Iskander Sanchez-Rola is currently Senior Principal Researcher. He holds a Ph.D. in Computer Science from the University of Deusto (Spain), advised by Igor Santos and Davide Balzarotti. He has carried out various research stays, including CERT Coordination Center in Carnegie Mellon University, EURECOM, and University of California, Santa Barbara.
His main research interest is web security and privacy (e.g., user tracking or browser fingerprinting), and has authored multiple research papers in top venues. More information about him can be found on his personal website: iskander-sanchez-rola.com
Selected Academic Papers
In Proceedings of the 17th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2022)
In Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022).
In Digital Threats: Research and Practice (DTRAP 2020) - ACSAC Special Issue
In Proceedings of The Web Conference (WWW 2020)
We present the first comprehensive study of the possible security and privacy implications that clicks can have from a user perspective, analyzing the disconnect that exists between what is shown to users and what actually happens after.
In Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021) Our analysis lets us paint a highly detailed picture of the cookie ecosystem, discovering an intricate network of connections between players that reciprocally exchange information and include each other's content in web pages whose owners may not even be aware.
In Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ACM ASIACCS 2019)
We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly. On the other hand, we find that tracking remains ubiquitous.
In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC 2019)
We propose a new history sniffing technique based on timing the execution of server-side request processing code. This method is capable of retrieving partial or complete user browsing history, and it does not require any permission.