Highlights, in a nutshell:Happy
dad. Author of a few books, and of 3 papers with over 1000 citations
each. CEO and startup founder. Kendo dojo leader. Comics
philologist. Youtuber. Personal web page since 1994. Erdös number
3. And I used to share my Trinity office with a Nobel laureate in
physics.
I run a Youtube channel, Frank Stajano Explains (.com), for students of computer science and for younger people whom I hope to inspire to become students of computer science in the future. The same lectures I give to my Cambridge students are now available to everyone in the world, at no charge. Check it out and subscribe!
I founded a national
(Inter-ACE) and an international
(Cambridge2Cambridge)
cyber security competition and ran them for three years, as a
contribution
towards raising
a new generation of cyber-defenders
(Poster). The
international competition was a collaboration
with MITCSAIL. The successor to Cambridge2Cambridge is an even more international Country2Country, which I helped create, and I serve on its Steering Committee.
I am the CEO and co-founder of Cambridge Cyber, a security consultancy offering competent, trustworthy and discreet services in the areas of training, penetration testing and security analysis (open for business: myfirstname at cambridge cyber dot com).
Lately, my research question has been: can we do better than
passwords? In 2011 I
wrote Pico: no more
passwords!
(blog
post, Forbes
coverage) which then became an invited talk
at Usenix Security
2011 in San Francisco, USA and the opening keynote talk
at RTCSA
2011 in Toyama, Japan. I have since received generous funding from
the European Research Council, in the form of a prestigious and
competitive ERC Starting Grant, to pursue my
research on Pico. While revising that work I then decided that the
ever-growing "related work" section of Pico was worth its own study,
so I invited three expert coauthors for the project that
became The
Quest to Replace Passwords: A Framework for Comparative Evaluation of
Web Authentication Schemes, the highest-scoring peer-reviewed
paper at Oakland 2012 (watch me give the talk in San Francisco on
2012-05-23). An extended
version, with full details and ratings for over 30 password
replacement schemes, is available as
a tech
report.
Historically, my most significant research contributions include
works on the following topics (presented in papers that have since
attracted over a thousand citations each):
Cyberdice,
i.e. online gambling, for money, in a context where everybody else may
be cheating and colluding against you (2008, with Richard Clayton; see also
the transcript
of the lively discussion);
Romantic
Cryptography, i.e. how to say "I love you" but only if
the other person is going to say "me too" (2000, with William Harris);
The Cocaine Auction Protocol, i.e. how to
auction off some valuable goods in a context where all bidders want
anonymity and there is definitely no trusted third party. (1999, with Ross
Anderson.)
Although I now have a permanent faculty post at the University of
Cambridge, I have a mixed academic and industrial background, having
been employed by the R&D centres of major electronics,
telecommunications and software multinationals (Google, Toshiba,
AT&T, Oracle, Olivetti). Thanks to this, my research has always
retained a strong practical orientation. Since my academic appointment
I have continued to consult for industry in Europe and Asia on systems
security, strategic research planning, creativity and innovation. I am
the author of the well-regarded research
monograph Security for Ubiquitous
Computing (Wiley, 2002).
I am a popular public speaker and I was called upon as invited or
keynote speaker over 50 times on four continents (not counting the
presentations of my refereed papers). I also served
as program chair at over a dozen international
conferences or workshops; as program committee member for over 50
events; as technical reviewer of book proposals for scientific
publishers such as Wiley and Addison-Wesley; and as associate editor
for an IEEE
journal. I have authored or co-authored over 50
refereed publications, guest chapters in three books, two patent
applications, one book and I have edited about a dozen Springer LNCS
proceedings volumes.
I was elected a Toshiba Fellow in 2000. I was appointed to a
Lectureship at the University of Cambridge in 2000, originally at the
Department of Engineering, then transferred to the Computer Laboratory
in 2004. In 2006 I was awarded academic tenure until retiring age. In
2007 I was promoted to a University Senior Lectureship, in 2013 to a
Readership and in 2017 to a Professorship. I was also elected to a
Fellowship at Trinity College in 2015, where I serve as a Director of
Studies in Computer Science, a Senior Lecturer and the Chair of the IT
Committee.
