The paper introduces a higher-order synchronous data-flow language in which communication channels may themselves transport programs. This provides a mean to dynamically reconfigure data-flow processes. The language comes as a natural and strict extension of both Lustre and Lucid Synchrone. This extension is conservative, in the sense that a first-order restriction of the language can receive the same semantics. We illustrate the expressivity of the language with some examples, before giving the formal semantics of the underlying calculus. The language is equipped with a polymorphic type system allowing types to be automatically inferred and a clock calculus rejecting programs for which synchronous execution cannot be statically guaranteed. To our knowledge, this is the first higher-order synchronous data-flow language where stream functions are first class citizens. Categories and Subject Descriptors C.3 [Special-purpose and application-based systems]: Real-time and embedded systems; D.3.2 [Language classifications]: Data-flow languages; F.3.2 [Semantics of programming languages]: Operational semantics.

Software defined radio (SDR) technology implements some of the functional modules of a radio system in software enabling highly flexible handsets. SDR devices may be reconfigured dynamically via the download of new software modules. Malicious or malfunctioning downloaded software present serious security risks to SDR devices and networks in which they operate. In this paper, we analyze threats pertaining to the secure execution of downloaded software. We base our analysis on the open-source implementation of GNU Software Radio. We propose mechanisms to provide the secure execution of software modules that implement radio functionality.