Willard Rafnsson
Associate Professor
IT University of Copenhagen
Research Interests
My goal is to enable developers to write, at scale, trustworthy software that satisfies high-level security requirements.
My research is on language-based security. I build foundations for computer security by advancing and applying techniques and tools from programming-language theory and formal methods, such as program analysis and program transformation.
Bio
I am an Associate Professor at the IT University of Copenhagen (ITU). I am a member of the Center for Information Security and Trust (CISAT) , as well as the Programming, Logic and Semantics (PLS) and Software Quality Research (SQUARE) groups.
I was a visiting researcher at Carnegie Mellon University (CMU) in the School of Computer Science in the summer of 2022, hosted by Stephanie Balzer.
I was a Postdoc at Max Planck Institute for Software Systems (MPI-SWS), hosted by Deepak Garg, and at Carnegie Mellon University (CMU) CyLab, hosted by Limin Jia and Lujo Bauer. I did my PhD at Chalmers in the security lab, supervised by Andrei Sabelfeld.
Publications
My publications, in reverse-chronological order:
-
Privacy with Good Taste: A Case Study in Quantifying Privacy Risks in Genetic Scores
Raúl Pardo, Willard Rafnsson, Gregor Steinhorn, Denis Lavrov, Thomas Lumley, Christian Probst, Ilze Ziedins, Andrzej Wasowski.
-
"So I Sold My Soul": Effects of Dark Patterns in Cookie Notices on End-User Behavior and Perceptions
Ida Borberg, René Pedersen, Willard Rafnsson, Oksana Kulyk.
-
How Attacker Knowledge Affects Privacy Risks: An Analysis Using Probabilistic Programming
Louise Halvorsen, Siv Steffensen, Willard Rafnsson, Oksana Kulyk, Raúl Pardo.
-
Privug: Quantifying Leakage using Probabilistic Programming for Privacy Risk Analysis
Raúl Pardo, Willard Rafnsson, Christian Probst, Andrzej Wąsowski.
-
Fixing Vulnerabilities Automatically with Linters
Willard Rafnsson, Rosario Giustolisi, Mark Kragerup, Mathias Høyrup.
-
Timing-Sensitive Noninterference through Composition
Willard Rafnsson, Limin Jia, Lujo Bauer.
-
Type Systems for Information-Flow Control: The Question of Granularity
Vineet Rajani, Iulia Bastys, Willard Rafnsson, Deepak Garg.
-
Progress-Sensitive Security for SPARK
Willard Rafnsson, Deepak Garg, Andrei Sabelfeld.ESSoS 2016 . (appendix )
-
Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent
Willard Rafnsson, Andrei Sabelfeld.JCS (vol. 24, no. 1) 2016 (special issue of CSF 2012-2013)
-
Compositional Information-flow Security for Interactive Systems
Willard Rafnsson, Andrei Sabelfeld.CSF 2014 .
-
Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent
Willard Rafnsson, Andrei Sabelfeld.CSF 2013 .
-
Securing Class Initialization in Java-like Languages
Willard Rafnsson, Keiko Nakata, Andrei Sabelfeld.
-
Securing Interactive Programs
Willard Rafnsson, Daniel Hedin, Andrei Sabelfeld.CSF 2012 .
-
Limiting Information Leakage in Event-based Communication
Willard Rafnsson, Andrei Sabelfeld.
Service
I serve on program committees. I have served on the following events.
- IEEE Secure Development Conference (IEEE SecDev 2022) (PC member)
- 24th Nordic Conference on Secure IT Systems (NordSec 2019) (PC member, Poster chair)
- 39th International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE 2019) (PC member)
I regularly peer-review research papers for CCS, S&P, CSF, NDSS, USENIX Security, ESORICS, POST, NordSec, FCS, MMM-ACNS, TOPLAS, and JLAMP.
Outreach
I appear in public media:
-
Hackers lure in victims with false Minecraft games
(Danish: Hackere lokker med falske Minecraft spil)Interview for magazine article. Børneavisen, September 2022. -
DIREC supports young researchers
(Danish: DIREC støtter unge forskere)Interview for online news article. DIREC, 2021-09-29. -
Cybercrime
(Danish: It-kriminalitet)Interview for magazine article. Electra, November 2020.
