Security Group

Publications

More recent publications will be added very shortly ...

2013

• Robert N. M. Watson: A decade of OS access-control extensibility. Communications of the ACM 56(2), February 2013
• Robert N. M. Watson: A decade of OS access-control extensibility. ACM Queue 11(1), January 2013

2012

• Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov, Ross Anderson: Chip and Skim: cloning EMV cards with the pre-play attack. arXiv 0547955, Sep 2012
• Sergei Skorobogatov, Christopher Woods: Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic Hardware and Embedded Systems Workshop (CHES-2012), September 2012, LNCS 7428, Springer, ISBN 978-3-642-33026-1, pp 23-40
• Khilan Gudka, Robert N. M. Watson, Steven Hand, Ben Laurie, Anil Madhavapeddy: Exploring compartmentalisation hypotheses with SOAAP. Workshop presentation, Adaptive Host and Network Security (AHANS 2012), September, 2012
• Ross Anderson: Consultation response on ICO Draft Anonymisation Code of Practice. Foundation for Information Policy Research, August 2012
• Rubin Xu, Hassen Saidi, Ross Anderson: Aurasium: Practical Policy Enforcement for Android Applications. 21st Usenix Security Symposium, August, 2012
• Ross Anderson, Chris Barton, Rainer Boehme, Richard Clayton, Michel van Eeten, Michael Levi, Tyler Moore, Stefan Savage: Measuring the Cost of Cybercrime. Workshop on the Economics of Information Security 2012, June 2012
• Steven Murdoch, Mike Bond: How Certification Systems Fail: Lessons from the Ware Report. IEEE Security and Privacy, June 2012
• Hyoungshick Kim, Wei Ming Khoo, Pietro Lio: Polymorphic attacks against sequence-based software birthmarks. 2nd Software Security and Protection Workshop (SSP'12), June 2012
• Sergei Skorobogatov, Christopher Woods: In the blink of an eye: There goes your AES key. IACR Cryptology ePrint Archive, Report 2012/296, May 2012
• Robert N. M. Watson: New approaches to operating system security extensibility. Technical report UCAM-CL-TR-818, University of Cambridge, Computer Laboratory, April, 2012
• Jonathan Anderson, Robert N. M. Watson: Stayin' Alive: Aliveness as an alternative to authentication. Twentieth International Workshop on Security Protocols (SPW), April 2012
• Ross Anderson: Risk and privacy implications of consumer payment innovation. Consumer Payment Innovation in the Connected Age, Kansas City Fed, March 2012
• Hyoungshick Kim, Ross Anderson: An Experimental Evaluation of Robustness of Networks. IEEE Systems Journal - Special Issue on Security and Privacy in Complex Systems, March 2012
• Hyoungshick Kim, Ross Anderson: Social Authentication - harder than it looks. Financial Cryptography 2012 Springer LNCS, vol 7398, pp 1-15, March 2012
• Joe Bonneau, Soeren Preibusch, Ross Anderson: A birthday present every eleven wallets? The security of customer-chosen banking PINs. Financial Cryptography 2012 Springer LNCS, vol 7398 pp 25-40, March 2012
• Ross Anderson: Ethics Committees and IRBs: Boon, or Bane, or More Research Needed?. Financial Cryptography 2012, Springer LNCS, vol 7398, pp 133-135, March 2012
• Steven Smith, Anil Madhavapeddy, Christopher Smowton, Malte Schwarzkopf, Richard Mortier, Robert N.M. Watson, Steven Hand: The Case for Reconfigurable I/O Channels. Workshop paper, Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012), March, 2012
• Hyoungshick Kim, Ross Anderson: Temporal node centrality in complex networks. Phys Rev E v 85 026107 (2012)
• Hyoungshick Kim, John Tang, Cecilia Mascolo, Ross Anderson: Centrality prediction in dynamic human contact networks. Computer Networks v 56, Special issue on Complex Dynamic Networks: Tools and Methods (2012), pp 983-996
• Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway: A taste of Capsicum: practical capabilities for UNIX. In Communications of the ACM 55(3), pp. 97-104, 2012
• Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Philip Paeps, Michael Roe, Hassen Saidi: CHERI: a research platform deconflating hardware virtualization and protection. Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE), 2012.
• Joseph Bonneau, Sören Preibusch, Ross Anderson: Human selection and management of PINs. FC '12: Proceedings of the the Sixteenth International Conference on Financial Cryptography, 2012

2011

• Jonathan Anderson, Frank Stajano, Robert N. M. Watson: How to keep bad papers out of conferences (with minimum reviewer effort). Proceedings of the Nineteenth International Workshop on Security Protocols, 2011
• Hyoungshick Kim, Jaehoon Jeong: RAD: Recipient-Anonymous Data Delivery based on Public Routing Proxies. Computer Networks, 2011
• Sergei Skorobogatov: Physical Attacks and Tamper Resistance. Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
• Ross Anderson: Can We Fix the Security Economics of Federated Authentication? Security Protocols Workshop 2011
• Ross Anderson, Tyler Moore: Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research. Harvard University Computer Science Group technical report TR-03-11, 2011
• Steven J. Murdoch: Wall 2.0. The European, 13 August 2011
• Chris Hall, Ross Anderson, Richard Clayton, Evangelos Ouzounis, Panagiotis Trimintzios: Resilience of the Internet Interconnection Ecosystem. Tenth Annual Workshop on Economics and Information Security (WEIS11), Fairfax VA, US, June 4-15 2011
• Panagiotis Trimintzios, Chris Hall, Richard Clayton, Ross Anderson, Evangelos Ouzounis: Resilience of the Internet Interconnection Ecosystem. European Network and Information Security Agency, April 2011
• Sergei Skorobogatov: Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Ed: Cetin K. Koc, Vol. 1, Issue 1, Springer, April 2011, pp 71-77
• Tyler Moore, Richard Clayton: Ethical Dilemmas in Take-down Research. Second Workshop on Ethics in Computer Security Research (WECSR 2011), St Lucia, 4 March 2011
• Omar Choudary, Frank Stajano: Make noise and whisper: a solution to relay attacks. International Workshop on Security Protocols, March 2011, Cambridge UK. Springer, LNCS, vol. 7114
• Ross Anderson, Mike Bond, Omar Choudary, Steven Murdoch, Frank Stajano: Might Financial Cryptography Kill Financial Innovation? - The Curious Case of EMV. Financial Cryptography and Data Security 2011, St. Lucia, 28 February-04 March 2011. Springer, LNCS vol. 7035
• Tyler Moore, Richard Clayton: The Impact of Public Information on Phishing Attack and Defense. Communications & Strategies, 81, 2011, pp 45-68
• Richard Clayton: Might governments clean up malware? Communications & Strategies, 81, 2011, pp 87-104
• Ji Won Yoon, Hyoungshick Kim: A Perfect Collision-free Pseudonym System. IEEE Communications Letters, 2011
• Hyoungshick Kim, Jun Ho Huh: Detecting DNS Poisoning Based Phishing Attacks from their Network Performance Characteristics. ET Electronics Letters, 2011
• Wei Ming Khoo, Pietro Lio: Unity in diversity: Phylogenetic-inspired techniques for reverse engineering and detection of malware families. 1st SysSec Workshop, 2011
• Sören Preibusch, Joseph Bonneau: The privacy landscape: product differentiation on data collection. WEIS'11: Proceedings of the Tenth Workshop on the Economics of Information Security, 2011

