Research Projects
I completed my Ph.D. at Murdoch University in Western Australia, and I am currently a Reader in Computer Security at Leeds Beckett University, and Director of the Cybercrime and Security Innovation (CSI) Centre at Leeds Beckett University in the UK.
Randomised hacking challenges (£80,000 funded)
Project (co)lead, Generating capture the flag (CTF) hacking challenges.
"Randomised capture the flag (CTF) hacking challenges VMs for computer security education", co-lead partner: University of Birmingham, partners: Liverpool John Moores University, University of Abertay Dundee, MWR InfoSecurity, Lastline (UK) Ltd., Imperial College London. Funded by HEA.
Cybercrime and Policing (£640,000 funded)
Project lead, Working with West Yorkshire Police to improve the response to cybercrime and digital evidence.
"An evidence-based approach to fighting cybercrime from the frontline: improving the effectiveness and efficiency of investigating cyber enabled crime." Partners: West Yorkshire Police, CENTRIC, Sheffield Hallam University, Canterbury Christ Church University. Funded by the College of Policing, the Higher Education Funding Council for England (HEFCE) and the Home Office.
More Usable Application Restrictions/Sandboxes
I developed a new security model called Functionality-Based Application Confinement (FBAC). This model provides application-oriented access control, based on flexible policy abstractions which represent the functionalities an application performs. The implementation is known as FBAC-LSM and is a Linux Security Module and associated tools. FBAC-LSM is available as free open source software.
Gamification and Teaching Methods for Computer Security in Higher Education
I am investigating and applying gamification in HE. I developed a gamified module and a virtual learning environment (Basic LTI extension). Results were encouraging, and it has been met with student satisfaction.
Paper, OER, and source code will be released soon.
Semantic Web and Microtransactions
Stay tuned...
Wi-Fi Security and Human Factors
I have been invoved in research projects investigating the relationship between human factors and Wi-Fi security.
Research Students
I have supervised a number of masters projects, and I am involved in Ph.D. and Ed.D. supervision. If you are interested in conducting computer security related research in Leeds UK, please contact me.
Publications
Journal Papers
T. Cockcroft, M. Shan-A-Khuda, P. Trevorrow, and Z. C. Schreuders "Police Cybercrime Training: Perceptions, Pedagogy and Policy," Policing: A Journal of Policy and Practice, Oxford University Press, 2018. DOI: 10.1093/police/pay078
R. Duncan, and Z. C. Schreuders "Security Implications of Running Windows Software on a Linux System Using Wine: a malware analysis study," Journal of Computer Virology and Hacking Techniques, Springer Paris, 2018. DOI: 10.1007/s11416-018-0319-9
Z. C. Schreuders, C. Payne, and T. McGill "The Functionality-based Application Confinement Model," International Journal of Information Security, Springer-Verlag, 2013. DOI: 10.1007/s10207-013-0199-4
Z. C. Schreuders, T. McGill, and C. Payne, "The State of the Art of Application Restrictions and Sandboxes: A Survey of Application-oriented Access Controls and their Shortfalls," Computers & Security, Volume 32, Elsevier B.V., 2013. View Author's Version PDF, DOI: 10.1016/j.cose.2012.09.007
Z. C. Schreuders, T. McGill, and C. Payne, "Towards Usable
Application-oriented Access Controls: Qualitative Results from a
Usability Study of SELinux, AppArmor and FBAC-LSM," International
Journal of Information Security and Privacy, Volume 6 Issue
1, 2012. DOI:
10.4018/jisp.2012010104
Z. C. Schreuders, T. McGill, and C. Payne, "Empowering End Users to Confine Their Own Applications: The Results of a Usability Study Comparing SELinux, AppArmor and FBAC-LSM," ACM Transactions on Information and System Security (TISSEC), Volume 14 Issue 2, ACM New York, NY, USA 2011. View Author's Version PDF, DOI: 10.1145/2019599.2019604
Conference Papers
Z.C. Schreuders, T. Shaw, A. Mac Muireadhaigh and P. Staniforth, “Hackerbot: Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt,” USENIX Workshop on Advances in Security Education (ASE'18), Baltimore, MD, USA. USENIX Association, 2018. View PDF
Z.C. Schreuders, T. Shaw, M. Shan-A-Khuda, G. Ravichandran, J. Keighley, and M. Ordean, “Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events,” USENIX Workshop on Advances in Security Education (ASE'17), Vancouver, BC, Canada. USENIX Association, 2017. View PDF
R. Soobhany, A.S. Akbari, and Z.C. Schreuders, “Reinforced source camera identification using non-decimated wavelet transform,” IET International Conference on Biomedical Image and Signal Processing, Wuhan, China, 2017.
