University of Cambridge Computer Laboratory foto

Ross Anderson's Web Log

[Home page] [Blog for 2004] [Research] [My Book] [Music] [Contact Details]


8 December 2005 - I gave a distinguished lecture at the University of Washington on API security.

12 October 2005 - we need to defend academic freedom by amending the University's proposed policy on intellectual property. If the policy goes through unchanged, most of the IP generated here will be controlled by university administrators rather than by its creator. Cambridge would swap one of the most liberal rules on IP of any British university, for one of the most oppressive anywhere. There are grave implications for academic freedom, for faculty recruitment and retention, for students, for colleges, and for the local economy.

25th August 2005 - here is a paper entitled Robbing the bank with a theorem prover, which shows how to apply some of the tools of theoretical computer science to API attacks. See also our briefing paper Chip and Spin.

9th August 2005 - here is a paper on Sybil-resistant DHT routing which will appear at ESORICS 2005, and a survey of cryptographic processors, a shortened version of which will appear this fall in Proceedings of the IEEE.

1st August 2005 - I am hosting the Fifth Workshop on the Economics of Information Security (WEIS 2006) at Cambridge next June. The deadline for papers is March 20th, 2006.

25th July 2005 - The topology of covert conflict is rather topical - how can the police best target an underground organisation given some knowledge of its patterns of communication? And how might they in turn react to various law-enforcement strategies? We present a framework combining ideas from network analysis and evolutionary game theory to explore the interaction of attack and defence strategies in networks. Although we started out thinking about computer viruses, our work suggests explanations of a number of aspects of modern conflict generally.

21st July 2005 - Here is a paper on combining cryptography with biometrics, which shows that in those applications where you can get some benefit from biometrics, you don't need a large central database.(as proposed in the ID card Bill). There are smarter and less privacy-invasive ways to arrange things.

16th June 2005 - Here is a Report of the Discussion on the latest Cambridge IP policy proposal, which would be bad news for both entrepreneurship and academic freedom.

8th June 2005 - here are papers on The Initial Costs and Maintenance Costs of Protocols, which I gave at Security Protocols 05, and How Much is Location Privacy Worth? which I gave at WEIS 05.

25th April 2005 - the Council of Cambridge University published its Third Report on Intellectual Property Rights. If these regulations are passed as they stand, they will have a chilling effect on entrepreneurship and on academic freedom. They are up for discussion in the Regent House on the 7th June. We will have to amend them in the subsequent vote. For background, see the home page of the Campaign for Cambridge Freedoms.

8th April 2005 - we have written a survey paper on cryptographic processors.

27th March 2005 - In a conspicuous insult to the University's Scottish students and staff, our Vice-Chancellor has banned us from wearing kilts at graduation. It's also daft to antagonise the many MPs who are Scots - after all, we get almost half our income from the government (for the Scottish press reaction see here and here). I am also disappointed that although I am an elected member of Council - the University's governing body - I first learned of this from the press. Our democratic processes are supposed to catch such blunders before they embarrass us.

15th March 2005 - The British and Irish banks' `chip and PIN' programme has been widely hyped as a solution for the card fraud problem. But early figures show fraud rising, not falling. What's going on? See our briefing paper Chip and Spin.

23rd February 2005 - here is a short paper entitled System Security for Cyborgs which I'll give in April at a workshop on wearable and implantable body sensor networks.

11th January 2005 - my first speaking engagements for the year are at the 3rd DRM Conference in Berlin on 13-14 January, and at the launch of the Cambridge branch of the no2id campaign against identity cards at the Fisher Hall on the 25th January.

2004 blog highlights included academic papers on cipher composition, key establishment in ad-hoc networks and the economics of censorship resistance. I also spent some time lobbying for amentments to the EU IP Enforcement Directive and organising a workshop on copyright which led to a common position adopted by a number of European NGOs. Finally, I started a web page for out-of-copyright recordings of traditional music. For fuller details, see my blog for 2004.


Ross Anderson
University of Cambridge Computer Laboratory
JJ Thomson Avenue
Cambridge CB3 0FD, England

E-mail: Ross.Anderson@cl.cam.ac.uk
Tel: +44 1223 33 47 33
Fax: +44 1223 33 46 78

I don't execute programs sent to me by strangers unless I have good reason, and then only after appropriate precautions. This means, in particular, that I don't read attachments in formats such as Microsoft Word, unless by prior arrangement. I also discard html-format emails, as the vast majority of them are spam, as well as emails asking for `summer research positions', which we don't do.

If you're contacting me about coming to Cambridge to do a PhD, please read the relevant web pages first.