2010

• Peter G. Neumann, Robert N. M. Watson: Capabilities Revisied: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems. In proceedings of the Fourth Annual Layered Assurance Workshop, Austin, Texas, December 2010
• Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway: Introducing Capsicum: practical capabilities for UNIX. In USENIX Magazine, December 2010, Vol. 35, Number 6
• Ross Anderson, Frank Stajano: It's the Anthropology, Stupid!. Security Protocols Workshop 2010
• Ross Anderson, Shailendra Fuloria: On the security economics of electricity metering. Workshop on the Economics of Information Security (WEIS 10)
• Ross Anderson, Shailendra Fuloria, Kevin McGrath, Kai Hansen, Fernando Alvarez: Key Management for Substations: Symmetric Keys, Public Keys or No Keys? IEEE PSCE
• Laurel D. Riek, Robert N. M. Watson: The Age of Avatar Realism: When seeing shouldn't be believing. IEEE Robotics and Automation (2010). Vol. 17, Issue 4, pp 37-42
• Ross Anderson, Shailendra Fuloria: Who controls the off switch? IEEE SmartGridComm (NIST, October 2010)
• Sergei Skorobogatov: Flash Memory 'Bumping' Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), August 2010, LNCS 6225, Springer-Verlag, ISBN 3-642-15030-6, pp 158-172
• Sergei Skorobogatov: Optical Fault Masking Attacks. 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010), August 2010, Santa Barbara, USA. IEEE-CS Press, ISBN 978-0-7695-4169-3, pp 23-29.
• Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway: Capsicum: practical capabilities for UNIX. In Proceedings of the 19th USENIX Security Symposium (August 2010)
• Claudia Diaz, Steven J. Murdoch, Carmela Troncoso: Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks. 10th Privacy Enhancing Technologies Symposium (PETS 2010), Berlin, Germany, 21-23 July 2010
• Richard Clayton: On the difficulty of counting spam sources. Seventh Conference on Email and Anti-Spam (CEAS 2010), Redmond WA, USA, July 13-14 2010
• Richard Clayton: Might governments clean up malware? Ninth Annual Workshop on Economics and Information Security (WEIS10), Cambridge MA, US, June 7-8 2010
• Joseph Bonneau, Sören Preibusch: The password thicket: technical and market failures in human authentication on the web. WEIS 2010: The Ninth Workshop on the Economics of Information Security, Boston, MA, USA, June 7 2010
• Ji Won Yoon, Hyoungshick Kim, Jun Ho Huh: Hybrid Spam Filtering for Mobile Communication. Computers & Security, Vol. 29, No. 4, pp 446-459, June 2010
• Steven Murdoch, Saar Drimer, Ross Anderson, Mike Bond: Chip and Pin is Broken. 2010 IEEE Symposium on Security and Privacy, Oakland, CA, US, 16-19 May 2010, pp 433-444
• Hyoungshick Kim, Jun Ho Huh, Ross Anderson: On the Security of Internet Banking in South Korea. Technical Report RR-10-01, University of Oxford Computing Laboratory, February 2010
• Karsten Loesing, Steven J. Murdoch, Roger Dingledine: A Case Study on Measuring Statistical Data in the Tor Anonymity Network. Workshop on Ethics in Computer Security Research, Tenerife, Canary Islands, 28 January 2010
• Steven Murdoch, Ross Anderson: Verified by VISA and MasterCard SecureCode: or, How Not to Design Authentication. Financial Cryptography and Data Security, Tenerife, Canary Islands, 25-28 January 2010
• Joseph Bonneau, Mike Just, Greg Matthews: What's in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions. FC'10: The Fourteenth International Conference on Financial Cryptography and Data Security, Tenerife, Spain, Jan 25 2010
• Tyler Moore and Richard Clayton: How hard can it be to measure phishing? Mapping and Measuring Cybercrime, Oxford, UK, 22 January 2010
• Jonathan Anderson, Joseph Bonneau and Frank Stajano: Inglourious Installers: Security in the Application Marketplace. Ninth Workshop on the Economics of Information Security (WEIS), 2010
• Jonathan Anderson and Frank Stajano: On Storing Public Keys in the Cloud. Eighteenth International Workshop on Security Protocols, 2010
• Andrew B. Lewis, Markus G. Kuhn: Exact JPEG recompression. IS&T/SPIE Electronic Imaging, 17–21 January 2010, San Jose, California, USA.
• Steven J. Murdoch: Destructive Activism: The Double-Edged Sword of Digital Tactics. In Digital Activism Decoded: The New Mechanics of Change, Mary Joyce, ed., (New York: iDebate Press), 2010

