Security Group

Publications

More recent publications will be added very shortly ...

2023

Shih-Chun You, Markus G. Kuhn, Sumanta Sarkar, Feng Hao: Low trace-count template attacks on 32-bit implementations of ASCON AEAD. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), Vol. 2023, No 4, pp 344–366, August 2023

2022

L. Zhou, A. Caines, I. Pete, A. Hutchings: Automated hate speech detection and span extraction in underground hacking and extremist forums. Natural Language Engineering, First View, 2022, pp 1-28
B. Collier, D. R. Thomas, R. Clayton, A. Hutchings, Y. T. Chua: Influence, infrastructure, and recentering cybercrime policing: evaluating emerging approaches to online law enforcement through a market for cybercrime services. Policing and Society: An International Journal of Research and Policy, 2022, 32(1), 103-124
I. Pete, J. Hughes, A. Caines, A. V. Vu, H. Gupta, A. Hutchings, R. Anderson, P. Buttery: PostCog: A tool for interdisciplinary research into underground forums at scale. In Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022, pp 93-104. doi:10.1109/EuroSPW55150.2022.00016
Jusop Choi, Wonseok Choi, William Aiken, Hyoungshick Kim, Jun Ho Huh, Taesoo Kim, Yongdae Kim, Ross Anderson: Attack of the Clones: Measuring the Maintainability, Originality and Security of Bitcoin 'Forks' in the Wild. arXiv:2201.08678, January 2022
Mansoor Ahmed-Rengers, Diana A. Vasile, Daniel Hugenroth, Alastair R. Beresford, Ross Anderson: CoverDrop: Blowing the Whistle Through A News App. In Proceedings on Privacy Enhancing Technologies 2022, v.2, pp 47-67
Anh V. Vu, Daniel R. Thomas, Ben Collier, Alice Hutchings, Richard Clayton, Ross Anderson: Getting Bored of Cyberwar: Exploring the Role of the Cybercrime Underground in the Russia-Ukraine Conflict. arXiv:2208.10629, August 2022
Nicholas Boucher, Ross Anderson: Talking Trojan: Analyzing an Industry-Wide Disclosure. SCORED 2022
Ross Anderson, Sam Gilbert, Diane Coyle: The Online Safety Bill. Bennett Institute for Public Policy 2022
Ross Anderson: Chat Control or Child Protection?. 2022
Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, Robert Mullins: ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks. arXiv:2210.00108, October 2022

2021

Siu G. Atondo Siu, B. Collier, A. Hutchings: Follow the money: The relationship between currency exchange and illicit behaviour in an underground forum. Proceedings of the 6th IEEE European Symposium on Security and Privacy Workshop on Attackers and Cyber-Crime Operations, virtual event, 2021
B. Collier, R. Clayton, A. Hutchings, D. R. Thomas: Cybercrime is (often) boring: Infrastructure and alienation in a deviant subculture. British Journal of Criminology, 2021, 61(5), 1407-1423
J. Hughes, Y. T. Chua, A. Hutchings: Too Much Data? Opportunities and Challenges of Large Datasets and Cybercrime. In Researching Cybercrimes, Springer International Publishing, 2021, pp 191-212. doi:10.1007/978-3-030-74837-1_10
Shih-Chun You, Markus G. Kuhn: Single-trace fragment template attack on a 32-bit implementation of Keccak. CARDIS 2021, 11–12 November 2021, Lübeck, Springer, LNCS 13173, pp 3–23, 2022. DOI: 10.1007/978-3-030-97348-3_1
B. Uchendu, JRC Nurse, M. Bada: Cyber Security Culture in Organisations: Current Practices and Future Needs. Computers & Security, Volume 109, 2021
M. Bada, JRC Nurse: Profiling the Cybercriminal: A Systematic Review of Research. 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2021, pp. 1-8
M. Bada: Psychology of Cybercrime. In: Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.
M. Bada, Y.T. Chua, B. Collier, I. Pete: Exploring Masculinities and Perceptions of Gender in Online Cybercrime Subcultures. In M. W. Kranenbarg & R. Leukfeldt (Eds.), Cybercrime in context: The human factor in victimization, offending, and policing. Crime and Justice in Digital Society I. Springer.
M. Bada, Basie von Solms: A Cybersecurity Guide for Using Fitness Devices. Presented at EAI SaSeIoT 2021 - 5th EAI International Conference on Safety and Security in Internet of Things.
Sergei Skorobogatov: Teardown and feasibility study of IronKey - the most secure USB Flash drive. Hardwear.IO Conference, Netherlands, 28-29 October 2021
Ilia Shumailov, Zakhar Shumaylov, Dmitry Kazhdan, Yiren Zhao, Nicolas Papernot, Murat A. Erdogdu, Ross Anderson: Manipulating SGD with Data Ordering Attacks. NeurIPS 2021, arXiv:2104.09667, April 2021
David Khachaturov, Ilia Shumailov, Yiren Zhao, Nicolas Papernot, Ross Anderson: Markpainting: Adversarial Machine Learning meets Inpainting. ICML 2021, arXiv:2106.00660, June 2021
Nicholas Boucher, Ilia Shumailov, Ross Anderson, Nicolas Papernot: Bad Characters: Imperceptible NLP Attacks. IEEE Security and Privacy 2021
Ross Anderson, Richard Clayton, Rainer Böhme, Ben Collier: Silicon den: Cybecrime is entrepreneurship. Workshop on Economics and Information Security 2021
Ross Anderson: Confidentiality in Remote Clinical Practice. International Psychoanalytical Association, 2021
Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague, Carmela Troncoso: Bugs in our Pockets: The Risks of Client-Side Scanning. arXiv:2110.07450, October 2021
Nicholas Boucher, Ross Anderson: Trojan Source: Invisible Vulnerabilities. arXiv:2111.00169, October 2021
Anh V. Vu, Lydia Wilson, Yi Ting Chua, Ilia Shumailov, Ross Anderson: ExtremeBB: Enabling Large-Scale Research into Extremism, the Manosphere and Their Correlation by Online Forum Data. arXiv:2111.04479, November 2021

2020

J. Hughes, S. Aycock, A. Caines, P. Buttery, A. Hutchings: Detecting Trending Terms in Cybersecurity Forum Discussions. In Proceedings of the 6th Workshop on Noisy User-generated Text (W-NUT 2020), November 2020. doi:10.18653/v1/2020.wnut-1.15
I. Pete, J. Hughes, Y. T. Chua, M. Bada: A Social Network Analysis and Comparison of Six Dark Web Forums. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE. doi:10.1109/eurospw51379.2020.00071
Ross Anderson: Security Engineering -- A Guide to Building Dependable Distributed Systems (3rd edition). Wiley 2020
Yiren Zhao, Ilia Shumailov, Han Cui, Xitong Gao, Rob Mullins, Ross Anderson: Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information. Proceedings - 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN-W, June 2020, pp 16-24
Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, Ross Anderson: Sponge Examples: Energy-Latency Attacks on Neural Networks. arXiv:2006.03463, June 2020
Almos Zarandy, Ilia Shumailov, Ross Anderson: BatNet: Data transmission between smartphones over ultrasound. arXiv:2008.00136, August 2020
Yiren Zhao, Ilia Shumailov, Robert Mullins, Ross Anderson: Nudge Attacks on Point-Cloud DNNs. arXiv:2011.11637, November 2020
Almos Zarandy, Ilia Shumailov, Ross Anderson: Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant. arXiv:2012.00687, December 2020
Sergei Skorobogatov: Compromising device security via NVM controller vulnerability. IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE), Virtual, 15-16 December 2020. IEEE Xplore
Shih-Chun You, Markus G. Kuhn: A template attack to reconstruct the input of SHA-3 on an 8-bit device. Presented at COSADE 2020, 5–7 October 2020, Springer, LNCS 12244, pp 25-42. DOI: 10.1007/978-3-030-68773-1_2
Nathaniel Wesley Filardo, Brett F. Gutstein, Jonathan Woodruff, Sam Ainsworth, Lucian Paul-Trifu, Brooks Davis, Hongyan Xia, Edward Tomasz Napierala, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clarke, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Mazzinghi, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, Timothy M. Jones, Simon W. Moore, Peter G. Neumann, Robert N. M. Watson: Cornucopia: Temporal Safety for CHERI Heaps. 2020 IEEE Symposium on Security and Privacy (SP), Los Alamitos, USA, May 2020
W. Dutton, S. Creese, R. Shillair, M. Bada: Cybersecurity Capacity: Does It Matter? Journal of Information Policy, 9, 280-306. doi:10.5325/jinfopoli.9.2019.0280
Anh V. Vu, Jack Hughes, Ildiko Pete, Ben Collier, Yi Ting Chua, Ilia Shumailov, Alice Hutchings: Turning Up the Dial: The Evolution of a Cybercrime Market Through Set-up, Stable, and Covid-19 Eras. IMC'20

2019

Mansoor Ahmed-Rengers, Ross Anderson, Darija Halatova, Ilia Shumailov: Snitches Get Stitches: On the Difficulty of Whistleblowing. Security Protocols Workshop 2019, Springer LNCS v 12287 pp 289--303
Yiren Zhao, Ilia Shumailov, Han Cui, Xitong Gao, Rob Mullins, Ross Anderson: Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information. arXiv:1909.02918, November 2019
R. Brewer, M. de Vel-Palumbo, A. Hutchings, T. Holt, A. Goldsmith, D. Maimon: Cybercrime Prevention: Theory and Applications. Cham: Palgrave Macmillan, 2019
S. Pastrana, A. Hutchings, D.R. Thomas, J. Tapiador: Measuring eWhoring. Proceedings of the ACM Internet Measurement Conference, 2019, Amsterdam
Hongyan Xia, Jonathan Woodruff, Sam Ainsworth, Nathaniel W. Filardo, Michael Roe, Alexander Richardson, Peter Rugg, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson, Timothy M. Jones: CHERIvoke: Characterising Pointer Revocation Using CHERI Capabilities for Temporal Memory Safety. Proceedings of the 52nd IEEE/ACM International Symposium on Microarchitecture (IEEE MICRO 2019), October 2019, Columbus, USA
A. Hutchings, S. Pastrana, R. Clayton: Displacing big data. In R. Leukfeldt & T. J. Holt (eds.), The Human Factor of Cybercrime, 2019. Oxon: Routledge
A. Hutchings, S. Pastrana: Understanding eWhoring. Proceedings of the 4th IEEE European Symposium on Security and Privacy, 2019, Stockholm
Y.T. Chua, S. Parkin, M. Edwards, D. Oliveira, S. Schiffner, G. Tyson, A. Hutchings: Identifying unintended harms of cybersecurity countermeasures. Proceedings of the APWG Symposium on Electronic Crime Research (eCrime), 2019, Pittsburgh
Rasika Bhalerao, Maxwell Aliapoulios, Ilia Shumailov, Sadia Afroz, Damon McCoy: Towards Automatic Discovery of Cybercrime Supply Chains, eCrime 2019
Sergei Skorobogatov: Hardware security evaluation of Intel MAX 10 FPGAs: from feasibility study to security boundaries. Hardware Security Conference and Training (Hardwear.IO 2019), Hague, Netherlands, September 2019
Maria Bada, Jason R.C. Nurse: Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs). Information and Computer Security, 2019. ISSN 2056-4961. (doi:10.1108/ICS-07-2018-0080)
M. Bada, J.R.C. Nurse: The Social and Psychological Impact of Cyber-Attacks. In Emerging Cyber Threats and Cognitive Vulnerabilities: Editors: Professor Vladlena Benson and Dr John McAlaney, Elsevier, 2019
Jonathan Woodruff, Alexandre Joannou, Hongyan Xia, Anthony Fox, Robert Norton, Thomas Bauereiss, David Chisnall, Brooks Davis, Khilan Gudka, Nathaniel W. Filardo, A. Theodore Markettos, Michael Roe, Peter G. Neumann, Robert N. M. Watson, Simon W. Moore: CHERI Concentrate: Practical Compressed Capabilities. IEEE Transactions on Computers (doi:10.1109/TC.2019.2914037), April 2019
M. Bada, B. von Solms, I. Agrafiotis: Reviewing National Cybersecurity Awareness for Users and Executives in Africa. International Journal On Advances in Security, 12(1&2), 2019, p.108-118
M. Ioannou, E. Stavrou, M. Bada: Cybersecurity Culture in Computer Security Incident Response Teams: Investigating difficulties in communication and coordination. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Oxford, United Kingdom, 2019, pp. 1-4. doi: 10.1109/CyberSecPODS.2019.8885240
Brooks Davis, Peter G. Neumann, Robert N. M. Watson, Simon W. Moore, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, J. Edward Maste, Alfredo Mazzinghi, Edward Tomasz Napierala, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, Jonathan Woodruff: CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment. Proc. of The 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), April 2019
Sadie Creese, Ruth Shillair, Maria Bada, William H. Dutton: Building the Cybersecurity Capacity of Nations. In: Society and the Internet, Revised Second Edition: How Networks of Information and Communication are Changing Our Lives. Editors Mark Graham and William H. Dutton. Oxford University Press, 2019
Jovan Powar, Alastair R. Beresford: A data sharing platform for earables research. In the Proceedings of the 1st International Workshop on Earable Computing at Ubicomp, ACM, 2019
J. Hughes, B. Collier, A. Hutchings: From playing games to committing crimes: A multi-technique approach to predicting key actors on an online gaming forum. Proceedings of the APWG Symposium on Electronic Crime Research (eCrime), Pittsburgh
Y. Chua, B. Collier: Fighting the “blackheart airports”: internal policing in the Chinese censorship circumvention ecosystem. E-Crime, 2019
Yiren Zhao, Ilia Shumailov, Han Cui, Xitong Gao, Robert Mullins, Ross Anderson: Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information. arXiv:1909.02918
A. Hutchings, B. Collier: Inside Out: Characterising cybercrimes committed inside and outside the workplace. Workshop on Attackers and Cybercrime Operations, IEEE European Symposium on Security and Privacy, 2019
Alexander Vetterl, Richard Clayton: Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Days. 14th Symposium on Electronic Crime Research (eCrime 2019), Pittsburgh, PA, USA, November 2019
B. Collier, D. Thomas, R. Clayton, A. Hutchings: Booting the booters: measuring the impact of law enforcement interventions on DoS markets. Internet Measurement Conference, 2019
Jiexin Zhang, Alastair R. Beresford, Ian Sheret: SensorID: Sensor Calibration Fingerprinting for Smartphones. In 2019 IEEE Symposium on Security and Privacy (SP), pp. 638-655, 2019
Jiexin Zhang, Alastair R. Beresford, Stephan A. Kollmann: LibID: Reliable Identification of Obfuscated Third-Party Android Libraries. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 55-65, 2019
Stephan A. Kollmann, Martin Kleppmann, Alastair R. Beresford: Snapdoc: Authenticated snapshots with history privacy in peer-to-peer collaborative editing. Proceedings on Privacy Enhancing Technologies (PoPETS), 2019(3):210--232, De Gruyter, 2019
Martin Kleppmann, Alastair R. Beresford, Boerge Svingen: Online Event Processing: Achieving Consistency Where Distributed Transactions Have Failed. Communications of the ACM, 62(5):43--49, 2019
Ross Anderson, Chris Barton, Rainer Boehme, Richard Clayton, Carlos Ganan, Tom Grasso, Michael Levi, Tyler Moore, Marie Vasek: Measuring the Changing Cost of Cybercrime. Workshop on the Economics of Information Security 2019
Alexander Vetterl, Richard Clayton, Ian Walden: Counting Outdated Honeypots: Legal and Useful. 4th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2019), San Francisco, CA, USA, May 23, 2019
Diana A. Vasile, Martin Kleppmann, Daniel R. Thomas, Alastair R. Beresford: Ghost trace on the wire? Using key evidence for informed decisions. 27th International Workshop on Security Protocols, Springer LNCS, April 2019
Yiren Zhao, Ilia Shumailov, Robert Mullins, Ross Anderson: To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression. SysML 2019, April 2019
Sophie van der Zee, Ronald Poppe, Paul J. Taylor, Ross Anderson: To freeze or not to freeze -- A culture-sensitive motion capture approach to detecting deceit. PLOS One, April 12, 2019
Martin Kleppmann, Victor B. F. Gomes, Dominic P. Mulligan, Alastair R. Beresford: Interleaving anomalies in collaborative text editors. In the Proceedings of the 6th ACM Workshop on Principles and Practice of Consistency for Distributed Data (PaPoC), pp 1--7, March 2019
Ilia Shumailov, Laurent Simon, Jeff Yan, Ross Anderson: Hearing your touch: A new acoustic side channel on smartphones. arXiv:1903.11137, March 2019
Maria Bada, Jason R.C. Nurse: Developing cybersecurity education and awareness programmes for small and medium-sized enterprises (SMEs). Information and Computer Security. ISSN 2056-4961. (doi:10.1108/ICS-07-2018-0080)
Franck Courbon: Practical Partial Hardware Reverse Engineering Analysis - For Local Fault Injection and Authenticity Verification. Journal of Hardware and Systems Security (HaSS), March 2019
Ilia Shumailov, Xitong Gao, Yiren Zhao, Robert Mullins, Ross Anderson, Cheng-Zhong Xu: Sitatapatra: Blocking the Transfer of Adversarial Samples. arXiv:1901.08121, January 2019

