                    <meta charset="utf-8" emacsmode="-*- markdown -*">
                            **Marco Vassena**

<div style="display : flex; align-items: center;">
<image src="marco.jpg" width="150px" style="float:left; padding:10px">
<p>
    Assistant Professor<br />
    Office: [BBG 5.72](https://www.uu.nl/buys-ballotgebouw)<br />
    Email: m.vassena@uu.nl<br />
    [Department of Information and Computing Sciences](https://www.uu.nl/en/organisation/department-of-information-and-computing-sciences)<br />
    [Utrecht University](https://www.uu.nl/en)<br />
</p>
</div>

(#) About

The goal of my research is to develop principled methods to build secure
systems. My research interests span **Security** and **Programming Languages**
and I am actively involved with both research communities.

In my work, I apply programming language techniques (type systems, compilers,
program analysis and verification) to build software systems with reliable
security guarantees.  Currently, I am excited to work on language-based security
(constant-time programming, memory safety, and information flow control),
software defenses against Spectre and side-channel attacks, and software
isolation and sandboxing (especially in Wasm).

I completed my PhD in Computer Science at Chalmers University of Technology
under the supervision of [Alejandro Russo](http://www.cse.chalmers.se/~russo/).
Before joining Utrecht University, I was a postdoctoral researcher at [CISPA
Helmholtz Center for Information Security](https://cispa.de/en) and a member of
the [CISPA-Stanford Center for Cybersecurity](https://www.cispa-stanford.org).

# Publications

- Matthew Kolosick, Basavesh Ammanaghatta Shivakumar, Sunjay Cauligi, Marco
  Patrignani, Marco Vassena, Ranjit Jhala, and Deian Stefan. **[Robust Constant-Time
  Cryptography](pubs/robust-ct.pdf)**. In _Proceedings of Conference on Programming Language
  Design and Implementation (PLDI), ACM SIGPLAN_, June 2025.

- Alexandra E. Michael, Anitha Gollamudi, Jay Bosamiya, Evan Johnson, Aidan
  Denlinger, Craig Disselkoen, Conrad Watt, Bryan Parno, Marco Patrignani, Marco
  Vassena, and Deian Stefan. **[MSWasm: Soundly Enforcing Memory-Safe
  Execution of Unsafe Code](pubs/mswasm.pdf)**. In _Proceedings of ACM SIGPLAN Symposium on
  Principles of Programming Languages (POPL)_. January 2023.

- Marco Vassena, Alejandro Russo, Deepak Garg, Vineet Rajani and Deian Stefan.
  **[From Fine- To Coarse-Grained Dynamic Information Flow Control and Back, a
  Tutorial on Dynamic Information Flow](pubs/ftpl23.pdf)**.  In _Foundations and
  Trends in Programming Languages_, October 2023.

- Marco Vassena, Craig Disselkoen, Klaus von Gleissenthall, Sunjay Cauligi, Rami
  Gökhan Kıcı, Ranjit Jhala, Dean Tullsen, and Deian Stefan. **[Automatically
  Eliminating Speculative Leaks from Cryptographic Code with
  Blade](pubs/blade.pdf)**. In _Proceedings  of ACM SIGPLAN Symposium on
  Principles of Programming Languages (POPL)_. January 2021. Distinguished paper
  award.

- Kevin Morio, Dennis Jackson, Marco Vassena, and Robert Künnemann. **[Short
  Paper: Modular Black-box Runtime Verification of Security
  Protocols](pubs/morio-20.pdf)**. In _Proceedings of the Workshop on
  Programming Languages and Analysis for Security (PLAS)_. November 2020.

- Carlos Tomé Cortiñas, Marco Vassena and Alejandro Russo. **[Securing Asynchronous
  Exceptions](pubs/cortinas-20.pdf)**. In _Proceedings of Computer Security
  Foundations Symposium (CSF)_, June 2020.

- Marco Vassena and Marco Patrignani. **[Memory Safety Preservation for
  WebAssembly](pubs/sc-wasm.pdf)**. In _Workshop on Principles of Secure Compilation (PriSC)_.
  January 2020.

- Marco Vassena, Gary Soeller, Peter Amidon, Matthew Chan, and Deian Stefan.
  **[Foundations for Parallel Information Flow Control Runtime
  Systems](pubs/post19.pdf)**. In _Proceedings of Conference on Principles of
  Security and Trust (POST)_, April, 2020.

- Marco Vassena, Alejandro Russo, Deepak Garg, Vineet Rajani, and Deian Stefan.
  **[From Fine- to Coarse-Grained Dynamic Information Flow Control and
  Back](pubs/popl19.pdf)**. In Proceedings of ACM SIGPLAN Symposium on
  Principles of Programming Languages (POPL). January 2019. Distinguished paper
  award.

- Marco Vassena, Alejandro Russo, Pablo Buiras, Lucas Waye. **[MAC, a Verified
  Static Information-Flow Control Library](pubs/jlamp17.pdf)**. In _Journal of
  Logical and Algebraic Methods in Programming (JLAMP)_. December 2017.

- Marco Vassena, Joachim Breitner and Alejandro Russo.  **[Securing Concurrent Lazy
  Programs Against Information Leakage](pubs/csf2017.pdf)**. In _Proceedings of Computer
  Security Foundations Symposium (CSF)_, June 2017.

- Marco Vassena and Alejandro Russo. **[On Formalizing Information-Flow Control
  Libraries](pubs/plas16.pdf)**. In _Proceedings of the Workshop on Programming
  Languages and Analysis for Security (PLAS)_. October 2016.