Before that, I had the privilege of doing a security PhD here at
Cambridge under the supervision
of Ross Anderson. I
completed it in exactly three years: matriculated in January 1998,
submitted in December 2000, approved with no corrections in
January 2001. My PhD was nominated for the British Computer Society
"distinguished dissertation" award and was later turned into
the book mentioned above. The
first few steps of my academic lineage are all at the Cambridge
Computer Laboratory and go back to its
founder Sir Maurice
Wilkes, who built
the first stored-program
computer in the world: Frank Stajano
- Ross
Anderson
- Roger
Needham -
David
Wheeler
- Maurice
Wilkes. These were all people I knew well on a personal
basis. According to
the Mathematics
Genealogy Project, my lineage then continues upwards to John
Ratcliffe, Edward Appleton, JJ Thomson, John Strutt (Lord Rayleigh),
Edward Routh, William Hopkins, Adam Sedgwick, Thomas Jones, Thomas
Postlethwaite, Stephen Whisson, Walter Taylor, Robert Smith, Roger
Cotes, Isaac Newton, Isaac Barrow, Vincenzo Viviani, Galileo Galilei,
Ostilio Ricci, Nicolò Tartaglia, with additional non-linear detours
through such eminent figures as Rutherford and Torricelli among
others.
I have taught a variety of core computing
subjects to engineers and computer scientists, including operating
systems, computer architecture, security, data structures and
algorithms, as well as more specialized subjects such as hardware
design, FPGA programming, assembly language programming and ubiquitous
computing. I greatly enjoy lecturing and helping other people reach
"lightbulb moments".
I love Japan! I lived in Japan for one year and I maintain strong
ties to the Toshiba
Corporate Research and Development Center in Kawasaki and
Keio University.
In my spare time I am a comics scholar with a
particular interest in Disney
material. I have coauthored a few books, book chapters and articles on
this subject. Although not as frequently as I'd like, I offer audio
interviews with comics authors on my
comics podcast.
I have a strong interest in kendo (Japanese swordsmanship). Since
October 2002 I am the leader
of Tsurugi Bashi, the kendo
dojo of the University of Cambridge. I am 5th dan and
a BKA-licenced "Level 3 Regional Coach"
(meaning that I run courses to train and license other kendo
instructors). I attended the gruelling one-week "Foreign Kendo
Leaders" seminar in Kitamoto, Japan in 2008 and 2014. I haven't kept
an exact count but by now about a thousand people have started kendo as
my students. At least a couple dozen of them have obtained dan grades;
some of them also hold BKA coaching licences and some even started
their own dojo.
2018: Frank Stajano, Graham Rymer, Michelle Houghton. Raising
a new generation of cyber-defenders. University of Cambridge Computer Laboratory Technical Report 922, June 2018, 307 pages;
(also Poster)
2018: Kat Krol, David Llewellyn-Jones, Seb Aebischer, Claudio Dettoni, Frank Stajano. Intentionality and agency in security. Proc. Security Protocols Workshop 2018 (SPW 2018), Springer LNCS 11286.
2017: Seb Aebischer, Claudio Dettoni, Graeme Jenkinson, Kat Krol, David Llewellyn-Jones, Toshiyuki Masui, Frank Stajano. Pico in the Wild: Replacing Passwords, One Site at a Time. Proc. European Workshop on Usable Security (EuroUSEC 2017).
2017: Kat Krol, Seb Aebischer, David Llewellyn-Jones, Claudio Dettoni, Frank Stajano. Seamless Authentication with Pico. Short Talk at IEEE European Symposium on Security and Privacy (EuroS&P 2017).
2016: David Llewellyn-Jones, Graeme Jenkinson and Frank Stajano. Explicit delegation using configurable cookies. Proc. Security Protocols Workshop 2016, Brno, Czech Republic. Springer LNCS.
2015: Frank Stajano, Bruce Christianson, Mark Lomas, Graeme
Jenkinson, Jeunese Payne, Max Spencer, Quentin
Stafford-Fraser. Pico
without public keys. In Proceedings of Security Protocols Workshop
2015. Springer LNCS 9379.
2011: Francesco Stajano. "Don Rosa's Libido Colligandi" in Paolo
Castagno (ed.),
Don Rosa - A little something special, Papersera, 2011.
