Dr Daniel R. Thomas
Photo is from 2014-03-20 by Quentin Stafford-Fraser
I moved to the University of Strathclyde for a Chancellor's Fellowship on 5th August 2019
Contact
Email: firstname.lastname@cl.cam.ac.uk
Telephone: +44 1223 763 748
GPG: 5017 A1EC 0B29 08E3 CF64 7CCD 5514 35D5 D749 33D9 (work)
EA14 782B FF32 D5B8 464B 92D7 B2FB 14CF 18EB 83B1 (home)
I have an (outdated) personal home page and blog. Research is blogged on Light Blue Touchpaper.
Research
My interests are in measuring security and cybercrime so that we can monitor improvement, evaluate interventions, and inform regulators.
I am a Research Associate and Affiliated Lecturer at the University of Cambridge and an Honorary Research Associate at Peterhouse, Cambridge. I am a member of the Digital Technology Group, the Security Group, and the Cambridge Cloud Cybercrime Centre.
I maintain the Android vulnerabilities website, information on the deployed version distribution of Android and help with the Device Analyzer project.
Publications
- "Ghost trace on the wire? Using key evidence for informed decisions" by Diana A. Vasile, Martin Kleppmann, Daniel R. Thomas, and Alastair R. Beresford. 27th International Workshop on Security Protocols. Springer LNCS. April 2019.
- "CrimeBB: Enabling cybercrime research on underground forums at scale" by Sergio Pastrana, Daniel R. Thomas, Alice Hutchings, and Richard Clayton. The Web Conference (WWW) 2018.
- "Ethical issues in research using datasets of illicit origin" by Daniel R. Thomas, Sergio Pastrana, Alice Hutchings, Richard Clayton, and Alastair R. Beresford at ACM Internet Measurement Conference (IMC) 2017 (local copy), (slides), (bibtex).
- "1000 days of UDP amplification DDoS attacks" by Daniel R. Thomas, Richard Clayton, and Alastair R. Beresford at 2017 APWG Symposium on Electronic Crime Research (eCrime) (bibtex)
- "Incentivising software updates" by Daniel R. Thomas and Alastair R. Bresford at Internet of Things Software Update Workshop (IoTSU) 2016
- "Security metrics for the Android ecosystem" by Daniel R. Thomas, Alastair R. Beresford and Andrew Rice in ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) 2015, bibtex, official ACM version.
- "The lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface" by Daniel R. Thomas, Alastair R. Beresford, Thomas Coudray, Tom Sutcliffe and Adrian Taylor in the Proceedings of the Security Protocols Workshop 2015, bibtex
- "Better authentication: password revolution by evolution" by Daniel R. Thomas and Alastair R. Beresford in the Proceedings of the Security Protocols Workshop 2014, LNCS 8809, pp. 130–145. Official version from link.springer.com, bibtex
Reports
Presentations and posters
- Measuring Android vulnerability, and UDP DDoS attacks at University of Luxembourg
- Ethical issues in research using datasets of illicit origin at Cambridge Cybercrime Conference 2018
- 1000 days of UDP amplification DDoS attacks presentation (notes) at eCrime 2017
- Security metrics for the Android ecosystem presentation (odp) at SPSM 2015
- The lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface presentation (with notes) at Security Protocols Workshop 2015
- Better authentication: password revolution by evolution presentation (with notes, transcript) at Security Protocols Workshop 2014
- Nigori poster at Computer Laboratory 75th Anniversary poster competition
Reviewing
I have reviewed papers for: ACM SIGCOMM Computer Communications Review (CCR), Journal of Internet Services and Applications (JISA), Mobile and Ubiquitous Multimedia (MUM) 2013, Ubicomp 2014, Transactions on Information Forensics & Security (2017), Transactions on Software Engineering (2017), The Computer Journal (2018) amongst others. I am co-editor for the Frontiers Research Topic on Big Data Ethics. I have reviewed a funding proposal for University of Luxembourg's internal call.
Collaborators
Listed alphabetically for my ease of reference (updated 2018-10-20). Active:
Ross Anderson,
Alastair R. Beresford,
Sara Correia,
Richard Clayton,
Katherine Fletcher,
Alice Hutchings,
Sergio Pastrana,
Jovan Powar,
Jair Santanna,
Diana A. Vasile,
Alexander Vetterl,
Helena Webb
Previous: Andrew Rice
Teaching
Supervising
I supervise various courses. I also have some project ideas.
Lecturing
I am one of the course lecturers for the R209 Computer Security: Principles and Foundations, R210 Computer Security: Current Applications and Research, and R254 Cybercrime MPhil courses in security.
In 2018 I lectured Security II: Part 2: Security engineering covering security, human factors, and psychology; security policies; authentication; and network security.
I gave one lecture on LaTeX for Markus Kuhn's Unix Tools course in November 2013.
I gave one lecture as part of the Research Students Lecture series in 2014 and 2015.
University Politics
I am a member of the University's Cycling and Walking working subgroup. I co-founded the West Cambridge Active Travel (WCAT) group.
I used to represent the PhD students to the Staff-Student Consultative Forum and the Faculty Board. I used to represent PhD students in the Digital Technology Group to the Graduate Student Forum.
I had a Level 2 Award in Food Safety in Catering which means that I could run various food based events in the department.
Declarations of interest
I have received funding from various organisations, I try not to let that influence me but in the interest of transparency details follow.
- From October 2016 I have been funded by the EPSRC through the Cambridge Cybercrime Centre
- From October 2015 to Septembr 2016 I was funded by ThreatSTOP
- I the EPSRC Doctoral Training Account of the Computer Laboratory funded the second and third years of my PhD
- The first year of my PhD was funded by Google
- My year as a Research Assistant was partly funded by Google
- I spent a summer working for Broadcom
- I have been both a student and a mentor on the Google Summer of Code
- I spent a summer as an on an Undergraduate Research Opportunity (UROP) placement funded by BT
- GCHQ/NCSC has provided small amounts of money to attend conferences and buy books or servers.