R Soobhany, A.S. Akbari, and Z.C. Schreuders, “Source Camera Identification using Non-decimated Wavelet Transform” in 11th International Conference on Global Security, Safety & Sustainability, London, 2016.
Z.C. Schreuders and E. Butterfield, "Gamification for Teaching and Learning Computer Security in Higher Education," in 2016 USENIX Workshop on Advances in Security Education (ASE 16) Austin, TX, USA, 2016. View PDF
Z.C. Schreuders, E. Butterfield, and P. Staniforth, "An open cloud-based virtual lab environment for computer security education: A pilot study evaluation of oVirt," in The first UK Workshop on Cybersecurity Training & Education (Vibrant Workshop 2015) Liverpool, UK, 2015. View PDF
Z.C. Schreuders, and L. Ardern, "Generating randomised virtualised scenarios for ethical hacking and computer security education: SecGen implementation and deployment," in The first UK Workshop on Cybersecurity Training & Education (Vibrant Workshop 2015) Liverpool, UK, 2015. View PDF
E. Butterfield, and Z.C. Schreuders, "Student Led Data Recovery Services: Providing digital forensics students with relevant work experience," in The first UK Workshop on Cybersecurity Training & Education (Vibrant Workshop 2015) Liverpool, UK, 2015. View PDF
Z. C. Schreuders and A. M. Bhat, "Not All ISPs Equally Secure Home Users: An Empirical Study Comparing Wi-Fi Security Provided by UK ISPs," in International Conference on Security and Cryptography (SECRYPT 2013) Reykjavik, Iceland, 2013. View PDF
Z. C. Schreuders, C. Payne and T. McGill, "Techniques for Automating Policy Specification for Application-oriented Access Controls," in Sixth International Conference on Availability, Reliability and Security (ARES 2011) Vienna, Austria: IEEE Computer Society, 2011. View PDF, DOI: 10.1109/ARES.2011.47
Z. C. Schreuders, C. Payne and T. McGill, "A Policy Language for Abstraction and Automation in Application-oriented Access Controls: The Functionality-based Application Confinement Policy Language," in IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2011) Italy, Pisa: IEEE Computer Society, 2011. View PDF, DOI: 10.1109/POLICY.2011.11
Z. C. Schreuders and C. Payne, "Functionality-Based Application Confinement: Parameterised Hierarchical Application Restrictions," in International Conference on Security and Cryptography (SECRYPT 2008) Porto, Portugal: Springer, 2008. View PDF
Z. C. Schreuders and C. Payne, "Reusability of Functionality-Based Application Confinement Policy Abstractions," in 10th International Conference on Information and Communications Security (ICICS 2008) Birmingham, UK: Springer, 2008. View PDF, DOI: 10.1007/978-3-540-88625-9_14
Z. C. Schreuders and C. Payne, "Introducing Functionality-Based Application Confinement," in Seventh Postgraduate Electrical Engineering and Computing Symposium Western Australia: Murdoch University, 2006.
Theses
Ph.D. thesis: Z. C. Schreuders, "Functionality-based Application Confinement: A Parameterised and Hierarchical Approach to Policy Abstraction for Rule-based Application-oriented Access Controls," Perth, Western Australia: Murdoch University, 2012. View PDF
Honours thesis: Z. C. Schreuders, "A Role-Based Approach to Restricting Application Execution," Perth, Western Australia: Murdoch University, 2005. View PDF
Other Conference Presentations and Panels
Workshop: Z. C. Schreuders and T. Shaw, "How to create and run dynamic CTFs," BSides-Leeds Leeds, UK, 2018.
Z. C. Schreuders, T. Shaw, and T. Chothia, "Dynamic challenges for teaching computer security and hosting capture the flag (CTF) events,” 2nd National Conference for Learning and Teaching in Cyber Security Liverpool, UK, 2017.
Keynote: Z. C. Schreuders, "Engaging students in security: challenges, games, gamification, societies, and adversarial thinking,” 11th International Conference on Global Security, Safety & Sustainability London, UK, 2017.
WiP: Flawed by Design: A Work in Progress, Security Scenario Generator (SecGen) Z. Cliffe Schreuders, Leeds Beckett University USENIX Security 2016
Z. C. Schreuders, "Attacks Against Banking Payments: From ATM Tampering to Man-In-The-Middle-of-Everything,” ATM Security London, UK, 2016.
