Andrei Sabelfeld
Associate Professor
Department of Computer Science and Engineering
Chalmers University of Technology
Gothenburg University

Email:
Phone: +46 31 772 1000
Fax: +46 31 772 3663
Office: EDIT 5476
Postal address: EDIT Bldg., Rännvägen 6B, 41296 Gothenburg, Sweden

Research manifesto: Standard security practices are not capable of enforcing end-to-end confidentiality policies; mechanisms such as access control, encryption, firewalls, digital signatures, and antivirus scanning do not address the fundamental problem: tracking the flow of information in computing systems. Run-time monitoring of operating systems calls is similarly of limited use because information flow policies are not safety properties; in general, they require monitoring all possible execution paths. On the other hand, there is clear evidence of benefits provided by language-based security mechanisms that build on technology for static analysis and language semantics. More... My primary research area is language-based security while both programming languages and computer security are my general research interests.

PhD Positions in Language-based Security at Chalmers (deadline: Jan 30, 2009)

Activities

• Steering committees: CSF, FCS, NordSec
• Program committees: CCS'09, CSF'09, CCS'08, CSF'08 (chair), ESOP'08, NordSec'07 (co-chair), MMM-ACNS'07, CSF'07(chair), PLAS'07, ESOP'07, APLAS'06, ESORICS'06 (co-chair), CSFW'06, S&P'06, POPL'06, MMM-ACNS'05, SAS'05, FCS'05 (chair), CSFW'05, ESOP'05, VODCA'04, SecCo'04, SAS'04, FCS'04 (chair), FAST'03, FCS'03, CSFW'03, CSFW'02.
• Editorial: special issues on CSF 2008 and CSF 2007 of JCS and special issue on Language-Based Security of JFP.
• Invited talks/tutorials: OWASP Sweden Kick-off, ASIAN'07, TGC'06, Dagstuhl LBS'03, FCS'03.
• Lecturing: Marktoberdorf'09, GLOBAN'08, FOSAD'04, WSSA'03.
• Workshop program organization:
  • Dagstuhl Seminar on Mobility, Ubiquity, and Security, Schloss Dagstuhl, Germany, February 25 - March 2, 2007.
  • Chalmers Security and Static Analysis Workshop, Gothenburg, Sweden, August 19, 2005.
  • Dagstuhl Seminar on Language-Based Security, Schloss Dagstuhl, Germany, October 5-10, 2003.
  • IAI Security Workshop, Cornell University, Ithaca, NY, March 20, 2003.

Recent publications

• Termination-Insensitive Noninterference Leaks More Than Just a Bit (ESORICS'08)
• Securing Interaction between Threads and the Scheduler in the Presence of Synchronization (JLAP)
• Cryptographically-Masked Flows (TCS)
• Closing Internal Timing Channels by Transformation (ASIAN'06, 2008)
• Security of Multithreaded Programs by Compilation (ESORICS'07)
• Localized Delimited Release: Combining the What and Where Dimensions of Information Release (PLAS'07)
• Gradual Release: Unifying Declassification, Encryption and Key Release Policies (S&P'07)
• Declassification: Dimensions and Principles (JCS)
• Cryptographically-Masked Flows (SAS'06)
• Securing Interaction between Threads and the Scheduler (CSFW'06)
• Security for Multithreaded Programs under Cooperative Scheduling (PSI'06)
• Enforcing Robust Declassification and Qualified Robustness (JCS'06)
• Security-typed languages for implementation of cryptographic protocols: A case study (ESORICS'05)
• Dimensions and Principles of Declassification (CSFW'05)
• Bridging Language-Based and Process Calculi Security (FOSSACS'05)
• A Model for Delimited Information Release (ISSS'03, 2004)
• Enforcing Robust Declassification (CSFW'04)
• A Unifying Approach to the Security of Distributed and Multi-Threaded Programs (JCS'03)
• Confidentiality for Multithreaded Programs via Bisimulation. (PSI'03)
• Language-Based Information-Flow Security (JSAC'03); survey, references available here.
• More...

Publications

Mobius
(site leader)

Cornell IAI