Language-based security leverages program analysis and program rewriting to
enforce security policies.  The approach promises efficient enforcement of
fine-grained access control policies and depends on a trusted computing base
of only modest size.  This paper surveys progress and prospects for the area,
giving overviews of in-lined reference monitors, certifying compilers, and
advances in type theory.