About me

I am a Postdoc at TU Wien, working in the Security & Privacy Research Unit since January 2021. Before joining TU Wien, I completed a PhD in Computer Science at Chalmers University of Technology, where my supervisor was Andrei Sabelfeld and my co-supervisor was Daniel Hedin.

My research is within web security and programming languages, and my current research is to create tools for static analysis for verifying security properties in WebAssembly. I also have an interest in information-flow control (IFC) and how it can be used to increase security by not allowing sensitive data to flow to undesired sinks. During my PhD, I also worked on how users can protect their data online; be it from helping them block unwanted privacy-invasive content to limiting the effects installed software can have to identify them online.

Publications

• SecWasm: Information Flow Control for WebAssembly
  Iulia Bastys, Maximilian Algehed, Alexander Sjösten, Andrei Sabelfeld
  Static Analysis Symposium (SAS)
  Auckland, New Zeeland, December 2022
  [PDF] [Full version with proofs]
• EssentialFP: Exposing the Essence of Browser Fingerprinting
  Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld
  SecWeb Workshop 2021
  Vienna, Austria, September 2021
  [PDF] [Additional material]
• Filter List Generation for Underserved Regions
  Alexander Sjösten, Peter Snyder, Antonio Pastor, Panagiotis Papadopoulos, Benjamin Livshits
  The Web Conference (WWW)
  Taipei, Taiwan, April 2020
  [PDF]
• Latex Gloves: Protecting Browser Extensions from Probing and Revelation Attacks
  Alexander Sjösten, Steven Van Acker, Pablo Picazo-Sanchez, Andrei Sabelfeld
  Network and Distributed System Security Symposium (NDSS)
  San Diego, CA, USA, February 2019
  [PDF]
• Information Flow Tracking for Side-effectful Libraries
  Alexander Sjösten, Daniel Hedin, Andrei Sabelfeld
  International Conference on Formal Techniques for Distributed Objects, Components, and Systems (FORTE)
  Madrid, Spain, June 2018
  [PDF] [Additional material]
• A Principled Approach to Tracking Information Flow in the Presence of Libraries
  Daniel Hedin, Alexander Sjösten, Frank Piessens, Andrei Sabelfeld
  International Conference on Principles of Security and Trust (POST)
  Uppsala, Sweden, April 2017
  [PDF] [Additional material]
• Discovering Browser Extensions via Web Accessible Resources
  Alexander Sjösten, Steven Van Acker, Andrei Sabelfeld
  Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY)
  Scottsdale, AZ, USA, March 2017
  [PDF] [Additional material]

Theses

• Information Flow for Web Security and Privacy
  PhD thesis, 2020
• Guarding the Boundary: Information Flow Tracking in the Presence of Libraries
  Licentiate thesis, 2018
• SWAP-IFC Secure Web Applications with Information Flow Control
  Master thesis, 2015

Teaching

At TU Wien, I am currently a teaching assistant in the following courses:

• Formal Methods for Security and Privacy (192.059)
• Introduction to Security (184.783 and 192.082)

Past teaching

While at Chalmers, I supervised two BSc. theses and one MSc. thesis, and was a teaching assistant in the following courses:

• Language-Based Security (TDA602/TDA601/DIT103/DIT101)
• Principles of Concurrent Programming (TDA384/DIT391)
• Introduction to Functional Programming (TDA555/DIT440)
• Datastructures (DIT960)
• Imperative Programming with Basic Object-orientation (DIT012)
• Object-oriented Software Development (DIT011)
• Object-oriented programming (TDA540 and TDA545 and DAT043)
• Introduction to Computer Programming (TDA600/DIT700)