Willard Rafnsson

My research focuses on proving that software preserves the confidentiality of data. I am building tools for this task, that scale to real programming languages and platforms.

I am an Assistant Professor at the IT University of Copenhagen (ITU). I am a member of the Center for Information Security and Trust (CISAT) , as well as the Programming, Logic and Semantics (PLS) and Software Quality Research (SQUARE) groups.

I was a Postdoc at Max Planck Institute for Software Systems (MPI-SWS), hosted by Deepak Garg, and at Carnegie Mellon University (CMU) CyLab, hosted by Limin Jia and Lujo Bauer. I did my PhD at Chalmers in the security lab, supervised by Andrei Sabelfeld.

My publications, in reverse-chronological order:

• Fixing Vulnerabilities Automatically with Linters
  Willard Rafnsson, Rosario Giustolisi, Mark Kragerup, Mathias Høyrup.
  NSS 2020
• Timing-Sensitive Noninterference through Composition
  Willard Rafnsson, Limin Jia, Lujo Bauer.
  POST 2017 . (appendix)
• Type Systems for Information-Flow Control: The Question of Granularity
  Vineet Rajani, Iulia Bastys, Willard Rafnsson, Deepak Garg.
  ACM SIGLOG News (vol. 4, nr. 1) 2017
• Progress-Sensitive Security for SPARK
  Willard Rafnsson, Deepak Garg, Andrei Sabelfeld.
  ESSoS 2016 . (appendix )
• Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent
  Willard Rafnsson, Andrei Sabelfeld.
  JCS (vol. 24, no. 1) 2016 (special issue of CSF 2012-2013)
• Compositional Information-flow Security for Interactive Systems
  Willard Rafnsson, Andrei Sabelfeld.
  CSF 2014 .
• Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent
  Willard Rafnsson, Andrei Sabelfeld.
  CSF 2013 .
• Securing Class Initialization in Java-like Languages
  Willard Rafnsson, Keiko Nakata, Andrei Sabelfeld.
  TDSC (vol. 10, no. 1) 2013 . (appendix )
• Securing Interactive Programs
  Willard Rafnsson, Daniel Hedin, Andrei Sabelfeld.
  CSF 2012 .
• Limiting Information Leakage in Event-based Communication
  Willard Rafnsson, Andrei Sabelfeld.
  PLAS 2011 . (appendix)

I serve on the program committees of the following events.

• 24th Nordic Conference on Secure IT Systems (NordSec 2019) (PC member, Poster chair)
• 39th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE 2019) (PC member)
• 5th International Conference on Principles of Security and Trust (POST 2016) (PC member)
• Workshop on Foundations of Computer Security (FCS 2015) (PC member)
• 19th Nordic Conference on Secure IT Systems (NordSec 2014), poster session (PC member)

I regularly peer-review research papers for CCS, S&P, CSF, NDSS, USENIX Security, ESORICS, POST, NordSec, FCS, MMM-ACNS, TOPLAS, and JLAMP.

My appearances in public media:

• It-kriminalitet (in English: Cybercrime)
  Interview for magazine article.
  Electra, 2020-10-07.
• WhatsApp hack
  Interview for radio show.
  Radio24syv, Datolinjen, 2019-05-14.
• Securing Web Applications
  Actor for educational video.
  Chalmers University of Technology, 2013-12-18.

I create course material for SikkerCyber, a free online learning course on cybersecurity, aimed at employees in small- and medium-sized enterprises. (funded by Industriens Fond).

I teach Applied Information Security in autumn and summer, and the Information-Flow Control module in Advanced Security in autumn. Demos: 1, 2.

Previously, I have created courses on Information Theory and on Functional Programming, been course manager of an Algorithms course, and been TA in Cryptography, Concurrent Programming, Testing & Verification, Computability & Complexity, Formal Languages & Automata, Discrete Mathematics, Computer Organization, and Object-Oriented Programming.

I supervise student research- and thesis-projects.

I only supervise projects which I am highly enthusiastic about, and which will likely lead to a research paper. Are you a student interested in writing a project with me? Make sure my research agenda overlaps with your interest, then set up a meet.

Ongoing

• Helene Burghoff , and Ibrahim Mohammad
  Post-Quantum Cryptography for Web Servers.
• Niclas Hedam
  Mitigation of Timing Attacks on the Kernel Level.
• Dennis Riget Hansen
  angrIFlow: Testing Information-Flow Properties with angr.
• Kristoffer Astrup , and Sebastian Olsen
  Finding Vulnerabilities in UNIX Binaries with angr.
• Idem Lykkesfeldt
  Program Synthesis for Information-Flow Security.

Past

• Louise Chiang Halvorsen and Siv Louise Steffensen
  How Attacker Knowledge Affects Privacy Risks: An Analysis using Probabilistic Programming. paper in progress
• Mark Kragerup and Mathias Høyrup
  Fixing Vulnerabilities Automatically with Linters. published
• Ida Marie Borberg and René Hougaard Pedersen
  Dark Patterns in Cookie Disclaimers. paper in progress
• Yonathan Volpin
  Type System for Information-Flow Control of JavaScript.
• Ashley Parsons-Trew
  Modeling Dynamical Systems with Functional Reactive Programming.
• Jonas Andersen and Hugo Brito
  Domain-Specific Languages for Contracts.
• Andreas Kløve Thystrup and Nicolai Dørfler
  Remote Timing Attacks on Shared Platforms.
• Ans Uddin
  Information-Flow Secure Programming on Matrix.