RHUL Cyber CDT Blog

In August 2025, I had the pleasure of attending the Symposium on Usable Privacy and Security (SOUPS) which was co-located with USENIX Security Symposium in Seattle, WA, USA. The technical program covered a wide range of topics within usable privacy and security and brought together interdisciplinary researchers and practitioners with valuable perspectives on security, privacy, and human-computer interaction. This year, the conference was held in Seattle, which provided a great setting as Washington state attracts tech startups and is the base for tech giants such as Amazon and Microsoft. Alongside 30 accepted papers presented across two days, the conference also held workshops, a poster session, lightning talks, a mentoring program and plenty of opportunities to network with attendees. Selected papers drew upon crucial topics on privacy and security, from exploring contemporary scams, to understanding user perceptions of generative AI, and IOT misuse. Papers also provided new insights ...

The 3 rd International workshop on Mining Software Repositories for Privacy and Security (MSR4P&S) this year, was co-located with SANER25 in Montreal, Canada. I was fortunate to be able to attend and present my recent work, Links Between Package Popularity, Criticality, and Security in Software Ecosystems. MSR4P&S focusses on the application of software mining techniques to the security domain, an intersection particularly relevant to my interests in software supply chain risks. This year, the work presented, ranged from the study of LLM PII disclosure risks, to Software Bill of Materials (SBOM) standards conformity. The other published works can be found on the workshop’s webpage . In the work I presented, we investigated the relationships between package popularity, criticality, and security within software ecosystems, specifically Python and JavaScript/TypeScript. Given the increasing maintenance workloads and stressors faced by open-source software (OSS) maintainers, our...

It is hard to imagine two more different conferences. On the one hand, there was the second iteration of the Global Conference on Cyber Capacity Building, full of international organisations, cyber not-for-profits, with its global representation of government cybersecurity officials and implementors. The setting, Geneva, with its international bodies from WTO to UEFA and mountainous scenic backdrop, was spectacular, the conference crowd well attired and familiar, the content reassuringly predictable, and the catering abundant. On the other hand there was the UK Evaluation Society conference in Glasgow. No less spectacular in its own way, but with a crowd of evaluation experts and academics who were much less familiar, the content expansive and original, not a suit in sight, and no free drinks. And whilst both areas, cybersecurity capacity building and evaluation, are well known and well understood in their own right by experienced practitioners and seasoned professionals, if you ...

  Thanks to its flexibility, clear syntax, and a vast collection of third-party libraries, Python is currently one of the most popular programming languages. Its success, however, is also due to a large international community that constantly contributes to the surrounding software ecosystem and the integration of new features. But community is also about getting together and learning from each other, which explains why numerous Python conferences – collectively known as PyCon – are regularly organized all over the world. Being a Python enthusiast and given the importance of this language in my PhD research, last summer I submitted a talk proposal at a new event organized in Poland, PyCon Wroclaw . I am very pleased to report that my proposal was accepted, and that I delivered my talk, ' Serverless Computingand Python: Security Challenges and Ongoing Research ', at the end of November.   The main objective of the talk was to share the results of my last paper as well as p...

The Annual Global Forum on Cyber Expertise meeting was held at the Organization of American States headquarters building, impressively located next to the Washington Monument. The event welcomed global participants from senior policy makers through to technical experts. In between the keynote addresses and workshops, researchers from Royal Holloway’s CDT in Cyber Security and  Oxford University’s Global Cyber Security Capacity Centre were invited to discuss impact evaluation in cybersecurity capacity building. Cybersecurity capacity building aims to help to improve cyber security maturity, and the UK and likeminded nations regard it as paramount. At a time of heightened geopolitical tension, the focus remains on undermining the ability of adversaries to gain advantage through cyber means, as well as impeding the ability of cyber criminals to pursue nefarious goals. The aim is to reduce the cost of such attacks on the UK and partners. Impact evaluation in cybersecurity capacity bui...