2009

• Saar Drimer, Steven Murdoch, Ross Anderson: Failures of Tamper-Proofing in PIN Entry Devices. IEEE Security and Privacy, Volume 7, Number 6 (Nov-Dec 09), pp 39-45
• Hyoungshick Kim, Joseph Bonneau: Privacy-Enhanced Public View for Social Graphs. The Second ACM Workshop on Social Web Search and mining (SWSM 2009), Hong Kong, China, November 2009, ACM.
• Andrew B. Lewis, Markus G. Kuhn: Towards copy-evident JPEG images. Digitale Multimedia-Forensik, 39. Jahrestagung der Gesellschaft für Informatik 2009, Lübeck, Germany, GI-Edition: Lecture Notes in Informatics, Volume P154, pp 171;1582–91.
• Saar Drimer, Markus G. Kuhn: A Protocol for Secure Remote Updates of FPGA Configurations. In J. Becker et al. (Eds.): ARC 2009, LNCS 5453, pp 50–61, 2009.
• Sergei Skorobogatov: Using Optical Emission Analysis for Estimating Contribution to Power Analysis. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), 06 September 2009, Lausanne, Switzerland. IEEE-CS Press, ISBN 978-0-7695-3824-2, pp.111-119.
• Ross Anderson, Shailendra Fuloria: Certification and Evaluation: A Security Economics Perspective. IEEE Emerging Technologies and Factory Automation (Sep 2009)
• Hyoungshick Kim: A Spatial Cloaking Framework based on Range Search for Nearest Neighbor Search. The Fourth Workshop on Data Privacy Management (DPM 09), St-Malo, France, September 2009. LNCS, Springer-Verlag.
• Sergei Skorobogatov: Local Heating Attacks on Flash Memory Devices. 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009), 27 July 2009, San Francisco, CA, USA. IEEE Xplore, ISBN 978-1-4244-4804-3.
• Richard Clayton: How much did shutting down McColo help? Sixth Conference on Email and Anti-Spam (CEAS 2009), Mountain View CA, USA, 16-17 July 2009
• Richard Clayton: Internet Multi-Homing Problems: Explanations from Economics. Eighth Annual Workshop on Economics and Information Security (WEIS09), London, UK, 24-25 June 2009
• Joseph Bonneau, Sören Preibusch: The Privacy Jungle: On the Market for Privacy in Social Networks. WEIS 2009: The Eighth Workshop on the Economics of Information Security, London, UK, 24 June 2009
• R.G. Clegg, M.S. Withall, A.W. Moore, I.W. Phillips, D.J. Parish, M. Rio, R. Landa, H. Haddadi, K. Kyriakopoulos, J. Auge, R. Clayton and D.Salmon: Challenges in the capture and dissemination of measurements from high-speed networks. IET Communications, 3(6), June 2009, pp 957-966
• Ji Won Yoon, Hyoungshick Kim: A New Collision-free Pseudonym Scheme in Mobile Ad Hoc Networks. The Fifth Workshop on Resource Allocation, Cooperation and Competition in Wireless Networks (RAWNET/WNC3 09), Seoul, Korea, June 2009, IEEE Press.
• Tyler Moore, Richard Clayton and Henry Stern: Temporal Correlations between Spam and Phishing Websites. 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET09). Boston, MA, USA, 21 April 2009
• Ross Anderson, Ian Brown, Terri Dowty, Philip Inglesant, William Heath, Angela Sasse : Database State. Joseph Rowntree Reform Trust, March 2009
• Shishir Nagaraja, Ross Anderson: The snooping dragon: social-malware surveillance of the Tibetan movement. University of Cambridge technical report UCAM-CL-TR-746, March 2009
• Tyler Moore and Richard Clayton: Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing. In: Roger Dingledine and Philippe Golle, editors, 13th International Financial Cryptography and Data Security Conference (FC09), Barbados, February 23-26, 2009, LNCS 5628, Springer-Verlag, pp 256-272
• Ross Anderson: Cambridge University - the Unauthorised History. January 2009
• Joseph Bonneau, Jonathan Anderson and George Danezis: Prying Data Out of a Social Network. Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining, 2009
• Jonathan Anderson and Frank Stajano: Not That Kind of Friend: Misleading Divergences Between Online Social Networks and Real-World Social Protocols. In Proceedings of the Seventeenth International Workshop on Security Protocols, 2009
• Jonathan Anderson, Claudia Diaz, Joseph Bonneau and Frank Stajano: Privacy-Enabling Social Networking Over Untrusted Networks. In proceedings of the Second ACM SIGCOMM Workshop on Social Network Systems, 2009
• Tyler Moore, Richard Clayton, Ross Anderson: The Economics of Online Crime. Journal of Economic Perspectives v 23 no 3 (2009) pp 3-20
• Ross Anderson, Tyler Moore: Information security: where computer science, economics and psychology meet. Philosophical Transactions of the Royal Society v 367 no 1898 pp 2717-2727
• Ross Anderson, Shailendra Fuloria: Security Economics and Critical National Infrastructure. WEIS 2009
• Joseph Bonneau, Jonathan Anderson, Frank Stajano, Ross Anderson: Eight Friends Are Enough: Social Graph Approximation via Public Listings. SNS 09
• Saar Drimer, Steven Murdoch, Ross Anderson: Optimised to Fail: Card Readers for Online Banking. Financial Cryptography and Data Security 09, Rockley, Barbados. Springer LNCS 5628, pp 184-200
• Steven J. Murdoch: Reliability of Chip & PIN evidence in banking disputes. Digital Evidence and Electronic Signature Law Review, Volume 6, pages 98-115, ISSN 1756-4611, 2009

