Alejandro Russo

(Associate Professor)

My research focus on protecting confidentiality of data when manipulated by untrusted software components, i.e., software written by someone else. For that, I have been applying a wide-range of rigorous programming languages techniques and authored software solutions to build secure systems for the programming languages Haskell, Python, and JavaScript.

[Google Scholar] [LinkedIn]

Publications

2016


Filippo Del Tedesco, David Sands, Alejandro Russo
CSF 2016
In Proc. of IEEE Computer Security Foundations Symposium

Marco Vassena, Pablo Buiras, Lucas Waye and Alejandro Russo
ESORICS 2016
In Proc. of European Symposium on Research in Computer Security

Marco Vassena and Alejandro Russo
PLAS 2016
In Proc. of ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

2015


Alejandro Russo
ICFP 2015
In Proc. of ACM SIGPLAN International Conference on Functional Programming

Pablo Buiras, Dimitrios Vytiniotis, and Alejandro Russo
ICFP 2015
In Proc. of ACM SIGPLAN International Conference on Functional Programming

Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, and Alejandro Russo
POST 2015
In Proc. of Conference on Principles of Security and Trust

Lucas Waye, Pablo Buiras, Dan King, Stephen Chong, and Alejandro Russo
STM 2015
In Proc. of International Workshop on Security and Trust Management

Stefan Heule, Devon Rifkin, Alejandro Russo, and Deian Stefan
HotOS 2015
In Proc. of USENIX Workshop on Hot Topics in Operating Systems

2014


Filippo Del Tedesco, Alejandro Russo, and David Sands
ESSoS 2014
In Proc. of International Symposium on Secure Software and Systems

Pablo Buiras, Deian Stefan, and Alejandro Russo
CSF 2014
In Proc. of IEEE Computer Security Foundations Symposium

Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, and David Mazières
OSDI 2014
In Proc. of USENIX Symposium on Operating Systems Design and Implementation

2013


Pablo Buiras, Deian Stefan, Amit Levy, Alejandro Russo, and David Mazières
TGC 2013
In Proc. of International Symposium on Trustworthy Global Computing

Deian Stefan, Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazières
ESORICS 2013
In Proc. of European Symposium on Research in Computer Security

Pablo Buiras and Alejandro Russo
NordSec 2013
In Proc. of Nordic Conference on Secure IT Systems

Dante Zanarini, Mauro Jaskelioff, and Alejandro Russo
CSF 2013
In Proc. of IEEE Computer Security Foundations Symposium

2012


Deian Stefan, Alejandro Russo, Pablo Buiras, Amit Levy, John C. Mitchell, and David Mazières
ICFP 2012
In Proc. of ACM SIGPLAN International Conference on Functional Programming

Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John C. Mitchell, and Alejandro Russo
OSDI 2012
In Proc. of USENIX Symposium on Operating Systems Design and Implementation

Luciano Bello and Alejandro Russo
PLAS 2012
In Proc. of ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

2011


Arnar Birgisson, Alejandro Russo, and Andrei Sabelfeld
PLAS 2011
In Proc. of ACM SIGPLAN Workshop on Programming Languages and Analysis for Security

Deian Stefan, Alejandro Russo, David Mazières, and John C. Mitchell
NORDSEC 2011
In Proc. of Nordic Conference in Secure IT Systems

Deian Stefan, Alejandro Russo, John C. Mitchell, and David Mazières
HASKELL 2011
In Proc. of ACM SIGPLAN Haskell Symposium

Mauro Jaskelioff and Alejandro Russo
PSI 2011
In Proc. of Andrei Ershov International Conference on Perspectives of System Informatics

Michal Palka, Koen Claessen, Alejandro Russo, and John Hughes
AST 2011
In Proc. of IEEE/ACM International Workshop on Automation of Software Test

2010


Juan José Conti and Alejandro Russo
NORDSEC 2010
In Proc. of Nordic Conference in Secure IT Systems

Alejandro Russo and Andrei Sabelfeld
CSF 2010
In Proc. of IEEE Computer Security Foundations Symposium

Filippo del Tedesco, Alejandro Russo, and David Sands
NORDSEC 2010
In Proc. of Nordic Conference in Secure IT Systems

Jonas Magazinius, Alejandro Russo, and Andrei Sabelfeld
SEC 2010
In Proc. of International Information Security Conference

Arnar Birgisson, Alejandro Russo, and Andrei Sabelfeld
ICISS 2010
In Proc. of Conference on Information Systems Security

2009


Alejandro Russo and Andrei Sabelfeld
PSI 2009
In Proc. of Andrei Ershov International Conference on Perspectives of System Informatics