From the 28th to 31st of May, a number of CDT researchers attended the NATO Cooperative Cyber Defence Centre of Excellence conference on Cyber Conflict (Cycon). The conference took place in Estonia’s capital city of Tallinn, providing an excellent setting for understanding the current state and thinking of cyber conflict discussion. This year's theme was “Over the Horizon” as discussions centered around the future cyber conflict, and is sure to be beneficial in next year’s theme: “The Next Steps”. Talks ranged from Technical, Legal, and Strategic. The conference “Day 0” event was a day to enjoy workshops, including one workshop conducted by Dr Michael P. Fischerkeller, Dr Emily Goldman, and Prof Richard Harknett for the purpose of establishing a proactive cyber operational element into NATO. Other events on this day included a workshop incorporating tabletop game design into cyber election interference, discussions of AI, and the use of cyber capabilities in the ongoing war in Ukra...

The UK Cyber 9/12 Strategy Challenge is an annual competition designed to foster the next generation of cyber security professionals. Teams of four university students take on the role of senior government advisors responding to a complex and escalating cyber-attack with national and international ramifications. Competing teams receive intelligence packs consisting of reports gathered from multiple sources. They must work together to analyse the report, developing an understanding of the technological, political and legal implications of the content. Then, they present their analysis and recommendations to a panel of judges from government and industry. We’re delighted that CDT Student Phil Sheriff successfully coached a mixed team from different universities into third place. Kira from team Nocturnal shares with us her thoughts on the competition.  We were a mixed team from different universities across the UK including RHUL, University of Newcastle, University of Southampton an...

The Conference on Cyber Capacity Building was held in Ghana at the end of November 2023, with RHUL represented and jointly running a workshop. The aim of the conference was to mainstream cyber resilience and capacity building within the international development agenda, breaking down silos to help better integrate digital development and cyber-security. It was preceded by the Global Forum for Cyber Expertise conference, with a number of events bringing together considerable experience and expertise in the form of practitioners, donors, recipients and academics. The conference championed the theme of cyber capacity building. The subject matter ranged from the technical aspect of CERT information sharing and critical infrastructure protection through to implementing international commitments and the role of international law in strengthening cyber resilience. As with the very best conferences, there were opportunities to network and socalise with participants ranging from foreign ministe...

This year’s Asiacrypt took place from 4th to 8th December in Guangzhou, China. Many of the presented works contained fascinating ideas, and I also really enjoyed many of the talks that were outside of my research area, homomorphic encryption. For example, the work of [CMT23] proposed an attack on Goppa codes based on fascinating ideas from computational algebraic geometry. Another cool work containing cryptanalysis is [WW23], who presented a potential, very insightful break of the k-R-ISIS assumption in addition to their construction of functional commitments. The session on HE contained four talks, including our talk on using Galois automor-phisms for faster bootstrapping [OPP23]. Afterwards, Zeyu Liu presented their work on bootstrapping [LW23]. It was really nice to finally meet him and his coauthor Yunhao Wang, as we had already exchanged emails before. The other talks on HE proposed a way to compress rotation/Galois keys using a hierarchical structure [Lee+22] and improvements to ...

Far out in the heavily charted waters of the icy Arctic Sea lies a much regarded archipelago called Svalbard, and there, on the largest island Spitzbergen, is a town called Longyearbyen. Much regarded, that is, by international eyes seeking a foothold in the Arctic as ice and snow melt away with climate change, 'opening up' the once mystical Northwest Passage to allow for trading and further extraction of fossil fuels, the use of which continues to be a major contributor to climate change. Consequently, Norway is seeking to maintain its presence on the archipelago as even more eyes turn northwards. There is much fanfare regarding Longyearbyen's "remoteness," and yet it is host to numerous festivals, including the northernmost Blues music festival, Dark Season Blues, and is regarded as home to a whole host of people from various different corners of the globe; in fact, there are over fifty different nationalities registered in Longyearbyen. It was the Blues festiva...

From 13th to 17th November, I attended Web Summit 2023 in Lisbon as part of the Women in Tech network. Despite being an industry-facing conference, the insights provided valuable perspectives on the fast-paced tech environment.   With over 70,000 attendees and 800 speakers, selectivity in talk attendance was necessary. I focused on cybersecurity, privacy, Generative AI, regulations, and ethics. Crucial themes included robust cybersecurity measures, the evolving threat landscape with Generative AI, and the need for proactive strategies. Privacy, a fundamental right, was discussed in safeguarding personal data. Trust in technology, especially with big tech, was scrutinized, emphasizing transparent practices and ethical considerations. Calls for meaningful regulations for responsible tech use were prominent.   A personal highlight was the privilege of hearing impactful thought leaders, including Meredith Whittaker (Director of Signal), who shared insights on the ethical dimensio...