2011: Francesco Stajano. "Don Rosa interview (2008): before the
ducks" in Paolo Castagno (ed.),
Don Rosa - A little something special, Papersera, 2011.
2011: Francesco Stajano. "Don Rosa interview (1997): the dream of a
lifetime" in Paolo Castagno (ed.),
Don Rosa - A little something special, Papersera, 2011.
2010: Francesco Stajano. "Epico ma non troppo" in Paolo Castagno
(ed.),
Massimo de Vita - Il cugino di Alf, Papersera, 2010.
2010: Ross Anderson and Frank
Stajano. "It's
the anthropology, stupid!". In proceedings of Security Protocols
Workshop 2010. (This is an unrevised preprint.)
2010: Saad Aloteibi and Frank Stajano. "On the value of hybrid
security testing". In proceedings of Security Protocols Workshop
2010.
2010: Jonathan Anderson and Frank
Stajano. "On
storing private keys in the cloud". In proceedings of Security
Protocols Workshop 2010. (This is an unrevised preprint.)
2010: Bruce Christianson, Alex Shafarenko, Frank Stajano and
Ford-Long Wong. "Relay-proof channels using UWB lasers". In
proceedings of Security Protocols Workshop 2010.
2009: Francesco Stajano,
"Intervista a
Giorgio Pezzin", in Paolo Castagno (Ed.), Giorgio Pezzin -
Tanto gli strumenti sono solo dipinti, Papersera, 2009.
2009: Francesco Stajano,
"Giorgio Pezzin, il genio
techno", in Paolo Castagno (Ed.), Giorgio Pezzin - Tanto gli
strumenti sono solo dipinti, Papersera, 2009.
2009: Jonathan Anderson and Frank Stajano, "Not That Kind of
Friend: Misleading Divergences Between Online Social Networks and
Real-World Social Protocols". Proceedings of Seventeenth International
Workshop on Security Protocols, Cambridge, UK, 1-3 April 2009. Springer LNCS. You may download
an unrevised
preprint.
2007: Ford Long Wong and Frank Stajano,
"Multichannel Security
Protocols", in IEEE Pervasive Computing, Special Issue on
Security and Privacy, 6(4):31-39, Oct-Dec 2007.
2007: Frank Stajano, Catherine Meadows, Srdjan Capkun, Tyler Moore
(Eds.),
Security and Privacy in Ad-hoc and Sensor Networks 4th
European Workshop, ESAS 2007, Cambridge, UK, July 2-3,
2007. Proceedings. Springer Lecture Notes in Computer Science
volume 4572.
2006: Frank Stajano, Hyoung Joong Kim, Jong-Suk Chae, Seong-Dong Kim
(Eds.), Ubiquitous Convergence Technology, First International
Conference, ICUCT 2006, Jeju Island, Korea, December 5-6, 2006,
Revised Selected Papers. Springer Lecture Notes in Computer
Science volume 4412.
2005: Pablo Vidales, Javier Baliosian, Joan Serrat, Glenford Mapp, Frank
Stajano, Andy Hopper, "Autonomic System
for Mobility Support in 4G Networks", in IEEE Journal On
Selected Areas In Communications, December 2005.
2005: Francesco Stajano,
"Addio, Romano!",
in
DDF(R)appet, June 2005, fanzine of the
Danish Donaldist society.
2005: Frank Stajano,
"RFID
is
X-ray vision",
University of Cambridge Computer Laboratory Technical Report
645. Revised write-up of keynote talk I gave at the first workshop in
the International
Workshop Series on RFID, Tokyo, Japan, November 2004. A condensed
version, featuring some prudish censorship courtesy of the
CACM editors, appears in the September 2005 issue of Communications
of the ACM.
2005: Pablo Vidales, Glenford Mapp, Frank Stajano, Jon Crowcroft,
Carlos Jesus Bernardos,
"A Practical
Approach for 4G Systems: Deployment of Overlay Networks", in
Proceedings of Testbeds and Research Infrastructures for the
DEvelopment of NeTworks and COMmunities / TRIDENTCOM 2005. (Best paper
award)
2004: Frank
Stajano, Security for
Ubiquitous Computing (abstract of invited talk), in Proceedings of
7th International Conference on Information Security and Cryptology
(ICISC 2004), Seoul, Korea, Dec 2004. Springer LNCS 3506.
2002: Frank Stajano and Yutaka Sata, "Personalized reminder service", Japanese patent application P2002-12052 (in Japanese), 2002.
2001: Frank Stajano and Hiroshi Isozaki, "Apparatus for managing software and method of installing software", Japanese patent application P2001-315815 (in Japanese), 2001.
2001: Security
Policies (with Ross Anderson and
Jong-Hyeon Lee; book chapter in
Advances in Computers vol 55, Academic Press, 2001.)
2000: A personal homage to Carl
Barks, the great comics storyteller, creator of Uncle Scrooge and
Gyro Gearloose, who died on 2000-08-25 at age 99.
2000: A set of flash cards to practice the Japanese hiragana and
katakana syllabaries (Frank's
do-it-yourself kana cards). (If you are
interested in this sort of thing then you might have liked the very
elegant, and equally
free, Digital
Kana Flashcards created by Shane Hope; but the web page has now
disappeared.)
2000: The Resurrecting
Duckling -- What Next? (presented at,
and in the proceedings of, the 8th International Workshop on Security
protocols, Lecture Notes in Computer Science, Springer-Verlag,
2000-04-05.)
2000: Il
falsario contro il crittologo: sicurezza per la lotteria
informatizzata ("The Forger vs. the
Cryptologist: Security Issues for the Computerised Lottery", in
Italian. Invited paper presented at, and in the proceedings of, the 40th
conference of the Italian Statistical Society, Florence, Italy,
2000-04-26.)
1999: The Resurrecting Duckling:
Security Issues for Ad-hoc Wireless Networks (with Ross Anderson; presented at, and in the proceedings of,
the 7th International Workshop on Security protocols, Lecture Notes in
Computer Science, Springer-Verlag. A later version appears in the
proceedings of the 3rd AT&T Software Symposium.)
1998: A design for my Cambridge University
business card which several colleagues have
already requested and used for themselves. If you are browsing from
*.cam.ac.uk, I'll let you download my Word
file so you can use it too. It has my photograph, so the recipient
remembers who the hell this came from, and the fingerprints of my PGP keys (I've had PGP fingerprints on my business
cards since 1994, and greasy fingerprints on them since a lot before
that!). I'm pleased with the result, but Word is a big mess, especially
when you have to edit the sideways text. Maybe one day I'll write a program
to generate the postscript directly -- but don't hold your breath.
1998:
HTML pretty-print
1997: Restituire l'anima
rubata (in Notiziario GAF, issue 3,
Dec 1997; reprinted, with much better illustrations, in Comic Art 161,
April 1998)
1997: Don Rosa e il
Rinascimento disneyano (with Leonardo
Gori and Alberto Becattini; the first book in the world about the
American Disney comics author Don Rosa. In Italian.)
1997: A few self-generating programs that now live in
Eli
Biham's collection.
1996-7: a chapter
in The Art of Giorgio
Cavazzano (edited by Luca Boschi; a great
book about the Italian Disney comics author Giorgio Cavazzano. In
Italian.)
1992: Manuale Modem (tells you what
you can do with a modem from a user's perspective, with particular emphasis
on the "community spirit" of bulletin boards. Became the standard
textbook introduction to Fidonet in
Italy and was broadcast by RAI (Italy's state-owned TV broadcasting
company) over their telesoftware channel. In Italian.)
1991: Media Composition and Synchronization Aspects in an Interactive Multimedia
Authoring Environment (with Gianluca Pancaccini; in Proceedings of the Fourth International Conference on Human-Computer Interaction, Stuttgart, Germany, 1991, published by Elsevier.)
Former undergraduate students whose coursework I supervised
Lent 1999, Security:
Chris Reed, John Hall, Ross Younger,
Ari Krakauer, Martin Thorpe, Ben Waine, Katie Bebbington, Ciaran
McNulty, Matthew Slyman, Dominic Crowhurst, Matt Cobley, Alfredo
Gregorio, Andrei
Serjantov, Jacob Nevins, Theo Honohan, Ben Mansell, Alastair Beresford, Richard Sharp, David Scott.
Lent
2000, Security:
Siraj Khaliq, Julian Brown, George Danezis, Mark Shinwell, Patrick
Wynn, Bruno Bowden, Justin Siu, Paul Gotch.
Air conditioning as a replacement for opening the windows
Books and articles written in a complicated way in the mistaken belief that this will make readers think that the author is more clever than them (when I read such junk I only think that the author is an idiot who doesn't understand his own stuff well enough to be capable to explain it clearly to me)
Cars, especially traffic jams and parking problems
Commuting to work
Insects, especially mosquitos
Political correctness (an alternative spelling for hypocrisy)
IPC9 aka 9th International
Python Conference (5-8 March 2001, Long Beach, CA, USA)
IPC10 aka 10th International
Python Conference (4-7 February 2002, Alexandria, VA, USA)
IWSAWC 2002
aka The 2nd International Workshop on Smart Appliances and Wearable
Computing (2 July 2002, Vienna, Austria)
Mobicom
2002 aka The Eighth ACM International Conference on Mobile
Computing and Networking (23-28 September 2002, Atlanta, GA, USA)
WiSe aka
Workshop on Wireless Security (28 September 2002, Atlanta, GA, USA)
SPC 2003 aka 1st
International Conference on Security in Pervasive Computing (12-14
March 2003, Boppard, Germany)
PerSec 2004 aka
First IEEE International Workshop on Pervasive Computing and
Communication Security, held in conjunction with PerCom 2004 (14-17 March 2004,
Orlando, FL, USA)
ICDCS 2004
aka 24th International Conference on Distributed Computing Systems
(23-26 March 2004, Tokyo, Japan)
Uk-Ubinet
2004 aka 2nd UK-UbiNet Workshop, Security, trust, privacy and
theory for ubiquitous computing (5-7th May 2004, Cambridge, UK)
ESAS
2004 aka 1st European Workshop on Security in Ad-Hoc and Sensor
Networks (5-6 August 2004, Heidelberg, Germany)
Mobiquitous 2004 aka
First Annual International Conference on Mobile and Ubiquitous
Systems: Networking and Services (22-25 August 2004, Boston, MA, USA)
UCS 2004
aka 2nd International Symposium on Ubiquitous Computing Systems (8-9
November 2004, Tokyo, Japan)
PerSec 2005 aka 2nd IEEE
International Workshop on Pervasive Computing and Communication
Security, held in conjunction with PerCom 2005 (8-12 March 2005, Hawaii,
USA) (Program co-chair)
SPC 2005 aka 2nd Conference
on Security in Pervasive Computing (6-8 April 2005, Boppard, Germany)
LoCa 2005 aka
International Workshop on Location- and Context-Awareness, in
cooperation with Pervasive
2005 (12-13 May 2005, Oberpfaffenhofen near Munich, Germany)
TSPUC 2005 aka
First International Workshop on Trust, Security and Privacy for
Ubiquitous Computing (13 June 2005, Taormina, Italy), affiliated with
IEEE WOWMOM 2005
PerSec 2006 aka 3rd IEEE
International Workshop on Pervasive Computing and Communication
Security, held in conjunction with PerCom 2006 (13-17 March 2006,
Pisa, Italy) (Program co-chair)
HPCC-06 aka The Second
International Conference on High Performance Computing and
Communications (13-15 September 2006, Munich, Germany) (Program
vice-chair)
ESAS 2006 aka Third
European Workshop on Security and Privacy in Ad Hoc and Sensor
Networks (20-21 September 2006, Hamburg, Germany)
UCS 2006 aka 2006
