Download a PDF version of this document

Research interests

  My research work examines the security and privacy of large-scale networked computer systems. I currently focus on networked mobile devices, such as smartphones, tablets and laptops. I examine the security of the devices themselves as well as the security and privacy problems induced by the interaction between mobile devices and other Internet services. I approach this through the critical evaluation of existing products, by designing and building novel prototype technologies, and by measuring human behaviour.

Current appointments

  • Senior Lecturer previously University Lecturer and RCUK Academic Fellow (2007--present)
    Computer Laboratory, University of Cambridge
  • Teaching Fellow & Director of Studies in Computer Science (2006--present)
    Robinson College, University of Cambridge

Education

Current projects and grants

  • I direct the Device Analyzer project in the Computer Laboratory jointly with Dr Rice. The project provides a free Android app on the Google Play store coupled to computer infrastructure in the Computer Laboratory. The app provides our users with better insight into what their phone does and, with their permission, uploads a subset of the collected usage statistics to our servers to help us answer research questions. We have received data from over 23,000 participants around the world and used this to explore research questions ranging from the energy consumption of mobile devices to the security of the Android ecosystem. Where our users agree, we also share data with more than 40 organisations worldwide. More info: https://deviceanalyzer.cl.cam.ac.uk Funded by donation from Google (2011--present).
  • Principal investigator of a new research grant to improve our understanding of the flows of personal information in a connected world. In this work, we are developing technical means to empirically measure how personal data flows inside mobile devices, and to track how and when personal information moves between mobile devices and servers on the Internet. Funded by Microsoft (2014--2017).
  • Principal investigator for Nigori: storing secrets in the cloud, a project to build a secure mechanism for storing sensitive user data on servers connected to the Internet in such a way that the server provider cannot read it. We have devised significant improvements beyond the version currently deployed by Google in the Chrome web browser, as well as finding security flaws in the version currently deployed by Google. Funded by donation from Google (2012--present).
  • I am a co-investigator on the Rutherford Physics Partnership, a grant to improve the teaching of Physics in English schools. As part of this project I work with Prof. Warner and Dr Jardine-Wright from the Physics Department and Dr Rice from the Computer Laboratory to develop, deploy and measure the effectiveness of novel technology to support learning. More info: IsaacPhysics.org. Funded by the Department for Education (2013--2018).

Previous grants and projects

  • Principal investigator for the Smart Transport Internet of Things Data Ecosystem (STRIDE), a project to improve the delivery of real-time and historic transport and traffic data in the UK. Funded by the Technology Strategy Board (2013--2014).
  • Prinicpal investigator of the TIME Impact Grant, supporting the dissemination of knowledge and software developed in TIME grant (below) to partners and the public. Funded by EPSRC (2012--2013).
  • Principal investigator of Privacy Calculus, a joint research project between Cambridge and TU Berlin to better understand how formal methods can be used to reason about negotiable privacy policies. Funded by the British Council and DAAD (2009--2011).
  • Research co-investigator on TIME-EACM, building novel sensors, distributed systems, and statistical techniques to improve transport and travel infrastructure. Funded by EPSRC (2005--2011).

Research associates & research assistants

  • Alistair Stead Research Assistant (2015--present)
  • Dr Meredydd Luff Research Associate (2015--present)
  • Dr Stephen Cummins Research Associate (2013--present)
  • Dr Ian Davies Research Associate (2013--present)
  • Dr Ian Sheret Senior Research Associate (2013--2014)
  • Dr David Evans Senior Research Associate (2011--2012)
  • Daniel Thomas Research Assistant (2011--2012)
  • Daniel Wagner Research Assistant (2010)

PhD students

  • Diana Crisan Primary Supervisor. (2015--2019)
  • Stephan Kollmann Primary Supervisor. (2014--2018)
    Understanding information flow in the age of Internet-connected mobile devices.
  • Daniel Thomas Primary Supervisor. (2012--2016)
    Towards an understanding of the security of modern smartphone platforms.
  • Sören Preibusch Primary Supervisor. (2008--2012)
    Researching the models, principles and tools to support negotiable privacy policies.
    Completed.
  • Robin Message Jointly supervised with Prof. Alan Mycroft. (2007--2011)
    Programming for humans: a new paradigm for domain-specific languages.
    Completed. Available as Computer Laboratory Technical Report 843
  • Julien Quintard Jointly supervised with Prof. Jean Bacon. (2006--2010)
    Towards a worldwide storage infrastructure.
    Completed.
  • Jonathan Davies Jointly supervised with Prof. Andy Hopper. (2005--2009)
    Programming networks of vehicles.
    Completed. Available as Computer Laboratory Technical Report 761.