2018

Mansoor Ahmed, Ilia Shumailov, Ross Anderson: Tendrils of Crime: Visualizing the Diffusion of Stolen Bitcoins. Fifth International Workshop on Graphical Models for Security (GramSec), 2018, arXiv:1901.01769
A. Hutchings: Flying in cyberspace: Policing global travel fraud. Policing: A Journal of Policy and Practice, 2018
J.R.C. Nurse, M. Bada: The Group Element of Cybercrime: Types, Dynamics, and Criminal Operations. In: A. Attrill-Smith, C. Fullwood, M. Keep and D.J. Kuss, eds. The Oxford Handbook of Cyberpsychology. 2018. Oxford University Press. (doi:10.1093/oxfordhb/9780198812746.013.36)
Franck Courbon: Challenges and examples of in-situ memory content extraction techniques. 25th IEEE International Conference on Electronics Circuits and Systems (ICECS), Bordeaux, France, December 2018
Martin Kleppmann, Stephan A. Kollmann, Diana A. Vasile, Alastair R. Beresford: From Secure Messaging to Secure Collaboration. In the Proceedings of the 25th International Workshop on Security Protocols, Springer, 2018
Markus G. Kuhn: Technical perspective: Backdoor engineering. Communications of the ACM, Volume 61, Issue 11, November 2018, p. 147
Andrew Caines, Sergio Pastrana, Alice Hutchings, Paula Buttery: Aggressive language in an online hacking forum. 2nd Workshop on Abusive Language Online, Brussels, 2018, pp 66-74
Andrew Caines, Sergio Pastrana, Alice Hutchings, Paula Buttery: Automatically identifying the function and intent of posts in underground forums. Crime Science, 7(1), 2018, p.19.
Franck Courbon: In-house transistors' layer reverse engineering characterization of a 45nm SoC. 44th International Symposium for Testing and Failure Analysis (ISTFA), USA, November 2018
Ilia Shumailov, Yiren Zhao, Robert Mullins, Ross Anderson: The Taboo Trap: Behavioural Detection of Adversarial Samples. arXiv:1811.07375, November 2018
Alice Hutchings, Thomas J. Holt: Interviewing cybercrime offenders. Journal of Qualitative Criminal Justice & Criminology, 7(1), 2018, pp 75-94
Sergio Pastrana , Alice Hutchings, Andrew Caines, Paula Buttery: Characterizing Eve: Analysing Cybercrime Actors in a Large Underground Forum. Research in Attacks, Intrusions and Defences (RAID), Heraklion, Crete, September 2018
Alexander Vetterl, Richard Clayton: Bitter harvest: Systematically fingerprinting low- and medium-interaction honeypots at internet scale. 12th USENIX Workshop on Offensive Technologies (WOOT 18), Baltimore, MD, USA, August 13-14, 2018
Sergei Skorobogatov: Is Hardware Security prepared for unexpected discoveries? 25th International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA-2018), 16-19 July 2018, Singapore. IEEE Xplore 2018
Dionysis Manousakas, Cecilia Mascolo, Alastair R. Beresford, Dennis Chan, Nikhil Sharma: Quantifying Privacy Loss of Human Mobility Graph Topology. In the Proceedings on Privacy Enhancing Technology (PoPETs), 2018(3), pp 5-21
Ross Anderson, Ilia Shumailov, Mansoor Ahmed, Alessandro Rietmann: Bitcoin Redux. 17th Annual Workshop on the Economics of Information, June 2018
Sergei Skorobogatov: Hardware Security implications of Reliability, Remanence and Recovery in Embedded memory. PAINE workshop at Design Automation Conference (DAC-2018), 24th June 2018, San Francisco, USA. Journal of Hardware and Systems Security, Springer 2018
Alice Hutchings: Leaving on a Jet Plane: The trade in fraudulently obtained airline tickets. Crime, Law and Social Change, 70(4), 461-487, 2018
Ross Anderson: Privacy for Tigers. Invited talk at Usenix Security 2018
Sergio Pastrana, Daniel R. Thomas, Alice Hutchings, Richard Clayton: CrimeBB: Enabling Cybercrime Research on Underground Forums at Scale. ACM The Web Conference 2018 (WWW), Lyon, France, April 2018
Laurent Simon, David Chisnall, Ross Anderson: What you get is what you C: Controlling side effects in mainstream C compilers. 3rd IEEE European Symposium on Security and Privacy, April 2018
Ross Anderson, Ilia Shumailov, Mansoor Ahmed: Making Bitcoin Legal. 26th International Workshop on Security Protocols, March 2018
Ross Anderson: Making Security Sustainable. Communications of the ACM, March 2018, Vol. 61 No. 3, pp 24-26
Eireann Leverett, Richard Clayton, Ross Anderson: Standardisation and certification of safety, security and privacy in the 'Internet of Things'. European Union, 20 February 2018
Marios O. Choudary, Markus G. Kuhn: Efficient, portable template attacks. IEEE Transactions on Information Forensics and Security, Vol 13, No 2, February 2018, pp 490-501, DOI 10.1109/TIFS.2017.2757440

2017

Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, Alastair R. Beresford: Ethical issues in research using datasets of illicit origin. ACM Internet Measurement Conference (IMC), 2017
Sergei Skorobogatov: Deep dip teardown of tubeless insulin pump. arXiv:1709.06026, September 2017
Robert N. M. Watson, Peter G. Neumann, Simon W. Moore: Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA), NEW SOLUTIONS FOR CYBERSECURITY, Shrobe H, Shrier D, Pentland A eds., MIT Press/Connection Science: Cambridge MA
Sergei Skorobogatov: How microprobing can attack encrypted memory. Euromicro Conference on Digital System Design, AHSA 2017, 30 August - 1 September 2017, Austria, IEEE Computer Society
Ilias Marinos, Robert N. M. Watson, Mark Handley, Randal Ray Stewart: Disk|Crypt|Net: rethinking the stack for high performance video streaming. ACM SIGCOMM 2017 Conference (SIGCOMM'17). Los Angeles, CA, USA, August 21-25, 2017
Vincent F. Taylor, Alastair R. Beresford, Ivan Martinovic: There are Many Apps for That: Quantifying the Availability of Privacy-Preserving Apps. In the Proceedings of the Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), ACM, 2017
Martin Kleppmann, Alastair R. Beresford: A Conflict-Free Replicated JSON Datatype. In Transactions on Parallel and Distributed Systems (TPDS), IEEE, 2017
Kelly Widdicks, Oliver Bates, Mike Hazas, Adrian Friday, Alastair R. Beresford: Demand Around the Clock: Time Use and Data Demand of Mobile Devices in Everyday Life. In the Proceedings of the International Conference on Computer-Human Interaction (CHI), 2017. ACM
Franck Courbon: An Application of Partial Hardware Reverse Engineering for the Detection of Hardware Trojan. In: Bossuet L., Torres L. (eds) Foundations of Hardware IP Protection, pp 125-148, Springer 2017
A. Hutchings, R. Clayton: Configuring Zeus: A case study of online crime target selection and knowledge transmission. Arizona: eCrime
A. Hutchings, Y. T. Chua: Gendering cybercrime. In T. J. Holt (ed), Cybercrime through an Interdisciplinary Lens, pp 167-188, Oxon: Routledge, 2017
L. Simon: Erasing Secrets from RAM. In the Real World Cryptography Conference (RWC), 2017
Eireann Leverett, Richard Clayton, Ross Anderson: Standardisation and Certification of the 'Internet of Things'. Workshop on the Economics of Information Security 2017
Khaled Baqer, Ross Anderson, Jeunese Adrienne Payne, Lorna Mutegi, Joseph Sevilla: DigiTally: Piloting Offline Payments for Phones, 13th Symposium on Usable Privacy & Security (SOUPS 2017)
Graeme Jenkinson, Lucian Carata, Thomas Bytheway, Ripduman Sohan, Robert N. M. Watson, Jonathan Anderson, Brian Kidney, Amanda Strnad, Arun Thomas, George Neville-Neil: Applying Provenance in APT Monitoring and Analysis: Practical Challenges for Scalable, Efficient and Trustworthy Distributed Provenance. Proceedings of the 9th International Workshop on Theory and Practice of Provenance (TAPP'17). Seattle, Washington, June 2017
David Chisnall, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannouand Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste, Robert Norton, Stacey Son, Michael Roe, Simon W. Moore, Peter G. Neumann, Ben Laurie, Robert N. M. Watson: CHERI JNI: Sinking the Java security model into the C. Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2017). Xi'an, China, 8-12 April, 2017
Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, John Baldwin, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, Hongyan Xia: Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 6). Technical Report UCAM-CL-TR-907, Computer Laboratory, April 2017
Ross Anderson, Khaled Baqer: Reconciling Multiple Objectives - Politics or Markets? Security Protocols 2017
Stephan A. Kollmann, Alastair R. Beresford: The Cost of Push Notifications for Smartphones using Tor Hidden Services. Proceedings of the Workshop on Innovations in Mobile Privacy and Security (IMPS), IEEE, 2017
Daniel R. Thomas, Richard Clayton, Alastair R. Beresford: 1000 days of UDP amplification DDoS attacks. 2017 APWG Symposium on Electronic Crime Research (eCrime)
A. Hutchings, T. J. Holt: The online stolen data market: Disruption and intervention approaches. Global Crime, 18(1), pp 11-30

