CIS 623

Assured programming with formal methods

Prof. Andrew C. Lee
Spring 2025

Course Syllabus 1 1
The course was formerly listed under
the name CIS 623 Structured Program-
ming and Formal Methods
The instructor may revise any aspects of
the syllabus, when needed, to meet the
course objectives.
General Information

A. Lectures

Section Time Location Table 1: The meeting times for lectures

M001 MoWe 8:00AM - 9:20AM Watson Theater

B. Instructor information

Instructor Prof. Andrew Lee Table 2: Instructor information

Email: [email protected]
Room/Phone: CST 4-102 / 315-443-3029
Class website: Accessible by logging on to
https://blackboard.syr.edu
Office hours: TBA in our blackboard’s site.

C. Teaching staff(s) information

Teaching staff (s) TBA in our blackboard’s site. Table 3: Staff(s) information
Email: Same as above.
Office hours: Same as above.

D. Important University Web Information

The official source of information about Syracuse University’s impor-
tant health and safety precautions for the Current Semester (please
check regularly):

https://www.syracuse.edu/staysafe/
 cis 623 assured programming with formal methods 2

Course information

A. Current Catalog Description

Reasoning about programs and secure systems. Specification-based,
test-driven program development and verification. Development of
reliable programs using software tools for secure software systems.
(3 credit hours) PREREQ/COREQ: None

Audience: Students from the academic programs: MS in CS, MS in Cybersecurity.

Course fees: No additional fees.

B. Texts
Programming in Haskell, 2 by Graham Hutton, Cambridge Univer- 2
Required text. Library reserve. See
sity Press, 2nd ed., 2016, ISBN 978-1316626221. also:
https://www.cs.nott.ac.uk/~pszgmh/
pih.html

Access Control, Security and Trust – A Logical Approach 3 by Shiu- 3

Required text. Available from our
Kai Chin and Susan Older, 1st ed., 2011, ISBN 978-1584888628 OR class’ blackboard site. Also available
online from SU Library.
9781439894637

Think Functionally in Haskell, 4 by Richard Bird, Cambridge Univer- 4

Recommended text. Text available
sity Press, 1st ed., 2014, ISBN 978-1107452640. online from SU Library. See also:
https://www.cs.ox.ac.uk/
publications/books/functional/

Haskell – the craft of functional programming 5 by Simon Thomp- 5

Recommended text. Text available
son, Addison Wesley, 3rd ed., 2011, ISBN 978-0-201-88295-7 from SU Library. See also:
http://www.haskellcraft.com/
craft3e/Home.html

Note: Additional materials such as texts, book chapters and articles

may be posted under the blackboard site of our class, when needed.

C. Course goals, learning objectives and outcomes

Course goals
This course aims to teach students programming and reasoning
skills coming from modern software development practices. It
targets the design, implementation, testing, and verification of soft-
ware components, particularly those in functional programming
languages. Students study core concepts within the computer
security discipline, including access control, confidentiality, and
integrity security policies, upon which secured software systems
 cis 623 assured programming with formal methods 3

rely. Students will learn, via hands-on programming projects,

in-class practice, and case studies, how to apply proper reason-
ing skills, software development techniques, and tools to develop
reliable programs for secured software systems.

Learning objectives and outcomes After completing the course success-

fully, a student will be able to:

• (Program design and implementation) Use core programming

techniques (eg. recursion, algebraic data types, list compre-
hension, higher order functions etc.) to design and implement
programs in a functional programming language.
• (Program specification) Write precise specification, (including
executable specification in a programming language) to define
accurately what a program is expected to do.
• (Software development and implementation) Describe and dis-
cuss how to associate, convert and apply the software develop-
ment skills learned in the functional programming framework
to procedural programming.
• (Program testing and verification) Follow basic software testing
principles (eg. blackbox testing, whitebox testing etc.) and a test
driven strategy to verify the correctness of a program.
• (Program testing and verification) Use software tools (eg.
QuickCheck) to express desirable program properties as exe-
cutable specifications, preform a large number of randomly gener-
ated tests and give a compact description of the test results for
assessment.
• (Program testing and verification) Use software tools (eg. HU-
nit, QuickCheck etc.) to create tests, name, organize and execute
the tests and present the results automatically.
• (Comprehension and reasoning about secured systems) Com-
prehend and explain the core concepts in a foundational area of
secured systems (e.g. access control) and the rigorous reasoning
behind them.
• (Reasoning about software system design and specification)
Give precise mathematical descriptions regarding security sys-
tem design (e.g. security policies and mechanisms) in real life
scenarios and provide justification through mathematical rea-
soning.
 cis 623 assured programming with formal methods 4