-
WhatsApp hack
Interview for radio show (in Danish). Radio24syv, Datolinjen, 2019-05-14.
-
Securing Web Applications
Actor for educational video. Chalmers University of Technology, 2013-12-18.
I create material for a free online learning course on cybersecurity, SikkerCyber, aimed at employees in small- and medium-sized enterprises. (funded by Industriens Fond). I am the creator of the offensive security module.
Teaching
I teach at the IT University of Copenhagen.
Samples:
1,
2,
3.
Current
Past
I created courses on
Introductory Programming
,
Information Theory
, and Functional Programming,
have
been course manager of an
Algorithms
course,
and been TA in Cryptography, Concurrent Programming, Testing & Verification,
Computability & Complexity, Formal Languages & Automata, Discrete Mathematics,
Computer Organization, and Object-Oriented Programming.
I am appointed external examiner ("censor"), by the Danish Ministry for Education and Research ("Uddannelses- og Forskningsministeriet"), in the following censor corps:
- Computer Science Censor Corps ("Censorkorpset i Datalogi"). Here is my page.
- Bachelor and Master of Engineering Censor Corps ("Diplomingeniøruddannelsernes Censorkorps" and "Civilingeniøruddannelsernes Censorkorps") within Mathematics, Physics, and Social Sciences.
Supervision
I supervise student research- and thesis-projects.
I only supervise projects which I am highly enthusiastic about, and which will likely lead to a research paper. Are you a student interested in writing a project with me? Make sure my research agenda overlaps with your interest, then set up a meet.
Current Supervision
-
Katrine Christensen
Synthesizing Information-Flow Secure Programs
-
Selim Yetkin
Information-Flow Control in Access Control Systems
-
Line Dejgaard
Binary Analysis for Information-Flow Control
-
Fabian Harlang
and
Rares-Ionut Mocanu
Finding and Automatically Fixing Vulnerable Uses of JavaScript Libraries
-
Andreas Just Petersen
GameBoy Emulator in WebAssembly
Past Supervision
-
Andreas Ørregaard Klingenbrunn
Privacy risk analysis in Excel
-
Jacob Buchholz Bech
Finding Vulnerabilities in the Linux Kernel with CodeQL.
-
Lasse Agersten
,
and
Oliver Madsen
Fixing Vulnerabilities Automatically with ESLint.
-
Louise Christine Lykke Ma
, and
Bjørn Mikkelsen
Fixing Vulnerabilities Automatically in Infrastructure-as-Code.
-
Astrid Machholm
,
and
Diba Sadat Afzali
Visualizing and Communicating Privacy Risk: An Evaluation of Privacy Mechanisms with Privugger.
-
Mads Lomholt Tvede
,
Kristoffer Claussen Boesen
, and
Johan Emil Hardon
The Security of MIFARE Classic 1K in Physical Access Control Systems.
-
Helene Burghoff
,
and
Ibrahim Mohammad
Post-Quantum Cryptography for Web Servers.
-
Niclas Hedam
Mitigation of Timing Attacks on the Kernel Level. paper in progress
-
Dennis Riget Hansen
angrIFlow: Testing Information-Flow Properties with angr.
-
Kristoffer Astrup
,
and
Sebastian Olsen
Finding Vulnerabilities in UNIX Binaries with angr.
-
Idem Lykkesfeldt
Program Synthesis for Information-Flow Security.
-
Louise Chiang Halvorsen
and
Siv Louise Steffensen
How Attacker Knowledge Affects Privacy Risks: An Analysis using Probabilistic Programming. published
-
Mark Kragerup
and
Mathias Høyrup
Fixing Vulnerabilities Automatically with Linters. published
-
Ida Marie Borberg
and
René Hougaard Pedersen
Dark Patterns in Cookie Disclaimers. published
-
Yonathan Volpin
Type System for Information-Flow Control of JavaScript.
-
Ashley Parsons-Trew
Modeling Dynamical Systems with Functional Reactive Programming.
-
Jonas Andersen
and
Hugo Brito
Domain-Specific Languages for Contracts.
-
Andreas Kløve Thystrup
and
Nicolai Dørfler
Remote Timing Attacks on Shared Platforms.
-
Ans Uddin
Information-Flow Secure Programming on Matrix.
Contact
© Willard Rafnsson. All rights reserved. Design: HTML5 UP.