2008

• Tyler Moore, Richard Clayton: The Consequence of Non-Cooperation in the Fight Against Phishing. Third APWG eCrime Researchers Summit, Atlanta GA, USA, 15-16 October 2008
• Richard Clayton: Do Zebras get more Spam than Aardvarks? Fifth Conference on Email and Anti-Spam (CEAS 2008), Mountain View CA, USA, 21-22 August 2008
• Sebastian Zander, Steven J. Murdoch: An Improved Clock-skew Measurement Technique for Revealing Hidden Services. 17th USENIX Security Symposium, San Jose, CA, USA, 28 July-01 August 2008
• Steven J. Murdoch, Robert N. M. Watson: Metrics for Security and Performance in Low-Latency Anonymity Systems. 8th Privacy Enhancing Technologies Symposium (PETS 2008), Leuven, Belgium, 23-25 July 2008
• Tyler Moore, Richard Clayton: The Impact of Incentives on Notice and Take-down. Seventh Annual Workshop on Economics and Information Security (WEIS08), Dartmouth NH, USA, 25-28 June 2008. In: M. Eric Johnson, Ed: Managing Information Risk and the Economics of Security, pp 199-223, Springer, New York, 2008
• Steven J. Murdoch: On the Origins of a Thesis. International Workshop on Security and Trust Management, Trondheim, Norway, 16-17 June 2008
• Saar Drimer, Steven J. Murdoch, Ross Anderson: Thinking Inside the Box: System-level Failures of Tamper Proofing. 2008 IEEE Symposium on Security and Privacy, Oakland, CA, US, 18-21 May 2008
• Frank Stajano, Richard Clayton: Cyberdice: peer-to-peer gambling in the presence of cheaters. Security Protocols Workshop 2008. Cambridge, UK, 16-18 April 2008
• Gerhard P. Hancke, Markus G. Kuhn: Attacks on Time-of-Flight Distance Bounding Channels. ACM Conference on Wireless Network Security (WiSec), March 31–April 2, 2008, Alexandria, Virginia, USA
• Ross Anderson: Security Engineering - A Guide to Building Dependable Distributed Systems. Second edition, Wiley (April 2008), ISBN 978-0-470-06852-6
• Steven J. Murdoch: Hardened Stateless Session Cookies. Sixteenth International Workshop on Security Protocols, Cambridge, UK, 16-18 April 2008
• Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore: Security Economics and the Internal Market. European Network and Information Security Agency, March 2008
• Ross Anderson: Patient Confidentiality and Central Databases. British Journal of General Practice v 58 no 547 (Feb 2008) pp 75-76
• Tyler Moore and Richard Clayton: Evaluating the Wisdom of Crowds in Assessing Phishing Websites. In: Gene Tsudik (Ed): Financial Cryptography and Data Security, 12th International Financial Cryptography and Data Security Conference (FC08), Cozumel, Mexico, 28-31 January 2008, volume 5143 of LNCS, pp 16-30, Springer Berlin/Heidelberg
• Ross Anderson, Rainer Böhme, Richard Clayton, Tyler Moore: Security Economics and European Policy. Workshop on the Economics of Information Security (WEIS 08); and in ISSE 2008, Vieweg-Teubner pp 57-76
• Saar Drimer, Steven Murdoch, Ross Anderson: Thinking inside the box: system-level failures of tamper proofing. Computer Lab Technical Report UCAM-CL-TR-711
• Tyler Moore, Maxim Raya, Jolyon Clulow, Panagiotis Papadimitratos, Ross Anderson, Jean-Pierre Hubaux: Fast exclusion of errant devices from vehicular networks. Fifth Annual IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON 08)
• Ross Anderson, N. Bohm: FIPR submission to the Hunt Review of the Financial Ombudsman Service.
• Steven Murdoch, Ross Anderson: Tools and Technology of Internet Filtering. In Access Denied: The Practice and Policy of Global Internet Filtering, Ronald Deibert, John Palfrey, Rafal Rohozinski, Jonathan Zittrain, eds., (Cambridge: MIT Press), 2008, pp 57-72

2007

• Steven Murdoch, Ross Anderson: Shifting Borders. Index on Censorship, December 2007
• George Danezis and Richard Clayton: Introducing Traffic Analysis. In: Alessandro Acquisti, Stefanos Gritzalis, Costos Lambrinoudakis, Sabrina di Vimercati (Editors): Digital Privacy: Theory, Technologies, and Practices, Auerbach Publications, November 2007
• Tyler Moore and Richard Clayton: Examining the Impact of Website Take-Down on Phishing. Second APWG eCrime Researchers Summit, Pittsburgh PA, USA, 4-5 October 2007
• Richard Clayton, Steven J. Murdoch, Robert N. M. Watson: Ignoring the Great Firewall of China. A Journal of Law and Policy for the Information Society, Volume 3, Issue 2, Fall 2007
• Richard Clayton: Email Traffic: a quantitative snapshot. Fourth Conference on Email and Anti-Spam (CEAS 2007), Mountain View CA, USA, 2-3 August 2007
• Tyler Moore and Richard Clayton: An Empirical Analysis of the Current State of Phishing Attack and Defence. Sixth Annual Workshop on Economics and Information Security (WEIS07), Pittsburgh PA, USA, 7-8 June 2007
• Ford-Long Wong, Hoon Wei Lim: Identity-Based and Inter-Domain Password Authenticated Key Exchange for Lightweight Clients. Third IEEE International Symposium on Security in Networks and Distributed Systems (SSNDS-07), Niagara Falls, Canada, 21-23 May 2007, IEEE Press.
• Ford-Long Wong, Min Lin, Shishir Nagaraja, Ian Wassell, Frank Stajano: Evaluation Framework of Location Privacy of Wireless Mobile Systems with Arbitrary Beam Pattern. Fifth Annual Conference on Communication Networks and Services Research (CNSR 2007), Fredericton, New Brunswick, Canada, 14-17 May 2007, IEEE ComSoc & ACM.
• Ross Anderson: Closing the Phishing Hole - Fraud, Risk and Nonbanks. Nonbanks in the Payment System, Santa Fe, NM, May 2007
• Richard Clayton: Can CLI be trusted? Information Security Technical Report, Elsevier. 12(2), 2007, pp 74-79
• Shishir Nagaraja, Ross Anderson: Dynamic topologies for robust and scale-free networks. Bio-inspired Computing and Communication (2007), Springer LNCS v 5151 pp 411-426
• Ross Anderson: RFID and the Middleman. Proceedings of the Eleventh International Conference on Financial Cryptography and Data Security, February 2007, Springer LNCS v 4886 pp 46-49.
• Robert N. M. Watson: Exploiting Concurrency Vulnerabilities in System Call Wrappers. In Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT) 2007
• Ross Anderson, Tyler Moore, Shishir Nagaraja, Andy Ozment: Incentives and Information Security. Book chapter in Algorithmic Mechanism Design, CUP 2007, pp 633-649
• Ross Anderson, Tyler Moore: Information Security Economics - and Beyond. Advances in Cryptology - Crypto 2007, Springer LNCS 4622, pp 68-91
• Tyler Moore, Jolyon Clulow, Shishir Nagaraja, Ross Anderson: New Strategies for Revocation in Ad-Hoc Networks. ESAS 2007, Springer LNCS 4572 pp 232-246
• Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Ross Anderson, Ron Rivest: On the Security of the on EMV Secure Messaging API. Security Protocols 2007