Course schedule

Week Topic
1 Course Introduction and Organization & Preliminaries
2 Beginning steps in Functional Programming and Access Control
3 A logical language of access control: Syntax
Defining functions and an Introduction to Recursion
4-5 Core Functional Programming Methods I:
Recursion, List Comprehensions and Program Testing
A logical language of access control: Semantics.
6-7 Core Functional Programming Methods II:
Data declarations, algebraic data types and Type classes.
Access Control Logic : Reasoning via inference rules.
8 Midterm review and Midterm
9 Higher order functions I
Access control mechanisms: Tickets and lists.
10 Higher order functions II
Case study 1: Implementing access control logic.
11 -12 Case study 2: Implementing queues with testing
Access control policies:
Discretionary Security Policies, its vulnerabilities, and
Mandatory Security Policies.
Access control policies: Bell La-Padula and Biba Policies.
13 Case study 3: Applying program development .
(specification, testing etc.) skills from the functional
programming framework to imperative programming (example,
implementation of a data structure)
14 Course review. Review for final.

Remarks
Course Schedule The above schedule is a tentative schedule based on previous offerings of this course. The
topics may be re-ordered and the emphasis may be adjusted during the semester to meet the course
objectives.
Readings/Activities and Assignments Required readings and activities are assigned regularly. There will be
Homework sets assigned within the semester.
Online version This class also serves the students registered in our online program(s). The schedule for the
online offerings are adjusted to cover the same content in the same order.
 cis 623 assured programming with formal methods 5

Assessment

The assessment will be based on:

A. Coursework (35%) B. Quizzes (10%) C. Midterm (25%) D. Final (30%).

A. Coursework (35%)
Coursework includes both activities and homework sets.

• Activities (15%):
You are expected to attend all lectures and participate actively in
the activities (both in-class and after-class) given.

• Homework (20%):
They may include both programming and non-programming (i.e.
written solutions to problems, essays or reports) questions.

• Requirements and expectations

You are expected to attend all lectures and participate actively in
the activities given in class.
When you work on any activity or homework, it is strongly rec-
ommended that you review the learning objective stated therein to
grasp what you are expected to learn.

B. Quizzes (10%)
In class quizzes will be given.

C. Midterm (25%)
The midterm is an one hour written test (in-class).

D. Final (30%)
The final is an one and a half hour written test (in-class).

Final: Date: Tue, May 6, 7:30pm - 9:30pm Location: TBA

D. Letter grade
After completion of the course, the letter grade will be issued to each
student for GPA calculations, which is an overall assessment based
on the criteria stated in A. B. and C. This course is a core course
for MSCS student, and (as a core course) a student is assigned an
additional letter grade based solely on his/her performance in the
final comprehensive examination of the course. The details can be
found in
 cis 623 assured programming with formal methods 6

https://ecs.syracuse.edu/academics/electrical-engineering-and-computer-science/
programs/computer-science-master-program)

The scale for converting your numeric grade (calculated as stated

in the table) to a letter grade will be no more restrictive than the follow-
ing ( 6 ) : 6
For example, a student who get a 95
will be guranteed to get an A. a student
who get a 90 may still be getting an A
but there’s no guarantee.

Overall total percentage is at least Letter grade will be at least Grade Point/credit
95 A 4.00
90 A- 3.66
85 B+ 3.33
80 B 3.00
75 B- 2.66
70 C+ 2.33
60 C 2.00
50 C- 1.66
0 F 0

Important Note: The overall total percentage must be at least 40% to ensure a C- or higher letter grade.