2016

Franck Gechter, Alastair R. Beresford, Andrew Rice: Reconstruction of Battery Level Curves Based on User Data Collected from a Smartphone. Proceedings of the International Conference on Artificial Intelligence: Methodology, Systems, and Applications, pp 289-298, Springer, 2016
Stephen Cummins, Alastair R. Beresford, Ian Davies, Andrew Rice: Supporting Scalable Data Sharing in Online Education. Proceedings of the 3rd Annual ACM Conference on Learning at Scale (Learning@Scale), pp 97-100, ACM Press, 2016
Stephen Cummins, Ian Davies, Alistair Stead, Alastair R. Beresford, Lisa Jardine-Wright, Andrew Rice: Investigating the Use of Hints in Online Problem Solving. Proceedings of the 3rd Annual ACM Conference on Learning at Scale (Learning@Scale), pp 105-108, ACM Press, 2016
Hamed Haddadi, Rishab Nithyanand, Sheharbano Khattak, Mobin Javed, Narseo Vallina-Rodriguez, Marjan Falahrastegar, Julia E. Powles, Emiliano De Cristofaro, Steven J. Murdoch: The Adblocking Tug-of-War. USENIX ;login: Magazine, Vol. 41, No. 4, Winter 2016
Franck Courbon, Sergei Skorobogatov, Christopher Woods: Reverse engineering Flash EEPROM memories using Scanning Electron Microscopy. Proceedings of the 15th Smart Card Research and Advanced Application Conference (CARDIS 2016), Cannes, France, November 2016
Ionel Gog, Malte Schwarzkopf, Adam Gleave, Robert N. M. Watson, Steven Hand: Firmament: Fast, Centralized Cluster Scheduling at Scale. Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016), Savannah, GA, USA, November 2016
Franck Courbon, Sergei Skorobogatov, Christopher Woods: Direct charge measurement in Floating Gate transistors of Flash EEPROM using Scanning Electron Microscopy. 42nd International Symposium for Testing and Failure Analysis (ISTFA), November 2016
Kat Krol, Sören Preibusch: Control versus Effort in Privacy Warnings for Webforms. In Proc. ACM on Workshop on Privacy in the Electronic Society (WPES 2016), pp. 13-23. Vienna, Austria, 24 October 2016
Robert N. M. Watson, Robert M. Norton, Jonathan Woodruff, Simon W. Moore, Peter G. Neumann, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Michael Roe, Nirav H. Dave, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Ed Maste, Steven J. Murdoch, Colin Rothwell, Stacey D. Son, Munraj Vadera: href="http://doi.org/10.1109/MM.2016.84">Fast Protection-Domain Crossing in the CHERI Capability-System Architecture. IEEE Micro Magazine, September-October 2016
Sergei Skorobogatov: The bumpy road towards iPhone 5c NAND mirroring. arXiv:1609.04327, September 2016
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze,Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael A. Specter, Daniel J. Weitzner: Apple's Cloud Key Vault, Exceptional Access, and False Equivalences. Lawfare, 7 September 2016
T. J. Holt, O. Smirnova, A. Hutchings: Examining signals of trust in criminal markets online. Journal of Cybersecurity, 2(2), pp 137-145
Alice Hutchings, Richard Clayton: Exploring the provision of online booter services. Deviant Behavior, 37(10), pp 1163-1178
Laurent Simon, Wenduan Xu, Ross Anderson: Don't Interrupt Me While I Type: Inferring Text Entered Through Gesture Typing on Android Keyboards. Proceedings of the 16th Privacy Enhancing Technologies Symposium (PETS), July 2016
Rishab Nithyanand, Sheharbano Khattak, Mobin Javed, Narseo Vallina-Rodriguez, Marjan Falahrastegar, Julia E. Powles, Emiliano De Cristofaro, Hamed Haddadi, Steven J. Murdoch: Ad-Blocking and Counter Blocking: A Slice of the Arms Race. Proceedings of the 6th USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2016
Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen Swanson, Steven J. Murdoch, Ian Goldberg: SoK: Making Sense of Censorship Resistance Systems. Proceedings on Privacy Enhancing Technologies, Vol. 2016, No. 4 (PETS), 2016
Khaled Baqer, Johann Bezuidenhoudt, Ross Anderson, Markus Kuhn: SMAPs: Short message authentication protocols. Security Protocols Workshop 2016, Brno, Czech Republic, 7−8 April 2016
Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, Hongyan Xia: Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 5). Technical Report UCAM-CL-TR-891, University of Cambridge, Computer Laboratory, June 2016.
Kayvan Memarian, Justus Matthiesen, James Lingard, Kyndylan Nienhuis, David Chisnall, Robert N. M. Watson, Peter Sewell: Into the depths of C: elaborating the de facto standards. Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2016), Santa Barbara, CA, USA, June 2016. (PLDI 2016 Distinguished Paper award).
Ingolf Becker, Alice Hutchings, Ruba Abu-Salmam, Ross Anderson, Nicholas Bohm, Steven J. Murdoch, M. Angela Sasse, Gianluca Stringhini: International Comparison of Bank Fraud Reimbursement: Customer Perceptions and Contractual Terms. Workshop on the Economics of Information Security (WEIS) 2016
Sophie Van Der Zee, Ross Anderson: When lying feels the right thing to do. Open access journal publication
Alice Hutchings, Richard Clayton, Ross Anderson: Taking down websites to prevent crime. Toronto: eCrime
Alice Hutchings: Cybercrime trajectories: An integrated theory of initiation, maintenance, and desistance. In T. J. Holt (ed), Crime Online: Correlates, Causes, and Context. Durham: Carolina Academic Press, pp 117-140
Khaled Baqer, Danny Yuxing Huang, Damon McCoy, Nicholas Weaver: Stressing Out: Bitcoin "Stress Testing". 3rd Workshop on Bitcoin and Blockchain Research. February 2016
Sheharbano Khattak, David Fifield, Sadia Afroz,Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, Damon McCoy: Do You See What I See? Differential Treatment of Anonymous Users. Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS), 2016
S.J. Murdoch, I. Becker, R. Abu-Salma, R. Anderson, N. Bohm, A. Hutchings, M.A. Sasse, G. Stringhini: Are payment card contracts unfair? Barbados: Financial Cryptography

2015

Sheharbano Khattak, Zaafar Ahmed, Affan A. Syed, Syed Ali Khayam: BotFlex: A community-driven tool for botnet detection. Elsevier Journal of Network and Computer Applications, Volume 58, December 2015, pp 144-154
Martin Kleppmann, Conrad Irwin: Strengthening public key authentication against key theft. Proceedings of the 9th International Conference on Passwords, December 2015
Khilan Gudka, Robert N.M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, Alex Richardson: Clean Application Compartmentalization with SOAAP. Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, CO, USA, October 2015
N. Leontiadis, A. Hutchings: Scripting the crime commission process in the illicit online prescription drug trade. Journal of Cybersecurity, 1(1), pp 81-92
David Modic, Ross Anderson: It's All Over but the Crying: The Emotional and Financial Impact of Internet Fraud. IEEE Security & Privacy Vol.13 No.05 (Sep-Oct 2015) pp 99-103
Daniel R. Thomas, Alastair R. Beresford, Andrew Rice: Security metrics for the Android ecosystem. ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015
Daniel R. Thomas, Alastair R. Beresford, Thomas Coudray, Tom Sutcliffe, Adrian Taylor: The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface. In the Proceedings of the Security Protocols Workshop 2015
Hal Abelson, Ross Anderson Steve Bellovin, Josh Benaloh, Matt Blaze, White Diffie, John Gilmore, Matt Green, Susan Landau, Peter Neumann, Ron Rivest, Jeff Schiller, Bruce Schneier, Michael Specter, Danny Weitzner: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications. MIT CSAIL Tech Report 2015-026 (July 6, 2015); also in Journal of Cybersecurity (2015); abridged version in Communications of the ACM, v 58 no 10 (Oct 2015) (winner of JD Falk award)
Denzil Ferreira, Vassilis Kostakos, Alastair R. Beresford, Janne Lindqvist, Anind K. Dey.: Securacy: An Empirical Investigation of Android Applications' Network Usage, Privacy and Security. In the Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), June 2015
L. Simon, R. Anderson: Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps. In Proceedings of 4th Workshop on Mobile Security Technologies (MoST), May 2015
L. Simon, R. Anderson: Security Analysis of Android Factory Resets. In Proceedings of 4th Workshop on Mobile Security Technologies (MoST), May 2015
Matthew P. Grosvenor, Malte Schwarzkopf, Ionel Gog, Robert N.M. Watson, Andrew Moore, Steven Hand, Jon Crowcroft: Queues don't matter when you can JUMP them! Proceedings of the 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI), Oakland, California, USA, May 2015
Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, Munraj Vadera: CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. Proceedings of the 36th IEEE Symposium on Security and Privacy ("Oakland"), San Jose, California, USA, May 2015.
Robert N. M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Jonathan Woodruff: Bluespec Extensible RISC Implementation: BERI Software Reference. Technical Report UCAM-CL-TR-869, University of Cambridge, Computer Laboratory, April 2015
Robert N.M. Watson, Jonathan Woodruff, David Chisnall, Brooks Davis, Wojciech Koszek, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Robert Norton, Michael Roe: Bluespec Extensible RISC Implementation: BERI Hardware Reference. Technical Report UCAM-CL-TR-868, University of Cambridge, Computer Laboratory, April 2015
Khaled Baqer, Ross Anderson: Do You Believe in Tinker Bell? The Social Externalities of Trust. Protocols Workshop 2015, Springer LNCS 9379 pp 224-246
Sophie van der Zee, Ronald Poppe, Paul Taylor, Ross Anderson: To freeze or not to freeze. Proceedings of the 48th Hawai'i International Conference on System Sciences (HICSS-48), January 2015
Ronald Poppe, Sophie van der Zee, Paul Taylor, Ross Anderson, Remco Veltkamp: Mining Bodily Cues to Deception. Proceedings of the 48th Hawai'i International Conference on System Sciences (HICSS-48), January 2015
Martin Richards, Ross Anderson, Stephen Hinde, Jane Kaye, Anneke Lucassen, Paul Matthews, Michael Parker, Margaret Shotter, Geoff Watts, Susan Wallace, John Wise: The collection, linking and use of data in biomedical research and health care: ethical issues, Nuffield Bioethics Council 2015
A. Hutchings, T. Holt: A crime script analysis of the online stolen data market. British Journal of Criminology, 55(3), 2015, pp 596-614
Robert Brady, Ross Anderson: Maxwell's fluid model of magnetism, Arxiv 1502.05926
Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, Ross Anderson: Be prepared: The EMV pre-play attack. IEEE Security & Privacy, pp 56-64, March 2015
David Chisnall, Colin Rothwell, Brooks Davis, Robert N.M. Watson, Jonathan Woodruff, Simon W. Moore, Peter G. Neumann, Michael Roe: Beyond the PDP-11: Processor support for a memory-safe C abstract machine. Proceedings of Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015), Istanbul, Turkey, March 2015.

2014

Sheharbano Khattak, Laurent Simon, Steven J. Murdoch: Systemization of Pluggable Transports for Censorship Resistance. arXiv:1412.7448, December 2014
Robert N.M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Michael Roe: Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture. Technical Report UCAM-CL-TR-864, University of Cambridge, Computer Laboratory, December 2014.
Kumar Sharad, George Danezis: An Automated Social Graph De-anonymization Technique. Workshop on Privacy in the Electronic Society (WPES 2014), Scottsdale, Arizona, USA, November, 2014
Quentin Stafford-Fraser, Frank Stajano, Chris Warrington, Graeme Jenkinson, Max Spencer, Jeunese Payne: To Have and Have Not: Variations on Secret Sharing to Model User Presence. In Proc. UPSIDE workshop of UBICOMP 2014
Sheharbano Khattak, Mobin Javed, Syed Ali Khayam, Zartash Afzal Uzmi, Vern Paxson: A Look at the Consequences of Internet Censorship Through an ISP Lens. In Proceedings of the 14th ACM SIGCOMM conference on Internet measurement (IMC '14), ACM, Vancouver, BC, Canada, November 2014
Marshall Kirk McKusick, George V. Neville-Neil, Robert N. M. Watson: The Design and Implementation of the FreeBSD Operating System, 2nd Edition. Pearson Education, Boston, MA, USA, September 2014 (to appear)
Ronald Poppe, Sophie Van Der Zee, Dirk K. J. Heylen, Paul J. Taylor: AMAB: Automated Measurement and Analysis of Body Motion. Behavior Research Methods, September 2014, Springer, Volume 46, Issue 3, pp 625-633
Ilias Marinos, Robert N. M. Watson, Mark Handley: Network Stack Specialization for Performance. In Proceedings of ACM SIGCOMM 2014 Conference (SIGCOMM'14), Chicago, IL, USA, August 2014
Ross Anderson, Steven Murdoch: EMV: Why Payment Systems Fail. Communications of the ACM v 57 no 6 (June 2014), pp 24-28
Ross Anderson: Privacy versus government surveillance -- where network effects meet public choice. Workshop on the Economics of Information Security 2014, June 2014
Richard Clayton, Tony Mansfield: A Study of Whois Privacy and Proxy Service Abuse. Workshop on Economics and Information Security (WEIS14), State College PA, USA, June 2014
James Graves, Alessandro Acquisti, Ross Anderson: Experimental Measurement of Attitudes Regarding Cybercrime. Workshop on the Economics of Information Security 2014, June 2014
Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, Michael Roe: The CHERI capability model: Revisiting RISC in an age of risk. Proceedings of the 41st International Symposium on Computer Architecture (ISCA 2014), June 2014, Minneapolis, MN, USA
Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, Ross Anderson: Chip and Skim: cloning EMV cards with the pre-play attack. IEEE Symposium on Security and Privacy ("Oakland"), May, 2014
Omar Choudary, Markus G. Kuhn: Template attacks on different devices. COSADE 2014, Paris, 14–15 April 2014, LNCS
Robert N.M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Michael Roe: Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture. Technical Report UCAM-CL-TR-850, University of Cambridge, Computer Laboratory, April 2014
Robert N.M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Jonathan Woodruff: Capability Hardware Enhanced RISC Instructions: CHERI User's Guide, Technical Report UCAM-CL-TR-851, University of Cambridge, Computer Laboratory, April 2014
Robert N.M. Watson, Jonathan Woodruff, David Chisnall, Brooks Davis, Wojciech Koszek, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Robert Norton, Michael Roe: Bluespec Extensible RISC Implementation: BERI Hardware Reference, Technical Report UCAM-CL-TR-852, University of Cambridge, Computer Laboratory, April 2014
Robert N.M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Jonathan Woodruff: Bluespec Extensible RISC Implementation: BERI Software Reference, Technical Report UCAM-CL-TR-853, University of Cambridge, Computer Laboratory, April 2014
Jonathan Anderson, Robert N M Watson, David Chisnall, Khilan Gudka, Brooks Davis, Ilias Marinos: TESLA: Temporally Enhanced Security Logic Assertions. EuroSys 2014, April 2014
David Modic, Ross Anderson: We Will Make You Like Our Research: The Development of a Susceptibility-to-Persuasion Scale. Social Sciences Research Network (SSRN), April 2014
Frank Stajano, Graeme Jenkinson, Jeunese Payne, Max Spencer, Quentin Stafford-Fraser, Chris Warrington: Bootstrapping Adoption of the Pico Password Replacement System. In Proc. Security Protocols Workshop 2014, Springer LNCS
Graeme Jenkinson, Max Spencer, Chris Warrington, Frank Stajano: I bought a new security token and all I got was this lousy phish? Relay attacks on visual code authentication schemes. In Proc. Security Protocols Workshop 2014, Springer LNCS
Chris Hall, Dongting Yu, Zhu-Li Zhang, Jonathan Stout, Andrew Odlyzko, Andrew Moore, Jean Camp, Kevin Benton, Ross Anderson: Collaborating with the enemy on network management. Security Protocols Workshop 2014
Daniel R. Thomas, Alastair R. Beresford: Better authentication: password revolution by evolution. Security Protocols Workshop 2014
Brooks Davis, Robert Norton, Jonathan Woodruff, Robert N. M. Watson: How FreeBSD Boots: a soft-core MIPS perspective. Proceedings of AsiaBSDCon 2014, March 2014, Tokyo, Japan
David Chisnall: LLVM in the FreeBSD Toolchain. Proceedings of AsiaBSDCon 2014, March 2014, Tokyo, Japan
Tyler Moore, Richard Clayton: The Ghosts of Banking Past: Empirical Analysis of Closed Bank Websites. Eighteenth International Financial Cryptography and Data Security Conference (FC14), March 2014, Barbados
Alice Hutchings: Crime from the keyboard: Organised cybercrime. Crime, Law & Social Change, 2014, 62, (1), pp 1-20
Ross Anderson, Steven Murdoch: Security protocols and evidence: where many payment systems fail. Keynote at Financial Cryptography 2014
Robert Brady, Ross Anderson: Why bouncing droplets are a pretty good model of quantum mechanics. arXiv:1401.4356, January 2014
David Modic, Ross J. Anderson: Reading this may harm your computer: The psychology of malware warnings. SSRN 2374379, January 2014