2006

• Ross Anderson: Under threat: patient confidentiality and NHS computing. Drugs and Alcohol Today v 6 no 4 (December 2006) pp 13-17
• Ross Anderson, Ian Brown, Richard Clayton, Terri Dowty, Douwe Korff, Eileen Munro: Children's Databases - Safety and Privacy. Information Commissioner's Office, November 2006
• Sergei Skorobogatov: Optically Enhanced Position-Locked Power Analysis. Cryptographic Hardware and Embedded Systems Workshop (CHES-2006), LNCS 4249, Springer-Verlag, ISBN 3-540-46559-6, pp 61-75
• Ross Anderson, Tyler Moore: The Economics of Information Security. Science v 314 no 5799 (27 October 2006) pp 610-613
• Feng Hao, Ross Anderson, John Daugman: Combining crypto with biometrics effectively. IEEE Transactions on Computers, Vol. 55, No. 9, pp 1081-1088, September 2006
• Jolyon Clulow, Gerhard P. Hancke, Markus G. Kuhn, Tyler Moore: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. European Workshop on Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), Hamburg, Germany, 20-21 September 2006, LNCS 4357
• George Danezis and Richard Clayton: Route Fingerprinting in Anonymous Communications. Sixth IEEE International Conference on Peer-to-Peer Computing, Cambridge UK, 6-8 September 2006
• Richard Clayton: Using Early Results from the 'spamHINTS' Project to Estimate an ISP Abuse Team's Task. Third Conference on Email and Anti-Spam (CEAS 2006), Mountain View CA, USA, 28-29 July 2006
• Richard Newman, Sherman Gavette, Larry Yonge, Ross Anderson: Protecting Domestic Power-line Communications. Symposium On Usable Privacy and Security, CMU (July 12-14) 2006 pp 122-132
• Richard Clayton: The Rising Tide: DDoS by Defective Designs. Second Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'06), San Jose CA, USA, 7 July 2006
• Mike Bond, George Danezis: A pact with the Devil. Technical Report UCAM-CL-TR-666, University of Cambridge Computer Laboratory, June 2006
• Markus Kuhn: Eavesdropping attacks on computer displays. Invited talk, 7th Information Security Summit, Prague, 24–25 May 2006, pp.143–153, ISBN 80-86813-08-8
• Feng Hao, Piotr Zieliński: A 2-round anonymous veto protocol. 14th International Workshop on Security Protocols, Cambridge, April 2006, LNCS, Springer-Verlag
• Huiyun Li: Security evaluation at design time for cryptographic hardware. Technical Report UCAM-CL-TR-665, University of Cambridge Computer Laboratory, April 2006
• Ford-Long Wong, Frank Stajano: Multi-channel Group Key Agreement in Arbitrary Topologies. 3rd IEEE International Workshop on Pervasive Computing and Communication Security (PerSec 2006), Pisa, Italy, 13 Mar 2006, IEEE Press.
• Ben Adida, Mike Bond, Jolyon Clulow, Amerson Lin, Steven Murdoch, Ross Anderson, Ron Rivest: Phish and Chips. Security Protocols Workshop, Mar 2006, Springer LNCS vol 5087 pp 40-48
• Richard Clayton, Steven J. Murdoch, Robert N. M. Watson: Ignoring the Great Firewall of China. In Proceedings, Privacy Enhancing Technologies Workshop 2006, Cambridge, UK
• Ross Anderson, Mike Bond, Steven Murdoch: Chip and Spin. Computer Security Journal v 22 no 2 (2006) pp 1-6
• Hyun-Jin Choi: Security protocol design by composition. Technical Report UCAM-CL-TR-657, University of Cambridge Computer Laboratory, January 2006.
• Robert N. M. Watson, Wayne Salamon: TrustedBSD OpenBSM: Open Source Security Audit Framework. In Proceedings, 2006 UKUUG Spring Conference, Durham, UK
• Ross Anderson: Healthcare IT in Europe and North America. National Audit Office, 2006