Alejandro Russo and Andrei Sabelfeld
CSF 2009
In Proc. of IEEE Computer Security Foundations Symposium

Alejandro Russo, Andrei Sabelfeld, and Andrey Chudnov
ESORICS 2009
In Proc. of European Symposium on Research in Computer Security

2008


Alejandro Russo, Koen Claessen, and John Hughes
HASKELL 2008
In Proc. of SIGPLAN Haskell Symposium

2007


Tsa-chung Tsai, Alejandro Russo, and John Hughes
CSF 2007
In Proc. of IEEE Computer Security Foundations Symposium

Gilles Barthe, Tamara Rezk, Alejandro Russo, and Andrei Sabelfeld
ESORICS 2007
In Proc. of European Symposium on Research in Computer Security

2006


Alejandro Russo, John Hughes, David Naumann, and Andrei Sabelfeld
ASIAN 2006
In Proc. of Annual Asian Computing Science Conference

Alejandro Russo and Andrei Sabelfeld
CSFW 2006
In Proc. of IEEE Computer Security Foundations Workshop

Alejandro Russo and Andrei Sabelfeld
PSI 2006
In Proc. of Andrei Ershov International Conference on Perspectives of System Informatics

Journals


Deian Stefan, Alejandro Russo, John Mitchell, and David Mazières
JFP 2016
In Journal of Functional Programming, Cambridge University Press (under submission)

Jonas Magazinius, Alejandro Russo, and Andrei Sabelfeld
2012
In Journal of Computers & Security, Elsevier

Gilles Barthe, Tamara Rezk, Alejandro Russo, and Andrei Sabelfeld
TISSEC 2010
In Journal of ACM Transactions on Information and System Security

Alejandro Russo, Andrei Sabelfeld, and Keqin Li
2009
In Journal of Marktoberdorf Summer School, IOS Press

Alejandro Russo and Andrei Sabelfeld
JLAP 2007
In Journal of Logic and Algebraic Programming dedicated to the Nordic Workshop on Programming Theory (NWPT'07), Elsevier Editorial

Thesis


Alejandro Russo
2008
PhD Thesis, Chalmers University of Technology

Alejandro Russo
2007
Licentiate Thesis, Chalmers University of Technology

Alejandro Russo
2004
Diploma Thesis, Facultad de Ciencias Exactas, Ingeniería y Agrimensura (UNR), Rosario, Argentina

Students

Current


Past


Projects

Current


HIPSTER: HybrId Privacy Analysis with Hardware Support (VR)

(PI) This project develops techniques to combine static and dynamic analysis for information-flow control so that (i) developers must control the boundaries of static and dynamic analyses, (ii) enforcement techniques should be easily deployed in ubiquitous hardware and software, and (iii) the proposed solutions must be provably sound. The project also explores the use of the forthcoming Intel support for security, called Software Guard Extension, to safely deploy IFC techniques in cloud services.

Duration: 4 years (2016 - 2020)

AppFlow: Putting Information Flow Control to Work (VR)

(Co-PI) This projects focus on bridging the gap between theory and practice of information-flow control (IFC) systems. It involves topics like policy inference, protecting data in data stores, and different analysis for protecting sensitive data. The project brings together researchers from some state-of-the-art IFC tools: Paragon (based on Java), LIO/MAC (based on Haskell), and JSFlow (based on JavaScript).

Duration: 4 years (2015 - 2019)

Past


Controlling Privileges for Data Release (STINT)

(PI) This projects develops foundations to understands systems which release sensitive information using capability-like declassification mechanisms. The funds support a collaboration with Prof. Stephen Chong and his group at Harvard University.

Duration: 1 years (2014)

Addressing Hardware Timing Covert Channles (STINT)

(PI) This project developed several solutions to remove information leaks in information-flow control systems due to timing perturbations arising from hardware, e.g., caches, TLB, etc. The funds supported a collaboration with Prof. David Mazières and his group at Stanford University.

Duration: 1 years (2013)

SecOpen: Securing Open Development Environments (VR)

(PI) This project focus on developing technology to track how sensitive information flows within concurrent systems. We provide solutions for dynamically enforce confidentiality in Haskell.

Duration: 4 years (2012 - 2016)

A taint mode for Google App Engine (Google Research Award)

(PI) This project developed a taint analysis for the Python Google App Engine. Our solution consists on a library in Python rather than modification to the runtime system or interpreter.

Duration: 1 years (2011)

Activities

Event organizer


External research positions


PC member


Contact

Room 5481, EDIT Building,
Rännvägen 6B,
Chalmers University Technology,
41296 Göteborg, Sweden.

+46 31-772-6156

Map

Latest News

Teaching Advanced Functional Programming (January - March)

Recent Tweets