RHUL Cyber CDT Blog

 By Jessica Mcclearn      After a long winter of writing my PhD thesis, I was very happy to wake up and drink espressos in the early morning sunshine of Barcelona for a much-needed caffeine boost before heading to the ACM CHI conference for a week! The ACM conference on Computer-Human Interaction is the largest conference in the field, with over 5000 in-person attendees over five days. The main reason I attended CHI this year was to support a co-author during their presentation of our work on help-seeking for fraud and scams, a research project we worked on together while interning at Google in the NYC office. Through an analysis of 405 Reddit posts, we explored the motivations and hooks for scam engagement before delineating how people seek help for scams across different stages. We did so by developing a taxonomy of scam types and then analysing scammers' emotional and technical tactics for engaging targets. We expanded prior frameworks in HCI literature and sugg...

 This past December, I was honoured to attend Asiacrypt 2025 in Melbourne, Australia. As one of the three flagship conferences organized by the International Association for Cryptologic Research (IACR), the event serves as a top venue for peer-reviewing and showcasing the most significant advancements in the field of cryptography. The 2025 program featured a rigorous selection of papers, with a notable emphasis on lattice-based cryptography, symmetric encryption, advanced cryptography, etc. Beyond theoretical perspective, the conference also highlighted various practical applications, including secure messaging and real-world implementations. After a 21-hour journey, I landed in Melbourne. I’ve always felt a deep connection to this city because I completed my master's at Monash University - also one of the event organizers, yet I had never actually been to Australia. Due to the pandemic, my studies were entirely remote. It took three years after my graduation, but I finally mad...

 By Mikaela Brough (CDT in CyberSecurity 2022) From December 11–12, I attended the Cryptology and Social Life Workshop in Trondheim, hosted by the Norwegian University of Science and Technology (NTNU). I was drawn to this workshop because the attendees comprised a unique academic mix — those whose work touches on, or is at least informed to some extent by, an interest in the socio-political and cultural implications of cryptographic technologies. Among the attendees were both social scientists (e.g., design anthropologists and sociologists) and cryptographers. What made the workshop distinctive was not only the topics of the talks, but the format itself. Each keynote was followed by extended small-group discussions, deliberately set up to bring together people from different disciplinary backgrounds. The result of this was not just a series of presentations, but in-depth conversations across fields that do not always share the same assumptions, methods, or vocabularies.  In my...

  The annual IEEE Quantum Week is one of the largest global convocations of quantum technology researchers, developers, and policymakers from across government, industry, and academia. Its sixth iteration, held from 31 August–5 September 2025 in Albuquerque, New Mexico (USA) reflected a mood of accelerating interest and hype around the quantum technologies domain, with especial focus on quantum computing, quantum algorithms, and quantum communications. The last decade has been a transformative one for the maturing of quantum technologies from theoretical curiosities to early-stage commercially experimental applications, and real and important progress has been made across this time. But practical utility is still sharply limited : great hopes and grand claims about the future capabilities of quantum computers in particular run freely in the investment space around quantum technologies, but the actual capacity of current quantum computers—even those publicly available via quantu...

 For the specialist community interested in cybersecurity standardization in Europe, visiting Sophia Antipolis, home to the European Telecommunications Standards Institute, better known as ETSI, is something of a rite of passage. Set among rolling, pine-clad hills overlooking the Mediterranean, the sublime location of this leading European technology park hardly hints at the highly technical work taking place within it. Founded in the early 1970s as a science and knowledge centre , Sophia Antipolis took its name from the ancient Greek Antipolis trading post, the predecessor of modern-day Antibes, located along the Côte d’Azur’s historic maritime routes. Its architects leaned into this lineage, shaping the technopole as a space where technology, innovation and commerce could meet. Today it hosts around 2,500 companies and organisations across sectors from biotechnology and fintech to cybersecurity. Its strong ICT and telecommunications orientation, already emerging in the late 198...