2013

Omar Choudary, Markus G. Kuhn: Efficient Template Attacks. CARDIS 2013, Berlin, 27–29 November 2013, LNCS 8419, Springer, 2014, pp 253–270
Jonathan Anderson, Frank Stajano: Must Social Networking Conflict with Privacy?. IEEE Security & Privacy 11(3):51-60
Laurent Simon, Ross Anderson: PIN Skimmer: Inferring PINs Through The Camera and Microphone. In Proceedings of 3rd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2013), November 2013, pp 67-78
Kumar Sharad, George Danezis: De-anonymizing D4D Datasets. 6th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2013), Bloomington, Indiana, USA, July 2013
David Modic, Stephen E. G. Lea: Scam Compliance and the Psychology of Persuasion. Social Sciences Research Network (SSRN), June 2014
Markus G. Kuhn: Compromising emanations of LCD TV sets. IEEE Transactions on Electromagnetic Compatibility, Vol. 55, No. 3, pp 564–570, June 2013.
Hyoungshick Kim, Ross Anderson: An Experimental Evaluation of Robustness of Networks. IEEE Systems Journal -- Special Issue on Security and Privacy in Complex Systems, v. 7 no. 2 (June 2013), pp 179-188
Robert Brady, Ross Anderson: Violation of Bell's inequality in fluid mechanics. arXiv 1305.6822, May 2013
William R. Harris, Somesh Jha, Thomas Reps, Jonathan Anderson, Robert N. M. Watson: Declarative, Temporal, and Practical Programming with Capabilities. IEEE Symposium on Security and Privacy ("Oakland"), May, 2013
Wei Ming Khoo, Alan Mycroft, Ross Anderson: Rendezvous: A search engine for binary code. 10th Working Conference on Mining Software Repositories (MSR'13), May 2013
Dongting Yu, Andrew Moore, Chris Hall, Ross Anderson: Authentication for Resilience: The Case of SDN. in Security Protocols Workshop 2013, Springer LNCS 8263, March 2013, pp 39-53
Sören Preibusch, Dorothea Kübler and Alastair R. Beresford: Price versus privacy: an experiment into the competitive advantage of collecting less personal information. Electronic Commerce Research, 13(4):423--455, 2013. Springer
Sören Preibusch, Kat Krol and Alastair R. Beresford: The privacy economics of voluntary over-disclosure in Web forms. In Proceedings of the 11th Workshop on the Economics of Information Security (WEIS), 2012. Post-proceedings published in a book, The Economics of Information Security and Privacy, pp 183--209, 2013. Springer. ISBN 978-3-642-39497-3
Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka, Jonathan Anderson, Peter G. Neumann, Ben Laurie: Towards a theory of application compartmentalisation. Security Protocols Workshop, March, 2013
Robert N. M. Watson: A decade of OS access-control extensibility. Communications of the ACM 56(2), February 2013
Robert Brady, Ross Anderson: Why quantum computing is hard -- and quantum cryptography is not provably secure. arXiv 1301.7351, January 2013
Robert N. M. Watson: A decade of OS access-control extensibility. ACM Queue 11(1), January 2013

2012

Ross Anderson: Security Economics -- A personal perspective. ACSAC 2012, December 2012
Tyler Moore and Richard Clayton: Discovering phishing dropboxes using email metadata. Seventh APWG eCrime Researchers Summit (eCrime), Las Croabas, PR, October 2012
Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, Ross Anderson: Chip and Skim: cloning EMV cards with the pre-play attack. arXiv 0547955, Sep 2012
Sergei Skorobogatov, Christopher Woods: Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic Hardware and Embedded Systems Workshop (CHES-2012), September 2012, LNCS 7428, Springer, ISBN 978-3-642-33026-1, pp 23-40
Khilan Gudka, Robert N. M. Watson, Steven Hand, Ben Laurie, Anil Madhavapeddy: Exploring compartmentalisation hypotheses with SOAAP. Workshop presentation, Adaptive Host and Network Security (AHANS 2012), September, 2012
Ross Anderson: Consultation response on ICO Draft Anonymisation Code of Practice. Foundation for Information Policy Research, August 2012
Rubin Xu, Hassen Saidi, Ross Anderson: Aurasium: Practical Policy Enforcement for Android Applications. 21st Usenix Security Symposium, August, 2012
Richard Clayton: Online traceability: who did that?. Consumer Focus, July 2012, 40pp
Ross Anderson, Chris Barton, Rainer Boehme, Richard Clayton, Michel van Eeten, Michael Levi, Tyler Moore, Stefan Savage: Measuring the Cost of Cybercrime. Workshop on the Economics of Information Security 2012, June 2012
Steven Murdoch, Mike Bond: How Certification Systems Fail: Lessons from the Ware Report. IEEE Security and Privacy, June 2012
Hyoungshick Kim, Wei Ming Khoo, Pietro Lio: Polymorphic attacks against sequence-based software birthmarks. 2nd Software Security and Protection Workshop (SSP'12), June 2012
Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano: The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In Proc. IEEE Symposium on Security and Privacy 2012, San Francisco, CA, USA (Oakland 2012). Extended version: Technical Report UCAM-CL-TR-817
Sergei Skorobogatov, Christopher Woods: In the blink of an eye: There goes your AES key. IACR Cryptology ePrint Archive, Report 2012/296, May 2012
Robert N. M. Watson: New approaches to operating system security extensibility. Technical report UCAM-CL-TR-818, University of Cambridge, Computer Laboratory, April, 2012
Jonathan Anderson, Robert N. M. Watson: Stayin' Alive: Aliveness as an alternative to authentication. Twentieth International Workshop on Security Protocols (SPW), April 2012
Ross Anderson: Risk and privacy implications of consumer payment innovation. Consumer Payment Innovation in the Connected Age, Kansas City Fed, March 2012
Hyoungshick Kim, Ross Anderson: An Experimental Evaluation of Robustness of Networks. IEEE Systems Journal - Special Issue on Security and Privacy in Complex Systems, March 2012
Hyoungshick Kim, Ross Anderson: Social Authentication - harder than it looks. Financial Cryptography 2012 Springer LNCS, vol 7398, pp 1-15, March 2012
Joe Bonneau, Soeren Preibusch, Ross Anderson: A birthday present every eleven wallets? The security of customer-chosen banking PINs. Financial Cryptography 2012 Springer LNCS, vol 7398, March 2012, pp 25-40
Ross Anderson: Ethics Committees and IRBs: Boon, or Bane, or More Research Needed?. Financial Cryptography 2012, Springer LNCS, vol 7398, pp 133-135, March 2012
Steven Smith, Anil Madhavapeddy, Christopher Smowton, Malte Schwarzkopf, Richard Mortier, Robert N.M. Watson, Steven Hand: The Case for Reconfigurable I/O Channels. Workshop paper, Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012), March, 2012
Alastair R. Beresford, Dorothea Kübler, Sören Preibusch: Unwillingness to Pay for Privacy: A Field Experiment. Economics Letters 117(1):25--27, 2012. Elsevier
Oliver Stannard, Frank Stajano: Am I in good company? A privacy-protecting protocol for cooperating ubiquitous computing devices. In Proceedings of Security Protocols Workshop 2012, LNCS 7622
Tyler Moore, Jie Han, Richard Clayton: The Postmodern Ponzi Scheme: Empirical Analysis of High-Yield Investment Programs. Sixteenth International Financial Cryptography and Data Security Conference (FC12), Bonaire, February 2012
Hyoungshick Kim, Ross Anderson: Temporal node centrality in complex networks. Phys Rev E v 85 026107 (2012)
Hyoungshick Kim, John Tang, Cecilia Mascolo, Ross Anderson: Centrality prediction in dynamic human contact networks. Computer Networks v 56, Special issue on Complex Dynamic Networks: Tools and Methods (2012), pp 983-996
Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway: A taste of Capsicum: practical capabilities for UNIX. In Communications of the ACM 55(3), pp. 97-104, 2012
Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Philip Paeps, Michael Roe, Hassen Saidi: CHERI: a research platform deconflating hardware virtualization and protection. Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE), 2012.
Joseph Bonneau, Sören Preibusch, Ross Anderson: Human selection and management of PINs. FC '12: Proceedings of the the Sixteenth International Conference on Financial Cryptography, 2012

2011

Jonathan Anderson, Frank Stajano, Robert N. M. Watson: How to keep bad papers out of conferences (with minimum reviewer effort). In Proceedings of the Nineteenth International Workshop on Security Protocols, 2011, Springer LNCS 7114
Hyoungshick Kim, Jaehoon Jeong: RAD: Recipient-Anonymous Data Delivery based on Public Routing Proxies. Computer Networks, 2011
Jonathan Anderson, Frank Stajano: Psychic Routing: Upper Bounds on Routing in Private DTNs. Proceedings of HotPETs 2011
Sergei Skorobogatov: Physical Attacks and Tamper Resistance. Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
Markus G. Kuhn: Compromising emanations of LCD TV sets. IEEE International Symposium on Electromagnetic Compatibility (EMC 2011), Long Beach, California, August 14–19, 2011, pp. 931–936, ISBN 978-1-4577-0811-4.
Ross Anderson: Can We Fix the Security Economics of Federated Authentication? Security Protocols Workshop 2011
Ross Anderson, Tyler Moore: Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research. Harvard University Computer Science Group technical report TR-03-11, 2011
Steven J. Murdoch: Wall 2.0. The European, 13 August 2011
Chris Hall, Ross Anderson, Richard Clayton, Evangelos Ouzounis, Panagiotis Trimintzios: Resilience of the Internet Interconnection Ecosystem. Tenth Annual Workshop on Economics and Information Security (WEIS11), Fairfax VA, US, June 4-15 2011
Panagiotis Trimintzios, Chris Hall, Richard Clayton, Ross Anderson, Evangelos Ouzounis: Resilience of the Internet Interconnection Ecosystem. European Network and Information Security Agency, April 2011
Sergei Skorobogatov: Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Ed: Cetin K. Koc, Vol. 1, Issue 1, Springer, April 2011, pp 71-77
Tyler Moore, Richard Clayton: Ethical Dilemmas in Take-down Research. Second Workshop on Ethics in Computer Security Research (WECSR 2011), St Lucia, 4 March 2011
Omar Choudary, Frank Stajano: Make noise and whisper: a solution to relay attacks. International Workshop on Security Protocols, March 2011, Cambridge UK. Springer, LNCS, vol. 7114
Frank Stajano: Pico: No more passwords!. In Proceedings of Security Protocols Workshop 2011, Springer LNCS 7114
Ross Anderson, Mike Bond, Omar Choudary, Steven Murdoch, Frank Stajano: Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV. Financial Cryptography and Data Security 2011, St. Lucia, 28 February-04 March 2011. Springer, LNCS vol. 7035
Alastair R. Beresford, Andrew Rice, Nicholas Skehin, Ripduman Sohan: MockDroid: trading privacy for application functionality on smartphones. In Proceedings of the 11th Workshop on Mobile Computing Systems and Applications (HotMobile), pp 49--54, March 2011. ACM Press
Frank Stajano, Paul Wilson: Understanding scam victims: Seven principles for systems security. Communications of the ACM 54(3):70-75
Tyler Moore, Richard Clayton: The Impact of Public Information on Phishing Attack and Defense. Communications & Strategies, 81, 2011, pp 45-68
Richard Clayton: Might governments clean up malware? Communications & Strategies, 81, 2011, pp 87-104
Ji Won Yoon, Hyoungshick Kim: A Perfect Collision-free Pseudonym System. IEEE Communications Letters, 2011
Hyoungshick Kim, Jun Ho Huh: Detecting DNS Poisoning Based Phishing Attacks from their Network Performance Characteristics. ET Electronics Letters, 2011
Wei Ming Khoo, Pietro Lio: Unity in diversity: Phylogenetic-inspired techniques for reverse engineering and detection of malware families. 1st SysSec Workshop, 2011
Sören Preibusch, Joseph Bonneau: The privacy landscape: product differentiation on data collection. WEIS'11: Proceedings of the Tenth Workshop on the Economics of Information Security, 2011

2010

Peter G. Neumann, Robert N. M. Watson: Capabilities Revisied: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems. In proceedings of the Fourth Annual Layered Assurance Workshop, Austin, Texas, December 2010
Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway: Introducing Capsicum: practical capabilities for UNIX. In USENIX Magazine, December 2010, Vol. 35, Number 6
Ross Anderson, Frank Stajano: It's the Anthropology, Stupid!. In proceedings of Security Protocols Workshop 2010, LNCS 7061
Ross Anderson, Shailendra Fuloria: On the security economics of electricity metering. Workshop on the Economics of Information Security (WEIS 10)
Ross Anderson, Shailendra Fuloria, Kevin McGrath, Kai Hansen, Fernando Alvarez: Key Management for Substations: Symmetric Keys, Public Keys or No Keys? IEEE PSCE
Laurel D. Riek, Robert N. M. Watson: The Age of Avatar Realism: When seeing shouldn't be believing. IEEE Robotics and Automation (2010). Vol. 17, Issue 4, pp 37-42
Ross Anderson, Shailendra Fuloria: Who controls the off switch? IEEE SmartGridComm (NIST, October 2010)
Sergei Skorobogatov: Flash Memory 'Bumping' Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), August 2010, LNCS 6225, Springer-Verlag, ISBN 3-642-15030-6, pp 158-172
Sergei Skorobogatov: Optical Fault Masking Attacks. 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010), August 2010, Santa Barbara, USA. IEEE-CS Press, ISBN 978-0-7695-4169-3, pp 23-29
Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway: Capsicum: practical capabilities for UNIX. In Proceedings of the 19th USENIX Security Symposium (August 2010)
Claudia Diaz, Steven J. Murdoch, Carmela Troncoso: Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks. 10th Privacy Enhancing Technologies Symposium (PETS 2010), Berlin, Germany, 21-23 July 2010
Richard Clayton: On the difficulty of counting spam sources. Seventh Conference on Email and Anti-Spam (CEAS 2010), Redmond WA, USA, July 13-14 2010
Richard Clayton: Might governments clean up malware? Ninth Annual Workshop on Economics and Information Security (WEIS10), Cambridge MA, US, June 7-8 2010
Joseph Bonneau, Sören Preibusch: The password thicket: technical and market failures in human authentication on the web. WEIS 2010: The Ninth Workshop on the Economics of Information Security, Boston, MA, USA, June 7 2010
Ji Won Yoon, Hyoungshick Kim, Jun Ho Huh: Hybrid Spam Filtering for Mobile Communication. Computers & Security, Vol. 29, No. 4, pp 446-459, June 2010
Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond: Chip and Pin is Broken. 2010 IEEE Symposium on Security and Privacy, Oakland, CA, US, 16-19 May 2010, pp 433-444
Saad Aloteibi, Frank Stajano: On the value of hybrid security testing. In Proceedings of Security Protocols Workshop 2010, LNCS 7061
Jonathan Anderson, Frank Stajano: On storing private keys in the cloud. In Proceedings of Security Protocols Workshop 2010, LNCS 7061
Bruce Christianson, Alex Shafarenko, Frank Stajano, Ford-Long Wong: Relay-proof channels using UWB lasers. In Proceedings of Security Protocols Workshop 2010, LNCS 7061
Hyoungshick Kim, Jun Ho Huh, Ross Anderson: On the Security of Internet Banking in South Korea. Technical Report RR-10-01, University of Oxford Computing Laboratory, February 2010
Frank Stajano, Neil Hoult, Ian Wassell, Peter Bennett, Campbell Middleton, Kenichi Soga: Smart Bridges, Smart Tunnels: Transforming Wireless Sensor Networks from Research Prototypes into Robust Engineering Infrastructure. Elsevier Ad Hoc Networks 8(8):872-888, February 2010
Frank Stajano, William Harris: Romantic Cryptography. Journal of Craptology, vol 7, February 2010
Karsten Loesing, Steven J. Murdoch, Roger Dingledine: A Case Study on Measuring Statistical Data in the Tor Anonymity Network. Workshop on Ethics in Computer Security Research, Tenerife, Canary Islands, 28 January 2010
Steven Murdoch, Ross Anderson: Verified by VISA and MasterCard SecureCode: or, How Not to Design Authentication. Financial Cryptography and Data Security, Tenerife, Canary Islands, 25-28 January 2010
Joseph Bonneau, Mike Just, Greg Matthews: What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions. FC'10: The Fourteenth International Conference on Financial Cryptography and Data Security, Tenerife, Spain, Jan 25 2010
Tyler Moore and Richard Clayton: How hard can it be to measure phishing? Mapping and Measuring Cybercrime, Oxford, UK, 22 January 2010
Jonathan Anderson, Joseph Bonneau and Frank Stajano: Inglourious Installers: Security in the Application Marketplace. Ninth Workshop on the Economics of Information Security (WEIS), 2010
Jonathan Anderson and Frank Stajano: On Storing Public Keys in the Cloud. Eighteenth International Workshop on Security Protocols, 2010
Andrew B. Lewis, Markus G. Kuhn: Exact JPEG recompression. IS&T/SPIE Electronic Imaging, 17–21 January 2010, San Jose, California, USA.
Frank Stajano, Ford-Long Wong, Bruce Christianson: Multichannel protocols to prevent relay attacks. In proceedings of Financial Cryptography 2010, Springer, LNCS 6054
Steven J. Murdoch: Destructive Activism: The Double-Edged Sword of Digital Tactics. In Digital Activism Decoded: The New Mechanics of Change, Mary Joyce, ed., (New York: iDebate Press), 2010
Frank Stajano: Security Issues in Ubiquitous Computing. Book chapter in Hideyuki Nakashima, Hamid Aghajan and Juan Carlos Augusto, eds., Handbook of Ambient Intelligence and Smart Environments, Springer, 2010, pp 281-314

2009

Saar Drimer, Steven Murdoch, Ross Anderson: Failures of Tamper-Proofing in PIN Entry Devices. IEEE Security and Privacy, Volume 7, Number 6 (Nov-Dec 09), pp 39-45
Hyoungshick Kim, Joseph Bonneau: Privacy-Enhanced Public View for Social Graphs. The Second ACM Workshop on Social Web Search and mining (SWSM 2009), Hong Kong, China, November 2009, ACM.
Frank Stajano: Privacy in the era of genomics. ACM netWorker, 13:4, Winter 2009
Andrew B. Lewis, Markus G. Kuhn: Towards copy-evident JPEG images. Digitale Multimedia-Forensik, 39. Jahrestagung der Gesellschaft für Informatik 2009, Lübeck, Germany, GI-Edition: Lecture Notes in Informatics, Volume P154, pp 171; 1582–91
Saar Drimer, Markus G. Kuhn: A Protocol for Secure Remote Updates of FPGA Configurations. In J. Becker et al. (Eds.): ARC 2009, LNCS 5453, 2009, pp 50–61
Sergei Skorobogatov: Using Optical Emission Analysis for Estimating Contribution to Power Analysis. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), September 2009, Lausanne, Switzerland. IEEE-CS Press, ISBN 978-0-7695-3824-2, pp 111-119
Ross Anderson, Shailendra Fuloria: Certification and Evaluation: A Security Economics Perspective. IEEE Emerging Technologies and Factory Automation (Sep 2009)
Bogdan A. Roman, Ioannis Chatzigeorgiou, Ian J. Wassell, Frank Stajano: Evaluation of Multi-Carrier Burst Contention and IEEE 802.11 with Fading During Channel Sensing. In Proc. 20th IEEE International Symposium on Personal Indoor Mobile Radio Communications, PIMRC'09, September 2009
Hyoungshick Kim: A Spatial Cloaking Framework based on Range Search for Nearest Neighbor Search. The Fourth Workshop on Data Privacy Management (DPM 09), St-Malo, France, September 2009. LNCS, Springer-Verlag.
Frank Stajano, Paul Wilson: Understanding scam victims: Seven principles for systems security. Technical report UCAM-CL-TR-754, August 2009
Jonathan Anderson, Claudia Diaz, Joseph Bonneau and Frank Stajano: Privacy-Enabling Social Networking Over Untrusted Networks. In Proc. 2nd ACM SIGCOMM Workshop on Online Social Networks (WOSN 2009), Barcelona, Spain, August 2009
Frank Stajano: Foot-driven computing: our first glimpse of location privacy issues. ACM SIGSPATIAL 1(2):28-32, Special Issue on Privacy and Security of Location-Based Systems, July 2009
Jonathan Anderson, Joseph Bonneau, Frank Stajano: Security APIs for Online Applications. In Proc. 3rd International Workshop on Analysis of Security APIs, July 2009
Sergei Skorobogatov: Local Heating Attacks on Flash Memory Devices. 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009), July 2009, San Francisco, CA, USA. IEEE Xplore, ISBN 978-1-4244-4804-3
Richard Clayton: How much did shutting down McColo help? Sixth Conference on Email and Anti-Spam (CEAS 2009), Mountain View CA, USA, 16-17 July 2009
Luke Church, Jonathan Anderson, Joseph Bonneau, Frank Stajano: Privacy Stories: Confidence in Privacy Behaviors through End User Programming (poster). In Proc. 5th ACM Symposium on Usable Privacy and Security (SOUPS 2009), Mountain View, CA, USA, July 2009
Richard Clayton: Internet Multi-Homing Problems: Explanations from Economics. Eighth Annual Workshop on Economics and Information Security (WEIS09), London, UK, 24-25 June 2009
Joseph Bonneau, Sören Preibusch: The Privacy Jungle: On the Market for Privacy in Social Networks. WEIS 2009: The Eighth Workshop on the Economics of Information Security, London, UK, 24 June 2009
R.G. Clegg, M.S. Withall, A.W. Moore, I.W. Phillips, D.J. Parish, M. Rio, R. Landa, H. Haddadi, K. Kyriakopoulos, J. Auge, R. Clayton and D.Salmon: Challenges in the capture and dissemination of measurements from high-speed networks. IET Communications, 3(6), June 2009, pp 957-966
Ji Won Yoon, Hyoungshick Kim: A New Collision-free Pseudonym Scheme in Mobile Ad Hoc Networks. The Fifth Workshop on Resource Allocation, Cooperation and Competition in Wireless Networks (RAWNET/WNC3 09), Seoul, Korea, June 2009, IEEE Press.
Tyler Moore, Richard Clayton and Henry Stern: Temporal Correlations between Spam and Phishing Websites. 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET09). Boston, MA, USA, 21 April 2009
Ross Anderson, Ian Brown, Terri Dowty, Philip Inglesant, William Heath, Angela Sasse : Database State. Joseph Rowntree Reform Trust, March 2009
Shishir Nagaraja, Ross Anderson: The snooping dragon: social-malware surveillance of the Tibetan movement. University of Cambridge technical report UCAM-CL-TR-746, March 2009
Tyler Moore and Richard Clayton: Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing. In: Roger Dingledine and Philippe Golle, editors, 13th International Financial Cryptography and Data Security Conference (FC09), Barbados, February 23-26, 2009, LNCS 5628, Springer-Verlag, pp 256-272
Ross Anderson: Cambridge University - the Unauthorised History. January 2009
Joseph Bonneau, Jonathan Anderson and George Danezis: Prying Data Out of a Social Network. Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining, 2009
Jonathan Anderson, Frank Stajano: Not That Kind of Friend: Misleading Divergences Between Online Social Networks and Real-World Social Protocols. In Proc. 17th International Workshop on Security Protocols, Springer LNCS 7028, April 2009
Tyler Moore, Richard Clayton, Ross Anderson: The Economics of Online Crime. Journal of Economic Perspectives v 23 no 3 (2009) pp 3-20
Ross Anderson, Tyler Moore: Information security: where computer science, economics and psychology meet. Philosophical Transactions of the Royal Society v 367 no 1898 pp 2717-2727
Ross Anderson, Shailendra Fuloria: Security Economics and Critical National Infrastructure. WEIS 2009
Joseph Bonneau, Jonathan Anderson, Frank Stajano, Ross Anderson: Eight Friends Are Enough: Social Graph Approximation via Public Listings. In Proceedings of SocialNets 2009: The Second ACM Workshop on Social Network Systems, Nurembeg, Germany, 31 March 2009
Sören Preibusch, Alastair R. Beresford: Establishing Distributed Hidden Friendship Relations. Security Protocols XVII. LNCS 7028:321--334, 2009. Springer
Saar Drimer, Steven Murdoch, Ross Anderson: Optimised to Fail: Card Readers for Online Banking. Financial Cryptography and Data Security 09, Rockley, Barbados. Springer LNCS 5628, pp 184-200
Steven J. Murdoch: Reliability of Chip & PIN evidence in banking disputes. Digital Evidence and Electronic Signature Law Review, Volume 6, pages 98-115, ISSN 1756-4611, 2009

2008

Tyler Moore, Richard Clayton: The Consequence of Non-Cooperation in the Fight Against Phishing. Third APWG eCrime Researchers Summit, Atlanta GA, USA, 15-16 October 2008
Frank Stajano, Lucia Bianchi, Pietro Liò, Douwe Korff: Forensic Genomics: Kin Privacy, Driftnets and Other Open Questions. In Proc. ACM Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, USA, 27 October 2008
Dave Singelée, Ford-Long Wong, Bart Preneel, Frank Stajano: A Theoretical Model for Location Privacy in Wireless Personal Area Networks. KU-Leuven COSIC internal report no 1176, 2008
Richard Clayton: Do Zebras get more Spam than Aardvarks? Fifth Conference on Email and Anti-Spam (CEAS 2008), Mountain View CA, USA, 21-22 August 2008
Sebastian Zander, Steven J. Murdoch: An Improved Clock-skew Measurement Technique for Revealing Hidden Services. 17th USENIX Security Symposium, San Jose, CA, USA, 28 July-01 August 2008
Steven J. Murdoch, Robert N. M. Watson: Metrics for Security and Performance in Low-Latency Anonymity Systems. 8th Privacy Enhancing Technologies Symposium (PETS 2008), Leuven, Belgium, 23-25 July 2008
Tyler Moore, Richard Clayton: The Impact of Incentives on Notice and Take-down. Seventh Annual Workshop on Economics and Information Security (WEIS08), Dartmouth NH, USA, 25-28 June 2008. In: M. Eric Johnson, Ed: Managing Information Risk and the Economics of Security, pp 199-223, Springer, New York, 2008
Steven J. Murdoch: On the Origins of a Thesis. International Workshop on Security and Trust Management, Trondheim, Norway, 16-17 June 2008
Saar Drimer, Steven J. Murdoch, Ross Anderson: Thinking Inside the Box: System-level Failures of Tamper Proofing. 2008 IEEE Symposium on Security and Privacy, Oakland, CA, US, 18-21 May 2008
Frank Stajano, Richard Clayton: Cyberdice: peer-to-peer gambling in the presence of cheaters. Security Protocols Workshop 2008. Cambridge, UK, 16-18 April 2008
Gerhard P. Hancke, Markus G. Kuhn: Attacks on Time-of-Flight Distance Bounding Channels. ACM Conference on Wireless Network Security (WiSec), March 31–April 2, 2008, Alexandria, Virginia, USA
Ross Anderson: Security Engineering - A Guide to Building Dependable Distributed Systems. Second edition, Wiley (April 2008), ISBN 978-0-470-06852-6
Steven J. Murdoch: Hardened Stateless Session Cookies. Sixteenth International Workshop on Security Protocols, Cambridge, UK, 16-18 April 2008
Frank Stajano, Dan Cvrcek, Matt Lewis: Steel, Cast Iron and Concrete: Security Engineering for Real World Wireless Sensor Networks. Proc. Applied Cryptography and Network Security conference (ACNS 2008), Springer LNCS 5037, pp 460-478
Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore: Security Economics and the Internal Market. European Network and Information Security Agency, March 2008
Bogdan Roman, Frank Stajano, Ian Wassell, David Cottingham: Multi-Carrier Burst Contention (MCBC): Scalable Medium Access Control for Wireless Networks. Proc. IEEE Wireless Communications and Networking Conference 2008 (WCNC'08), Las Vegas, March 2008
Ross Anderson: Patient Confidentiality and Central Databases. British Journal of General Practice v 58 no 547 (Feb 2008) pp 75-76
Tyler Moore and Richard Clayton: Evaluating the Wisdom of Crowds in Assessing Phishing Websites. In: Gene Tsudik (Ed): Financial Cryptography and Data Security, 12th International Financial Cryptography and Data Security Conference (FC08), Cozumel, Mexico, 28-31 January 2008, volume 5143 of LNCS, pp 16-30, Springer Berlin/Heidelberg
Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore: Security Economics and European Policy. Workshop on the Economics of Information Security (WEIS 08); and in ISSE 2008, Vieweg-Teubner pp 57-76
Saar Drimer, Steven Murdoch, Ross Anderson: Thinking inside the box: system-level failures of tamper proofing. Computer Lab Technical Report UCAM-CL-TR-711
Tyler Moore, Maxim Raya, Jolyon Clulow, Panagiotis Papadimitratos, Ross Anderson, Jean-Pierre Hubaux: Fast exclusion of errant devices from vehicular networks. Fifth Annual IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON 08)
Ross Anderson, N. Bohm: FIPR submission to the Hunt Review of the Financial Ombudsman Service.
Steven Murdoch, Ross Anderson: Tools and Technology of Internet Filtering. In Access Denied: The Practice and Policy of Global Internet Filtering, Ronald Deibert, John Palfrey, Rafal Rohozinski, Jonathan Zittrain, eds., (Cambridge: MIT Press), 2008, pp 57-72
Tyler Moore, Ross Anderson: How brain type influences online safety. Workshop on Security and Human Behaviour, 2008

2007

Steven Murdoch, Ross Anderson: Shifting Borders. Index on Censorship, December 2007
George Danezis and Richard Clayton: Introducing Traffic Analysis. In: Alessandro Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis, Sabrina di Vimercati (Editors): Digital Privacy: Theory, Technologies, and Practices, Auerbach Publications, November 2007
Ford Long Wong, Frank Stajano: Multichannel Security Protocols. IEEE Pervasive Computing, Special Issue on Security and Privacy, October-December 2007, 6(4):31-39
Tyler Moore and Richard Clayton: Examining the Impact of Website Take-Down on Phishing. Second APWG eCrime Researchers Summit, Pittsburgh PA, USA, 4-5 October 2007
Richard Clayton, Steven J. Murdoch, Robert N. M. Watson: Ignoring the Great Firewall of China. A Journal of Law and Policy for the Information Society, Volume 3, Issue 2, Fall 2007
Richard Clayton: Email Traffic: a quantitative snapshot. Fourth Conference on Email and Anti-Spam (CEAS 2007), Mountain View CA, USA, 2-3 August 2007
Tyler Moore and Richard Clayton: An Empirical Analysis of the Current State of Phishing Attack and Defence. Sixth Annual Workshop on Economics and Information Security (WEIS07), Pittsburgh PA, USA, 7-8 June 2007
Ford-Long Wong, Hoon Wei Lim: Identity-Based and Inter-Domain Password Authenticated Key Exchange for Lightweight Clients. Third IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS-07), Niagara Falls, Canada, 21-23 May 2007, IEEE Press.
Ford-Long Wong, Min Lin, Shishir Nagaraja, Ian Wassell, Frank Stajano: Evaluation Framework of Location Privacy of Wireless Mobile Systems with Arbitrary Beam Pattern. Proc. Fifth Annual Conference on Communication Networks and Services Research (CSNR 2007), Fredericton, New Brunswick, Canada, May 2007, IEEE Communications Society and ACM
Ross Anderson: Closing the Phishing Hole - Fraud, Risk and Nonbanks. Nonbanks in the Payment System, Santa Fe, NM, May 2007
Richard Clayton: Can CLI be trusted? Information Security Technical Report, Elsevier. 12(2), 2007, pp 74-79
Kasim Rehman, Frank Stajano, George Coulouris: An Architecture for Interactive Context-Aware Applications. IEEE Pervasive Computing 6(1):73-80, January 2007
Shishir Nagaraja, Ross Anderson: Dynamic topologies for robust and scale-free networks. Bio-inspired Computing and Communication (2007), Springer LNCS v 5151 pp 411-426
Ross Anderson: RFID and the Middleman. Proceedings of the Eleventh International Conference on Financial Cryptography and Data Security, February 2007, Springer LNCS v 4886 pp 46-49.
Robert N. M. Watson: Exploiting Concurrency Vulnerabilities in System Call Wrappers. In Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT) 2007
Ross Anderson, Tyler Moore, Shishir Nagaraja, Andy Ozment: Incentives and Information Security. Book chapter in Algorithmic Mechanism Design, CUP 2007, pp 633-649
Ross Anderson, Tyler Moore: Information Security Economics - and Beyond. Advances in Cryptology - Crypto 2007, Springer LNCS 4622, pp 68-91
Tyler Moore, Jolyon Clulow, Shishir Nagaraja, Ross Anderson: New Strategies for Revocation in Ad-Hoc Networks. ESAS 2007, Springer LNCS 4572 pp 232-246
Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Ross Anderson, Ron Rivest: On the Security of the on EMV Secure Messaging API. Security Protocols 2007

2006

Ross Anderson: Under threat: patient confidentiality and NHS computing. Drugs and Alcohol Today v 6 no 4 (December 2006) pp 13-17
Ross Anderson, Ian Brown, Richard Clayton, Terri Dowty, Douwe Korff, Eileen Munro: Children's Databases - Safety and Privacy. Information Commissioner's Office, November 2006
Sergei Skorobogatov: Optically Enhanced Position-Locked Power Analysis. Cryptographic Hardware and Embedded Systems Workshop (CHES-2006), LNCS 4249, Springer-Verlag, ISBN 3-540-46559-6, pp 61-75
Joonwoong Kim, Alastair Beresford, Frank Stajano: Towards a Security Policy for Ubiquitous Healthcare Systems. Proc. First International Conference on Ubiquitous Convergence Technology (ICUCT 2006), LNCS 4412, Jeju, Korea, December 2006
Ross Anderson, Tyler Moore: The Economics of Information Security. Science v 314 no 5799, 27 October 2006, pp 610-613
Feng Hao, Ross Anderson, John Daugman: Combining crypto with biometrics effectively. IEEE Transactions on Computers, Vol. 55, No. 9, pp 1081-1088, September 2006
Jolyon Clulow, Gerhard P. Hancke, Markus G. Kuhn, Tyler Moore: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. European Workshop on Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), Hamburg, Germany, 20-21 September 2006, LNCS 4357
George Danezis and Richard Clayton: Route Fingerprinting in Anonymous Communications. Sixth IEEE International Conference on Peer-to-Peer Computing, Cambridge UK, 6-8 September 2006
Richard Clayton: Using Early Results from the 'spamHINTS' Project to Estimate an ISP Abuse Team's Task. Third Conference on Email and Anti-Spam (CEAS 2006), Mountain View CA, USA, 28-29 July 2006
Richard Newman, Sherman Gavette, Larry Yonge, Ross Anderson: Protecting Domestic Power-line Communications. Symposium On Usable Privacy and Security, CMU (July 12-14) 2006 pp 122-132
Richard Clayton: The Rising Tide: DDoS by Defective Designs. Second Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'06), San Jose CA, USA, 7 July 2006
Mike Bond, George Danezis: A pact with the Devil. Technical Report UCAM-CL-TR-666, University of Cambridge Computer Laboratory, June 2006
Markus Kuhn: Eavesdropping attacks on computer displays. Invited talk, 7th Information Security Summit, Prague, 24–25 May 2006, pp.143–153, ISBN 80-86813-08-8
Feng Hao, Piotr Zieliński: A 2-round anonymous veto protocol. 14th International Workshop on Security Protocols, Cambridge, April 2006, LNCS, Springer-Verlag
Huiyun Li: Security evaluation at design time for cryptographic hardware. Technical Report UCAM-CL-TR-665, University of Cambridge Computer Laboratory, April 2006
Alastair R. Beresford, Jonathan J. Davies, Robert K. Harle: Privacy-Sensitive Congestion Charging. In Proceedings of the Fourteenth International Workshop on Security Protocols, LNCS 5087: pp 97-104, 2006. Springer
Matthew Johnson, Frank Stajano: Usability of Security Management: Defining the Permissions of Guests. Proc. 14th Security Protocols Workshop, LNCS 5087, Cambridge, UK, March 2006
Ford-Long Wong, Frank Stajano: Multi-channel Protocols for Group Key Agreement in Arbitrary Topologies. 3rd IEEE International Workshop on Pervasive Computing and Communication Security (PerSec 2006), IEEE Press, Pisa, Italy, March 2006
Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Steven Murdoch, Ross Anderson, Ron Rivest: Phish and Chips. Security Protocols Workshop, Mar 2006, Springer LNCS vol 5087 pp 40-48
Richard Clayton, Steven J. Murdoch, Robert N. M. Watson: Ignoring the Great Firewall of China. In Proceedings, Privacy Enhancing Technologies Workshop 2006, Cambridge, UK
Alastair R. Beresford: Privacy issues in geographic information technologies. Published in a book by Springer, Frontiers of Geographic Information Technology, pp 257-277, 2006. ISBN 3-540-25685-7
Ross Anderson, Mike Bond, Steven Murdoch: Chip and Spin. Computer Security Journal v 22 no 2 (2006) pp 1-6
Hyun-Jin Choi: Security protocol design by composition. Technical Report UCAM-CL-TR-657, University of Cambridge Computer Laboratory, January 2006.
Robert N. M. Watson, Wayne Salamon: TrustedBSD OpenBSM: Open Source Security Audit Framework. In Proceedings, 2006 UKUUG Spring Conference, Durham, UK
Ross Anderson: Healthcare IT in Europe and North America. National Audit Office, 2006

