From September 2014 to August 2015, I am a visiting associate professor at Stanford.
I will be working at the Secure Computer Systems Group .
Language-based information-flow security technology (IFS)
is a research area based on an innovative fusion of programming language technology and computer security. IFS inspects the code of applications in order to limit the propagation of information, thereby permitting to
preserve confidentiality and integrity of data. Different from IFS, traditional security mechanisms like access control, anti-virus, and firewalls are unable to satisfactory preserve the secrecy of data, e.g., access controls provide no guarantees about how data is used once access is granted. Historically, IFS was thought and conceived for military scenarios but it has recently emerged as a promising technology that can solved the insecurities of web applications (e.g, cross-site scripting) and allows the safe execution of third-party code.
My research mainly focuses on developing sound and practical
information-flow systems by combining
programming languages and operating systems concepts.
Controlling Privileges for Data Release.
STINT grant (in collaboration with Harvard University), 1 year grant, September 2014.
Addressing Harware Timing Covert Channels.
STINT grant (in collaboration with Stanford University), 1 year grant, September 2012.
Current PhD Students
Phd. Filippo del Tedesco (2014), Co-supervisor.
- Msc. Juan Jose Conti (2012): A Taint Mode for Python via a Library.
- Msc. Albert Disertholf (2009/2010): Providing Integrity Policies as a Library in Haskell.
- Msc. Ta-Chung Tsai (2007): Encoding Multithreaded Information Flow in Haskell.
PC member for
SEFM 2014 ,
ICFP 2013 ,
WSegI 2012 ,
FMOODS-FORTE 2012 ,
ESSoS 2011 ,
TAIC 2010 ,
Haskell Symposium 2010 ,
ICFP 2010 ,
CSF 2010 ,
ESOP 2010 ,
FoSSaCS 2010 ,
ESOP 2010 ,
CIBSI 2009 ,
CSF 2009 ,
Bytecode 2009 ,
FAST 2008 ,
TGC 2008 ,
ESOP 2008 ,
ESOP 2007 ,
PLAS 2007 ,
APLAS 2006 , and
S & P 2006 .
Transactions on Programming Languages and Systems (TOPLAS),
Theoretical Computer Science ,
Transactions of Information and System Security (ACM TISSEC) ,
Transactions on Automatic Control (IEEE-TAC) ,
Information Processing Letters (IPL) , and
Journal of Computer Security (JCS) .
PhD committee member for: