Academic publications

Below is a list of recent academic publications by researchers associated with the Cyber Security Centre. For full (and more easily searchable) lists of publications, see our projects pages, and the researchers’ individual pages.

The State in the Digital Era: Supreme or in Decline?. Lucas Kello. In Digital International Relations: Technology, Agency and Order. Edited by Corneliu Bjola and Markus Kornprobst. Routledge 2023.

Striking Back: The End of Peace in Cyberspace and How to Restore It. Lucas Kello. Yale University Press 2022. https://yalebooks.yale.edu/book/9780300246681/striking-back/

Cyber Legalism: Why It Fails and What to Do about It. Lucas Kello. In Journal of Cybersecurity Vol. 7, Issue 1 2021.

The Virtual Weapon and International Order. Lucas Kello. Yale University Press 2017 (paperback 2018). https://yalebooks.yale.edu/book/9780300234497/the-virtual-weapon-and-international-order/

Why Usability and Security by Design is Hard: A Case Study in Research and Development. Shamal Faily‚ John Lyle‚ Ivan Flechais and Andrew Simpson. In Proceedings of USEC 2015.

The Danger Within. David Upton, Sadie Creese. Harvard Business Review September 2014. https://hbr.org/2014/09/the-danger-from-within/ar/1

Actor Key Compromise: Consequences and Countermeasures. David Basin, Cas Cremers, Marko Horvat. In Computer Security Foundations Symposium (CSF), 2014 IEEE 27th, July 2014, p. 244-258. DOI: 10.1109/CSF.2014.25

ARPKI: Attack Resilient Public-Key Infrastructure. David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ’14), ACM, New York, pp. 382-393. DOI: 10.1145/2660267.2660298

Automated Verification of Group Key Agreement Protocols. Benedikt Schmidt, Ralf Sasse, Cas Cremers, David Basin. In Proceedings of the 2014 IEEE Symposium on Security and Privacy. SP ’14, 2014. pp. 179-194. DOI: 10.1109/SP.2014.19

Know Your Enemy: Compromising Adversaries in Protocol Analysis. Basin D, Cremers C. In ACM Trans. Inf. Syst. Secur. 15:4, pp. 7:1-7:31. DOI: 10.1145/2658996

A mishmash of methods for mitigating the model mismatch mess. Andrew D. Ker and Tomas Pevný
In Media Watermarking, Security, and Forensics 2014, volume 9028 of Proc. SPIE, pages 1601-1615. SPIE, 2014. Winner of the conference best paper award. Download: http://www.cs.ox.ac.uk/andrew.ker/docs/ADK59B.pdf

A critical reflection on the threat from human insiders − its nature‚ industry perceptions‚ and detection approaches. Jason R.C. Nurse‚ Philip A. Legg‚ Oliver Buckley‚ Ioannis Agrafiotis‚ Gordon Wright‚ Monica Whitty‚ David Upton‚ Michael Goldsmith and Sadie Creese. In International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 16th International Conference on Human−Computer Interaction (HCI). Springer. 2014. http://www.cs.ox.ac.uk/publications/publication7974-abstract.html

An overview of insider attacks in cloud computing. A Duncan, S Creese, M Goldsmith. In Concurrency and Computation: Practice and Experience. 21 March 2014. http://onlinelibrary.wiley.com/doi/10.1002/cpe.3243/full

Inferring Social Relationships from Technology-Level Device Connections. JRC Nurse, J Pumphrey, T Gibson-Robinson, M Goldsmith, S Creese. In Privacy, Security and Trust. 23-4 July 2014. DOI: 10.1109/PST.2014.6890922.

Managing the influence of social media using information trust. Jason R.C. Nurse‚ Ioannis Agrafiotis‚ Michael Goldsmith‚ Sadie Creese‚ Koen Lamberts‚ Darren Price and Glyn Jones. In Social Influence in the Information Age Conference. 2014. https://web.comlab.ox.ac.uk/publications/publication8619-abstract.html

Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat. Oliver Buckley‚ Jason R. C. Nurse‚ Philip A. Legg‚ Michael Goldsmith and Sadie Creese. In Workshop on Socio−Technical Aspects in Security and Trust (STAST) associated with 27th IEEE Computer Security Foundations Symposium (CSF). IEEE. 2014. DOI: 10.1109/STAST.2014.10

Two sides of the coin: measuring and communicating the trustworthiness of online information. Jason R.C. Nurse‚ Ioannis Agrafiotis‚ Michael Goldsmith‚ Sadie Creese and Koen Lamberts. In Journal of Trust Management. Vol. 1. No. 5. 2014. DOI: 10.1186/2196-064X-1-5

Understanding Insider Threat: A Framework for Characterising Attacks. Jason R.C. Nurse‚ Oliver Buckley‚ Philip A. Legg‚ Michael Goldsmith‚ Sadie Creese‚ Gordon R.T. Wright and Monica Whitty. In Workshop on Research for Insider Threat (WRIT) held as part of the IEEE Computer Society Security and Privacy Workshops (SPW14)‚ in conjunction with the IEEE Symposium on Security and Privacy (SP). IEEE. 2014. http://www.cs.ox.ac.uk/files/6576/writ2014_nurse_et_al.PDF

A Widening Approach to Multi-Threaded Program Verification. Alexander Kaiser, Daniel Kroening, Thomas Wahl. ACM Transactions on Programming Languages and Systems (TOPLAS) 36:4 (2014),p p. 14:1-14:29.

