Salvatore Guarnieri
salvatore.guarnieri@gmail.com
http://www.sammyg.org
https://github.com/salguarnieri (but most work is internal at Google)
Work Experience
September 2014 - Current
Locations: New York, NY, Seattle, WA
Role: Software Engineer
Gmail EngProd
I worked on the Gmail EngProd team as a tech lead. The team mission was to work on tooling and processes to improve the developer velocity for the Gmail teams.
Kythe
I worked on Kythe, a developer tools system that processes source code to generate and serve a large scale graph
that details the relationships in code for very large code bases (e.g. where symbol foo is defined, where it is
referenced, what type it has, etc.). The data was surfaced in a web UI that was used by nearly every engineer to
understand and browse code. It also powered large scale changes, refactoring, migrations, and other bespoke tools.
I led cross-team and cross-org design, consensus building, prioritization, and implementation of features to increase cross reference coverage and ease of using cross reference data in other tools.
I wrote client-facing and backend-facing distributed servers, graph processing, server configs, and design docs. I primarily used Java and Go with Bazel.
Privacy reviewer
Reviewed internal Google systems to validate and improve their privacy practices.
Previous projects:
Android Studio
I worked on the Bazel plugin for Android Studio. I was one of the early developers that helped bridge the Bazel project model and the IntelliJ project model to make the plugin possible.
IBM
January 2011 - August 2014
Location: Hawthorne, NY
Role: Software Engineer
I worked on analyses targeted at improving mobile application development. Specifically, worked on analyses for JavaScript, Android (Java), and Java to detect security and reliability problems. Was technical lead for JavaScript analyses.
Primary Language Used: Java
IBM Research Intern
June 2010 - January 2011
Location: Hawthorne, NY
Role: Software Engineer
I worked with Marco Pistoia on precise JavaScript and Java analyses. During the course of the internship I developed several analyses to detect or prevent security problems in several web languages. One of the analyses I developed was Actarus, which was a precise tainting analysis for JavaScript.
Primary Language Used Java
Microsoft Research Intern
October 2008 - February 2009
Location: Redmond, WA
Role: Software Engineer
I developed Gatekeeper with Ben Livshits, a tool that statically analyzes JavaScript widgets to identify possible security or reliability problems. The tool was aimed at widgets that were present on the live.com web portal. Gatekeeper was designed to execute on a widget after it was submitted but before the widget was listed in a directory of available widgets. Gatekeeper was designed to ensure unreliable widgets would not make it to the directory of downloadable widgets. I was responsible for creating, testing, and improving the tool. I was also partially responsible for the tool's technical report and presentation at meetings and talks.
Primary Language Used: C#
Education
The University of Washington
September 2006 - June 2010
Degree: Masters of Science in Computer Science
Location: Seattle, WA
Area of Research: Program Analysis for Web Languages
The University of Virginia
September 2002 - May 2006
Degree: Bachelor of Science
Location: Charlottesville, VA
Major: Computer Science (Computer Graphics and Computer Security concentration)
Minor: Biomedical Engineering
Selected Publications
Andromeda: Accurate and Scalable Security Analysis of Web Applications
Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, Salvatore Guarnieri
FASE 2013
Saving the World Wide Web from Vulnerable JavaScript
Salvatore Guarnieri, Marco Pistoia, Omer Tripp, Julian Dolby, Stephen Teilhet, Ryan Berg
ISSTA 2011
Gatekeeper: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code
Salvatore Guarnieri, Ben Livshits
USENIX Security 2009
Automatically Hardening Web Applications Using Precise Tainting
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeffrey Shirley and David Evans
IFIP International Information Security Conference 2005