Policies

A. Deadline and Late Policies

For each coursework, test/midterm, the deadline and its late policy
are stated therein. Student are responsible to contact the instructor
ASAP (within 24 hours after the deadline or test time when possible)
if there are University acceptable reasons (e.g. Illness, Jury Duties
etc.) that cause s/he misses the deadline or is unable to take a test.
In addition, a student is required to turn in (within 72 hours after
the deadline of test time, whenever possible) a copy of a completed
excuse form (with documentation, when applicable) for any missed
work. The records will be documented and will be used in evaluate
the grade(s) that are related to the reported incidences.
No make up coursework. If a student miss any coursework due to an
university accepted reason (e.g. a health issue with proper documen-
tation such as a valid doctor’s note), then the average grade for that
coursework will be used to substitute the missing grade. The instruc-
tor will discuss with you possible options that you may have if you
miss a substantial amount of coursework. No make up test. If a stu-
dent miss the test due to an University accepted reason (e.g. a health
 cis 623 assured programming with formal methods 7

issue with proper documentation such as a valid doctor’s note), then

the grade of the final will be used to substitute the missing grade.
The instructor will discuss with you possible options that you may
have if you miss the final due to an University accepted reason.
Please use the excuse form to report the incidence (with all related
documentation included) and submit a copy of all of them to the
instructor/course staff (within 72 hours after the deadline whenever
possible) for verification.
Questions regarding any graded work must be brought to the
attention of the instructor in writing within 7 days after the grade is
posted. Otherwise, after seven days the grade of the submitted work
will be considered final.
When a student experiences an emergency that keeps them from
attending classes for an extended period of time, Student Assistance
is able to notify the student’s home college about their absences.
Please follow the link ( 7 ) for further instructions. 7
http://studentassistance.
syr.edu/our-services/
absence-notifications.html
B. Attendance
Attendance in classes is expected in all courses at Syracuse Univer-
sity. Students are expected to arrive on campus in time to attend the
first meeting of all classes for which they are registered. Please read
SU academic rules (section 2.0 and 2.1) via the link ( 8 ) for details. 8
https://courses.syracuse.edu/
content.php?catoid=30&navoid=3880&
redirect#2-0-attendance-in-classes
C. Emails
Use your official SU’s email address to communicate with the in-
structor. Put the course number (e.g. CIS 623) in the subject line
when sending an email to the instructor. You are required to check
your SU email at least once a day. The instructor do not respond to
emails during weekends.

D. Grade data
As a final note, your grade data are recorded in the Blackboard sys-
tem. It is your responsibility to check them regularly, and inform us
promptly when any discrepancies are found.

Academic integrity

A. University policy
As a pre-eminent and inclusive student-focused research institution,
Syracuse University considers academic integrity at the forefront of
learning, serving as a core value and guiding pillar of education.
 cis 623 assured programming with formal methods 8

Syracuse University’s Academic Integrity Policy provides students

with the necessary guidelines to complete academic work with in-
tegrity throughout their studies. Students are required to uphold
both course-specific and university-wide academic integrity expec-
tations such as crediting your sources, doing your own work, com-
municating honestly, and supporting academic integrity. The full
Syracuse University Academic Integrity Policy can be found by visit-
ing class.syr/edu, selecting, “Academic Integrity” and “Expectations
and Policy.”
Upholding Academic Integrity includes the protection of faculty’s
intellectual property. Students should not upload, distribute, or share
instructors’ course materials, including presentations, assignments,
exams, or other evaluative materials without permission. Using web-
sites that charge fees or require uploading of course material (e.g.,
Chegg, Course Hero) to obtain exam solutions or assignments com-
pleted by others, which are then presented as your own violates
academic integrity expectations in this course and may be classified
as a Level 3 violation. All academic integrity expectations that apply
to in-person assignments, quizzes, and exams also apply online.
Students found in violation of the policy are subject to grade sanc-
tions determined by the course instructor and non-grade sanctions
determined by the School or College where the course is offered.
Students may not drop or withdraw from courses in which they face
a suspected violation. Any established violation in this course may
result in course failure regardless of violation level.

In this class, unless otherwise stated:

• All generative-AI tools are prohibited in this course because their

use inhibits achievement of the course learning objectives. This
policy applies to all stages of project and writing processes includ-
ing researching, brainstorming, outlining, organizing, and pol-
ishing. Do not use Generative-AI tools to create any content (i.e.,
images and video, audio, text, code, etc.). If you have any ques-
tions about a feature and whether it is considered Generative-AI,
ask your instructor.

• All academic integrity expectations that apply to in-person quizzes

and exams also apply to online quizzes and exams. In this course,
all work submitted for quizzes and exams must be yours alone.
Discussing quiz or exam questions with anyone during the quiz
or exam period violates academic integrity expectations for this
course.
 cis 623 assured programming with formal methods 9

• Using websites that charge fees or require uploading of course

material (e.g., Chegg, Course Hero) to obtain exam solutions or
assignments completed by others and present the work as your
own violates academic integrity expectations in this course and
may be classified as a Level 3 violation, resulting in suspension or
expulsion from Syracuse University.