2005

Pablo Vidales, Javier Baliosian, Joan Serrat, Glenford Mapp, Frank Stajano, Andy Hopper: Autonomic System for Mobility Support in 4G Networks. IEEE Journal On Selected Areas In Communications (JSAC) 23(12):2288-2304, December 2005
Richard Clayton: Anonymity and Traceability in Cyberspace. Technical Report UCAM-CL-TR-653, University of Cambridge Computer Laboratory, November 2005
Kasim Rehman, Frank Stajano, George Coulouris: Visually Interactive Location-Aware Computing. Proc 7th Intl Conf on Ubiquitous Computing (UbiComp 2005), Tokyo, Japan, LNCS 3660, 2005
Frank Stajano: RFID is X-ray vision. Communications of the ACM 48(9):31-33, September 2005
Steven J. Murdoch, George Danezis: Low-Cost Traffic Analysis of Tor. Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland, California, USA, 8-11 May 2005.
Markus G. Kuhn: Security Limits for Compromising Emanations. J.R. Rao, B. Sundar (Eds.): Workshop on Cryptographic Hardware and Embedded Systems (CHES 2005), 29 August - 1 September 2005, Edinburgh, Scotland, LNCS 3659, pp. 265-279.
Gerhard P. Hancke, Markus G. Kuhn: An RFID Distance Bounding Protocol. IEEE SecureComm 2005, Athens, Greece, 5-9 September 2005, IEEE Computer Society, pp. 67-73, ISBN 0-7695-2369-2.
Markus G. Kuhn: “Compromizing emanations”, “Data remanence”, “Smartcard tamper resistance”, “TEMPEST”. Entries in Henk C.A. van Tilborg (ed.): Encyclopedia on Cryptography and Security, Springer, 2005, ISBN 0-387-23473-X.
Andrei Serjantov, Steven J. Murdoch: Message Splitting Against the Partial Adversary. Proceedings of the 5th Workshop on Privacy Enhancing Technologies, Dubrovnik (Cavtat), Croatia, 30 May – 1 June 2005.
Steven J. Murdoch, Stephen Lewis: Embedding Covert Channels into TCP/IP. Proceedings of the 7th Information Hiding Workshop, Barcelona, Catalonia (Spain), 6 – 8 June 2005, LNCS 3727, pp. 247 – 261.
Sergei Skorobogatov: Semi-invasive attacks – A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge Computer Laboratory, April 2005.
John Daugman: Results from 200 billion iris cross-comparisons. Technical Report UCAM-CL-TR-635, University of Cambridge Computer Laboratory, June 2005.
Shishir Nagaraja, Ross Anderson: The topology of covert conflict. Technical Report UCAM-CL-TR-637, University of Cambridge Computer Laboratory, July 2005.
Piotr Zieliński: Optimistic Generic Broadcast. Technical Report UCAM-CL-TR-638, University of Cambridge Computer Laboratory, July 2005.
Feng Hao, Ross Anderson, John Daugman: Combining cryptography with biometrics effectively. Technical Report UCAM-CL-TR-640, University of Cambridge Computer Laboratory, July 2005.
Ross Anderson, Mike Bond, Jolyon Clulow, Sergei Skorobogatov: Cryptographic processors &ndash a survey. Technical Report UCAM-CL-TR-641, University of Cambridge Computer Laboratory, August 2005.
Frank Stajano: RFID is X-ray vision. Technical Report UCAM-CL-TR-645, University of Cambridge Computer Laboratory, August 2005.
Richard Clayton: Anonymity and traceability in cyberspace. Technical Report UCAM-CL-TR-653, University of Cambridge Computer Laboratory, November 2005.
Richard Clayton: Stopping Outgoing Spam by Examining Incoming Server Logs. Second Conference on Email and Anti-Spam (CEAS 2005), Stanford CA, USA, July 21-22 2005.
Andrei Serjantov, Richard Clayton: Modelling Incentives for Email Blocking Strategies. Fourth Annual Workshop on Economics and Information Security, WEIS05, Boston MA, USA, June 2--3 2005.
Matthew Johnson, Frank Stajano: Implementing a multi-hat PDA. Proc. Security Protocols Workshop 2005, LNCS 4631
Richard Clayton: Failures in a Hybrid Content Blocking System. Fifth Privacy Enhancing Technologies Workshop, PET 2005, Dubrovnik, Croatia, May 30--June 1 2005.
Richard Clayton: Insecure Real-World Authentication Protocols (or Why Phishing is so Profitable). Thirteenth International Workshop on Security Protocols, Cambridge, UK, April 20–22 2005.
Richard Clayton: Who'd phish from the summit of Kilimanjaro? Financial Cryptography and Data Security: 9th International Conference FC 2005, Roseau, The Commonwealth of Dominica, February 28–March 3 2005, volume 3570 of LNCS, pages 91–92, Springer Verlag.
Andy Ozment: The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting. Fourth Workshop on the Economics of Information Security, Cambridge, MA, USA, 2-5 June 2005.
Andy Ozment: Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models. Proceedings of the First Workshop on Quality of Protection, Milan, Italy, 15 September 2005.
Tyler Moore: Countering Hidden-Action Attacks on Networked Systems. Proceedings of the Fourth Workshop on the Economics of Information Security, Cambridge, Massachusetts, June 2005.
Sergei Skorobogatov: Data Remanence in Flash Memory Devices. Cryptographic Hardware and Embedded Systems Workshop (CHES 2005), LNCS 3659, Springer-Verlag, ISBN 3-540-28474-5, pp 339-353.
Ford-Long Wong, Frank Stajano, Jolyon Clulow: Repairing the Bluetooth pairing protocol. Proceedings of 13th International Workshop on Security Protocols, Cambridge, UK, 20-22 April 2005, Springer-Verlag.
Ford-Long Wong, Frank Stajano: Multi-channel Protocols. Proceedings of 13th International Workshop on Security Protocols, Cambridge, UK, 20-22 April 2005, Springer-Verlag.
Ford-Long Wong, Frank Stajano: Location Privacy in Bluetooth. Proceedings of 2nd European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, 13-14 July 2005, LNCS 3813, pp. 176-188, Springer-Verlag
George Danezis, Chris Lesniewski-Laas, M. Frans Kaashoek, Ross Anderson: Sybil-Resistant DHT Routing. ESORICS 2005, LNCS 3679, Springer, pp 305-318
Paul Youn, Ben Adida, Mike Bond, Jolyon Clulow, Jonathan Herzog, Amerson Lin, Ronald L. Rivest, Ross Anderson: Robbing the bank with a theorem prover, Computer Laboratory Technical Report UCAM-CL-TR-644, August 2005
Pablo Vidales, Glenford Mapp, Frank Stajano, Jon Crowcroft, Carlos Jesus Bernardos: A Practical Approach for 4G Systems: Deployment of Overlay Networks. In Proceedings of Testbeds and Research Infrastructures for the DEvelopment of NeTworks and COMmunities / TRIDENTCOM 2005. (Best paper award)
Shishir Nagaraja, Ross Anderson: The Topology of Covert Conflict. Computer Laboratory Technical Report no. 637 (July 2005); also at Workshop on Economics of Information Security (June 2006)
Ross Anderson: System Security for Cyborgs. Second International Workshop on Body Sensor Networks, April 12-13 2005, pp 36-39
Ross Anderson: Open and Closed Systems are Equivalent (that is, in an ideal world), Perspectives on Free and Open Source Software, MIT Press 2005, pp 127-142
George Danezis, Stephen Lewis, Ross Anderson: How Much is Location Privacy Worth?, Workshop on Economics of Information Security 2005
Ross Anderson: The Initial Costs and Maintenance Costs of Protocols, at Security Protocols 05

2004

Markus G. Kuhn: An Asymmetric Security Mechanism for Navigation Signals, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 239-252, Springer-Verlag
Frank Stajano: Security for Ubiquitous Computing (abstract of invited talk). Proc. 7th International Conference on Information Security and Cryptology (ICISC 2004), Seoul, Korea, Dec 2004. Springer LNCS 3506
Steven J. Murdoch, Piotr Zieliński: Covert Channels for Collusion in Online Computer Games, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 355-369, Springer-Verlag
Markus G. Kuhn: Electromagnetic Eavesdropping Risks of Flat-Panel Displays, 4th Workshop on Privacy Enhancing Technologies, 26-28 May 2004, Toronto, Canada
Andy Ozment: Bug Auctions: Vulnerability Markets Reconsidered, Third Annual Workshop on Economics and Information Security, 13-14 May 2004, Minneapolis, MN, USA
Rupert Gatti, Stephen Lewis, Andy Ozment, Thierry Rayna, Andrei Serjantov: Sufficiently Secure Peer-to-Peer Networks, Third Annual Workshop on Economics and Information Security, 13-14 May 2004, Minneapolis, MN, USA
George Danezis, Ben Laurie: Minx: A Simple and Efficient Anonymous Packet Format, WPES 2004, Washington DC, October 2004
Poul-Henning Kamp, Robert N. M. Watson: Building Systems to be Shared, Securely. ACM Queue, July/August 2004
Rainer Bohme, George Danezis, Claudia Diaz, Stefan Kopsell, Andreas Pfitzmann: Mix Cascades vs. Peer-to-Peer: Is One Concept Superior?, 4th Workshop on Privacy Enhancing Technologies, 26-28 May 2004, Toronto, Canada
George Danezis: The Traffic Analysis of Continuous-Time Mixes 4th Workshop on Privacy Enhancing Technologies, 26-28 May 2004, Toronto, Canada
George Danezis, Ross Anderson: The Economics of Censorship Resistance, Workshop on Economics and Information Security, May 13-14, 2004, University of Minnesota
George Danezis, Andrei Serjantov: Statistical Disclosure or Intersection Attacks on Anonymity Systems, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 293-308, Springer-Verlag
Andrei Serjantov: On the anonymity of anonymity systems, Technical Report UCAM-CL-TR-604, University of Cambridge, Computer Laboratory, October 2004
Frank Stajano: Will Your Digital Butlers Betray You? Proc. ACM Workshop on Privacy in the Electronic Society (WPES), October 2004, Washington, DC, USA
George Danezis: Designing and attacking anonymous communication systems, Technical Report UCAM-CL-TR-594, University of Cambridge, Computer Laboratory, July 2004
Piotr Zieliński: Paxos at war, Technical Report UCAM-CL-TR-593, University of Cambridge, Computer Laboratory, June 2004
Mike Bond, Daniel Cvrček, Steven J. Murdoch: Unwrapping the Chrysalis, Technical Report UCAM-CL-TR-592, University of Cambridge, Computer Laboratory, June 2004
Piotr Zieliński: Latency-optimal Uniform Atomic Broadcast algorithm, Technical Report UCAM-CL-TR-582, University of Cambridge, Computer Laboratory, February 2004
Richard Clayton: Stopping Spam by Extrusion Detection, First Conference on Email and Anti-Spam (CEAS 2004), Mountain View CA, USA, July 30-31, 2004
Ben Laurie and Richard Clayton: Proof-of-Work Proves Not to Work. Third Annual Workshop on Economics and Information Security, WEIS04, Minneapolis MN, May 13-14, 2004
Frank Stajano: One user, many hats; and, sometimes, no hat -- towards a secure yet usable PDA. Proc. 12th International Security Protocols Workshop, April 2004, Cambridge, UK, LNCS 3957, pp 51-64
Ross Anderson: The Dancing Bear – A New Way of Composing Ciphers, Cambridge Protocols Workshop, Cambridge, UK, 26-28 April 2004
George Danezis, Ross Anderson: The Economics of Censorship Resistance, Workshop on Economics of Information Security, Minneapolis, Mn., 13-14 May 2004
Alastair Beresford, Frank Stajano: Mix Zones: User Privacy in Location-aware Services. Proc. First IEEE International Workshop on Pervasive Computing and Communication Security (PerSec 2004), a workshop in PerCom 2004
Andrei Serjantov, Ross Anderson: On Dealing with Adversaries Fairly, Workshop on Economics of Information Security, Minneapolis, Mn., 13-14 May 2004
Ross Anderson, Haowen Chan, Adrian Perrig: Key Infection – Smart trust for Smart Dust, ICNP, Berlin, Germany, 5-8 October 2004
Markus G. Kuhn, Steven J. Murdoch, Piotr Zieliński: Compounds: a next-generation hierarchical data model. Poster, Microsoft Research Academic Days, Dublin, 13-16 April 2004