Departmental Teaching

College Teaching

  • Director of Studies at Robinson College, Cambridge (2006--present)
  • Supervisor for many Cambridge Colleges in Computer Science and Engineering, including algorithms, artificial intelligence, computer graphics and image processing, concepts in programming languages, concurrent and distributed systems, databases, digital communications, economics and law, programming in C & C++, numerical methods, operating systems, probability, professional practice and ethics, security, and software engineering. (2000--present)

Management and Admin

  • Course Director for the MPhil in Advanced Computer Science and Part III of the Computer Science Tripos. I take overall responsibility for the selection and education of approximately 40 MPhil students and 10 Part III students each year. (2012--2015)
  • Chair of Ethics Committee taking overall responsibility for assessing any experiment involving human participants in the Department, including controlled experiments, ethnographic studies, survey research, release of instrumented software and research involving personal data. (2011--2012)
  • Outreach Coordinator preparing and delivering an annual series of talks about computer science to school students on the Oxbridge Conference tour and elsewhere; coordinating the Departmental open days; managing the Departmental web pages on admissions; running the annual CS competition for UK students. Jointly with Dr Harle. (2007--2012)
  • Graduate Admissions, Robinson College working with the Graduate Tutors to manage the admissions process for Robinson College. (2007--2010, 2013--present)
  • Trustee, Robinson College including membership of College Council, the day-to-day executive body with resonsibility for the good running of the institution. (2012--present)
  • Current committee membership : University of Cambridge Management Committee for the CDT in Sensing (2014--2019), CL Degree Committee (2012--2015), CL Advanced Taught Courses Management Committee (2012--2015), CL Joint Teaching Strategy Committee (2012--2015), Robinson IT Committee (2005--present), Robinson Gardens Committee (2012--present), Robinson Archives Committee (2012--present).

External appointments

  • External Examiner, University of Oxford (2013--2016)
    MSc in Software and Systems Security, Department of Computer Science
  • External Examiner, The Open University (2012--2015)
    M362: Developing Concurrent and Distributed Systems, Department of Computing

Awards and prizes

  • Pilkington Prize in recognition of excellence in teaching (2014)
  • Research Fellow, Robinson College, Cambridge (2005--2006)
  • Sponsored Ph.D. student, AT& T Labs -- Cambridge (2000--2003)
  • Sponsored `A' level and undergraduate student, BT Laboratories (1994--1999)

Previous positions

  • University Lecturer, Computer Laboratory, University of Cambridge. (2012--2013)
  • RCUK Academic Fellow, Computer Laboratory, University of Cambridge. (2007--2011)
    Responsibilities similar to a lecturer, including preparing and delivering undergraduate lectures and supervising PhD students and RAs.
  • Visiting Scientist, Google London. (2011)
    Worked on Google Maps and wrote a Java implementation of the open source Nigori Protocol
  • Research Associate, Computer Laboratory, University of Cambridge. (2004--2007)
    Designed and developed a prototype computer platform for collecting, processing and distributing data concerning road and rail networks.
  • Senior Technical Associate, Fraser Research, Princeton, NJ, USA. (Summer 2004)
    Evaluation of a digital rights management system and the design and analysis of a naming scheme for future computer and communication networks.
  • Internship, AT& T Labs -- Research, Florham Park, NJ, USA. (Summer 2001)
    Designed and implemented a dynamic routing algorithm for 155Mb/s optical fibre residential cable network.
  • Researcher, BT Labs, Martlesham Heath, Suffolk, UK. (1999--2000)
    Built a 2 GHz three-dimensional radio channel sounder, analysed ad-hoc network routing strategies and managed the BT Virtual University Research Initiative on Mobility.