2005

• Richard Clayton: Anonymity and Traceability in Cyberspace. Technical Report UCAM-CL-TR-653, University of Cambridge Computer Laboratory, November 2005
• Steven J. Murdoch, George Danezis: Low-Cost Traffic Analysis of Tor. Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland, California, USA, 8-11 May 2005.
• Markus G. Kuhn: Security Limits for Compromising Emanations. J.R. Rao, B. Sundar (Eds.): Workshop on Cryptographic Hardware and Embedded Systems (CHES 2005), 29 August - 1 September 2005, Edinburgh, Scotland, LNCS 3659, pp. 265-279.
• Gerhard P. Hancke, Markus G. Kuhn: An RFID Distance Bounding Protocol. IEEE SecureComm 2005, Athens, Greece, 5-9 September 2005, IEEE Computer Society, pp. 67-73, ISBN 0-7695-2369-2.
• Markus G. Kuhn: “Compromizing emanations”, “Data remanence”, “Smartcard tamper resistance”, “TEMPEST”. Entries in Henk C.A. van Tilborg (ed.): Encyclopedia on Cryptography and Security, Springer, 2005, ISBN 0-387-23473-X.
• Andrei Serjantov, Steven J. Murdoch: Message Splitting Against the Partial Adversary. Proceedings of the 5th Workshop on Privacy Enhancing Technologies, Dubrovnik (Cavtat), Croatia, 30 May – 1 June 2005.
• Steven J. Murdoch, Stephen Lewis: Embedding Covert Channels into TCP/IP. Proceedings of the 7th Information Hiding Workshop, Barcelona, Catalonia (Spain), 6 – 8 June 2005, LNCS 3727, pp. 247 – 261.
• Sergei Skorobogatov: Semi-invasive attacks – A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge Computer Laboratory, April 2005.
• John Daugman: Results from 200 billion iris cross-comparisons. Technical Report UCAM-CL-TR-635, University of Cambridge Computer Laboratory, June 2005.
• Shishir Nagaraja, Ross Anderson: The topology of covert conflict. Technical Report UCAM-CL-TR-637, University of Cambridge Computer Laboratory, July 2005.
• Piotr Zieliński: Optimistic Generic Broadcast. Technical Report UCAM-CL-TR-638, University of Cambridge Computer Laboratory, July 2005.
• Feng Hao, Ross Anderson, John Daugman: Combining cryptography with biometrics effectively. Technical Report UCAM-CL-TR-640, University of Cambridge Computer Laboratory, July 2005.
• Ross Anderson, Mike Bond, Jolyon Clulow, Sergei Skorobogatov: Cryptographic processors &ndash a survey. Technical Report UCAM-CL-TR-641, University of Cambridge Computer Laboratory, August 2005.
• Frank Stajano: RFID is X-ray vision. Technical Report UCAM-CL-TR-645, University of Cambridge Computer Laboratory, August 2005.
• Richard Clayton: Anonymity and traceability in cyberspace. Technical Report UCAM-CL-TR-653, University of Cambridge Computer Laboratory, November 2005.
• Richard Clayton: Stopping Outgoing Spam by Examining Incoming Server Logs. Second Conference on Email and Anti-Spam (CEAS 2005), Stanford CA, USA, July 21-22 2005.
• Andrei Serjantov, Richard Clayton: Modelling Incentives for Email Blocking Strategies. Fourth Annual Workshop on Economics and Information Security, WEIS05, Boston MA, USA, June 2--3 2005.
• Richard Clayton: Failures in a Hybrid Content Blocking System. Fifth Privacy Enhancing Technologies Workshop, PET 2005, Dubrovnik, Croatia, May 30--June 1 2005.
• Richard Clayton: Insecure Real-World Authentication Protocols (or Why Phishing is so Profitable). Thirteenth International Workshop on Security Protocols, Cambridge, UK, April 20–22 2005.
• Richard Clayton: Who'd phish from the summit of Kilimanjaro? Financial Cryptography and Data Security: 9th International Conference FC 2005, Roseau, The Commonwealth of Dominica, February 28–March 3 2005, volume 3570 of LNCS, pages 91–92, Springer Verlag.
• Andy Ozment: The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting. Fourth Workshop on the Economics of Information Security, Cambridge, MA, USA, 2-5 June 2005.
• Andy Ozment: Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models. Proceedings of the First Workshop on Quality of Protection, Milan, Italy, 15 September 2005.
• Tyler Moore: Countering Hidden-Action Attacks on Networked Systems. Proceedings of the Fourth Workshop on the Economics of Information Security, Cambridge, Massachusetts, June 2005.
• Sergei Skorobogatov: Data Remanence in Flash Memory Devices. Cryptographic Hardware and Embedded Systems Workshop (CHES 2005), LNCS 3659, Springer-Verlag, ISBN 3-540-28474-5, pp 339-353.
• Ford-Long Wong, Frank Stajano, Jolyon Clulow: Repairing the Bluetooth pairing protocol. Proceedings of 13th International Workshop on Security Protocols, Cambridge, UK, 20-22 April 2005, Springer-Verlag.
• Ford-Long Wong, Frank Stajano: Multi-channel Protocols. Proceedings of 13th International Workshop on Security Protocols, Cambridge, UK, 20-22 April 2005, Springer-Verlag.
• Ford-Long Wong, Frank Stajano: Location Privacy in Bluetooth. Proceedings of 2nd European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, 13-14 July 2005, LNCS 3813, pp. 176-188, Springer-Verlag
• George Danezis, Chris Lesniewski-Laas, M. Frans Kaashoek, Ross Anderson: Sybil-Resistant DHT Routing. ESORICS 2005, LNCS 3679, Springer, pp 305-318
• Paul Youn, Ben Adida, Mike Bond, Jolyon Clulow, Jonathan Herzog, Amerson Lin, Ronald L. Rivest, Ross Anderson: Robbing the bank with a theorem prover, Computer Laboratory Technical Report UCAM-CL-TR-644, August 2005
• Shishir Nagaraja, Ross Anderson: The Topology of Covert Conflict. Computer Laboratory Technical Report no. 637 (July 2005); also at Workshop on Economics of Information Security (June 2006)
• Ross Anderson: System Security for Cyborgs. Second International Workshop on Body Sensor Networks, April 12-13 2005, pp 36-39
• Ross Anderson: Open and Closed Systems are Equivalent (that is, in an ideal world), Perspectives on Free and Open Source Software, MIT Press 2005, pp 127-142
• George Danezis, Stephen Lewis, Ross Anderson: How Much is Location Privacy Worth?, Workshop on Economics of Information Security 2005
• Ross Anderson: The Initial Costs and Maintenance Costs of Protocols, at Security Protocols 05

2004

• Markus G. Kuhn: An Asymmetric Security Mechanism for Navigation Signals, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 239-252, Springer-Verlag.
• Steven J. Murdoch, Piotr Zieliński: Covert Channels for Collusion in Online Computer Games, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 355-369, Springer-Verlag.
• Markus G. Kuhn: Electromagnetic Eavesdropping Risks of Flat-Panel Displays, 4th Workshop on Privacy Enhancing Technologies, 26-28 May 2004, Toronto, Canada.
• Andy Ozment: Bug Auctions: Vulnerability Markets Reconsidered, Third Annual Workshop on Economics and Information Security, 13-14 May 2004, Minneapolis, MN, USA.
• Rupert Gatti, Stephen Lewis, Andy Ozment, Thierry Rayna, Andrei Serjantov: Sufficiently Secure Peer-to-Peer Networks, Third Annual Workshop on Economics and Information Security, 13-14 May 2004, Minneapolis, MN, USA.
• George Danezis, Ben Laurie: Minx: A Simple and Efficient Anonymous Packet Format, WPES 2004, Washington DC, October 2004.
• Poul-Henning Kamp, Robert N. M. Watson: Building Systems to be Shared, Securely. ACM Queue, July/August 2004.
• Rainer Bohme, George Danezis, Claudia Diaz, Stefan Kopsell, Andreas Pfitzmann: Mix Cascades vs. Peer-to-Peer: Is One Concept Superior?, 4th Workshop on Privacy Enhancing Technologies, 26-28 May 2004, Toronto, Canada.
• George Danezis: The Traffic Analysis of Continuous-Time Mixes, 4th Workshop on Privacy Enhancing Technologies, 26-28 May 2004, Toronto, Canada.
• George Danezis, Ross Anderson: The Economics of Censorship Resistance, Workshop on Economics and Information Security, May 13-14, 2004, University of Minnesota.
• George Danezis, Andrei Serjantov: Statistical Disclosure or Intersection Attacks on Anonymity Systems, 6th Information Hiding Workshop, 23-25 May 2004, Toronto, Canada, Proceedings, LNCS 3200, pp. 293-308, Springer-Verlag.
• Andrei Serjantov: On the anonymity of anonymity systems, Technical Report UCAM-CL-TR-604, University of Cambridge, Computer Laboratory, October 2004.
• George Danezis: Designing and attacking anonymous communication systems, Technical Report UCAM-CL-TR-594, University of Cambridge, Computer Laboratory, July 2004.
• Piotr Zieliński: Paxos at war, Technical Report UCAM-CL-TR-593, University of Cambridge, Computer Laboratory, June 2004.
• Mike Bond, Daniel Cvrček, Steven J. Murdoch: Unwrapping the Chrysalis, Technical Report UCAM-CL-TR-592, University of Cambridge, Computer Laboratory, June 2004.
• Piotr Zieliński: Latency-optimal Uniform Atomic Broadcast algorithm, Technical Report UCAM-CL-TR-582, University of Cambridge, Computer Laboratory, February 2004.
• Richard Clayton: Stopping Spam by Extrusion Detection, First Conference on Email and Anti-Spam (CEAS 2004), Mountain View CA, USA, July 30-31, 2004.
• Ben Laurie and Richard Clayton: Proof-of-Work Proves Not to Work. Third Annual Workshop on Economics and Information Security, WEIS04, Minneapolis MN, May 13-14, 2004.
• Ross Anderson: The Dancing Bear – A New Way of Composing Ciphers, Cambridge Protocols Workshop, Cambridge, UK, 26-28 April 2004
• George Danezis, Ross Anderson: The Economics of Censorship Resistance, Workshop on Economics of Information Security, Minneapolis, Mn., 13-14 May 2004
• Andrei Serjantov, Ross Anderson: On Dealing with Adversaries Fairly, Workshop on Economics of Information Security, Minneapolis, Mn., 13-14 May 2004
• Ross Anderson, Haowen Chan, Adrian Perrig: Key Infection – Smart trust for Smart Dust, ICNP, Berlin, Germany, 5-8 October 2004
• Markus G. Kuhn, Steven J. Murdoch, Piotr Zieliński: Compounds: a next-generation hierarchical data model. Poster, Microsoft Research Academic Days, Dublin, 13-16 April 2004.

2003

• Markus G. Kuhn: Compromising emanations: eavesdropping risks of computer displays, Technical Report UCAM-CL-TR-577, University of Cambridge, Computer Laboratory, December 2003.
• George Danezis, Len Sassaman, Heartbeat Traffic to Counter (n-1) Attacks, WPES'03.
• George Danezis: The Statistical Disclosure Attack. Sec2003.
• George Danezis, Roger Dingledine, Nick Mathewson: Mixminion: Design of a Type III Anonymous Remailer. IEEE Symposium on Security & Privacy, 2003.
• George Danezis: Mix-networks with Restricted Routes, 3rd Workshop on Privacy Enhancing Technologies, 2003.
• Richard Clayton Improving Onion Notation. In Roger Dingledine, editor, Privacy Enhancing Technologies, Third International Workshop, PET 2003, Dresden, Germany, March 26-28, 2003, LNCS 2706, pp 81-87, Springer Verlag.
• Simon Moore, Ross Anderson, Robert Mullins, George Taylor, Jacques Fournier: Balanced Self-Checking Asynchronous Logic for Smart Card Applications, Microprocessors and Microsystems Journal v 27 no 9 (Oct 2003) pp 421-430
• Ross Anderson, Mike Bond: Protocol Analysis, Composability and Computation, Computer Systems: Theory, Technology and Applications, Springer 2003
• Ross Anderson: Cryptography and Competition Policy – Issues with ‘Trusted Computing’, Workshop on Economics and Information Security 2003; also given as the Caroline and Edward Wenk Jr. Lecture in Technology and Public Policy, Johns Hopkins University, 2003
• Ross Anderson: ‘Trusted Computing’ and Competition Policy – Issues for Computing Professionals, Upgrade v 4 no 3 (June 2003) pp 35-41

2002

• Ellis Weinberger, Richard Clayton and Ross Anderson: A Security Policy for a Digital Repository. National Preservation Office Journal, 11, October 2002, pp 12-13
• Markus G. Kuhn: Optical Time-Domain Eavesdropping Risks of CRT Displays, Proceedings 2002 IEEE Symposium on Security and Privacy, Berkeley, California, 12-15 May 2002, IEEE Computer Society, pp. 3-18, ISBN 0-7695-1543-6.
• George Danezis: Forward Secure Mixes. NORDSEC 2002.
• Andrei Serjantov, George Danezis: Towards an Information Theoretic Metric for Anonymity. Privacy Enhancing Technologies 2002.
• Richard Clayton and George Danezis: Chaffinch: Confidentiality in the Face of Legal Threats, in Fabien A. P. Petitcolas, editor, Information Hiding Workshop (IH 2002), Noordwijkerhout, The Netherlands, October 7-9, 2002, LNCS 2578, pp 70-86, Springer.
• Richard Clayton and Mike Bond: Experience Using a Low-Cost FPGA Design to Crack DES Keys, in Burton S. Kaliski Jr., Çetin K. Ko&ccedil, Christof Paar, editors, Cryptographic Hardware and Embedded Systems – CHES 2002, Redwood Shores CA, USA, August 13-15, 2002, LNCS 2523, pp 579-592, Springer.
• Richard Clayton: Workshop Report for IPTPS'02: 1st International Workshop on Peer-to-Peer Systems, in Peter Druschel, Frans Kaashoek, Antony Rowstron, editors, Peer-to-Peer Systems, IPTPS 2002, Cambridge MA, USA, March 7-8, 2002, LNCS 2429, pages 1-21, Springer.
• Frank Stajano, Ross Anderson: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, IEEE Computer Security and Privacy 2002 – supplement to v 35 no 4 (April 2002) pp 22-26
• Simon Moore, Ross Anderson, Paul Cunningham, Robert Mullins, George Taylor: Improving Smart Card Security using Self-timed Circuits, Eighth International Symposium on Advanced Research in Asynchronous Circuits and Systems, 2002
• Ross Anderson: Two Remarks on Public-Key Cryptology, Computer Laboratory technical Report no 549
• Ross Anderson: Unsettling Parallels Between Security and the Environment, Workshop on Economics and Information Security 2002
• Sergei Skorobogatov, Ross Anderson: Optical Fault Induction Attacks, Cryptographic Hardware and Embedded Systems 2002, Springer LNCS vol 2523, pp 2-12
• Ross Anderson: Security in Open Versus Closed Systems – the Dance of Boltzmann, Coase and Moore, Open Source Software Economics 2002
• Ross Anderson: TCPA / Palladium Frequently Asked Questions, Computer Security Journal, vol 18, no 3-4, Summer/Fall 2002, pp 63-70
• David Samyde, Sergei Skorobogatov, Ross Anderson, Jean-Jacques Quisquater: On a New Way to Read Data from Memory, first IEEE Security in Storage Workshop (SISW02)
• Richard Clayton, Ellis Weinberger, Ross Anderson: Security in a digital repository, National Preservation Office Journal issue 11, October 2002, pp 12-13
• Andreas Pfitzmann, Hannes Federrath, Markus Kuhn: Anforderungen an die gesetzliche Regulierung zum Schutz digitaler Inhalte unter Berücksichtigung der Effektivität technischer Schutzmechanismen (Technischer Teil). A study commissioned by Deutscher Multimedia Verband (dmmv) e.V. and Verband Privater Rundfunk & Telekommunikation (VPRT) e.V., 2002-03-13.
• Sergei Skorobogatov: Low temperature data remanence in static RAM. Technical Report UCAM-CL-TR-536, University of Cambridge, Computer Laboratory, June 2002.

2001

• Richard Clayton, George Danezis, Markus G. Kuhn: Real World Patterns of Failure in Anonymity Systems, in Ira S. Moskowitz (ed.): Information Hiding, 4th International Workshop, IHW 2001, Pittsburgh, USA, April 25-17, 2001, Proceedings, LNCS 2137, Springer-Verlag, pp. 230-245, ISBN 3-540-42733-3.
• Ross Anderson: Security Engineering – A Guide to Building Dependable Distributed Systems, Wiley (March 2001), ISBN 0-471-38922-6
• F Stajano, Jong-Hyeon Lee, Ross Anderson: Security Policies, in Advances in Computers (2001)
• Ross Anderson: Undermining data privacy in health information, British Medical Journal v 322 (24 February 2001) pp 442-443
• Mike Bond, Ross Anderson: API-Level Attacks on Embedded Systems, IEEE Computer v 34 no 10 (October 2001) pp 67-75
• Ross Anderson: Why Information Security is Hard – An Economic Perspective, Proceedings of the Seventeenth Computer Security Applications Conference, IEEE Computer Society Press (2001), ISBN 0-7695-1405-7, pp 358-365; also given as a distinguished lecture at the Symposium on Operating Systems Principles, Banff, October 2001

2000

• Markus G. Kuhn: Probabilistic Counting of Large Digital Signature Collections, Proceedings of the 9th USENIX Security Symposium, Denver, Colorado, USA, August 14-17, 2000, USENIX Association, pp. 73-83, ISBN 1-880446-18-9.
• George Danezis: An Anonymous Auction Protocol Using "Money Escrow" (Transcript of Discussion). Security Protocols Workshop 2000, LNCS 2133, pp 223-233.
• Jianxin Yan, Alan Blackwell, Ross Anderson, Alan Grant: The Memorability and Security of Passwords – Some Empirical Results, Computer Laboratory technical Report no 500
• Ross Anderson, Eli Biham, Lars Knudsen: The Case for Serpent, 3rd AES Candidate Conference, 13-14 April 2000, New York
• Ross Anderson: The Correctness of Crypto Transaction Sets, Cambridge Protocols Workshop, 2000
• Frank Stajano, Ross Anderson: The Grenade Timer, 7th International Workshop on Multimedia Mobile Communications (MoMoC) (Tokyo, October 2000)
• Jong-Hyeon Lee, Ross Anderson: Jikzi: A New Framework for Security Policy, Trusted Publishing and Electronic Commerce, Computer Communications, vol 23, no 17, 1/11/2000, pp 1621-1626
• Ross Anderson: Digital Signature, reference section in Encyclopaedia of Computer Science, Fourth Edition, Nature Publishing Group (2000) ISBN 1-561-59248-X, pp 581-583
• Jianxin Yan, Stephen Early, Ross Anderson: The XenoService – A Distributed Defeat for Distributed Denial of Service, Information Survivability Workshop, Oct 2000, Boston
• Simon Moore, Markus Kuhn, Ross Anderson: Improving Smartcard Security using Self-timed Circuit Technology, Fourth ACiD-WG Workshop, Grenoble, ISBN 2-913329-44-6, 2000