ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security (PLAS 2008)

Tucson, Arizona, June 8, 2008

Co-located with PLDI 2008
Sponsored by ACM SIGPLAN
Supported by IBM Research and Microsoft Research


7:30 - 8:30 Breakfast
Session 1: Language-based Security
8:30 - 9:00 Fabio Massacci and Ida Sri Rejeki Siahaan Simulating Midlet's Security Claims with Automata Modulo Theory
9:00 - 9:30 Kevin Hamlen and Micah Jones Aspect-Oriented In-lined Reference Monitors
9:30 - 10:00 Nikhil Swamy and Michael Hicks Verified Enforcement of Stateful Information Release Policies
10:00 - 10:30 Morning Break
Session 2: Software Protection and Verification
10:30 - 11:00 Clifford Liem, Yuan Gu, and Harold Johnson A Compiler-Based Infrastructure for Software-Protection
11:00 - 11:30 Alan Shaffer, Mikhail Auguston, Cynthia Irvine, and Tim Levin A Security Domain Model to Assess Software for Exploitable Covert Channels
11:30 - 12:00 Christian Hammer, Rüdiger Schaade, and Gregor Snelting Static Path Conditions for Java
12:00 - 1:30 Lunch
Session 3: Program Analysis for Security and Policy Enforcement
1:30 - 1:45 James Cheney and Morten Dahl Resource Bound Analysis for Database Queries
1:45 - 2:00 Dejan Baca, Bengt Carlsson, and Lars Lundberg Evaluating the Cost Reduction of Static Code Analysis for Software Security
2:00 - 2:30 Avik Chaudhuri, Prasad Naldurg, and Sriram Rajamani A Type System for Data-Flow Integrity on Windows Vista
2:30 - 3:00 Miranda Mowbray and Antonio Lain Dominator-Tree Analysis for Distributed Authorization
3:00 - 3:30 Afternoon Break
Session 4: Information-flow Security
3:30 - 4:00 Riccardo Focardi and Matteo Centenaro Information Flow Security of Multithreaded Distributed Programs
4:00 - 4:30 Lantian Zheng and Andrew C. Myers Securing Nonintrusive Web Encryption through Information Flow
4:30 - 5:00 Pasquale Malacaria and Han Chen Lagrange Multipliers and Maximum Information Leakage in Different Observational Models

Call for Papers

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas; evaluations of new or known techniques in practical settings; and discussions of emerging threats and important problems.

The scope of PLAS includes, but is not limited to:

  • Language-based techniques for security
  • Verification of security properties in software
  • Automated introduction and/or verification of security enforcement mechanisms
  • Program analysis techniques for discovering security vulnerabilities
  • Compiler-based security mechanisms, such as host-based intrusion detection and in-line reference monitors
  • Specifying and enforcing security policies for information flow and access control
  • Model-driven approaches to security
  • Applications, examples, and implementations of these security techniques

Important Dates

Paper Submission

We invite papers of two kinds:

  1. Technical papers for long presentations, and
  2. Exploratory papers for short presentations.
Papers submitted for the long format should contain relatively mature content. Short format papers can also contain mature work, but may present more preliminary work, position statements, or work that is more exploratory in nature. Long papers will appear in a formal proceedings. Short papers fall into two categories: formal short papers to appear in the proceedings, and informal short papers that will not; authors choose the category at the time of submission. The idea is to allow prospective participants to talk about less mature work that is not yet ready for formal publication.

Papers to appear in the proceedings must describe work unpublished in refereed venues, and not submitted for publication elsewhere (including journals and formal proceedings of other conferences and workshops). See the SIGPLAN republication policy for more details.

Informal short presentations will have their abstracts included in the final proceedings, and may include previously-published material, which should be cited in the submission. Informal short presentations are not precluded for future publication at other conference venues or journals. Authors must indicate that they do not intend their paper to appear in the proceedings by prepending Informal Presentation to the title of the submitted paper.

Submitted papers must be formatted according the ACM proceedings format using 10pt fonts: long submissions should not exceed 12 pages in this format; short submissions should not exceed 6 pages. These page limits include everything (they are the total length of the paper). Papers submitted for the long category may be accepted as short presentations at the program committee's discretion. Submissions should be in Adobe Portable Document Format (PDF) (preferably) or Postscript that is interpretable by Ghostscript and printable on US Letter and A4 sized paper. Templates for SIGPLAN-approved LaTeX format can be found at the Author Information for SIGPLAN Conferences Web page. We recommend using this format, which improves greatly on the ACM-approved LaTeX format.

Papers can be submitted through the PLAS 2008 submission Web site hosted by EasyChair at Notice that if you do not already have an EasyChair account, you will be required to create one. The submission deadline is March 24, 2008. Revised papers are due at 9 AM EDT on May 9, 2008.


The printed proceedings of PLAS 2008 will be made available to the participants at the workshop, and its papers will be published in the ACM Digital Library. The following two selected papers will also be published in an issue of ACM SIGPLAN Notices:
  • Avik Chaudhuri, Prasad Naldurg, and Sriram Rajamani. A Type System for Data-Flow Integrity on Windows Vista.
  • Nikhil Swamy and Michael Hicks. Verified Enforcement of Stateful Information Release Policies.

Program Organization

Program Committee


ACM Logo

Association for 
Computing Machinery (ACM)



ACM Special Interest Group on
Programming Languages (SIGPLAN)


IBM Logo

IBM Research

Microsoft Logo  

Microsoft Research

Student Grants

Generous support from IBM Research and Microsoft Research makes it possible for PLAS 2008 to offer travel grants for students attending the workshop, in addition to the travel grants provided by PLDI. Students should fill out the application form (Adobe Acrobat Reader is needed). The deadline for submitting a Student Travel Grant Application is Friday, May 30, 2008.


Registration to PLAS 2008 is via the PLDI 2008 registration.

Conference Hotel

PLAS 2008 will be held in conjunction with PLDI 2008 at the Loews Ventana Canyon Resort. Please refer to the PLDI 2008 hotel information Web page for conference hotel rates and other details. The reservation deadline for conference rates is May 7, 2008.

Previous Editions