International Symposium on Ubiquitous Computing Systems (11-13 October
2006, Seoul, Korea)
ICUCT 2006 aka International
Conference on Ubiquitous Convergence Technology (6-8 December 2006,
Jeju, Korea) (Program co-chair)
PerSec 2007 aka 4th IEEE
International Workshop on Pervasive Computing and Communication
Security, held in conjunction with PerCom 2007 (26 March 2007, New
York, USA) (Program co-chair)
PerCom 2007 aka 5th Annual
IEEE International Conference on Pervasive Computing and
Communications, (26-30 March 2007, New York, USA)
ESAS 2007 aka Fourth
European Workshop on Security and Privacy in Ad Hoc and Sensor
Networks (2-3 July 2007, Cambridge, UK) (General chair)
SecureComm 2007 aka
Third International Conference on Security and Privacy in
Communication Networks (17-21 September 2007, Nice,
France)
WiSec 2008
aka First ACM Conference on Wireless Network Security (31 March - 2
April 2008, Alexandria, VA, USA)
WiSec 2009
aka Second ACM Conference on Wireless Network Security (16 - 18 March
2009, Zurich, Switzerland)
IWSSI/SPMU
2009 aka Second International Workshop on Security and Privacy in
Spontaneous Interaction and Mobile Device Use, held in conjunction
with Pervasive 2009 (11
May 2009, Nara, Japan)
SPW 2009 aka
Seventeenth International Workshop on Security Protocols (1-3 April
2009, Cambridge, UK)
WISTP 2009 aka Workshop in
Information Security Theory and Practices on Smart Devices, Pervasive
Systems, and Ubiquitous Networks (2-4 September 2009, Brussels,
Belgium)
DWSAN4CIP 2009
aka International Workshop on Dependable Wireless Sensor and Actuator
Networks for Critical Infrastructure Protection (18-19 October 2009,
St. Petersburg, Russia), held in conjunction
with ICUMT 2009.
WISEC 2010
aka Third ACM Conference on Wireless Network Security (March 2010, New
York, USA) (Program co-chair)
SPW 2010 aka
Eighteenth International Workshop on Security Protocols (24-26 March
2010, Cambridge, UK)
SEC
2010 aka International Information Security Conference 2010:
Security & Privacy - Silver Linings in the Cloud (20-23 September
2010, Brisbane, Australia)
WISEC 2011
aka Fourth ACM Conference on Wireless Network Security (14-17 June
2011, Hamburg, Germany)
SPW 2011 aka
Nineteenth International Workshop on Security Protocols (March
2011, Cambridge, UK)
SPW 2012 aka
Twentieth International Workshop on Security Protocols (April
2012, Cambridge, UK)
WRIT 2013 aka
Workshop on Research for Insider threat, a workshop of Oakland 2013 (24 May
2013, San Francisco, CA, USA) (Program co-chair)
Oakland
2014 aka 35th IEEE Symposium on Security and Privacy (18-21 May
2014, San Jose, CA, USA)
SPW 2013 aka
Twentyfirst International Workshop on Security Protocols (April
2013, Cambridge, UK)
SPW 2014 aka
Twentysecond International Workshop on Security Protocols (April
2014, Cambridge, UK)
Passwords14 aka 7th international conference on passwords (8-10 December 2014, Trondheim, Norway).
SPW 2015 aka
Twentythird International Workshop on Security Protocols (April
2015, Cambridge, UK)
SOUPS 2015 aka
Symposium On Usable Privacy and Security (22-24 July 2015, Ottawa,
Canada).
Passwords
2015 aka 9th international conference on passwords (7-9 December
2015, Cambridge, UK) (Program co-chair)
SPW 2016 aka
Twentyfourth International Workshop on Security Protocols (6-8 April
2016, Brno, Czech Republic)
SOUPS
2016 aka Twelfth Symposium on Usable Privacy and Security (22-24
June 2016, Denver, CO, USA)
EuroUSEC 2016 aka
First European Workshop on Usable Security (18 July 2016, Darmstadt,
Germany).
