Might be available

(Updated 2023-04-01)

Systemutvecklare

Goteborg, Sweden

Native Svenska, English, Intermediate German

7 års erfarenhet av forskning inom webbsäkerhet
Flerårig erfarenhet inom JavaScript/Node.js/TypeScript
Flerårig erfarenhet av Java/Haskell/Erlang/Python

Contact

Skills (44)

Linux

R&D

Research

JavaScript

Information-Flow Control

TEACHING

DOM

TEAM PLAYER

Dynamic Analysis

Puppeteer

Cyber Security

Static Analysis

Git

COMPUTER SECURITY

Java

PHP

Handlebars

TypeScript

TDD

MENTOR

WebAssembly

INSTRUMENTATION

Node.js

Flask

HTML

Scrum

WEB SECURITY

Python

Scala

MySQL

coq

Docker

CSS

AWS

Data Structures

Erlang

PostgreSQL

oraclesql

Haskell

agda

C#/.NET

promela

C++

Summary

Alexander is a hard worker with a PhD who has a strong drive and a penchant for problem-solving. With a background in academia, Alexander is a fast learner who has embraced being curious while always striving to gain more knowledge.
    Alexander thoroughly enjoys working alongside and together with other people. During his time in academia, Alexander has been praised in evaluations from students for his work when he taught courses, mentored students, supervised a thesis, and supervised lab sessions, showing communicating about complex concepts is easy for him.
    While being a methodological and analytical developer, Alexander is not afraid to dive into the nitty gritty parts of a system; each part is important for the greater goal of solving the problem!
    Alexander takes great pride in crafting rigorous solutions, systems, and tools that help other people, which was the driving force in his research in web security and privacy.

Professional Experience

Systems Developer

Hazel Time AB

2024-05 - Present

Postdoctoral Researcher in Web Security and Privacy

Vienna University of Technology

2021-01 - 2023-01

I worked on tools for static analysis for verifying security properties in WebAssembly, ranging from a security type system for secure information-flow to using the HoRSt framework that takes a specification of Horn clauses and produces an output to be used in conjunction with the theorem prover Z3.

While at TU Wien, I mainly extended HoRSt, which is written in Java, while also using Git, Gitlab, and TDD by both self-implemented tests, but also incorporating the official WebAssembly test suite to be used for feature and regression testing. We also used the Score method (Scrum for research) throughout my time at TU Wien.
I also taught on courses for formal methods for security as well as basic web security.

Research Intern in Web Security and Privacy

Brave Software

2019-06 - 2019-09

I worked on implementing PageGraph, a browser instrumentation for Blink and V8 to generate a graph over the page execution to attribute DOM modifications, network requests, script execution, and privacy-related API accesses to the responsible script. PageGraph was developed alongside two other interns and our mentor. It was used alongside a machine-learning approach to detect ads on web pages, and the graph was traversed to find the best resource to block to prevent the ads from loading.
As Blink and V8 is part of Chromium, PageGraph is implemented in C++ and I had to dig around and get comfortable in the large codebase that is Chromium in a brief period of time. Similarly, as the code base is large, we used sccache for faster builds. The machine learning as well as the tool to traverse the graph was written in Python, while the crawler to get all images was written in JavaScript with the puppeteer library and a PostgreSQL database for storing information from the crawling. The version control was Git and we used AWS for storing the crawled images.

PhD Canidate in Computer Science, Language-Based Security

Chalmers University of Technology

2015-08 - 2020-07

My thesis on the topics of language-based security and web security was successfully defended. The research was on how to allow for dynamic information-flow control (IFC) in languages not designed for IFC, and how to give users more control of their data; be it from blocking unwanted privacy-invasive content to limiting the effects installed software can have to identify users online.

Throughout my time as a PhD student, I mainly worked in JavaScript and TypeScript for implementation on the interpreter JSFlow, Haskell to create prototypes to test ideas, and Python for some crawling and analysis. While working on JSFlow, we used both manual tests to test new features as well as an official test suite for the SpiderMonkey JavaScript engine. This test suite was used with Semaphore CI to do regression testing when pushing to the repo. I also used Docker to do builds with older libraries.

For teaching, I supervised one MSc. thesis and taught courses on language-based security, concurrency, parallelism, object-oriented programming, data structures, and functional programming.

Academic Background

PhD in Computer Science

Chalmers University of Technology

2015-08 - 2020-07

Master of Science in Computer Science

University of Gothenburg

2012-08 - 2015-02

Bachelor of Science in Computer Science