2003

Markus G. Kuhn: Compromising emanations: eavesdropping risks of computer displays, Technical Report UCAM-CL-TR-577, University of Cambridge, Computer Laboratory, December 2003
Frank Stajano, Jon Crowcroft: The Butt of the Iceberg: Hidden Security Problems of Ubiquitous Systems. Book chapter in Basten et al., eds., Ambient Intelligence: Impact on Embedded System Design, Kluwer, 2003
George Danezis, Len Sassaman: Heartbeat Traffic to Counter (n-1) Attacks, WPES'03
George Danezis: The Statistical Disclosure Attack. Sec2003
Frank Stajano: The Security Challenges of Ubiquitous Computing (Abstract of invited talk.) Proc. CHES 2003, LNCS 2779, Springer
George Danezis, Roger Dingledine, Nick Mathewson: Mixminion: Design of a Type III Anonymous Remailer. IEEE Symposium on Security & Privacy, 2003
George Danezis: Mix-networks with Restricted Routes, 3rd Workshop on Privacy Enhancing Technologies, 2003
Frank Stajano: Security in Pervasive Computing (Abstract of invited talk.) Proc. Security in Pervasive Computing 2003, Boppard, Germany, March 2003, Springer LNCS 2802
Richard Clayton Improving Onion Notation. In Roger Dingledine, editor, Privacy Enhancing Technologies, Third International Workshop, PET 2003, Dresden, Germany, March 26-28, 2003, LNCS 2706, pp 81-87, Springer Verlag.
Simon Moore, Ross Anderson, Robert Mullins, George Taylor, Jacques Fournier: Balanced Self-Checking Asynchronous Logic for Smart Card Applications, Microprocessors and Microsystems Journal v 27 no 9, Oct 2003, pp 421-430
David Scott, Alastair Beresford and Alan Mycroft: Spatial Security Policies for Mobile Agents in a Sentient Computing Environment. In Proceedings of Fundamental Approaches to Software Engineering (FASE), LNCS 2621:102-117, 2003. Springer
David Scott, Alastair Beresford and Alan Mycroft: Spatial Policies for Sentient Mobile Applications. In Proceedings of the IEEE Fourth International Workshop on Policies for Distributed Systems and Networks (IEEE Policy), pp 147-157, 2003. IEEE Press
Ross Anderson, Mike Bond: Protocol Analysis, Composability and Computation, Computer Systems: Theory, Technology and Applications, Springer 2003
Alastair Beresford, Frank Stajano: Location Privacy in Pervasive Computing. IEEE Pervasive Computing, 2(1):46-55, 2003
Ross Anderson: Cryptography and Competition Policy – Issues with ‘Trusted Computing’, Workshop on Economics and Information Security 2003; also given as the Caroline and Edward Wenk Jr. Lecture in Technology and Public Policy, Johns Hopkins University, 2003
Ross Anderson: ‘Trusted Computing’ and Competition Policy – Issues for Computing Professionals, Upgrade v 4 no 3, June 2003, pp 35-41

2002

Ellis Weinberger, Richard Clayton and Ross Anderson: A Security Policy for a Digital Repository. National Preservation Office Journal, 11, October 2002, pp 12-13
Markus G. Kuhn: Optical Time-Domain Eavesdropping Risks of CRT Displays, Proceedings 2002 IEEE Symposium on Security and Privacy, Berkeley, California, 12-15 May 2002, IEEE Computer Society, pp. 3-18, ISBN 0-7695-1543-6.
Frank Stajano: Security for whom? The shifting security assumptions of pervasive computing. Proc. International Security Symposium 2002, Tokyo, Japan, LNCS 2609, Springer-Verlag
George Danezis: Forward Secure Mixes. NORDSEC 2002.
Andrei Serjantov, George Danezis: Towards an Information Theoretic Metric for Anonymity. Privacy Enhancing Technologies 2002
Kasim Rehman, Frank Stajano, George Coulouris: Interfacing with the Invisible Computer. Proceedings of NordiCHI 2002, Aarhus, Denmark, October 2002
Richard Clayton and George Danezis: Chaffinch: Confidentiality in the Face of Legal Threats, in Fabien A. P. Petitcolas, editor, Information Hiding Workshop (IH 2002), Noordwijkerhout, The Netherlands, October 2002, LNCS 2578, pp 70-86, Springer
Richard Clayton and Mike Bond: Experience Using a Low-Cost FPGA Design to Crack DES Keys, in Burton S. Kaliski Jr., Cetin K. Koc, Christof Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2002, Redwood Shores CA, USA, August 13-15, 2002, LNCS 2523, pp 579-592, Springer
Richard Clayton: Workshop Report for IPTPS'02: 1st International Workshop on Peer-to-Peer Systems, in Peter Druschel, Frans Kaashoek, Antony Rowstron, editors, Peer-to-Peer Systems, IPTPS 2002, Cambridge MA, USA, March 2002, LNCS 2429, pp 1-21, Springer
Frank Stajano, Ross Anderson: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, IEEE Computer Security and Privacy 2002 – supplement to v 35 no 4 (April 2002) pp 22-26
Simon Moore, Ross Anderson, Paul Cunningham, Robert Mullins, George Taylor: Improving Smart Card Security using Self-timed Circuits, Eighth International Symposium on Advanced Research in Asynchronous Circuits and Systems, 2002
Ross Anderson: Two Remarks on Public-Key Cryptology, Computer Laboratory technical Report no 549
Ross Anderson: Unsettling Parallels Between Security and the Environment, Workshop on Economics and Information Security 2002
Sergei Skorobogatov, Ross Anderson: Optical Fault Induction Attacks, Cryptographic Hardware and Embedded Systems 2002, Springer LNCS vol 2523, pp 2-12
Ross Anderson: Security in Open Versus Closed Systems – the Dance of Boltzmann, Coase and Moore, Open Source Software Economics 2002
Pablo Vidales, Frank Stajano: The Sentient Car: Context-Aware Automotive Telematics. Proc. First IEE European Workshop on Location Based Services (LBS-2002), London, UK. Also appeared as a poster at Ubicomp 2002
Ross Anderson: TCPA / Palladium Frequently Asked Questions, Computer Security Journal, vol 18, no 3-4, Summer/Fall 2002, pp 63-70
David Samyde, Sergei Skorobogatov, Ross Anderson, Jean-Jacques Quisquater: On a New Way to Read Data from Memory. First IEEE Security in Storage Workshop (SISW02)
Frank Stajano, Ross Anderson: The Resurrecting Duckling: Security Issues for Ubiquitous Computing. IEEE Security & Privacy inaugural issue, published as a supplement to IEEE Computer magazine 35(4), April 2002.
Frank Stajano: Security for Ubiquitous Computing. Wiley, 2002. ISBN 0-470-84493-0
Frank Stajano, Hiroshi Isozaki: Security Issues for Internet Appliances. Proc. IEEE/IPSJ International Symposium on Applications and the Internet (SAINT 2002), Nara, Japan
Richard Clayton, Ellis Weinberger, Ross Anderson: Security in a digital repository, National Preservation Office Journal, issue 11, October 2002, pp 12-13
Andreas Pfitzmann, Hannes Federrath, Markus Kuhn: Anforderungen an die gesetzliche Regulierung zum Schutz digitaler Inhalte unter Berücksichtigung der Effektivität technischer Schutzmechanismen (Technischer Teil). A study commissioned by Deutscher Multimedia Verband (dmmv) e.V. and Verband Privater Rundfunk & Telekommunikation (VPRT) e.V., March 2002
Sergei Skorobogatov: Low temperature data remanence in static RAM. Technical Report UCAM-CL-TR-536, University of Cambridge, Computer Laboratory, June 2002.
Tatsuo Nakajima, Hiro Ishikawa, Eiji Tokunaga, Frank Stajano: Technology Challenges for Building Internet-Scale Ubiquitous Computing. Proceedings of Workshop on Object-Oriented Real-Time Dependable Systems, WORDS 2002, 171-179

2001

Richard Clayton, George Danezis, Markus G. Kuhn: Real World Patterns of Failure in Anonymity Systems, in Ira S. Moskowitz (ed.): Information Hiding, 4th International Workshop, IHW 2001, Pittsburgh, USA, April 25-17, 2001, Proceedings, LNCS 2137, Springer-Verlag, pp. 230-245, ISBN 3-540-42733-3.
Ross Anderson: Security Engineering – A Guide to Building Dependable Distributed Systems, Wiley (March 2001), ISBN 0-471-38922-6
Ross Anderson, Frank Stajano, Jong-Hyeon Lee: Security Policies. Book chapter in Advances in Computers, vol 55, Academic Press, 2001
Ross Anderson: Undermining data privacy in health information, British Medical Journal v 322 (24 February 2001) pp 442-443
Mike Bond, Ross Anderson: API-Level Attacks on Embedded Systems, IEEE Computer v 34 no 10 (October 2001) pp 67-75
Ross Anderson: Why Information Security is Hard – An Economic Perspective, Proceedings of the Seventeenth Computer Security Applications Conference, IEEE Computer Society Press (2001), ISBN 0-7695-1405-7, pp 358-365; also given as a distinguished lecture at the Symposium on Operating Systems Principles, Banff, October 2001

2000

Markus G. Kuhn: Probabilistic Counting of Large Digital Signature Collections, Proceedings of the 9th USENIX Security Symposium, Denver, Colorado, USA, August 14-17, 2000, USENIX Association, pp. 73-83, ISBN 1-880446-18-9.
George Danezis: An Anonymous Auction Protocol Using "Money Escrow" (Transcript of Discussion). Security Protocols Workshop 2000, LNCS 2133, 2000, pp 223-233
Frank Stajano: The Resurrecting Duckling -- What Next?. Proc. 8th International Workshop on Security protocols (SPW2000), LNCS 2133, Springer-Verlag, 2000
Jianxin Yan, Alan Blackwell, Ross Anderson, Alan Grant: The Memorability and Security of Passwords – Some Empirical Results, Computer Laboratory technical Report no 500
Ross Anderson, Eli Biham, Lars Knudsen: The Case for Serpent, 3rd AES Candidate Conference, 13-14 April 2000, New York
Ross Anderson: The Correctness of Crypto Transaction Sets, Cambridge Protocols Workshop, 2000
Frank Stajano, Ross Anderson: The Grenade Timer: Fortifying the Watchdog Timer Against Malicious Mobile Code. 7th International Workshop on Multimedia Mobile Communications (MoMoC), Tokyo, October 2000
Jong-Hyeon Lee, Ross Anderson: Jikzi: A New Framework for Security Policy, Trusted Publishing and Electronic Commerce, Computer Communications, vol 23, no 17, 1/11/2000, pp 1621-1626
Frank Stajano: Il falsario contro il crittologo: sicurezza per la lotteria informatizzata ("The Forger vs. the Cryptologist: Security Issues for the Computerised Lottery", in Italian.). Proc. of 40th conference of the Italian Statistical Society, Florence, Italy, April 2000
Ross Anderson: Digital Signature, reference section in Encyclopaedia of Computer Science, Fourth Edition, Nature Publishing Group (2000) ISBN 1-561-59248-X, pp 581-583
Jianxin Yan, Stephen Early, Ross Anderson: The XenoService – A Distributed Defeat for Distributed Denial of Service, Information Survivability Workshop, Oct 2000, Boston
Frank Stajano: Python in Education: Raising a Generation of Native Speakers. Proc. 8th International Python Conference, Washington DC, 24-27 January 2000
Simon Moore, Markus Kuhn, Ross Anderson: Improving Smartcard Security using Self-timed Circuit Technology. Fourth ACiD-WG Workshop, Grenoble, ISBN 2-913329-44-6, 2000

1999

Fabien A.P. Petitcolas, Ross J. Anderson, Markus G. Kuhn: Information Hiding—A Survey, Proceedings of the IEEE, Vol. 87, No. 7, July 1999, pp. 1062-1078, ISSN 0018-9219.
Frank Stajano, Ross Anderson: The Cocaine Auction Protocol: on the Power of Anonymous Broadcast. Proc. 3rd International Workshop on Information Hiding (IH99), Lecture Notes in Computer Science 1768, Springer-Verlag, 1999
Frank Stajano, Ross Anderson: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. Proc. 7th International Workshop on Security protocols, LNCS 1796, Springer-Verlag, 1999
Oliver Kömmerling, Markus G. Kuhn: Design Principles for Tamper-Resistant Smartcard Processors, Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard ’99), Chicago, Illinois, USA, May 10-11, 1999, USENIX Association, pp. 9-20, ISBN 1-880446-34-0.
Andrew D. McDonald, Markus G. Kuhn: StegFS: A Steganographic File System for Linux, in Andreas Pfitzmann (Ed.): Information Hiding, Third International Workshop, IH’99, Dresden, Germany, Sep. 29-Oct. 1, 1999, Proceedings, LNCS 1768, Springer-Verlag, pp. 463-477, ISBN 3-540-67182-X.

1998

Markus G. Kuhn: Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP. IEEE Transactions on Computers, Vol. 47, No. 10, October 1998, pp. 1153-1157, ISSN 0018-9340.
Frank Stajano, Alan Jones: The Thinnest Of Clients: Controlling It All Via Cellphone. ACM Mobile Computing and Communications Review, vol 2 no 4, October 1998
Frank Stajano: VCK: the Visual Cryptography Kit. (Poster abstract.) Proc. 7th International Python Conference, 1998, Houston, Texas, USA, 10-13 November 1998
Frank Stajano: Nothing better than a Python to write a Serpent. (Poster abstract.) Proc. 7th International Python Conference, 1998, Houston, Texas, USA, 10-13 November 1998
Frank Stajano: Implementing the SMS server, or why I switched from Tcl to Python. Proc. 7th International Python Conference, Houston, Texas, USA, 10-13 November 1998
Markus G. Kuhn, Ross J. Anderson: Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations, in David Aucsmith (Ed.): Information Hiding, Second International Workshop, IH’98, Portland, Oregon, USA, April 15-17, 1998, Proceedings, LNCS 1525, Springer-Verlag, pp. 124-142, ISBN 3-540-65386-4.
Fabien A.P. Petitcolas, Ross J. Anderson, Markus G. Kuhn: Attacks on copyright marking systems, in David Aucsmith (Ed.): Information Hiding, Second International Workshop, IH’98, Portland, Oregon, USA, April 15-17, 1998, Proceedings, LNCS 1525, Springer-Verlag, pp. 219-239, ISBN 3-540-65386-4.

1997

Ross J. Anderson, Markus G. Kuhn: Low Cost Attacks on Tamper Resistant Devices, in M. Lomas et al. (ed.): Security Protocols, 5th International Workshop, Paris, France, April 7-9, 1997, Proceedings, LNCS 1361, Springer-Verlag, pp. 125-136, ISBN 3-540-64040-1.

1996

Ross J. Anderson, Markus G. Kuhn: Tamper Resistance — a Cautionary Note, The Second USENIX Workshop on Electronic Commerce Proceedings, Oakland, California, November 18-21, 1996, pp. 1-11, ISBN 1-880446-83-9.

[Older publications will be added in due course.]

Department of Computer Science and Technology

Publications

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996