ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security (PLAS 2008)

Tucson, Arizona, June 8, 2008

http://research.ihost.com/plas2008/

Co-located with PLDI 2008
Sponsored by ACM SIGPLAN
Supported by IBM Research and Microsoft Research

Program

7:30 - 8:30	Breakfast
Session 1: Language-based Security
8:30 - 9:00	Fabio Massacci and Ida Sri Rejeki Siahaan	Simulating Midlet's Security Claims with Automata Modulo Theory
9:00 - 9:30	Kevin Hamlen and Micah Jones	Aspect-Oriented In-lined Reference Monitors
9:30 - 10:00	Nikhil Swamy and Michael Hicks	Verified Enforcement of Stateful Information Release Policies
10:00 - 10:30	Morning Break
Session 2: Software Protection and Verification
10:30 - 11:00	Clifford Liem, Yuan Gu, and Harold Johnson	A Compiler-Based Infrastructure for Software-Protection
11:00 - 11:30	Alan Shaffer, Mikhail Auguston, Cynthia Irvine, and Tim Levin	A Security Domain Model to Assess Software for Exploitable Covert Channels
11:30 - 12:00	Christian Hammer, Rüdiger Schaade, and Gregor Snelting	Static Path Conditions for Java
12:00 - 1:30	Lunch
Session 3: Program Analysis for Security and Policy Enforcement
1:30 - 1:45	James Cheney and Morten Dahl	Resource Bound Analysis for Database Queries
1:45 - 2:00	Dejan Baca, Bengt Carlsson, and Lars Lundberg	Evaluating the Cost Reduction of Static Code Analysis for Software Security
2:00 - 2:30	Avik Chaudhuri, Prasad Naldurg, and Sriram Rajamani	A Type System for Data-Flow Integrity on Windows Vista
2:30 - 3:00	Miranda Mowbray and Antonio Lain	Dominator-Tree Analysis for Distributed Authorization
3:00 - 3:30	Afternoon Break
Session 4: Information-flow Security
3:30 - 4:00	Riccardo Focardi and Matteo Centenaro	Information Flow Security of Multithreaded Distributed Programs
4:00 - 4:30	Lantian Zheng and Andrew C. Myers	Securing Nonintrusive Web Encryption through Information Flow
4:30 - 5:00	Pasquale Malacaria and Han Chen	Lagrange Multipliers and Maximum Information Leakage in Different Observational Models

PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas; evaluations of new or known techniques in practical settings; and discussions of emerging threats and important problems.

The scope of PLAS includes, but is not limited to:

Language-based techniques for security
Verification of security properties in software
Automated introduction and/or verification of security enforcement mechanisms
Program analysis techniques for discovering security vulnerabilities
Compiler-based security mechanisms, such as host-based intrusion detection and in-line reference monitors
Specifying and enforcing security policies for information flow and access control
Model-driven approaches to security
Applications, examples, and implementations of these security techniques

Important Dates

March 24, 2008: Submission deadline
April 21, 2008: Author notification
May 1, 2008: Deadline for PLDI 2008 student travel grants
May 7, 2008: Deadline for hotel conference rate
May 9, 2008: Revised papers due
May 14, 2008: Deadline for early registration fee
May 30, 2008: Deadline for PLAS 2008 student travel grants
June 8, 2008: PLAS 2008 workshop

Paper Submission

We invite papers of two kinds:

Technical papers for long presentations, and
Exploratory papers for short presentations.

Papers submitted for the long format should contain relatively mature content. Short format papers can also contain mature work, but may present more preliminary work, position statements, or work that is more exploratory in nature. Long papers will appear in a formal proceedings. Short papers fall into two categories: formal short papers to appear in the proceedings, and informal short papers that will not; authors choose the category at the time of submission. The idea is to allow prospective participants to talk about less mature work that is not yet ready for formal publication.

Papers to appear in the proceedings must describe work unpublished in refereed venues, and not submitted for publication elsewhere (including journals and formal proceedings of other conferences and workshops). See the SIGPLAN republication policy for more details.

Informal short presentations will have their abstracts included in the final proceedings, and may include previously-published material, which should be cited in the submission. Informal short presentations are not precluded for future publication at other conference venues or journals. Authors must indicate that they do not intend their paper to appear in the proceedings by prepending Informal Presentation to the title of the submitted paper.

Submitted papers must be formatted according the ACM proceedings format using 10pt fonts: long submissions should not exceed 12 pages in this format; short submissions should not exceed 6 pages. These page limits include everything (they are the total length of the paper). Papers submitted for the long category may be accepted as short presentations at the program committee's discretion. Submissions should be in Adobe Portable Document Format (PDF) (preferably) or Postscript that is interpretable by Ghostscript and printable on US Letter and A4 sized paper. Templates for SIGPLAN-approved LaTeX format can be found at the Author Information for SIGPLAN Conferences Web page. We recommend using this format, which improves greatly on the ACM-approved LaTeX format.

Papers can be submitted through the PLAS 2008 submission Web site hosted by EasyChair at http://www.easychair.org/conferences/?conf=plas2008. Notice that if you do not already have an EasyChair account, you will be required to create one. The submission deadline is March 24, 2008. Revised papers are due at 9 AM EDT on May 9, 2008.

Publication

The printed proceedings of PLAS 2008 will be made available to the participants at the workshop, and its papers will be published in the ACM Digital Library. The following two selected papers will also be published in an issue of ACM SIGPLAN Notices:

Avik Chaudhuri, Prasad Naldurg, and Sriram Rajamani. A Type System for Data-Flow Integrity on Windows Vista.
Nikhil Swamy and Michael Hicks. Verified Enforcement of Stateful Information Release Policies.

Program Organization

Úlfar Erlingsson, Reykjavík University, Iceland, Program Co-Chair
Marco Pistoia, IBM T. J. Watson Research Center, USA, Program Co-Chair

Program Committee

Gilles Barthe, INRIA Sophia-Antipolis, France
Bruno Blanchet, École Normale Supérieure, France
Andy Chou, Coverity, USA
Mads Dam, Royal Institute of Technology, Sweden
Úlfar Erlingsson, Reykjavík University, Iceland
Heiko Mantel, Technische Universität Darmstadt, Germany
Isabella Mastroeni, Università di Verona, Italy
Greg Morrisett, Harvard University, USA
Andrew Myers, Cornell University, USA
David Naumann, Stevens Institute of Technology, USA
Marco Pistoia, IBM T. J. Watson Research Center, USA
Eijiro Sumii, Tohoku University, Japan
Dan Wallach, Rice University, USA

Supporters

IBM Research

Microsoft Research

Student Grants

Generous support from IBM Research and Microsoft Research makes it possible for PLAS 2008 to offer travel grants for students attending the workshop, in addition to the travel grants provided by PLDI. Students should fill out the application form (Adobe Acrobat Reader is needed). The deadline for submitting a Student Travel Grant Application is Friday, May 30, 2008.

Registration

Registration to PLAS 2008 is via the PLDI 2008 registration.

Conference Hotel

PLAS 2008 will be held in conjunction with PLDI 2008 at the Loews Ventana Canyon Resort. Please refer to the PLDI 2008 hotel information Web page for conference hotel rates and other details. The reservation deadline for conference rates is May 7, 2008.

PLAS '08