Serge Kosyrev Curriculum vitae ROLE SOUGHT b Zelenograd, Moscow (RU) ) Technologist T +7 (905) 5380951 ) Architect / team lead B kosyrev.serge protonmail com ) Senior software engineer E deepfire.github.io SYSTEM BUILDING EDUCATION 2000-2001 Engineering institute ) a SoC-targeted system software development and National Research University of assurance toolchain (IEEE 1149.1) Electronic Technology, Moscow ) two transpilers (one used in critical production environment) 2002-2006 Business school Institute of International Business ) a package manager and a proto-CI system for a Education, Moscow diverse environment (personal project) ) a hypervisor-based secure endpoint (prototype); the hypervisor was written from scratch PUBLIC PROJECTS 2017 undisclosed project HIGH-LEVEL DECLARATIVE DESIGN a knowledge representation & PROGRAMMING and visualisation tool. Don’t feel like talking about it yet ) pure, typed, functional: to support program rea- 2017 reflex-glfw soning, refactoring and assurance a library facilitating use of Re- • Haskell (expressive higher-kinded & dependent flex FRP with OpenGL/GLFW types, reactive (FRP), lazy evaluation) 2017 Barrelfish OS contributions ) metaprogramming: expanding ability to express Nix-based build environment solutions to very complex problems reproducibility (merged up- • Common Lisp (an extensible compiler) stream), stack traces (work in progress) PROGRAM SEMANTICS, 2015-ONGOING Contributions to Nixpkgs packaging software I need COMPILATION AND ANALYSIS for the NixOS Linux distribu- tion/package repository ) written two transpilers, an assembler/disassembler and a control flow analysis tool 2015 Ruin ) had a passing interest in flow analysis (CFA/DFA) a heterogenous, declarative of higher-order programming languages build system: when your build is too twisted with conventional tools MAINSTREAM 2014-2016 weld, youtrack, org-magit- review, some unreleased) ) mid-level POSIX programming tools for git and project man- • debugging sockets, threads, profiling, zero-copy agement (going fast), IPC, conventional GUI (gtk2) 2013 cl-org-mode ) low-level hardware programming a suite of parsers/serialisers • debugging C, x86-64, MIPS, Linux kernel, bare- for org-mode metal hypervisor with printf(), gdb, JTAG 2011-2013 partus a transpiler of a subset of Com- MISCELLANEOUS mon Lisp to Python3 ) entry-level OpenGL and shaders 2008-2011 executor, gittage, desire a suite of libraries culminating ) TeX / LaTeX / TikZ, some Web (front/back) in a git-based distributed soft- ) expert-level Linux administration & trouble-shooting ware delivery and automated ) knowledge visualisation and interaction systems testing system (that never re- • this has been my long-time fascination ally took off) WORK EXPERIENCE JANUARY 2013 - AUGUST 2014 (1 YEAR 8 MONTHS) Positive Technologies SEPTEMBER 2014 - NOW (2 YEARS 5 MONTHS) Positive Technologies Department of virtualisation, Department of virtualisation, head team lead Leading development of a hypervisor-based Spear-headed development of a hypervisor-based secure endpoint prototype: endpoint prototype for consumer x86-64-based hardware: ) Managing a diverse team of up to 13 members, ...think consumer-friendly Qubes OS mostly researchy-kind of people ) overall architecture ) Leading the design and architecture effort ) build system & testing automation • security architecture, interdomain communica- ) tion general implementation • • facilitation of consensus in a heavily democratically- memory management slanted context • interdomain communication • too much conflict management ) code repository maintenance ) Implementation all across the board: hypervisor, ) managing a growing team userspace and tooling ) Organised further infrastructure development: build JANUARY 2012 - DECEMBER 2012 (1 YEAR) system, testing automation & continuous inte- Positive Technologies gration Department of advanced development, • three build systems, one culminating in an open Senior Developer / Analyst source project (building a deliverable package including hypervisor, kernel drivers, OS services ) Supported further deployment of the new sys- and userspace is a non-trivial task): Ruin tem, through applying first-hand experience of • guiding deployment of Nix and Docker as means developing a couple of forensics analysis mod- for reproducible builds in a precisely specified ules within the new framework: environment • a fast regex on steroids • ) Resource allocation and planning, hiring analysis of the Windows eventlog event streams and correlation heuristics for suspicious pat- ) Talking to sales people terns ) Making presentations for external consumption ) Analysis of usage practices and shortcomings of in-house knowledge base development infrastruc- ) Developed an administrative process, to facili- ture. tate staged, planned materialisation of a high- level project vision. Implementation of this pro- ) Early research on the viability of a secure end- cess was ultimately unsuccessful point based on a virtualisation-enforced isola- tion. Transformation of the management’s high- ) Personal decision to end the project level concept of such an endpoint into a techni- Research direction: cal vision. ) Organised research into Intel Management En- gine: threats, deactivation methods. This re- search culminated in a deactivation tool and a conference talk. ) Organised a research survey on the kernels suit- able as basis for the next product iteration. ) Produced a preliminary design of a next-generation hypervisor-based secure endpoint system based of the Barrelfish OS. ) Produced a research survey on the state-of-art in security kernels: • origin of security kernels • fundamental problem of security policy enforce- ability • separation kernels • state of art in verified kernels OCTOBER 2010 - DECEMBER 2011 (1 YEAR 2 in-house version of the tool included a McCLIM- MONTHS) based GUI, facilitating interactive search and Positive Technologies visualisation of problematic subsequences in the Senior developer basic block graph ) Developed an alternate JTAG toolstack, that was ) Produced a detailed (HyperSpec-style) reference ultimately abandoned: specification for semantics of an in-house ad- • a library for declarative description of register hoc dataflow language (including relevant parts format/sets as well as devices and their hier- of its runtime system) used to capture domain- archies. Pro: a single, human-readable piece specific knowledge used by the flagship company of text facilitating both register accessor code product. generation, validation and documentation pur- ) In collaboration with in-house domain experts, poses. The library supported partial validation captured the design requirements for a next gen- of device / register / field / value usage correct- eration of the dataflow language. ness at compile-time: bitmop • ) Designed alternate, Python3-based syntax & se- extensions and a port of a Common Lisp GDB mantics for the dataflow language. Implemented stub library by Julian Stecklina: gdb-remote a runtime system for these semantics. • a tool for high-speed flashing of JTAG target devices, based on a combination of host-target ) Designed and implemented a transpiler (inter- bulk transfer and a code generator producing a language compiler) (in Common Lisp) from the platform/flash-chip-specific flashing routine on original ad-hoc dataflow language to the new Python the target semantics. The transpiler included a measure of simple static analysis and helped catching a • a programmable debugger substrate, based on number of bugs in the knowledge base. the above: common-db • a toolchain, facilitating automation of Linux ker- ) Built an online compilation service, to facilitate nel debugging experience, based on above smooth transition of the constantly evolving knowl- edge database. ) Consumer-ready packaging of the high-speed flash- ing tool: console UI, documentation and support ) Oversaw a successful transition of the entire knowl- request servicing. edge base from the old system to the new lan- guage & runtime. ) Developed a customization in the GCC code gen- erator to work around an FPU bug in a version OCTOBER 2003 - SEPTEMBER 2010 (7 YEARS) of company CPU product Elvees Developer ) Helped to identify several CPU bugs: timing-sensitive cache/TLB interaction, bus access anomalies ) Maintenance of a Linux kernel port to the in- house Elvees Multicore series of SoCs. Linux kernel driver development (NICs, custom proto- col serial interlink, DSP access device). ) Development and maintainership of a pre-existing JTAG access toolstack used to facilitate both chip validation (in-house engineers) and software de- velopment (both in-house and external). The tool- stack consisted of a portable (Windows, Linux) low-level JTAG TAP access library, a portable console-based debugger and a Windows IDE plu- gin. ) Developed a series of binary analysis tools for the Multicore platform: • a library for declaratively-specified assemblers and disassemblers, and its mips32 instance: assem. Attempts of its extension to x86-64 ul- timately failed. • a library for declaratively-specified parsers: bin- type • a declaratively-specified ELF parser: cl-io-elf • a MIPS binary analysis library and application used to employ flow-sensitive analysis to search application binaries for instruction traces with particular properties, that were found to be prob- lematic on certain company CPUs: turing KEYWORDS KEYWORDS LANGUAGES Haskell, Common Lisp, MANAGEMENT org mode, Taskjuggler, Python, C99 YouTrack, yEd, VUE HASKELL type-driven design, FRP,