Research interests
- Computer security and privacy: foundations, information-flow, covert channels, metadata privacy, formal methods for security, web and mobile security.
- Programming languages: semantics, design, type systems, program analysis.
Active projects
- Troupe - a programming language for concurrent and distributed programming with dynamic information flow control
- DenIM - a protocol for secure instant messaging with metadata privacy
Selected recent publications
- Metadata Privacy Beyond Tunneling for Instant Messaging (Euro S&P'24)
- VMSL: A Separation Logic for Mechanised Robust Safety of Virtual Machines Communicating above FF-A (PLDI'23)
- OblivIO: Securing reactive programs by oblivious execution with bounded traffic overheads (CSF'23)
- [more...]
Professional activities
- Program committees: PLDI 2025, CSF 2025, CSF 2022, CSF 2021, CSF 2020, PriSC 2020, Nordsec 2019 (co-chair), POST 2019, Euro S&P 2018, PLAS 2017, FCS 2017 (co-chair), HotSpot 2017, FCS 2016 (co-chair), CSF 2016, ESSOS 2015, FCS-FCC 2014, ARES 2014, FCS 2013, ARES 2013, PLAS 2013, ARES 2012, PLAS 2011 (co-chair), ISARCS 2010, PLAS 2009, VODCA 2008
Essays, tutorials, talks
- Essay: The umbrella of computer security. August 2024.
- Talk: How to read a PL-security paper. PLMW@PLDI 2024.
- Mechanization of a noninterference proof for a simple imperative language with
a small-step semantics in Coq (GitHub)
- Associated introductory notes on language-based information-flow security (PDF)
I am looking for PhD students and postdocs to work in the areas of Programming Languages and Computer Security. Send me an email if interested.
Teaching
- In the Fall of 2024, I teach Compilers course.
- In the Spring of 2024, I teach Language-Based Security (link to the 2023 run of the course).