Iskander Sanchez-Rola | NortonLifeLock

Iskander Sanchez-Rola
Researcher

Iskander Sanchez-Rola is Technical Director within the Office of the CTO - Innovation Labs.

He holds a highly-awarded Ph.D. in Computer Science from the University of Deusto (Spain), advised by Igor Santos and Davide Balzarotti. He has carried out various research stays, including CERT/CC in Carnegie Mellon University, EURECOM, and University of California, Santa Barbara.

He leads novel studies, is member of prestigious program committees, and has authored numerous publications in top venues. He is working on shaping the next generation solutions on internet security and privacy. Multiple products that started as his personal projects, are now helping stop billions of cyber threats around the world. More information about him can be found on his personal website: iskander-sanchez-rola.com

Selected Academic Papers

SoK: Exploring Current and Future Research Directions on XS-Leaks through an Extended Formal Model

Tom Van Goethem, Gertjan Franken, Iskander Sanchez-Rola, David Dworken, and Wouter Joosen

In Proceedings of the 17th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2022)

When Sally Met Trackers: Web Tracking From the Users' Perspective

Savino Dambra/Iskander Sanchez-Rola (co-first authors), Leyla Bilge, Davide Balzarotti

In Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022).

Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing

Iskander Sanchez-Rola, Davide Balzarotti, and Igor Santos

In Digital Threats: Research and Practice (DTRAP 2020) - ACSAC Special Issue

Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web

Iskander Sanchez-Rola, Davide Balzarotti, Christopher Kruegel, Giovanni Vigna, and Igor Santos

In Proceedings of The Web Conference (WWW 2020)
We present the first comprehensive study of the possible security and privacy implications that clicks can have from a user perspective, analyzing the disconnect that exists between what is shown to users and what actually happens after.

Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

Iskander Sanchez-Rola, Matteo Dell'Amico, Davide Balzarotti, Pierre-Antoine Vervier, and Leyla Bilge

In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021) Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware.

Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control

Iskander Sanchez-Rola, Matteo Dell'Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, and Igor Santos

In Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)
We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.

BakingTimer: Privacy Analysis ofServer-Side Request Processing Time

Iskander Sanchez-Rola, Davide Balzarotti, and Igor Santos

In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC 2019)
We propose a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, and it does not require any permission.