Email: Visiting address:
sjosten at chalmers dot se Rännvägen 6
Phone: Office 5449
+46 31 772 6167 5th floor (EDIT building)

About me

I am a PhD student in the Language-Based Security group at Chalmers University of Technology, where I started in August 2015. My supervisor is Andrei Sabelfeld and my CO-supervisor is Daniel Hedin.

Before joining Chalmers as a PhD I did my Bachelor and Master education in Computer Science at Gothenburg University.

My research interest is within web security and programming languages. More precisely, how one can combine programming language features in order to have safe web applications. In particular, I work with information-flow control (IFC) in a dynamic setting, where runtime values are augmented with security labels. The overall goal is to avoid private data being leaked on public outputs.

My current research involves information-flow control in JavaScript, where I use and help develop JSFlow. Working with JSFlow, the question is how one can track the information flow in a web application's JavaScript code to ensure no private data is being released on a public channel. I also look at browser fingerprinting, and the possibility to use IFC to detect browser fingerprinting.

My research so far can be divided into two different areas. On the one hand, I have worked with browser extension security, how they can be detected and the implications of this. On the other hand, I have focused on how to augment libraries written in languages which does not support security labels for information flow tracking, so they can be used in an IFC setting.




During 2020, I will be teaching the following course:

Past teaching

I have been a teaching assistant in the following courses: