Welcome to S3Lab

The research carried out at the Systems & Software Security Lab (S3Lab) within the Information Security Group (ISG) at Royal Holloway University of London focuses on researching novel algorithms, techniques and tools to protect software and systems against malicious threats. We are currently investigating several aspects of malware analysis, smartphone security and SGX security. You can find more information about our research areas here.

Most of our research is sponsored by the UK Engineering and Physical Sciences Research Council (EPSRC) and the European Union's Horizon 2020 (H2020) Research and Innovation Programme. You can find more information about our current projects here. S3Lab has evolved from the Systems Security Research Lab (S2Lab), which was founded by Lorenzo Cavallaro in September 2014, and has moved at here.

To reach us, please send us an email at s3lab AT rhul dot ac dot uk.

News

A paper titled A Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs by Ziya Alper Genç (University of Luxembourg), Gabriele Lenzini (University of Luxembourg) and Daniele Sgandurra (S3Lab) has been accepted to appear in the 2019 Annual Computer Security Applications Conference (ACSAC 2019).

Members of the S3Lab have organized the 1st Workshop on Cyber-Security Arms Race (CYSARM), which will be co-located with the 26th ACM Conference on Computer and Communications Security, November 15, 2019 — London, UK. More information about this workshop and the call for papers are available at the workshop website: https://www.cysarm.org/.

Members of the ISG and S3Lab organized the “SmallPeice Residential Capture the Flag (CTF)” event on 2nd April 2019 at Royal Holloway’s campus in Egham, which was attended by 60 Year 9 students. The main goal of SmallPeice Residential CFT is to provide a fun and compelling learning experience for students through a set of online and offline cyber-security challenges. The philosophy underpinning this event is to inspire young students to consider cyber-security from a different perspective — that of cyber-attackers — as a practical step to understand how vulnerabilities get exploited in real systems and how to mitigate them. The activities were led by Joe Rowell, a first-year ISG PhD student in the EPSRC Centre for Doctoral Training (CDT) in Cyber Security. Joe collaborated with S3Lab in setting up the environment with the cyber-security challenges to be solved.

Daniele Sgandurra attended the 7th International Cybersecurity Symposium, Keio University, Tokyo to discuss plan for the first global capture-the-flag (CTF) competition. During this event, the results of the first trial online CTF were announced. The CTF competition was played by 150 students from leading universities all around the world, and the Royal Holloway team faced contenders from Cambridge, University of Tokyo, Keio University, Oxford and MIT among others. Emanuele Uliana was awarded first place, and Claudio Rizzo (S3Lab) came second, both of them are PhD students in Computer Science at Royal Holloway. In addition, the ‘Ethical Disclosure Award’ was given to Roberto Jordaney (S3Lab), a PhD student in the Information Security Group at Royal Holloway, who was praised during the ceremony for his findings - discovering a vulnerability in the platform - and his ethical behavior for reporting the vulnerability to the provider for fixing. More information are available here.

On the 19th of October 2018, S3Lab members organized and participated in the 1st Workshop on Quantum-Resistant (QR) Crypto Algorithms suitable for inclusion in Trusted Platform Modules (TPM), which took place in Lisbon, Portugal. This workshop was aimed at presenting a first set of preliminary results of the FutureTPM project in researching QR cryptographic algorithms that are suitable for inclusion in a TPM. The workshop was attended by more than 60 experts from academia and industry from the quantum-safe cryptography community. More information are available here.

Recent Publications

This is a list of recent papers:

  • Download the PDF

    A Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs.

    Ziya Alper Genç, Gabriele Lenzini and Daniele Sgandurra.

    [ACSAC] 35th Annual Computer Security Applications Conference (2019)

    @inproceedings {}
    
  • Download the PDF

    A Study of the Feasibility of Co-located App Attacks against BLE and a Large Scale Analysis of the Current Application Layer Security Landscape.

    Pallavi Sivakumuran and Jorge Blasco.

    [Usenix] 28th USENIX Security Symposium (2019)

    @inproceedings {sivakumuran18,
    author = {Pallavi Sivakumuran and Jorge Blasco},
    title = {A Study of the Feasibility of Co-located App Attacks against BLE and a Large Scale Analysis of the Current Application Layer Security Landscape},
    booktitle = {28th USENIX Security Symposium},
    year = {2019},
    address = {Santa Clara, CA},
    publisher = {USENIX Association},
    note = {USENIX Sec},
    url = {https://arxiv.org/pdf/1808.03778.pdf}
    }
    
  • Download the PDF

    On Deception-Based Protection Against Cryptographic Ransomware.

    Ziya Alper Genç, Gabriele Lenzini and Daniele Sgandurra.

    [DIMVA] 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (2019)

    soon...
    
  • Download the PDF

    Exact Inference Techniques for the Analysis of Bayesian Attack Graphs.

    Luis Muñoz-González, Daniele Sgandurra, Martín Barrère, Emil C. Lupu.

    [TDSC] IEEE Trans. Dependable Sec. Comput. 16(2): 231-244 (2019)

    @article{DBLP:journals/tdsc/Munoz-GonzalezS19,
      author    = {Luis Munoz{-}Gonzalez and
                   Daniele Sgandurra and
                   Mart{\'{\i}}n Barr{\`{e}}re and
                   Emil C. Lupu},
      title     = {Exact Inference Techniques for the Analysis of Bayesian Attack Graphs},
      journal   = {{IEEE} Trans. Dependable Sec. Comput.},
      volume    = {16},
      number    = {2},
      pages     = {231--244},
      year      = {2019},
      url       = {https://doi.org/10.1109/TDSC.2016.2627033},
      doi       = {10.1109/TDSC.2016.2627033},
      timestamp = {Fri, 22 Mar 2019 15:07:17 +0100},
      biburl    = {https://dblp.org/rec/bib/journals/tdsc/Munoz-GonzalezS19},
      bibsource = {dblp computer science bibliography, https://dblp.org}
    }