Programme committees

  • ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2015
  • EAI/ACM Mobiquitous 2014, 2015
  • ACM Mobisys 2015
  • ACM UbiComp 2014
  • IEEE International Symposium on Policies for Distributed Systems and Networks 2012
  • Privacy Enhancing Technologies (PET) 2010, 2009, 2008, 2007, 2006
    Proceedings published by Springer
  • Distributed Applications and Interoperable Systems (DAIS) 2010, 2009, 2008
    Proceedings published by Springer
  • PLACES 2010, 2009 [PC co-chair], 2008
    Workshop at ETAPS 2010, 2009 and IFIP DisCoTec 2008
  • ACM Mobile and Ubiquitous Multimedia (MUM) 2012, 2010, 2009
  • International Conference on Geosensor Networks (GSN) 2009, 2006
    Proceedings published by Springer
  • Workshop on Privacy-Aware Location-based Mobile Services (PALMS) 2009, 2008, 2007
    IEEE International Conference on Mobile Data Management (MDM)
  • Pervasive 2009
    Proceedings published by Springer
  • Workshop on Privacy in the Electronic Society (WPES) 2008
    At ACM Conference on Computer and Communications Security (CCS) 2008
  • Internet of Things 2008
    Proceedings published by Springer
  • International Workshop on Pervasive Systems (PerSys) 2007
    Proceedings published by Springer
  • Workshop on UbiComp Privacy 2007
    At UbiComp 2007. Proceedings published by Springer
  • Workshop on From Theory to Practice in Wireless Sensor Networks 2007
    At IEEE Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM)
  • IEEE Workshop on Trust, Security and Privacy for UbiComp (TSPUC) 2007
  • IEEE Workshop on Pervasive Computing and Comms Security (PerSec) 2006
  • International Conference on High Performance Computing and Comms (HPCC) 2006
  • ACM Workshop on Wireless Security 2006 (held at ACM MobiCom) 2006
  • International Conference on Ubiquitous Convergence Technology (ICUCT) 2006
    Proceedings published by Springer

Publications

40 Daniel R. Thomas, Alastair R. Beresford and Andrew Rice. Security Metrics for the Android Ecosystem. To appear in the Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015.

39 Stephen Cummins, Alastair R. Beresford and Andrew Rice. Investigating Engagement with In-Video Quiz Questions in a Programming Course. To appear in IEEE Transactions on Learning Technologies, 2015.

38 Denzil Ferreira, Vassilis Kostakos, Alastair R. Beresford, Janne Lindqvist and Anind K. Dey. Securacy: An Empirical Investigation of Android Applications’ Network Usage, Privacy and Security. To appear in the Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2015.

37 Stephen Cummins, Ian Davies, Andrew Rice and Alastair R. Beresford. Equality: A tool for free-form equation editing. To appear in the Proceedings of the 15th IEEE International Conference on Advanced Learning Technologies (ICALT), 2015.

36 Daniel R. Thomas and Alastair R. Beresford, Thomas Coudray, Tom Sutcliffe and Adrian Taylor. The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface. To appear in Security Protocols XXIII, 2015. Springer.

35 Daniel R. Thomas and Alastair R. Beresford. Better authentication: password revolution by evolution. Security Protocols XXII, LNCS 8809:130--145, 2014. Springer.

34 Daniel T. Wagner, Andrew Rice and Alastair R. Beresford. Device Analyzer: Understanding smartphone usage. Proceedings of the 10th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (Mobiquitous), Tokyo, Japan, 2013. Published in a book, Mobile and Ubiquitous Systems: Computing, Networking and Services, pp 195--208, 2014. Springer. ISBN 978-3-319-11568-9This paper was awarded the 2015 Best Academic Paper Prize by the Computer Laboratory alumni association.

33 Daniel T. Wagner, Andrew Rice and Alastair R. Beresford. Device Analyzer: Large-scale mobile data collection. ACM SIGMETRICS Performance Evaluation Review 41(4):53--56, 2014. ACM Press.