- Marco Vassena, Pablo Buiras, Lucas Waye and Alejandro Russo.  **[Flexible
  Manipulation of Labeled Values for Information-Flow Control
  Libraries](pubs/esorics16.pdf)**.  In _Proceedings of European Symposium on
  Research in Computer Security (ESORICS), Springer_. September 2016. 

- Marco Vassena. **[Generic Diff3 for Algebraic Datatypes](pubs/gdiff3.pdf)**.
  Marco Vassena. In _Proceedings of the Workshop on Type-Driven Development
  (TyDe)_. September, 2016.

(##) Thesis

- Marco Vassena. **[Verifying Information Flow Control
  Libraries](pubs/phd-thesis.pdf)**. _PhD Thesis, Chalmers University of
  Technology_. April 2019.

- Marco Vassena. **[MAC, a Verified Information-Flow Control
  Library](pubs/licentiate-thesis.pdf)**.  _Licentiate Thesis_, Chalmers
  University of Technology, 2017.

# Teaching

- [Language-based Security](https://ics-websites.science.uu.nl/docs/vakken/mlbs/): once a year since 2023.
- [Security](TODO): once a year since 2023.

Before joining Utrecht University, I have been an instructor and teaching
assistant in the following courses:

(##) CISPA-Stanford Center

- [Programming Language Foundations](https://squera.github.io/cs358-20-21/) at Stanford, 2021 (co-taught with [Marco Patrignani](https://squera.github.io/about/))
- [Formal Methods in Security](https://cms.cispa.saarland/fms/) at CISPA, 2020 (co-taught with [Robert Künnemann](http://www.kunnemann.de) and [Hamed Nemati](https://hnemati.github.io))

(##) Chalmers University of Technology

- [Introduction to Functional Programming](https://www.student.chalmers.se/sp/course?course_id=23197), 2016-2018, (assitant)
- [Finite Automata Theory and Formal Languages](https://www.student.chalmers.se/sp/course?course_id=23448), 2015-2018, (assistant)
- [Data Structures](https://www.student.chalmers.se/sp/course?course_id=23029), 2015-2019, (assistant)

# Service

(##) Program Committees

- **2026**: [CCS](https://www.sigsac.org/ccs/CCS2026/), [PriSC](https://popl26.sigplan.org/home/prisc-2026) (co-chair)
- **2025**: [POPL](https://popl25.sigplan.org) (web co-chair), [FCS](https://fcs-workshop.github.io/fcs2025/) (co-chair)
  [PriSC](https://popl25.sigplan.org/home/prisc-2025) (co-chair)
- **2024**: [EuroS&P](https://eurosp2024.ieee-security.org), [POPL](https://popl24.sigplan.org) (web co-chair), [FCS](https://fcs-workshop.github.io/fcs2024/) (co-chair), [PLMW](https://pldi24.sigplan.org/track/PLMW-PLDI-2024), [TyDe](https://icfp24.sigplan.org/home/tyde-2024)
- **2023**: [POPL](https://popl23.sigplan.org/track/POPL-2023-popl-research-papers)
- **2022**: [Haskell](https://icfp22.sigplan.org/home/haskellsymp-2022), [FCS](https://jnear.github.io/fcs2022/)
- **2020**: [PLAS](https://pages.cispa.de/plas2020/) (co-chair), [PriSC](https://popl20.sigplan.org/home/prisc-2020#)
- **2019**: [PLAS](https://www.andrew.cmu.edu/user/pmardzie/plas2019/), [FCS](http://homepages.cs.ncl.ac.uk/charles.morisset/fcs2019/)

(##) Poster Sessions and Artifact Evaluation

- **2020**: [CCS](https://www.sigsac.org/ccs/CCS2020/call-for-poster-demo.html), [POPL](https://popl20.sigplan.org/track/POPL-2020-Artifact-Evaluation)
- **2019**: [CCS](https://sigsac.org/ccs/CCS2019/index.php/call-for/call-for-posters/)
- **2018**: [ICFP](https://icfp18.sigplan.org/track/icfp-2018-Artifact-Evaluation)

(##) Reviewing

- **2022**: [TCS](https://www.sciencedirect.com/journal/theoretical-computer-science)
- **2020**: [TOPLAS](https://dl.acm.org/journal/toplas),
- **2021**: [TOPS](https://dl.acm.org/journal/tops), [C&S](https://www.journals.elsevier.com/computers-and-security), [LICS](http://lics.siglog.org/lics20/)
- **2019**: [SOSP](https://sosp19.rcs.uwaterloo.ca/index.html), [ITP](https://itp19.cecs.pdx.edu/)
- **2018**: [POST](https://www.etaps.org/2018/post), [CSF](http://www.cs.ox.ac.uk/conferences/csf2018/cfp.html), [ICFP](https://conf.researchr.org/home/icfp-2018), [NordSec](https://securitylab.no/nordsec18/)
- **2017**: [FAC](https://link.springer.com/journal/165), [SYSTOR](https://www.systor.org/2017/)
- **2016**: [CCS](https://www.sigsac.org/ccs/CCS2016/index.html)

<!-- Markdeep: --><style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="markdeep.min.js" charset="utf-8"></script><script src="https://morgan3d.github.io/markdeep/latest/markdeep.min.js?" charset="utf-8"></script><script>window.alreadyProcessedMarkdeep||(document.body.style.visibility="visible")</script>