Computer Laboratory

Graeme Jenkinson

graeme -BEng -Phd -CEng -MIET

Graeme Jenkinson is a Senior Research Associate in the University of Cambridge's Computer Laboratory leading development of distributed dtrace for the CADETS project.

Prior to CADETS, Dr Jenkinson worked on Pico a token-based password replacement scheme. Dr Jenkinson has thirteen years industrial experience working in high-level technical roles in the defence and automotive industries.

Written by Dr Graeme Jenkinson

gcj21 [at]



  • Causal, Adaptive, Distributed, and Efficient Tracing System (CADETS), will address flaws in current audit and information-flow systems through fundamental improvements in dynamic instrumentation, scalable distributed tracing, and programming-language support. CADETS has three major components: Event Query (EQ) is a new query language, loosely based on DTrace’s D, that will drive in-application, whole-system, and distributed tracing using temporal expressions and information flow. Watchman is a host-based tracing framework that dynamically introduces variable-granularity instrumentation within and between executing programs. DEQUE distributes EQ expressions over many hosts to track inter-node information flows and temporal sequences, implementing post-hoc trace aggregation, or as needed, tagging of TCP/IP packets, filesystem RPCs, and application-layer protocols with temporal and information-flow labels.

Past projects

  • Pico without public keys
  • Pico is an existing research project seeking to replace passwords with physical tokens. In its existing embodiment, the Pico device authenticates the user to remote services using a public key based security protocol called SIGMA-I.
    This project will replace SIGMA-I with a symmetric key based alternative. The advantages of this approach include: minimizing changes required for service providers to adopt Pico, lower energy/computing requirements for wearable platforms and future proofing for attacks against public key cryptography.
  • Pico
  • Passwords are a pain. Pico is a more usable and more secure replacement that does not require you to memorize any secrets.
  • Practical authentication to everyday objects


I run the laboratories for the ACS MPhil Advanced Operating Systems course and lecture on tracing and performance analysis on the ACS MPhil Research Skills Programme and the Part II Topical Issues course.


I am an academic researcher working at the University of Cambridge Computer Laboratory. I am available for consulting tasks in the areas of software, securityand usability either through Cambridge Enterprise or in a private capacity.

Recent publications

A full list of publications can be found here

  1. Graeme Jenkinson. It's Better to Rust than to Wear Out. FreeBSD Journal. Nov/Dec 2016.
  2. Graeme Jenkinson and Maria Blakemore. Quantifying the Disruption to User Goals from Authentication Events.
  3. Brian Glass, Graeme Jenkinson, Yuqi Lio, Angela Sasse and Frank Stajano. The usability canary in the security coal mine: A cognitive framework for evaluation and design of usable authentication solutions. Proc. EuroUSEC workshop of SPW 2016.
  4. Ian Goldberg, Graeme Jenkinson, Frank Stajano. Low-cost Mitigation against Cold Boot Attacks for an Authentication Token. Proc. 14th International Conference on Applied Cryptography and Network Security 2016, Springer LNCS. © Springer
  5. Frank Stajano, Stig Fr. Mjølsnes, Graeme Jenkinson, Per Thorsheim: Technology and Practice of Passwords - 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings. Lecture Notes in Computer Science 9551, Springer 2016, ISBN 978-3-319-29937-2
  6. David Llewellyn-Jones, Graeme Jenkinson, Frank Stajano. Explicit Delegation using Configurable Cookies. Proc. Security Protocols Workshop 2016, Springer LNCS. To appear
  7. Ian Goldberg, Graeme Jenkinson, David-Llewellyn-Jones, Frank Stajano. Red button and yellow button: usable security for lost security tokens (Position paper). Proc. Security Protocols Workshop 2016, Springer LNCS. To appear
  8. Jeunese Payne, Graeme Jenkinson, Frank Stajano, Angela Sasse and Max Spencer. Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens. Proc. USEC workshop of NDSS 2016.
Graeme Jenkinson

graeme.jenkinson [at]

+44 1223 763681


Graeme Jenkinson
Computer Laboratory
15 JJ Thomson Avenue
Cambridge CB3 0FD
United Kingdom