32 Sören Preibusch, Dorothea Kübler and Alastair R. Beresford. Price versus privacy: an experiment into the competitive advantage of collecting less personal information, Electronic Commerce Research, 13(4):423--455, 2013. Springer.

31 Sören Preibusch, Kat Krol and Alastair R. Beresford. The privacy economics of voluntary over-disclosure in Web forms. Proceedings of the 11th Workshop on the Economics of Information Security (WEIS), 2012. Post-proceedings published in a book, The Economics of Information Security and Privacy, pp 183--209, 2013. Springer. ISBN 978-3-642-39497-3.

30 Alastair R. Beresford, Dorothea Kübler, Sören Preibusch. Unwillingness to Pay for Privacy: A Field Experiment, Economics Letters 117(1):25--27, 2012. Elsevier.

29 Alastair R. Beresford, Andrew Rice, Nicholas Skehin and Ripduman Sohan. MockDroid: trading privacy for application functionality on smartphones. Proceedings of the 11th Workshop on Mobile Computing Systems and Applications (HotMobile), pp 49--54, 2011. ACM Press.

28 Jean Bacon, Andrei Iu. Bejan, Alastair R. Beresford, David Evans, Richard J. Gibbens and Ken Moody. Using Real-Time Road Traffic Data to Evaluate Congestion. Dependable and Historic Computing, LNCS 6875:93--117, 2011. ISSN 0302-9743.

27 Andrei Bejan, Richard Gibbens, David Evans, Alastair Beresford, Jean Bacon and Adrian Friday. Statistical Modelling and Analysis of Sparse Bus Probe Data in Urban Areas. Proceedings of the 13th IEEE Conference on Intelligent Transportation Systems, pp 1256--1263, 2010. IEEE Press.

26 Simon Hay, Stamatina Th. Rassia and Alastair Beresford. Estimating personal energy expenditure with location data. In Proceedings of the IEEE Workshop on Pervasive Healthcare (PerHealth), pp 304--309, 2010. IEEE Press.

25 Sören Preibusch and Alastair R. Beresford. Establishing Distributed Hidden Friendship Relations. Security Protocols XVII. LNCS 7028:321--334, 2009. Springer.

24 Robin North, Jeremy Cohen, Steven Wilkins, Mark Richards, Neil Hoose, John Polak, Margaret Bell, Phil Blythe, Bayan Sharif, Jeff Neasham, Visalakshmi Suresh, Fabio Galatioto, Graeme Hill, Iq Mead, Rod Jones, Alastair Beresford, Haibo Chen, Karl Ropkins, Paul Goodman, Colin Oates, James Tate, Narasimha Ballijepalli. Field deployments of the MESSAGE system for environmental monitoring. Traffic Engineering and Control 50(11):484--488, 2009.

23 Jeremy Cohen, Robin North, Steven Wilkins, John Darlington, Yike Guo, Neil Hoose, Yajie Ma, John Polak, Visalakshmi Suresh, Paul Watson, Margaret Bell, Phil Blythe, Jeff Neasham, Mark Calleja, Mark Hayes, Alastair Beresford, Rod Jones, Iq Mead. Creating the MESSAGE infrastructure. Traffic Engineering and Control 50(11):480--483, 2009.

22 Andy Hopper, Andrew Rice and Alastair Beresford. Computing for the future of the planet. Published in a book by the Royal Academic of Engineering,Engineering Change: Towards a sustainable future in the developing world, pp 73--79, 2008. ISBN 1-903496-41-1.

21 Jonathan J. Davies, Alastair R. Beresford and Alan Mycroft. Language-based optimisation of sensor-driven distributed computing applications. Proceedings of Fundamental Approaches to Software Engineering (FASE), LNCS 4961:407--422, 2008. Springer.

20 Jean Bacon, Alastair R. Beresford, David Evans, David Ingram, Niki Trigoni, Alexandre Guitton and Antonios Skordylis. TIME: An open platform for capturing, processing and delivering transport-related data. Proceedings of IEEE Consumer Communications and Networking Conference, pp 687--691, 2008. IEEE Press.