 An interesting fact hit me when I arrived in Zurich, that I didn’t really plan travel as diligently as I used to. Why indeed would I need to when my mobile phone gives access to information whenever I need it. Indeed my phone would pick up signal soon and give access to my onward journey details. Just need to wait and be patient. Just a bit longer and it will connect. Keep heading out the airport and the phone will be there for you. Or maybe not. Okay, the old fashioned way it is then. Look at signs, use brain, modernity will reawaken surely at some point. No problem. Train to central Zurich then tram to hotel, easy. Indeed. Slight concern passing a riot truck with multiple armed police as I changed from tram to train but on track (indeed now power line too). Hang on riot truck and armed police… mmm… carry on… phone refresh… nope not alive yet. Ah, my stop. Indeed the last stop. As I got off and the circular ending took the tram back into the city. Leaving me, well in the middle o...

At the somewhat antisocial hour of 4am on the 12 th  September 2023, a taxi arrived to take me to Heathrow Airport – destination Limassol in sunny Cyprus for the annual COPA (Conformal and  Probabilistic Prediction with Applications) conference organised by Frederick University Cyprus. This conference is not a typical security conference as it is focused on the advancement of machine learning and conformal prediction. However, many of the theories presented and their applications such as advancements to concept drift and conformal prediction have been used in security papers in fields such as finance and malware.   I would say that the value of attending a conference is not limited to listening to people’s presentations. The opportunity to network with other researchers and companies and see how they are using similar technologies was invaluable. I was able to speak to the creators of machine learning libraries that I use and it was interesting to hear that they lo...

On Saturday 1st July over 1,000 alumni and current participants of the Teach First program gathered at the Totteridge Academy in North London. The reason? Teach First was celebrating 20 year of tackling educational inequality. Initially set up with a cohort of c.150, myself being one of the ‘guinea pig’ year back in 2003, it has grown to over ten times this annual number. Over this time technological developments have come thick and fast, with ChatGPT being just the latest of inventions to grab the public imagination. Initial discussions I’ve had at university and in my school governor role took the form of how students can use ChatCPT to cheat on assignments. These discussions evoked a situation 20 years ago when Wikipedia pages were used by pupils verbatim to circumvent actually doing research homework. So like most things, a problem which is not completely without precedent, but giving some additional challenges. An evolution of the ‘cheating student’ discussion followed into how Ch...

After enjoying the privilege of a long vacation and a few months of distance since my viva, it is time to reflect upon my time in the CDT. A long time ago, in 2018, when the UK was still part of the EU and for most people in Europe pandemic referred only to a board game, I moved to the green and leafy Egham hill. Knowing little of what the future had in store, I had a great time making new friends in my cohort and beyond, enjoying the social activities of the CDT and running with colleagues in the Windsor Great Park. Further, having access to a seemingly unlimited travel budget opened the door to the cryptographic community widely. Leaving my comfort zone and going to my first cryptography conferences and summer schools, I got to know other researchers. This made it not only more fun - and less scary - to go to conferences in later years, but also proved invaluable for the exchange of research ideas, for starting new collaborations and working together with people across borders during...

On June 29th and 30th, Royal Holloway’s CDT in Cyber Security for the Everyday was delighted to host colleagues from the cyber security CDTs based in Bath/Bristol and UCL for the annual Inter-CDT Summer Conference. This conference series is student-led and student-organised, with this year’s conference theme being Making Connections. Making Connections is an important aspect of the PhD journey for each CDT student, since researchers are not only expected to make connections with students from their own cohort and other cohorts, but also make connections between the many different facets of cyber security that have relevance to their specific research projects. This typically also involves making connections with individuals from other organisations, including other CDTs, which is precisely what the Inter-CDT Summer School facilitates. The conference was excellent planned, with a real mix of activities and formats. Day one began with an ice-breaking activity which immediately enabled co...