My research focuses on web security, data and application security, language-based security, and location privacy. I lead a team of researchers, engaged in a number of EU and national projects and collaborations with industry including Google, Facebook, Microsoft, and SAP.

My (about 80) papers are published in venues that include conference flagships IEEE Security & Privacy and ACM CCS, and journal flagships IEEE TDSC and ACM TISSEC. Most recent:

• We are Family: Relating Information-Flow Trackers (ESORICS'17)
• PrivatePool: Privacy-Preserving Ridesharing (CSF'17)
• A Principled Approach to Tracking Information Flow in the Presence of Libraries (POST'17)
• Measuring Login Webpage Security (SAC'17)
• Discovering Browser Extensions via Web Accessible Resources (CODASPY'17)
• Privacy-Preserving Location-Proximity for Mobile Apps (PDP'17)
• Location-enhanced Authentication using the IoT (ACSAC'16)
• MaxPace: Speed-Constrained Location Queries (CNS'16)
• Let's Face It: Faceted Values for Taint Tracking (ESORICS'16)
• JavaScript Sandboxing: Isolating and Restricting Client-Side JavaScript (FOSAD'16)
• Data Exfiltration in the Face of CSP (ASIACCS'16)
• Progress-Sensitive Security for SPARK (ESSoS'16)
• Web Application Security using JSFlow (SYNASC'16)
• Explicit Secrecy: A Policy for Taint Tracking (EuroS&P;'16)
• JSLINQ: Building Secure Applications across Tiers (CODASPY'16)
• Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent (JCS'16)
• Information-flow security for JavaScript and its APIs (JCS'16)
• More...

I serve on the steering committees of IEEE CSF, POST, and NordSec, editorial board of JCS and (about 80) program committees including IEEE Security & Privacy and ACM CCS. Current/recent PCs:

• EuroS&P'18, S&P'18, WWW'18, POST'18, ESORICS'17, USENIX Security'17, S&P'17, EuroS&P'17 (co-chair), TMPA'17, CCS'16, ESORICS'16, USENIX Security'16, CSF'16, SAC'16, EuroS&P'16, NDSS'16, ACSAC'15, RAID'15, CCS'15, AppSecEU'15, S&P'15, SAC'15, ESSoS'15,... See more under Activities.

I am recipient of the Facebook Research and Academic Relations Program Gift (2016), Google Faculty Research Award (2016), ERC Starter/Consolidator (2012), Chalmers Research Supervisor of the year (2010), and SSF Future Research Leader (2008) awards.

Check out the attacks, protocols, and tools recently designed within my team: InnerCircle, SandPass, JSFlow, SeLINQ, PDF polyglots, GlassTube, and more!

• Program committees: EuroS&P'18, S&P'18, WWW'18, POST'18, ESORICS'17, USENIX Security'17, S&P'17, EuroS&P'17 (co-chair), TMPA'17, CCS'16, ESORICS'16, USENIX Security'16, CSF'16, SAC'16, EuroS&P'16, NDSS'16, ACSAC'15, RAID'15, CCS'15, AppSecEU'15, S&P'15, SAC'15, ESSoS'15, CCS'14, NordSec'14, QASA'14, CSF'14, PSI'14, S&P'14, SAC'14, NWPT'13, NordSec'13, ESORICS'13, AppSecEU'13, ESEC/FSE'13 New Ideas Track, FCS'13, POST'13, POPL'13, NWPT'12, NordSec'12, MMM-ACNS'12, POST'12, NWPT'11, NordSec'11, SEC'11, ESOP'11, NWPT'10, MMM-ACNS'10, AppSec Research'10, PLAS'10, S&P'10, ASIACCS'10, CCS'09, CSF'09, CCS'08, CSF'08 (chair), ESOP'08, NordSec'07 (co-chair), MMM-ACNS'07, CSF'07 (chair), PLAS'07, ESOP'07, APLAS'06, ESORICS'06 (co-chair), CSFW'06, S&P'06, POPL'06, MMM-ACNS'05, SAS'05, FCS'05 (chair), CSFW'05, ESOP'05, VODCA'04, SecCo'04, SAS'04, FCS'04 (chair), FAST'03, FCS'03, CSFW'03, CSFW'02.
• Steering committees: CSF, POST, NordSec, FCS (2005-13, chair: 2005-08).
• Editorships: editorial board member for JCS and IPL; editor for web application security special issue of JCS, 2014, special issues on CSF 2008 and CSF 2007 of JCS and issue on Language-Based Security of JFP, 2005.
• Keynote invited talks: PSI'17, HotSpot'17, e-Stockholm'16, ICICS'14, RS3'14, OWASP Gothenburg Kick-Off, MMM-ACNS'10, ASIACCS'10, Dagstuhl WebAppSec'09, OWASP Sweden Kick-off, ASIAN'07, TGC'06, Dagstuhl LBS'03, FCS'03.
• PhD Summer School Lecturing: IM&CTCPA;'16, FOSAD'14, Aalborg'11, Marktoberdorf'11, Software Engineering and Verification'11, Marktoberdorf'09, GLOBAN'08, FOSAD'04, WSSA'03.
• Dagstuhl seminar organizer: Web Application Security, 2012; Mobility, Ubiquity, and Security, 2007; Language-Based Security, 2003.
• Scientific Advisory Board: CISPA-Stanford Center for Cybersecurity.

• Daniel Hausknecht
• Daniel Schoepe
• Per Hallgren
• Alexander Sjösten

• Musard Balliu
• Steven Van Acker

• Luciano Bello
• Willard Rafnsson
• Arnar Birgisson
• Jonas Magazinius
• Aslan Askarov
• Alejandro Russo

• Language-Based Security 2005-2017
• Concurrent Programming 2004-2007
• Cryptography 1998-2001