19 Jonathan J. Davies and Alastair R. Beresford. Scalable Inter-Vehicular Applications. Proceedings of the Second International Workshop on Pervasive Systems (PerSys), LNCS 4806: 876--885, 2007. Springer-Verlag.

18 David Evans, Alastair R. Beresford, Trevor Burbridge and Andrea Soppera. Context-derived Pseudonyms for Protection of Privacy in Transport Middleware Applications. Proceedings of the IEEE Workshop on Pervasive Transport (PerTrans), pp 395--400, 2007. IEEE Press.

17 Joonwoong Kim, Alastair R. Beresford and Frank Stajano. Towards a Security Policy for Ubiquitous Healthcare Systems. Proceedings of the First International Conference on Ubiquitous Convergence Technology (ICUCT), LNCS 4412:263--272 , 2007. Springer.

16 David N. Cottingham, Alastair R. Beresford and Robert K. Harle. Observations on the Practical Implementation of National-Scale Road User Charging. Transport Reviews 27(4):499--523, 2007. Taylor & Francis.

15 Jonathan J. Davies, Alastair R. Beresford and Andy Hopper. Scalable, Distributed, Real-time Map Generation. IEEE Pervasive Computing 5(4):47--54, 2006. IEEE Press.

14 Andrew C. Rice, Robert K. Harle and Alastair R. Beresford. Analysing fundamental properties of marker-based vision system designs. Personal and Mobile Computing, 2(4):453--471, 2006. Elsevier.

13 Alastair Beresford and David Scott. Data Privacy. Entry in Wiley Encyclopedia of Computer Science and Engineering (Benjamin Wah, ed.), John Wiley & Sons, Inc, 2008.

12 Alastair R. Beresford. Privacy issues in geographic information technologies. Published in a book by Springer, Frontiers of Geographic Information Technology, pp 257--277, 2006. ISBN 3-540-25685-7.

11 Richard Sharp, James Scott and Alastair R. Beresford. Secure mobile computing via public terminals. Proceedings of the Fourth International Conference on Pervasive Computing (Pervasive), LNCS 3968:238--253, 2006. Springer.

10 Alastair R. Beresford, Jonathan J. Davies and Robert K. Harle. Privacy-Sensitive Congestion Charging. Proceedings of the Fourteenth International Workshop on Security Protocols, LNCS 5087:97--104, 2006. Springer.

9 Andrew C. Rice and Alastair R. Beresford. Dependability and accountability for context-aware middleware systems. Proceedings of the IEEE Workshop on Middleware Support for Pervasive Computing (PerWare), pp 378--382, 2006. IEEE Press.

8 Andrew C. Rice, Alastair R. Beresford and Robert K. Harle. Cantag: an open source software toolkit for designing and deploying marker-based vision systems. Proceedings of the Fourth IEEE International Conference on Pervasive Computing and Communications (PerCom), pp 12--21, 2006. IEEE Press.

7 Sarah Mount, Elena Gaura, Robert M. Newman, Alastair R. Beresford, Sam R. Dolan and Michael Allen. Trove: a physical game running on an ad-hoc wireless sensor network. Proceedings of the Joint Conference on Smart Objects and Ambient Intelligence, pp 235--239, 2005. ACM Press.

6 Kieran Mansley, Alastair R. Beresford and David Scott. The carrot approach: encouraging the use of location systems. Proceedings of the Sixth International Conference on Ubiquitous Computing (UbiComp), LNCS 3205:366--383, 2004. Springer.

5 Alastair R. Beresford and Frank Stajano. Mix Zones: User privacy in location-aware services. Proceedings of the IEEE Workshop on Pervasive Computing and Communication Security (PerSec), pp 127--131, 2004. IEEE Press.

4 David Scott, Alastair Beresford and Alan Mycroft. Spatial Security Policies for Mobile Agents in a Sentient Computing Environment. Proceedings of Fundamental Approaches to Software Engineering (FASE), LNCS 2621:102--117, 2003. Springer.This paper was awarded the Best Software Science Paper prize at ETAPS 2003.