10th Cracow Conference on Graph Theory By Emma Smith (Research Postgraduate - Ph.D, Information Security, Maths)     In September 2025, I attended the 10th Cracow Conference on Graph Theory, held at AGH University   in Poland. I’ve been fortunate to attend and present at many conferences during my years in the CDT, but this was the first time I’d been invited to speak — an exciting (and slightly nerve-wracking) milestone! Giving a talk is always a valuable exercise, no matter where you are in your research journey. It forces you to take a step back and take stock of your work. In preparing for this one, I finally found clarity on how I want to structure my thesis — a small but satisfying breakthrough that made the late nights of slide editing in my hotel room feel worth it. The conference itself was exceptionally well organised, with a great mix of keynote talks, focused thematic sessions, and lots of food! My talk was part of the Designs...

In August 2025, I had the pleasure of attending the Symposium on Usable Privacy and Security (SOUPS) which was co-located with USENIX Security Symposium in Seattle, WA, USA. The technical program covered a wide range of topics within usable privacy and security and brought together interdisciplinary researchers and practitioners with valuable perspectives on security, privacy, and human-computer interaction. This year, the conference was held in Seattle, which provided a great setting as Washington state attracts tech startups and is the base for tech giants such as Amazon and Microsoft. Alongside 30 accepted papers presented across two days, the conference also held workshops, a poster session, lightning talks, a mentoring program and plenty of opportunities to network with attendees. Selected papers drew upon crucial topics on privacy and security, from exploring contemporary scams, to understanding user perceptions of generative AI, and IOT misuse. Papers also provided new insights ...

The 3 rd International workshop on Mining Software Repositories for Privacy and Security (MSR4P&S) this year, was co-located with SANER25 in Montreal, Canada. I was fortunate to be able to attend and present my recent work, Links Between Package Popularity, Criticality, and Security in Software Ecosystems. MSR4P&S focusses on the application of software mining techniques to the security domain, an intersection particularly relevant to my interests in software supply chain risks. This year, the work presented, ranged from the study of LLM PII disclosure risks, to Software Bill of Materials (SBOM) standards conformity. The other published works can be found on the workshop’s webpage . In the work I presented, we investigated the relationships between package popularity, criticality, and security within software ecosystems, specifically Python and JavaScript/TypeScript. Given the increasing maintenance workloads and stressors faced by open-source software (OSS) maintainers, our...

It is hard to imagine two more different conferences. On the one hand, there was the second iteration of the Global Conference on Cyber Capacity Building, full of international organisations, cyber not-for-profits, with its global representation of government cybersecurity officials and implementors. The setting, Geneva, with its international bodies from WTO to UEFA and mountainous scenic backdrop, was spectacular, the conference crowd well attired and familiar, the content reassuringly predictable, and the catering abundant. On the other hand there was the UK Evaluation Society conference in Glasgow. No less spectacular in its own way, but with a crowd of evaluation experts and academics who were much less familiar, the content expansive and original, not a suit in sight, and no free drinks. And whilst both areas, cybersecurity capacity building and evaluation, are well known and well understood in their own right by experienced practitioners and seasoned professionals, if you ...

  Thanks to its flexibility, clear syntax, and a vast collection of third-party libraries, Python is currently one of the most popular programming languages. Its success, however, is also due to a large international community that constantly contributes to the surrounding software ecosystem and the integration of new features. But community is also about getting together and learning from each other, which explains why numerous Python conferences – collectively known as PyCon – are regularly organized all over the world. Being a Python enthusiast and given the importance of this language in my PhD research, last summer I submitted a talk proposal at a new event organized in Poland, PyCon Wroclaw . I am very pleased to report that my proposal was accepted, and that I delivered my talk, ' Serverless Computingand Python: Security Challenges and Ongoing Research ', at the end of November.   The main objective of the talk was to share the results of my last paper as well as p...

