Iskander Sanchez-Rola

Iskander Sanchez-Rola

Iskander Sanchez-Rola
Researcher

Selected Academic Papers

pdf
SoK: Exploring Current and Future Research Directions on XS-Leaks through an Extended Formal Model

In Proceedings of the 17th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2022)

pdf
When Sally Met Trackers: Web Tracking From the Users' Perspective

In Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022).

pdf
Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing

In Digital Threats: Research and Practice (DTRAP 2020) - ACSAC Special Issue

pdf
Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web

In Proceedings of The Web Conference (WWW 2020)
We present the first comprehensive study of the possible security and privacy implications that clicks can have from a user perspective, analyzing the disconnect that exists between what is shown to users and what actually happens after.

pdf
Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships

In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021) Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware.

pdf
Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control

In Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)
We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.

pdf
BakingTimer: Privacy Analysis ofServer-Side Request Processing Time

In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC 2019)
We propose a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, and it does not require any permission.