294-116: Secure and Intelligent Programming

Fall 2015

Instructor:

Co-instructors:

Syllabus:

Date Topic Reading Assignments & Guest Lectures Project Milestones
Part I: Blockchain/Decentralized Systems
9/2/2015 Blockchain/distributed consensus Main Reading:
1. SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies

Background Reading:
1. Bitcoin: A Peer-to-Peer Electronic Cash System
2. Bitcoin: The Cryptoanarchists’ Answer to Cash

Guest Lecture: Open questions about Bitcoin and related cryptocurrencies[full info]
Presenter: Joseph Bonneau
9/9/2015 Smart contract/ethereum Main Reading:
1. A Next-Generation Smart Contract and Decentralized Application Platform
2. Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab

Background Reading:
1. Formalizing and Securing Relationships on Public Networks

Guest Lecture: Ethereum and Smart Contracts[full info]
Presenter: Andrew Miller
Project proposal due
9/16/2015 Decentralized applications Main Reading:
1. OpenBazaar's documentation (Section 3.4 and 3.5)
2. Augur: a Decentralized, Open-Source Platform for Prediction Markets

Background Reading:
1. Reputation systems

Guest Lecture: Brian Hoffman (OpenBazaar)[full info]
Guest Lecture: Jeremy Gardner (Augur)[full info]
Part II: Secure by Construction
9/23/2015 Programmer-Friendly Platforms for Information Flow Control

Main Reading:
1. Fabric: A Platform for Secure Distributed Computation and Storage
2. Dynamic Security Labels and Noninterference

Background Reading:
1. Language-Based Information-Flow Security
2. Protecting Privacy using the Decentralized Label Model

Guest Lecture: Andrew Myers (Fabric)

9/30/2015 Programmer-friendly platforms for secure web applications Main Reading:
1. Hails: Protecting Data Privacy in Untrusted Web Applications

Background Reading:
1. Protecting Users by Confining JavaScript with COWL

Guest Lecture: Principled and Practical Web Application Security[full info]
Presenter: Deian Stefan
10/7/2015 Programmer-friendly platforms for secure computation

Main Reading:
1. VC3: Trustworthy Data Analytics in the Cloud using SGX

Background Reading:
1. Observing and Preventing Leakage in MapReduce
2. Innovative Instructions and Software Model for Isolated Execution

Guest Lecture: VC3: Trustworthy Data Analytics in the Cloud using SGX[full info]
Presenter: Manuel Costa

10/14/2015 No Class Project milestone report
10/21/2015 Programmer-friendly platforms for privacy

Main Reading:
1. Bootstrapping Privacy Compliance in Big Data Systems

Guest Lecture: Anupam Datta and Shayak Sen (Bootstrapping Privacy Compliance in Big Data Systems)

10/28/2015 Differential privacy

Main Reading:
1. A Firm Foundation for Private Data Analysis
2. Rappor: Randomized Aggregatable Privacy-Preserving Ordinal Response

Background Reading:
1. Privacy: Theory Meets Practice on the Map
2. DP-WHERE: Differentially Private Modeling of Human Mobility

Guest Lecture: Cynthia Dwork

Part III: Secure by Learning
11/4/2015 Program Synthesis Main Reading:
1. FlashMeta: A Framework for Inductive Program Synthesis
2. User Interaction Models for Disambiguation in Programming by Example

Background Reading:
1. Automating String Processing in Spreadsheets using Input-Output Examples
[Slides, Video presentation, CACM version, FlashFill feature in Excel 2013]
2. FlashExtract: A Framework for Data Extraction by Examples
[Slides, Video, Shipped as ConvertFrom-string feature in Powershell]],
3. Microsoft PROSE (Program Synthesis using Examples) SDK

Guest Lecture: Programming by Examples (and its applications in Data Wrangling)[full info]
Presenter: Sumit Gulwani (Microsoft Research)
11/11/2015 No Class (Veteran's Day)
11/18/2015 Anomaly detection Guest Lecture: Fraud and Anomaly Analysis: a perspective from the field[full info]
Presenter: Dr. Jike Chong (YiRenDai)
11/25/2015 No Class (Thanksgiving)
11/18/2015 Anomaly detection Guest Lecture: Machine learning models for detecting fraud on the Internet[full info]
Presenter: Doug Beeferman (Sift Science)
In class presentation
12/13/2015 Class final report due

Lectures:

Wednesday 12:30-2:30 PM, 320 Soda Hall

Course Description:

The world is becoming more and more connected, with ever-increasingly intelligent devices and autonomous agents. It is estimated that there will be over 50 billion connected smart devices by the year 2020. This increasingly connected, intelligent world poses both unprecedented opportunities and new security challenges. How can we design and develop new techniques and methods to address these new challenges? Towards addressing this question, this class will explore the forefront of development and new directions at the intersection of security, programming languages, and machine learning. In particular, the class consists of three segments.

First, we will explore the area of decentralized, autonomous systems and new challenges and techniques in this area. We will use bitcoin/blockchain as a concrete example of a fast-rising decentralized, autonomous system. We will explore the opportunities this new model of computing brings us, including smart contracts, decentralized applications, etc. We will also explore various challenges and state-of-the-art solutions in this area, including how to design and build secure decentralized systems, and how to design new programming abstractions to make it easier to build such secure, decentralized systems.

Second, we will explore how to design and leverage program language abstractions and mechanisms to enable the approach of secure by construction for building secure systems. The approach of secure by construction guarantees that applications satisfy certain security properties simply by the way they have been built, leveraging various programming language abstractions and support. We will explore a number of state-of-the-art examples in this area, including enforcing information flow properties, and secure and privacy-preserving computation.

Third, we will explore how to utilize machine learning techniques to enable a secure by learning approach for building secure systems. In particular, we explore techniques and new directions at the intersection of machine learning and programming languages to enable automatic approaches for each step of the secure by learning pipeline, including program synthesis for feature extraction and transformation, automated feature engineering and model building, and online learning with noisy and missing data.

CCN is 27522

Course mailing list: cs294-f15@googlegroups.com

Class Format and Project:

This is a lecture, discussion, and project oriented class. Each lecture will focus on one of the topics, including a survey of the state-of-the-art in the area and an in-depth discussion of the topic. Each week, students are expected to complete reading assignments before class and participate actively in class discussion.

Deadlines:
Questions submission is due by Sunday on 7pm
Voting on the submitted questions is due by Monday midnight

Students will also form project groups and complete a research-quality class project. Groups will consist of one to three students.

Grading:

  • 20% class participation
  • 35% weekly reading assignment
  • 45% project

All information is tentative and subject to change.