3 David Scott, Alastair Beresford and Alan Mycroft. Spatial Policies for Sentient Mobile Applications. Proceedings of the IEEE Fourth International Workshop on Policies for Distributed Systems and Networks (IEEE Policy), pp 147--157, 2003. IEEE Press.

2 Alastair R. Beresford and Frank Stajano. Location Privacy in Pervasive Computing. IEEE Pervasive Computing, 2(1):46-55, 2003.

1 R. M. Dennis, A. R. Beresford and K. M. Brown. Virtual University Research Initiative on Mobility. BT Technology Journal, 19(1):12-18, 2001.

Other reports, papers and editorships

R10 Alastair R. Beresford and Simon Gay (Editors) Proceedings of the Second International Workshop on Programming Language Approaches to Concurrency and Communication-cEntric Software. Electronic Proceedings of Theoretical Computer Science 17, February 2010. ISSN 2075-2180.

R9 Andrew Rice, Paula Buttery, Idris A. Rai and Alastair Beresford. Language learning on a next-generation service platform for Africa. W3C Workshop on an African Perspective on the Role of Mobile Technologies in Fostering Social and Economic Development, Maputo, Mozambique, 2009.

R8 Sören Preibusch and Alastair R. Beresford. Privacy-Preserving Friendship Relations for Mobile Social Networking. W3C Workshop on the Future of Social Networking, Barcelona, Spain, 2009.

R7 David Evans, Jean Bacon, Alastair R. Beresford, Richard Gibbens and David Ingram. Time for change. Intertraffic World. 1(1):52--56, 2009.

R6 Alastair R. Beresford and Jean Bacon. TIME for Better Transport. Short work in progress report. IEEE Pervasive Computing 5(4):63, 2006. IEEE Press.

R5 David Evans and Alastair R. Beresford. Psuedonymous context-aware transport applications. Proceedings of the UK-Ubinet Workshop, 2006.

R4 Robert Harle and Alastair Beresford. Keeping Big Brother off the road. IEE Review. 51(10):34--37, October 2005. ISSN 0953-5683.

R3 Alastair R. Beresford. Location privacy in ubiquitous computing (Ph.D. dissertation), University of Cambridge Computer Laboratory Technical Report UCAM-CL-TR-612, 2005.

R2 Alastair R. Beresford and Andrew C. Rice. Towards automated computation sharing for ubiquitous computing. British Council Workshop on Proactive Computing, Nizhni Novgorod, Russia. 2005.

R1 Alastair Beresford, Csaba Kiss Kallo, Ursula Kretschmer, Friedemann Mattern and Martin Muehlenbrock. The First Summer School on Ubiquitous and Pervasive Computing. IEEE Pervasive Computing, 2(1):84-88, 2003.

Selected academic talks

T8 Smartphone Vulnerabilities.Invited seminar speaker with webcast to all employees worldwide, Microsoft Research, Seattle, 2014.

T7 Smartphone Vulnerabilities.Invited seminar speaker, Royal Holloway, London, 2014.

T6 MockDroid: trading privacy for application functionality on smartphones.Invited seminar speaker, Department of Computing, Imperial College, 2011.

T5 Using sensors to improve public and private transport. Invited talk at the British Council's Conference on Green ICT and Sensors in Gothenburg, 2010.

T4 Pollution monitoring in the streets of Cambridge. Invited talk at the Cambridge Transport Event organised by the former Chief Scientific Adviser to the Department for Transport, Christ's College, Cambridge.This was a joint talk with Professor Rod Jones.

T3 TIME for better privacy. Keynote talk at the Workshop on Privacy-Aware Location-based Mobile Services (PALMS) 2007; IEEE International Conference on Mobile Data Management (MDM'07).

T2 Privacy issues in geographic information technologies. Invited talk at the Association of American Geographers Annual Meeting, 2006.

T1 Location privacy: technical issues and approaches. Invited talk at BT Laboratories, Martlesham Heath, Suffolk, 2004.