Serge Kosyrev Curriculum Vitae

Serge Kosyrev Curriculum vitae

ROLESOUGHT b Zelenograd, Moscow (RU) ⇒ Technologist T +7 (905) 5380951 ⇒ Architect / team lead B kosyrev.serge protonmail com ⇒ Senior software engineer E deepﬁre.github.io

SYSTEMBUILDING EDUCATION 2000-2001 Engineering institute ⇒ a SoC-targeted system software development and National Research University of assurance toolchain (IEEE 1149.1) Electronic Technology, Moscow ⇒ two transpilers (one used in critical production environment) 2002-2006 Business school Institute of International Business ⇒ a package manager and a proto-CI system for a Education, Moscow diverse environment (personal project) ⇒ a hypervisor-based secure endpoint (prototype); the hypervisor was written from scratch PUBLICPROJECTS 2017 undisclosed project HIGH-LEVELDECLARATIVEDESIGN a knowledge representation & PROGRAMMING and visualisation tool. Don’t feel like talking about it yet ⇒ pure, typed, functional: to support program rea- 2017 reflex-glfw soning, refactoring and assurance a library facilitating use of Re- • Haskell (expressive higher-kinded & dependent flex FRP with OpenGL/GLFW types, reactive (FRP), lazy evaluation) 2017 Barrelfish OS contributions ⇒ metaprogramming: expanding ability to express Nix-based build environment solutions to very complex problems reproducibility (merged up- • Common Lisp (an extensible compiler) stream), stack traces (work in progress) PROGRAMSEMANTICS, 2015-ONGOING Contributions to Nixpkgs packaging software I need COMPILATIONANDANALYSIS for the NixOS Linux distribu- tion/package repository ⇒ written two transpilers, an assembler/disassembler and a control flow analysis tool 2015 Ruin ⇒ had a passing interest in flow analysis (CFA/DFA) a heterogenous, declarative of higher-order programming languages build system: when your build is too twisted with conventional tools MAINSTREAM 2014-2016 weld, youtrack, org-magit- review, some unreleased) ⇒ mid-level POSIX programming tools for git and project man- • debugging sockets, threads, profiling, zero-copy agement (going fast), IPC, conventional GUI (gtk2) 2013 cl-org-mode ⇒ low-level hardware programming a suite of parsers/serialisers • debugging C, x86-64, MIPS, Linux kernel, bare- for org-mode metal hypervisor with printf(), gdb, JTAG 2011-2013 partus a transpiler of a subset of Com- MISCELLANEOUS mon Lisp to Python3

⇒ entry-level OpenGL and shaders 2008-2011 executor, gittage, desire a suite of libraries culminating ⇒ TeX / LaTeX / TikZ, some Web (front/back) in a git-based distributed soft- ⇒ expert-level Linux administration & trouble-shooting ware delivery and automated ⇒ knowledge visualisation and interaction systems testing system (that never re- • this has been my long-time fascination ally took off) WORKEXPERIENCE JANUARY 2013 - AUGUST 2014 (1 YEAR 8 MONTHS) Positive Technologies SEPTEMBER 2014 - NOW (2 YEARS 5 MONTHS) Positive Technologies Department of virtualisation, Department of virtualisation, head team lead Leading development of a hypervisor-based Spear-headed development of a hypervisor-based secure endpoint prototype: endpoint prototype for consumer x86-64-based hardware: ⇒ Managing a diverse team of up to 13 members, ...think consumer-friendly Qubes OS mostly researchy-kind of people ⇒ overall architecture ⇒ Leading the design and architecture effort ⇒ build system & testing automation • security architecture, interdomain communica- ⇒ tion general implementation • • facilitation of consensus in a heavily democratically- memory management slanted context • interdomain communication • too much conflict management ⇒ code repository maintenance ⇒ Implementation all across the board: hypervisor, ⇒ managing a growing team userspace and tooling ⇒ Organised further infrastructure development: build JANUARY 2012 - DECEMBER 2012 (1 YEAR) system, testing automation & continuous inte- Positive Technologies gration Department of advanced development, • three build systems, one culminating in an open Senior Developer / Analyst source project (building a deliverable package including hypervisor, kernel drivers, OS services ⇒ Supported further deployment of the new sys- and userspace is a non-trivial task): Ruin tem, through applying first-hand experience of • guiding deployment of Nix and Docker as means developing a couple of forensics analysis mod- for reproducible builds in a precisely specified ules within the new framework: environment • a fast regex on steroids • ⇒ Resource allocation and planning, hiring analysis of the Windows eventlog event streams and correlation heuristics for suspicious pat- ⇒ Talking to sales people terns ⇒ Making presentations for external consumption ⇒ Analysis of usage practices and shortcomings of in-house knowledge base development infrastruc- ⇒ Developed an administrative process, to facili- ture. tate staged, planned materialisation of a high- level project vision. Implementation of this pro- ⇒ Early research on the viability of a secure end- cess was ultimately unsuccessful point based on a virtualisation-enforced isola- tion. Transformation of the management’s high- ⇒ Personal decision to end the project level concept of such an endpoint into a techni- Research direction: cal vision. ⇒ Organised research into Intel Management En- gine: threats, deactivation methods. This research culminated in a deactivation tool and a conference talk. ⇒ Organised a research survey on the kernels suit- able as basis for the next product iteration. ⇒ Produced a preliminary design of a next-generation hypervisor-based secure endpoint system based of the Barrelfish OS. ⇒ Produced a research survey on the state-of-art in security kernels: • origin of security kernels • fundamental problem of security policy enforceability • separation kernels • state of art in verified kernels OCTOBER 2010 - DECEMBER 2011 (1 YEAR 2 in-house version of the tool included a McCLIM- MONTHS) based GUI, facilitating interactive search and Positive Technologies visualisation of problematic subsequences in the Senior developer basic block graph ⇒ Developed an alternate JTAG toolstack, that was ⇒ Produced a detailed (HyperSpec-style) reference ultimately abandoned: specification for semantics of an in-house ad- • a library for declarative description of register hoc dataflow language (including relevant parts format/sets as well as devices and their hier- of its runtime system) used to capture domain- archies. Pro: a single, human-readable piece specific knowledge used by the flagship company of text facilitating both register accessor code product. generation, validation and documentation pur- ⇒ In collaboration with in-house domain experts, poses. The library supported partial validation captured the design requirements for a next gen- of device / register / field / value usage correct- eration of the dataflow language. ness at compile-time: bitmop • ⇒ Designed alternate, Python3-based syntax & se- extensions and a port of a Common Lisp GDB mantics for the dataflow language. Implemented stub library by Julian Stecklina: gdb-remote a runtime system for these semantics. • a tool for high-speed flashing of JTAG target devices, based on a combination of host-target ⇒ Designed and implemented a transpiler (inter- bulk transfer and a code generator producing a language compiler) (in Common Lisp) from the platform/flash-chip-specific flashing routine on original ad-hoc dataflow language to the new Python the target semantics. The transpiler included a measure of simple static analysis and helped catching a • a programmable debugger substrate, based on number of bugs in the knowledge base. the above: common-db • a toolchain, facilitating automation of Linux ker- ⇒ Built an online compilation service, to facilitate nel debugging experience, based on above smooth transition of the constantly evolving knowledge database. ⇒ Consumer-ready packaging of the high-speed flashing tool: console UI, documentation and support ⇒ Oversaw a successful transition of the entire knowl- request servicing. edge base from the old system to the new language & runtime. ⇒ Developed a customization in the GCC code generator to work around an FPU bug in a version OCTOBER 2003 - SEPTEMBER 2010 (7 YEARS) of company CPU product Elvees Developer ⇒ Helped to identify several CPU bugs: timing-sensitive cache/TLB interaction, bus access anomalies ⇒ Maintenance of a Linux kernel port to the in- house Elvees Multicore series of SoCs. Linux kernel driver development (NICs, custom proto- col serial interlink, DSP access device). ⇒ Development and maintainership of a pre-existing JTAG access toolstack used to facilitate both chip validation (in-house engineers) and software development (both in-house and external). The toolstack consisted of a portable (Windows, Linux) low-level JTAG TAP access library, a portable console-based debugger and a Windows IDE plu- gin. ⇒ Developed a series of binary analysis tools for the Multicore platform: • a library for declaratively-specified assemblers and disassemblers, and its mips32 instance: assem. Attempts of its extension to x86-64 ultimately failed. • a library for declaratively-specified parsers: bin- type • a declaratively-specified ELF parser: cl-io-elf • a MIPS binary analysis library and application used to employ flow-sensitive analysis to search application binaries for instruction traces with particular properties, that were found to be problematic on certain company CPUs: turing KEYWORDS KEYWORDS

LANGUAGES Haskell, Common Lisp, MANAGEMENT org mode, Taskjuggler, Python, C99 YouTrack, yEd, VUE

HASKELL type-driven design, FRP, FFI, TYPESETTING TEX, LATEX, TikZ making DSLs with Template UX(GUI) any haskell FRP GUI library I’ll Haskell, higher-kinded types, likely be comfortable with, existentials, light dependent McCLIM, gtk; likely can do Qt types (type families, GADTs, without much of a problem data kinds), exploiting laziness, shell-like OPENGL legacy GL with display lists, programming; dabbling with: LambdaCube3d (purely STM, free (and freer) monads; functional GPU pipeline excited about: linear types, programming), VOGL (Valve dependent types OpenGL debugger); generally find interactive visualisation COMMON LISP DSL design, macros, deep fascinating exploitation of staging, monadic parsing, FFI, GUI, WEB html, css, jquery; excited about: low-level hardware access GHCJS, WebAssembly, TypeScript, Elm VIRTUALIZATION x86-64 platform, VMx, EPT, VT-d, interrupt virtualisation, RESEARCH extended experience reading PCI device passthrough, CPU scientific publications on a takeover, firmware hooking variety of topics: programming language theory, type theory, OS KERNELS Linux, Barrelfish compiler internals, hypervisor & BAREMETAL x86-64, mips32 OS implementation, vulnerability exploitation, SECURITY separation kernels, security computer security in general policy enforceability, security modeling, attack surface analysis RELOCATION ANALYSIS transpilers (language-to-language Possible, but not before Q3/Q4 2017. compilers), passing interest in control flow/data flow analysis (aka CFA/DFA) COMMUNICATIONSKILLS

HIGHLOAD whole-system performance RUSSIAN Native speaker analysis, data path analysis, ENGLISH Oral: fair – Written: good zero-copy programming, bcc, perf, strace, gprof, sar, iotop, FRENCH Stale, barely functional, but used to blktrace, vmstat, slabtop, have good pronounciation : -) tcpdump DEVTOOLS ghc, sbcl, gcc, clang, NON-WORK STUFF I ENJOY valgrind et al., GDB, VOGL, make, shell, git, emacs, ⇒ running intero, slime, git-svn, Nix ⇒ fasting DEVOPS Travis CI, phabricator, gerrit, gitlab, github, NixOS, docker, ⇒ mountains of all kinds: hiking, alpinism, rock personal projects climbing (in past, sadly..) OS ADMIN NixOS, Debian, Fedora, CentOS, Nix, selinux, systemd, postgresql, qmail, tinydns, iptables, OpenVZ, docker, OpenVPN