbourne and Data61
Deian Stefan

Deian Stefan

UC San Diego and Intrinsic

Program Committee

Stephen Chong

Stephen Chong

Harvard University
Marco Gaboardi

Marco Gaboardi

University at Buffalo
Christian Hammer

Christian Hammer

Saarland University
Limin Jia

Limin Jia

Carnegie Mellon University
Benjamin Pierce

Benjamin Pierce

University of Pennsylvania
Tamara Rezk

Tamara Rezk

INRIA
Vanessa Teague

Vanessa Teague

University of Melbourne
Xi Wang

Xi Wang

University of Washington
 

Steering Committee

Michael Clarkson

Michael Clarkson

Cornell University
Limin Jia

Limin Jia

Carnegie Mellon University
Alejandro Russo

Alejandro Russo

Chalmers University of Technology
Omer Tripp

Omer Tripp

IBM Research
Prasad Naldurg

Prasad Naldurg

IBM Research
Nikhil Swamy

Nikhil Swamy

Microsoft Research
Sergio Maffeis

Sergio Maffeis

Imperial College London
Tamara Rezk

Tamara Rezk

INRIA