Martin Szydlowski

General Information

I have started my PhD program at the Secure Systems Lab in October 2007. Since then, I have been working on large-scale simulation and analysis of BitTorrent overlay networks with a focus on the differences in behavior and susceptibility to optimization techniques and attacks by different client implementations. Since January 2009, I am continuing to work on this project as visiting researcher at the University of California, Santa Barbara Computer Security Group. My general research interests are web security and security in distributed systems.

Previous Work

I finished my diploma thesis, titled "Secure Input for Web Applications," at the Secure Systems Lab in June 2007. The goal of the thesis was to develop secure input methods which protect the integrity and confidentiality of sensitive data submitted to a web application (e.g., an online banking site) from an insecure and possibly compromised host and to evaluate the usability of these methods through user tests. The full text is available at the TU Wien Online Library. Additionally, a paper based on this thesis was presented at ACSAC 2007 in Miami Beach.

Projects

I was part of the F-SPAN project. F-SPAN is a static PHP analysis tool to aid intrusion detection. It automatically determines the types and value ranges of input parameters to PHP applications through static code analysis. This project was successfully completed and a paper has been accepted and presented at the DIMVA 2006 in Berlin.

Publications

• BTLab: A System-Centric, Data-Driven Analysis and Measurement Platform for BitTorrent Clients
  Martin Szydlowski, Ben Y. Zhao, Engin Kirda and Christopher Kruegel, 20th International Conference on Computer Communication Networks (ICCCN 2011), Maui, HI, July 31 - August 4, 2011
  [paper]
• Your Botnet is My Botnet: Analysis of a Botnet Takeover
  Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel, and Giovanni Vigna, 16th ACM Conference on Computer and Communications Security (CCS), Chicago, November 2009
  [paper]
• Secure Input for Web Applications
  Martin Szydlowski, Christopher Kruegel, and Engin Kirda, 23rd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2007
  [paper]
• Using Static Program Analysis to Aid Intrusion Detection
  Manuel Egele, Martin Szydlowski, Engin Kirda, and Christopher Kruegel, Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) 2006 Conference, Berlin, Germany, July 2006
  [paper]

Contact

You can reach me at msz 'at' seclab 'dot' tuwien 'dot' ac 'dot' at (public key)