About

My name is Nick Nikiforakis and I am a PhD student at the Katholieke Universiteit Leuven in Belgium under the supervision of Prof. Wouter Joosen and Prof. Frank Piessens. My research focuses on applied security and specifically memory corruption attacks and defenses for programs written in low-level languages, such as C and C++, as well as Web application attacks and countermeasures.

I started my PhD in September 2009 and before that I studied for 6 years in the University of Crete where I got my Bachelor in Computer Science and then my MSc in Distributed and Parallel systems. From 2006 till 2009 I also did security-related research in the Distributed Computing Systems Lab at FORTH under the supervision of Prof. Evangelos Markatos and Dr. Sotiris Ioannidis.

Publications

• Serene: Self-Reliant Client-Side Protection against Session Fixation,
  Philippe De Ryck, Nick Nikiforakis, Lieven Desmet, Frank Piessens and Wouter Joosen to appear in the 7th International Federated Conference on Distributed Computing Techniques (DAIS 2012), Stockholm, Sweden


• Exploring the Ecosystem of Referrer-Anonymizing Services,
  Nick Nikiforakis, Steven Van Acker, Frank Piessens and Wouter Joosen to appear in the 12th Privacy Enhancing Technology Symposium (PETS 2012), Vigo, Spain


• FlashOver: Automated Discovery of Cross-site Scripting Vulnerabilities in Rich Internet Applications,
  Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen and Frank Piessens in Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012), Seoul, South Korea


• HyperForce: Hypervisor-enForced Execution of Security-Critical Code,
  Francesco Gadaleta, Nick Nikiforakis, Jan Tobias Muhlberg and Wouter Joosen in Proceedings of the 27th IFIP International Information Security and Privacy Conference (IFIP SEC 2012), Heraklion, Crete, Greece


• RIPE: Runtime Intrusion Prevention Evaluator,
  John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar and Wouter Joosen in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, US [source]


• Hello rootKitty: A lightweight invariance-enforcing framework,
  Francesco Gadaleta, Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 14th Information Security Conference (ISC 2011), Xi'an, China [Video Demo]


• Abusing Locality in Shared Web Hosting,
  Nick Nikiforakis, Wouter Joosen and Martin Johns in Proceedings of the 4th European Workshop on System Security (EuroSec 2011), Salzburg, Austria


• Exposing the Lack of Privacy in File Hosting Services,
  Nick Nikiforakis, Marco Balduzzi, Steven Van Acker, Wouter Joosen and Davide Balzarotti in Proceedings of the 4th USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 2011), Boston, US
  Media Coverage: TheRegister, SlashDot, ZDNet, Net-Security, Security Now - Episode 300, Ere-Security


• SessionShield: Lightweight Protection against Session Hijacking,
  Nick Nikiforakis,Wannes Meert, Yves Younan, Martin Johns and Wouter Joosen in Proceedings of the 3rd International Symposium on Engineering Secure Software and Systems (ESSoS 2011), Madrid, Spain


• ValueGuard: Protection of native applications against data-only buffer overflows,
  Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan and Frank Piessens in Proceedings of the Sixth International Conference on Information Systems Security (ICISS 2010), Gujarat, India


• HProxy: Client-side detection of SSL stripping attacks,
  Nick Nikiforakis, Yves Younan and Wouter Joosen in Proceedings of the 7th Internation Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2010, Bonn, Germany


• Monitoring three National Research Networks for Eight Weeks: Observations and Implications,
  Demetris Antoniades, Michalis Polychronakis, Nick Nikiforakis, Evangelos P. Markatos, Yiannis Mitsos in the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil.


• When Appmon met Stager,
  Nikos Nikiforakis, Demetres Antoniades, Evangelos P. Markatos, Sotiris Ioannidis, Arne Olesbo, in the 6th IEEE Workshop on End-to-End Monitoring Techniques and Services (E2EMon). April 2008, Salvador, Bahia, Brazil.


• Alice, what did you do last time? Fighting Phishing Using Past Activity Tests,
  Nikos Nikiforakis, Andreas Makridakis, Elias Athanasopoulos, and Evangelos P. Markatos in Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND). October 2007, Heraklion, Greece.

Articles

• Direct Object Reference or, How a Toddler can hack your Web application in Hackin9, Volume 1, Number 3, 2011


• IPv6 Resiliency Study, Sotiris Ioannidis,George Apostolopoulos, Kostas Anagnostakis, Nick Nikiforakis, Andreas Makridakis and Charalampos Gkikas with the collaboration of ENISA STA staff
  Media Coverage: TheRegister

Talks

• BruCON 2011 - Abusing locality in Shared Web Hosting
• OWASP Netherlands Chapter meeting July 2011 - Abusing locality in Shared Web Hosting (slides)
• OWASP BeNeLux 2010 - On the Privacy of File Sharing Services, Invited talk
• CONFidence 201002 - Breaking Web Applications in Shared Hosting environments (slides)
• AthCon 2010 - Alice Shares, Eve Reads: Enumerating File Hosting Services (slides)
• OWASP AppSecDev Research 2010 - On the privacy of file sharing services

Professional Activities

Program Commitee member:

• 5th European Workshop on System Security (EuroSec 2012)
• 13th IFIP Conference on Communications and Multimedia Security (CMS 2012)

Contact

Email

nick.nikiforakis[at]cs.kuleuven.be

Address

Nick Nikiforakis
Dept. Computer Science
Celestijnenlaan 200A
Heverlee 3001
Belgium