I expect all students to abide by Syracuse University’s Academic

Integrity policy (Please refer to 9 for the current version) . In particu- 9
https://class.syr.edu/
academic-integrity/policy/
lar, I expect you, as a student in my class, to:

1. Credit your sources

2. Do your own work (and follow the given collaboration policy

when applicable)

3. Communicate honestly and,

4. Support academic integrity

Please see the following document:

https://policies.syr.edu/policies/academic-rules-student-responsibilities-and-services/
academic-integrity-policy/

for further illustrations.

Every student must read and sign a copy of the course Honor Pledge (See
10 ). Students will receive zeroes on all coursework until this sheet is turned 10
available under our blackboad’s site
in. by the end of first week of class
The Violation and Sanction Classification Rubric can be found at:

https://class.syr.edu/wp-content/uploads/2018/08/Academic-Integrity-Policy-Violation-and-Sanction-Classification-Rubric-Updated-081018.
pdf

It establishes recommended guidelines for the determination of grade

penalties by faculty and instructors, while also giving them discretion to
select the grade penalty they believe most suitable, including course failure,
regardless of violation level. Any established violation in this course may
result in course failure regardless of violation level.

B. Reference
The following book,
Charles Lipson, Doing Honest Work in College: How to Prepare Cita-
tions, Avoid Plagiarism, and Achieve Real Academic Success, Second
Edition, The University of Chicago Press, Chicago, Illinois, 2008.
is an important resource for students to successfully navigate the academic-
integrity waters during their collegiate career. It introduces the three basic
tenets of academic honesty, and also provides excellent suggestions for
studying for exams, working in groups, writing research papers, and other
tasks students will encounter as college students. I strongly recommend this
text to all students.
 cis 623 assured programming with formal methods 10

Accommodations
Our community values diversity and seeks to promote meaningful access
to educational opportunities for all students. Syracuse University and I are
committed to your success and to supporting Section 504 of the Rehabilita-
tion Act of 1973 as amended and the Americans with Disabilities Act ( 1990 ).
This means that in general no individual who is otherwise qualified shall
be excluded from participation in, be denied benefits of, or be subjected to
discrimination under any program or activity, solely by reason of having
a disability. If you believe that you need accommodations for a disability,
please contact the Center of Disability Services (CDS),

https://disabilityresources.syr.edu/

located at 804 University Avenue, Suite 303 , or call 315-443-4498 for an

appointment to discuss your needs and the process for requesting accommo-
dations. CDS is responsible for coordinating disability-related accommoda-
tions and will issue students with documented disabilities “Accommodation
Authorization Letters,” as appropriate. Because accommodations may re-
quire early planning and generally are not provided retroactively, please
contact CDS as soon as possible.

Religious Observations
SU’s religious observances policy, found at
https://policies.syr.edu/policies/university-governance-ethics-integrity-and-legal-compliance/
religious-observances-policy/
recognizes the diversity of faiths represented among the campus com-
munity and protects the rights of students, faculty, and staff to observe
religious holy days according to their tradition. Under the policy, students
are provided an opportunity to make up any examination, study, or work
requirements that may be missed due to a religious observance provided
they notify their instructors before the end of the second week of classes. For
fall and spring semesters, an online notification process is available through
MySlice/Student Services/Enrollment/My Religious Observances from the
first day of class until the end of the second week of class.

Student’s Academic Work

SU policy on student academic work may be found at:
http://coursecatalog.syr.edu/content.php?catoid=32&navoid=4140&hl=%22Student+Academic+Work%22&returnto=
search#4-0-student-academic-work

Student work prepared for University courses in any media may be used
for educational purposes. You grant permission to have your work used in
this manner by registering for, and by continuing to be enrolled in this course
Educational use of student work,
1: I intend to use academic work that you complete this semester for edu-
cational purposes in this course during this semester. Your registration and
continued enrollment constitute your permission. Educational use of student
work,
 cis 623 assured programming with formal methods 11

2: I intend to use academic work that you complete this semester in sub-
sequent semesters for educational purposes. Before using your work for
that purpose, I will either get your written permission or render the work
anonymous by removing all your personal identification.