Computer Laboratory


I am a Senior Research Associate in the University of Cambridge's Computer Laboratory leading development of distributed DTrace for the CADETS project. Prior to CADETS, I worked on Pico a token-based password replacement scheme. Prior to returning to academia I gained thirteen years industrial experience working in high-level technical roles in the defence and automotive industries developing software for safety critical and security systems.


  • Causal, Adaptive, Distributed, and Efficient Tracing System (CADETS), will address flaws in current audit and information-flow systems through fundamental improvements in dynamic instrumentation, scalable distributed tracing, and programming-language support. CADETS has three major components: Event Query (EQ) is a new query language, loosely based on DTrace’s D, that will drive in-application, whole-system, and distributed tracing using temporal expressions and information flow. Watchman is a host-based tracing framework that dynamically introduces variable-granularity instrumentation within and between executing programs. DEQUE distributes EQ expressions over many hosts to track inter-node information flows and temporal sequences, implementing post-hoc trace aggregation, or as needed, tagging of TCP/IP packets, filesystem RPCs, and application-layer protocols with temporal and information-flow labels.

Past projects

  • Pico
  • Passwords are a pain. Pico is a more usable and more secure replacement that does not require you to memorize any secrets.
    • Pico without public keys
    • Pico is an existing research project seeking to replace passwords with physical tokens. In its existing embodiment, the Pico device authenticates the user to remote services using a public key based security protocol called SIGMA-I.
      This project will replace SIGMA-I with a symmetric key based alternative. The advantages of this approach include: minimizing changes required for service providers to adopt Pico, lower energy/computing requirements for wearable platforms and future proofing for attacks against public key cryptography.
    • Practical authentication to everyday objects


I run the laboratories for the ACS MPhil Advanced Operating Systems course and lecture on tracing and performance analysis on the ACS MPhil Research Skills Programme and the Part II Topical Issues course.


I am an academic researcher working at the University of Cambridge Computer Laboratory. I am available for consulting tasks in the areas of software, securityand usability either through Cambridge Enterprise or in a private capacity.

Recent publications

A full list of publications can be found here

  1. Neville-Neil, George, Anderson, Jonathan, Jenkinson, Graeme, Kidney, Brian, Stolfa, Domagoj, Thomas, Arun, Robert N. M. Watson. 2018. “OpenDTrace Specification version 1.0.”
  2. Jenkinson, Graeme, Lucian Carata, Thomas Bytheway, Ripduman Sohan, Robert N. M. Watson, Jonathan Anderson, Brian Kidney, Amanda Strnad, Arun Thomas, and George Neville-Neil. 2017. “Applying Provenance in Apt Monitoring and Analysis: Practical Challenges for Scalable, Efficient and Trustworthy Distributed Provenance.” In 9th Usenix Workshop on the Theory and Practice of Provenance (Tapp 2017). Seattle, WA: USENIX Association.
  3. Seb Aebischer, Claudio Dettoni, Graeme Jenkinson, Kat Krol, David Llewellyn-Jones, Toshiyuki Masui and Frank Stajano. Pico in the Wild: Replacing Passwords, One Site at a Time. To Appear EuroUSEC workshop of SPW 2017.
  4. Graeme Jenkinson. It's Better to Rust than to Wear Out. FreeBSD Journal. Nov/Dec 2016.
  5. Graeme Jenkinson and Maria Blakemore. Quantifying the Disruption to User Goals from Authentication Events.
  6. Brian Glass, Graeme Jenkinson, Yuqi Lio, Angela Sasse and Frank Stajano. The usability canary in the security coal mine: A cognitive framework for evaluation and design of usable authentication solutions. EuroUSEC workshop of SPW 2016.
  7. Ian Goldberg, Graeme Jenkinson, Frank Stajano. Low-cost Mitigation against Cold Boot Attacks for an Authentication Token. Proc. 14th International Conference on Applied Cryptography and Network Security 2016, Springer LNCS. © Springer
  8. Frank Stajano, Stig Fr. Mjølsnes, Graeme Jenkinson, Per Thorsheim: Technology and Practice of Passwords - 9th International Conference, PASSWORDS 2015, Cambridge, UK, December 7-9, 2015, Proceedings. Lecture Notes in Computer Science 9551, Springer 2016, ISBN 978-3-319-29937-2
  9. David Llewellyn-Jones, Graeme Jenkinson, Frank Stajano. Explicit Delegation using Configurable Cookies. Proc. Security Protocols Workshop 2016, Springer LNCS. To appear
  10. Ian Goldberg, Graeme Jenkinson, David-Llewellyn-Jones, Frank Stajano. Red button and yellow button: usable security for lost security tokens (Position paper). Proc. Security Protocols Workshop 2016, Springer LNCS. To appear
  11. Jeunese Payne, Graeme Jenkinson, Frank Stajano, Angela Sasse and Max Spencer. Responsibility and Tangible Security: Towards a Theory of User Acceptance of Security Tokens. Proc. USEC workshop of NDSS 2016.
Graeme Jenkinson

graeme.jenkinson [at]

+44 1223 763681


Graeme Jenkinson
Computer Laboratory
15 JJ Thomson Avenue
Cambridge CB3 0FD
United Kingdom