The Annual Global Forum on Cyber Expertise meeting was held at the Organization of American States headquarters building, impressively located next to the Washington Monument. The event welcomed global participants from senior policy makers through to technical experts. In between the keynote addresses and workshops, researchers from Royal Holloway’s CDT in Cyber Security and  Oxford University’s Global Cyber Security Capacity Centre were invited to discuss impact evaluation in cybersecurity capacity building. Cybersecurity capacity building aims to help to improve cyber security maturity, and the UK and likeminded nations regard it as paramount. At a time of heightened geopolitical tension, the focus remains on undermining the ability of adversaries to gain advantage through cyber means, as well as impeding the ability of cyber criminals to pursue nefarious goals. The aim is to reduce the cost of such attacks on the UK and partners. Impact evaluation in cybersecurity capacity bui...

From the 28th to 31st of May, a number of CDT researchers attended the NATO Cooperative Cyber Defence Centre of Excellence conference on Cyber Conflict (Cycon). The conference took place in Estonia’s capital city of Tallinn, providing an excellent setting for understanding the current state and thinking of cyber conflict discussion. This year's theme was “Over the Horizon” as discussions centered around the future cyber conflict, and is sure to be beneficial in next year’s theme: “The Next Steps”. Talks ranged from Technical, Legal, and Strategic. The conference “Day 0” event was a day to enjoy workshops, including one workshop conducted by Dr Michael P. Fischerkeller, Dr Emily Goldman, and Prof Richard Harknett for the purpose of establishing a proactive cyber operational element into NATO. Other events on this day included a workshop incorporating tabletop game design into cyber election interference, discussions of AI, and the use of cyber capabilities in the ongoing war in Ukra...

The UK Cyber 9/12 Strategy Challenge is an annual competition designed to foster the next generation of cyber security professionals. Teams of four university students take on the role of senior government advisors responding to a complex and escalating cyber-attack with national and international ramifications. Competing teams receive intelligence packs consisting of reports gathered from multiple sources. They must work together to analyse the report, developing an understanding of the technological, political and legal implications of the content. Then, they present their analysis and recommendations to a panel of judges from government and industry. We’re delighted that CDT Student Phil Sheriff successfully coached a mixed team from different universities into third place. Kira from team Nocturnal shares with us her thoughts on the competition.  We were a mixed team from different universities across the UK including RHUL, University of Newcastle, University of Southampton an...

The Conference on Cyber Capacity Building was held in Ghana at the end of November 2023, with RHUL represented and jointly running a workshop. The aim of the conference was to mainstream cyber resilience and capacity building within the international development agenda, breaking down silos to help better integrate digital development and cyber-security. It was preceded by the Global Forum for Cyber Expertise conference, with a number of events bringing together considerable experience and expertise in the form of practitioners, donors, recipients and academics. The conference championed the theme of cyber capacity building. The subject matter ranged from the technical aspect of CERT information sharing and critical infrastructure protection through to implementing international commitments and the role of international law in strengthening cyber resilience. As with the very best conferences, there were opportunities to network and socalise with participants ranging from foreign ministe...

This year’s Asiacrypt took place from 4th to 8th December in Guangzhou, China. Many of the presented works contained fascinating ideas, and I also really enjoyed many of the talks that were outside of my research area, homomorphic encryption. For example, the work of [CMT23] proposed an attack on Goppa codes based on fascinating ideas from computational algebraic geometry. Another cool work containing cryptanalysis is [WW23], who presented a potential, very insightful break of the k-R-ISIS assumption in addition to their construction of functional commitments. The session on HE contained four talks, including our talk on using Galois automor-phisms for faster bootstrapping [OPP23]. Afterwards, Zeyu Liu presented their work on bootstrapping [LW23]. It was really nice to finally meet him and his coauthor Yunhao Wang, as we had already exchanged emails before. The other talks on HE proposed a way to compress rotation/Galois keys using a hierarchical structure [Lee+22] and improvements to ...