The 17th Workshop on Programming Languages and Analysis for Security
(PLAS 2022)

December 12, 2022 - Virtual
Join us on Zoom and Slack

PLAS provides a forum for exploring and evaluating the use of programming language and program analysis techniques for promoting security in the complete range of software systems, from compilers to machine-learned models and smart contracts. The workshop encourages proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and problems. We also host position papers that are radical, forward-looking, and lead to lively and insightful discussions influential to the future research at the intersection of programming languages and security.

The scope of PLAS includes, but is not limited to:

  • Language-based techniques for detecting and eliminating side-channel vulnerabilities
  • Programming language techniques and verification applied to security in other domains (e.g. adversarial learning and smart contracts)
  • Software isolation techniques (e.g., SFI and sandboxing) and compiler-based hardening techniques (e.g, secure compilation).
  • Compiler-based security mechanisms (e.g. security type systems) or runtime-based security mechanisms (e.g. inline reference monitors)
  • Techniques for discovering and detecting security vulnerabilities, including program (binary) analysis and fuzzing
  • Automated introduction and/or verification of security enforcement mechanisms
  • Language-based verification of security properties in software, including verification of cryptographic protocols
  • Specifying and enforcing security policies for information flow and access control
  • Model-driven approaches to security
  • Security concerns for Web programming languages
  • Language design for security in new domains such as cloud computing and IoT
  • Applications, case studies, and implementations of these techniques

Program

December 12, 2022


16:00 - 16:05
Welcome and Opening Remarks
16:05 - 17:00
Keynote - Elaine Shi
  • Programming Cryptography without Programming Cryptography
17:00 - 17:10
Break 1
17:10 - 18:25
Session 1 - Sensitivity Analysis and Security Protocols
  • π_MPC : Automatic Security Proofs for MPC Protocols (15 Min)
    Mako Bates, Joe Near
  • Bunched Fuzz: Sensitivity for Vector Metrics (30 Min)
    June wunder, Arthur Azevedo de Amorim, Patrick Baillot, Marco Gaboardi
Marco Gaboardi
18:25 - 18:35
Break 2
18:35 - 19:35
Session 2 - Information Flow Control Marco Vassena
19:35 - 19:45
Break 3
19:45 - 21:00
Session 3 - Secure ISA and Memory Safety
  • Short Paper: Making Rust easier to adopt by hardening the Rust - C/C++ FFI layer (15 Min)
    Marco Vassena, Gina Yuan, David Mazières, Deian Stefan
Kristopher Micinski

Invited Speaker



Elaine Shi

(Carnegie Mellon University)

Bio: Elaine Shi is an Associate Professor at Carnegie Mellon University. Her research interests include cryptography, algorithms, and foundations of blockchains. Prior to CMU, she taught at the University of Maryland and Cornell University. She is a recipient of the Packard Fellowship, the Sloan Fellowship, the ONR YIP Award, the NSA best scientific cybersecurity paper award, and various other best paper awards.



Programming Cryptography without Programming Cryptography



Abstract. Programming cryptographic systems is error-prone and scales poorly in terms of human expertise. Can we enable ordinary programmers to create distributed programs that correctly use cryptography without requiring them to have a Ph.D. degree in cryptography? I will talk about the challenges towards realizing this dream and progress in tackling them. In particular, I will describe our work that aims to solve two major challenges along the way: 1) how to automatically convert programs to representations (e.g. circuits) recognized by modern cryptographic protocols such as multi-party computation and zero-knowledge; and 2) how to automatically synthesize a cryptographic protocol from a user-level program enriched with security annotations?

Slides


Call for Papers

We invite both short papers and long papers. All submissions should be anonymous. For short papers, we especially encourage the submission of position papers that are likely to generate lively discussion as well as short papers covering ongoing and future work.

  • Full papers: There is no page limit on long papers. Papers in this category are expected to have relatively mature content. Papers that present promising preliminary and exploratory work, or recently published work are particularly welcome in this category. Long papers may receive longer talk slots at the workshop than short papers, depending on the number of accepted submissions.
  • Short papers: should be at most 2 pages long, plus as many pages as needed for references. Papers that present radical, open-ended and forward-looking ideas are particularly welcome in this category. Authors submitting papers in this category must prepend the phrase "Short Paper:" to the title of the submitted paper.

The workshop has no published workshop proceedings and there is no restriction on paper format other than the page limits stated above. Presenting a paper (either short or long) at the workshop does not preclude submission to or publication in other venues that are before, concurrent, or after the workshop. Papers presented at the workshop will be made available to workshop participants only.

Submissions can be made (in PDF format) via HotCRP

Important Dates

Paper submission: November 14, 2022 (AoE)
Author notification: November 30, 2022
Workshop date: December 12, 2022

Program Committee


Musard Balliu

(KTH Royal Institute of Technology)
Co-Chair

Tegan Brennan

(Stevens Institute of Technology)

Nathan H. Burow

(MIT Lincoln Laboratory)

Sunjay Cauligi

(Max Planck Institute for Security and Privacy)
Co-Chair

Lesly-Ann Daniel

(KU Leuven)

Marco Gaboardi

(Boston University)

Elisavet Kozyri

(UiT The Arctic University of Norway)

Kristopher Micinski

(Syracuse University)

Shravan Narayan

(University of Texas at Austin)

Marco Vassena

(Utrecht University)

Previous Meetings

PLAS 2021, Virtual
PLAS 2020, Virtual
PLAS 2019, London, UK
PLAS 2018, Toronto, CA
PLAS 2017, Dallas, TX, USA
PLAS 2016, Vienna, Austria
PLAS 2015, Prague, Czech Republic
PLAS 2014, Uppsala, Sweden
PLAS 2013, Seattle, Washington
PLAS 2012, Beijing, China
PLAS 2011, San Jose, California
PLAS 2010, Toronto, Canada
PLAS 2009, Dublin, Ireland
PLAS 2008, Tucson, Arizona
PLAS 2007, San Diego, California
PLAS 2006, Ottawa, Canada

Webmaster: Amir M. Ahmadian