Salvatore Guarnieri

salvatore.guarnieri@gmail.com
http://www.sammyg.org
Education
The University of Washington : September 2006 - June 2010
Degree
Masters of Science in Computer Science

Location
Seattle, WA

Area of Research
Program Analysis for Web Languages

Languages Used
C#, JavaScript, Python, C, C++, Java, OCaml

Honors and Accomplishments
  • Recipient of the Dinning-Wolf Endowed Regental Fellowship (2006-2008)
  • Recipient of the Boeing Company Fellowship (2006-2007)
GPA
3.70/4.00

The University of Virginia : September 2002 - May 2006
Degree
Bachelor of Science

Location
Charlottesville, VA

Major
Computer Science (Computer Graphics and Computer Security concentration)

Minor
Biomedical Engineering

Honors and Accomplishments

  • Finalist for the Computing Research Association's Outstanding Undergraduate Award (2006)
Major GPA
3.88/4.00

Overall GPA
3.53/4.00

Work Experience
Google : September 2014 - Current
Location
New York, NY

Title
Software Engineer

Summary
--

IBM : January 2011 - August 2014
Location
Hawthorne, NY

Title
Software Engineer

Summary
Worked on analyses targeted at improving mobile application development. Specifically, worked on analyses for JavaScript, Android (Java), and Java to detect security and reliability problems. Was technical lead for JavaScript analyses.

Primary Language Used
Java

IBM Research : June 2010 - January 2011
Location
Hawthorne, NY

Title
Intern, worked with Marco Pistoia

Summary
I worked on precise JavaScript and Java analyses. During the course of the internship I developed several analyses to detect or prevent security problems in several web languages. One of the analyses I developed was Actarus, which was a precise tainting analysis for JavaScript.

Primary Language Used
Java

Microsoft Research : October 2008 - February 2009
Location
Redmond, WA

Title
Intern, worked with Ben Livshits

Summary
I developed Gatekeeper, a tool that statically analyzes JavaScript widgets to identify possible security or reliability problems. The tool was aimed at widgets that were present on the live.com web portal. Gatekeeper was designed to execute on a widget after it was submitted but before the widget was listed in a directory of available widgets. Gatekeeper was designed to ensure unreliable widgets would not make it to the directory of downloadable widgets. I was responsible for creating, testing, and improving the tool. I was also partially responsible for the tool's technical report and presentation at meetings and talks.

Primary Language Used
C#

Publications
Automatic detection of inter-application permission leaks in Android applications
Dragos Sbirlea, Michael G. Burke, Salvatore Guarnieri, Marco Pistoia, Vivek Sarkar
IBM Journal of Research and Development (2013)
Andromeda: Accurate and Scalable Security Analysis of Web Applications
Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, Salvatore Guarnieri
FASE 2013
Frameworks for Frameworks
Manu Sridharan, Shay Artzi, Marco Pistoia, Salvatore Guarnieri, Omer Tripp, Ryan Berg
OOPSLA 2011
Saving the World Wide Web from Vulnerable JavaScript
Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet, Ryan Berg
ISSTA 2011
GULFSTREAM: Staged Static Analysis for Streaming JavaScript Applications
Salvatore Guarnieri, Ben Livshits.
USENIX WebApps 2010
Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code
Salvatore Guarnieri, Ben Livshits.
USENIX Security 2009
Automatically Hardening Web Applications Using Precise Tainting
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeffrey Shirley and David Evans.
IFIP International Information Security Conference 2005
Talks
Actarus: Saving the World Wide Web from Vulnerable JavaScript
ISSTA, July 2011
Gulfstream: Staged Static Analysis for Streaming JavaScript Applications
USENIX WebApps, June 2010
Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code
Dagstuhl Seminar on Web Application Security, March 2009
Automatically Hardening Web Applications Using Precise Tainting
Works In Progress talk at USENIX Security Symposium, August 2005
Automatically Hardening Web Applications Using Precise Tainting
IFIP International Information Security Conference (SEC 2005), May 2005
Automatic Protection from Internet Attacks
University of Virginia Undergraduate Research Network Spring Symposium, April 2005
Teaching Experience
Graduate Teaching Assistant at The University of Washington
Class
CSE505 - Concepts of Programming Languages

Quarters
Autumn 2009

Class
CSE451 - Operating Systems

Quarters
Winter 2010, Spring 2010

Undergraduate Teaching Assistant at The University of Virginia
Class
CS445 - Introduction to Computer Graphics

Semesters
Spring 2005

Class
CS216 - Program and Data Representation

Semesters
Fall 2004, Spring 2005, Fall 2005, Spring 2006