Cyber Security Panel, Techtrade Yorkshire, Leeds, UK, 2016.
Z. C. Schreuders, "A Modular Framework for Building Vulnerable Systems for Teaching Computer Security: Randomised and Parameterised Hacking Scenarios," The National Conference on Learning and Teaching in Cybersecurity Birmingham, UK, 2016.
Panel Chair, Cybercrime and Security Innovation Centre Launch, Leeds, UK, 2016.
Z. C. Schreuders, "Knowing Your Enemy: Ensuring Awareness of Current Security Challenges," Information Security in Financial Services London, UK, 2016.
Z. C. Schreuders, "Next Generation Hacking: Dangers of Digital," Information Security in Financial Services London, UK, 2015.
Z. C. Schreuders, "Banking Payment Insecurities," Payments Fraud & Security London, UK, 2015.
Z. C. Schreuders, "Games and Gamification for Improving Out-of-class Engagement of Computer Security Education," Cyber Security Pedagogy, Teaching and Learning in Higher Education Warwick, UK, 2013.
Z. C. Schreuders, "Linux Security Usability: Restricting Programs Using SELinux, AppArmor and FBAC-LSM," Linux Security Summit 2010 - LinuxCon Boston, MA USA: 2010. View Abstract, View Slides, View Write Up #1, View Write Up #2, #3
Z. C. Schreuders, "A New Paradigm for Restricting Applications and Protecting Yourself from Your Processes," linux.conf.au - LCA2010 Wellington, New Zealand: 2010. Watch Video, View Abstract
Z. C. Schreuders, "The Functionality-Based Application Confinement Model and its Linux Prototype FBAC-LSM," linux.conf.au - LCA2009 Tasmania, Australia: 2009. View Abstract
Linux Security Panel, linux.conf.au - LCA2009 Tasmania, Australia: 2009. View Write Up About the Panel, Cached
Other Presentations and Publications
EU Report: “Securing Smart Airports”, The European Union
Agency for Network and Information Security (ENISA) publication, EU,
2016. View
PDF
Presentation: Z. C. Schreuders, "Preventing cybercrime," Innovation Network: Cyber Security: Impact and Opportunities Leeds, UK, 2016.
Poster presentation: Z.C. Schreuders, T. Cockcroft, E. Butterfield, J. Elliott, M. Shan-A-Khuda, and A.R. Soobhany, "Cybercrime Policing: Needs Analysis and Building a Research Culture," British Society of Criminology Policing Network and College of Policing Research Showcase 2016 Sunningdale Park, UK, 2016.
Presentation: Z. C. Schreuders, "Cybercrime and Digital Investigations Needs Assessment," West Yorkshire Police Tactical Board and West Yorkshire Police Independent Advisory Board, UK, 2016.
Presentation: Z. C. Schreuders, "Thinking About Security," Yorkshire Cyber Security Cluster Event: A Reflection of the Real Risks Huddersfield, UK, 2016.
Seminar: Z. C. Schreuders, "Banking Insecurities," Leeds Ethical Hacking Society Leeds, UK, 2015.
Seminar: Z. C. Schreuders, "A New Approach to Restricting Applications, and Why Traditional Approaches to Security are No Longer Adequate (FBAC-LSM)," Perth Linux Users’ Group, Perth, Western Australia: 2010. View Abstract, Cached
Article: Z. C. Schreuders, "Why Do We Still Trust Applications With All Our Authority?," The Blanket Australia: Australian Information Security Association (AISA), 2010. View PDF
Seminar: Z. C. Schreuders, "Functionality-Based Application Confinement: A New Scheme for Restricting Applications," AISA Perth Branch Meeting, Perth, Western Australia: 2010. View Abstract
Seminar:: Z. C. Schreuders, "Moving Towards Functionality-Based Application Confinement," Perth, Western Australia: Murdoch University, 2006.
Qualifications
Ph.D. in Computer Security.
Postgraduate Certificate in Higher Education (PGCHE).
B.Sc. Computer Science (with First Class Honours) and Internet Computing.
Metasploit Pro Certified Specialist (MPCS)
Nexpose Certified Administrator (NCA)
Teaching
From 2005-2011 I taught at Murdoch University, Australia, as a tutor and more recently as lecturer. At Murdoch I taught and marked programming (C, Java, Perl, VB), IT project management, web development, and Linux/Unix system administration and security.
Since 2012 I have been a Senior Lecturer, and now Reader, at Leeds
Beckett University, UK, teaching computer security and forensics
topics.