Passwords
2016 aka 11th International Conference on Passwords (5-7 December
2016, Bochum, Germany) (Program co-chair)
EuroS&P
2017 aka Second IEEE European Symposium on Security and Privacy
(26-28 April 2017, Paris, France)
SPW 2017 aka
Twentyfifth International Workshop on Security Protocols (20-22 March
2017, Cambridge, UK) (Program chair)
SPW 2018 aka
Twentysixth International Workshop on Security Protocols (19-21 March
2018, Cambridge, UK) (General chair)
SPW 2019 aka
Twentyseventh International Workshop on Security Protocols (10-12 April
2019, Cambridge, UK) (General chair)
EuroS&P
2019 aka Fourth IEEE European Symposium on Security and Privacy
(17-19 June 2019, Stockholm, Sweden) (Program co-chair)
SPW 2020 aka
Twentyeighth International Workshop on Security Protocols (April 2020, Cambridge, UK) (General chair) CANCELLED
EuroS&P
2020 aka Fifth IEEE European Symposium on Security and Privacy
(June 2020, Genova, Italy) (Program co-chair)
SPW 2023 aka
Twentyeighth International Workshop on Security Protocols (27-28 March
2023, Cambridge, UK) (Program Chair and General Chair)
Rossfest Symposium in memory of Ross Anderson (25 March
2025, Cambridge, UK) (General Chair)
SPW 2025 aka
Twentyninth International Workshop on Security Protocols (26-27 March
2025, Cambridge, UK) (Program Chair and General Chair)
SHB 2025 aka
Eighteenth Workshop on Security and Human Behavior (Cambridge, UK) (General Chair)
I encourage you to submit papers to those of the events above
for which the submission date is still in the future. The Calls for
Papers are available from the links.
The netpbm man pages (227
pages, 425 kB) in a legible and easily printable format. This is not funny
(sorry) but it's nevertheless damn useful. I was fed up with not being able
to read the man pages from windows and so I did the conversion (groff,
distiller etc) once and for all.
Telephone contact is generally not encouraged but, if you are a
friend or if you have a good reason, with a little homework you can
find my number in the departmental directory. Don't, if you're a
salesperson, or I may be rude to you.
Time zone info: the UK uses the UTC+0 time zone and goes to UTC+1
during the summer (actually from the last Sunday in March to the last
Sunday in October); most other EU countries, instead, are on UTC+1 and
UTC+2 respectively, but the change is synchronised, so the time
difference with Central Europe is now always 1 hour (this used to be
different). Japan is on UTC+9 and, in its wisdom, stays there all year
long.
These days, I get a lot of email. A long time ago I used to reply
to almost every message. I soon stopped doing that, but for many years
I kept on carefully reading every message. In the late 1990s I stopped
doing that too, because of spam: initially it was a big shock for me
to delete stuff without having read it ("what if it was important?"),
but then I got over it. Nowadays I ask the Bayesian filter in
Thunderbird (not as good as the wonderful
Python-powered Spambayes, but
more conveniently accessible) to throw away messages on my behalf
without even showing them to me. The stuff that gets through I usually
read, except if it's too long or if it contains Microsoft attachments.
DON'T send me Microsoft attachments, which are
notorious virus vehicles; ideally, if you want to be kind, please
don't send me any attachments at all. Unless I already know you have a
good reason for sending it to me, mail with attachments may be
discarded unread, or actually not even downloaded from the server. I
am happiest when people send me plain text or, at most, a pointer to a
pdf.
Even after all this filtering, I still get way too much mail. I
write over 10 replies per workday (often many more), but course I
can't hope to keep up with an influx that is an order of magnitude
larger. As Joachim Posegga once
wrote, "response time tends to be an exponential function of message
length".
If you want to write to me because you want to become my student at
Cambridge, please read this helpful and
instructive page. If you don't (and I will be able to tell from
your message) I might just silently ignore you; or, if you're lucky,
just point you again to this page.
Having said all that, my university email address is
givenname.familyname@cl.cam.ac.uk.
I use and encourage the use of PGP (or its free
equivalent GPG, to which I even
once contributed
a minor bug fix). My PGP keys are on the
keyservers. I prefer to receive encrypted mail messages as inline
ascii-armoured text as opposed to attachments.
HTML advice of the day: don't misuse tables for page layout purposes and,
above all, avoid browser-specific crap!
"With HTML 4.0, any Web
application can be vendor independent. There really is no
excuse for tying yourselves or your partners to proprietary
solutions."
--Tim Berners-Lee, inventor of the World Wide Web