Abstract Satisfaction. Vijay D’Silva, Leopold Haller, Daniel Kroening. In Principles of Programming Languages (POPL), ACM 2014. pp. 139-150. ISBN: 978-1-4503-2544-8

Accelerated Test Execution using GPUs. Ajitha Rajan, Subodh Sharma, Peter Schramel, Daniel Kroening. In Automated Software Engineering (ASE), ACM 2014. pp. 97-102. ISBN: 978-1-4503-3013-8

Automating Software Analysis at Large Scale. Daniel Kroening, Michael Tautschnig. In Mathematical and Engineering Methods in Computer Science, Springer 2014. pp. 30-39

CBMC – C Bounded Model Checker. Daniel Kroening, Michael Tautschnig. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS 8413 (2014). pp. 389-391. ISBN: 978-3-642-54861-1

Deciding Floating-Point Logic with Abstract Conflict Driven Clause Learning. Martin Brain, Alberto Griggio, Leopold Haller, Daniel Kroening. In Formal Methods in System Design (FMSD), 45:2 (2014) pp. 213-245.

Don’t sit on the fence: A static analysis approach to automatic fence insertion. Jade Alglave, Daniel Kroening,Vincent Nimal, Daniel Poetzl. In Computer Aided Verification (CAV), vol. 8559, 2014. pp. 508-524. ISBN: 978-3-319-08866-2

Generating test case chains for reactive systems. Peter Schrammel, Tom Melham, Daniel Kroening. Software Tools for Technology Transfer (STTT) 2014

Lost in Abstraction: Monotonicity in Multi-Threaded Programs. Alexander Kaiser, Daniel Kroening, Thomas Wahl. In Concurrency Theory (CONCUR), Springer 2014, pp. 141-155. ISBN: 978-3-662-44583-9

Model and Proof Generation for Heap-Manipulating Programs. Martin Brain, Cristina David, Daniel Kroening, Peter Schrammel. In European Symposium on Programming (ESOP) 8410 (2014), pp. 432-452. ISBN: 978-3-642-54832-1

Precise Predictive Analysis for Discovering Communication Deadlocks in {MPI} Programs. Voytech Forejt, Daniel Kroening, Ganesh Narayanaswamy, Subodh Sharma. In Formal Methods (FM) vol 8442, 2014. pp. 263-278, ISBN: 978-3-319-06409-3

Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing. Andrew J Paverd‚ Andrew P Martin and Ian Brown. In Fifth IEEE International Conference on Smart Grid Communications (SmartGridComm 2014). 2014. http://www.cs.ox.ac.uk/files/6984/Paverd-SmartGridComm-2014.pdf

Security and Privacy in Smart Grid Demand Response Systems. Andrew J Paverd‚ Andrew P Martin and Ian Brown. In Jorge Cuellar, editor, Smart Grid Security. Pages 1−15. Springer International Publishing. 2014. DOI: 10.1007/978-3-319-10329-7_1

Security and Privacy in Smart Grid Demand Response Systems. Andrew Paverd‚ Andrew Martin and Ian Brown. In Second Open EIT ICT Labs Workshop on Smart Grid Security − SmartGridSec14. 2014. http://www.cs.ox.ac.uk/files/6560/SmartGridSec-final.pdf

Computing Maximal Bisimulations. Alexandre Boulgakov, Thomas Gibson-Robinson, AW Roscoe. In Formal Methods and Software Engineering, pp 11-26. Springer International Publishing, 2014. http://link.springer.com/chapter/10.1007/978-3-319-11737-9_2#page-1

FDR into the Cloud. Thomas Gibson-Robinson, AW Roscoe. Proceedings of CPA. 2014. http://www.cs.ox.ac.uk/files/6642/ClusterFDR.pdf

FDR3—A Modern Refinement Checker for CSP. Thomas Gibson-Robinson, Philip Armstrong, Alexandre Boulgakov, AW Roscoe. TACAS 2014. http://link.springer.com/chapter/10.1007/978-3-642-54862-8_13#page-1

Reflections on the need to de-skill CSP. AW Roscoe. Proceedings of CPA 2014. http://wotug.org/cpa2014/preprints/20-preprint.pdf

Formal relational database design: An exercise in extending the formal template language. Nicolas Wu and Andrew Simpson. Formal Aspects of Computing v. 26: 6. pp 1231-1269, November 2014. DOI: 10.1007/s00165-014-0299-6

On the cloud−enabled refinement checking of railway signalling interlockings. A. C. Simpson and J. Jacobs. In Proceedings of the 2nd International Workshop on Formal Techniques for Safety−Critical Systems (FTSCS 2013). Vol. 419 of Communications in Computer and Information Science. Pages 195−211. Springer. 2014. http://www.cs.ox.ac.uk/files/6619/FTSCS_2013.pdf

Visualizing Cardiovascular Magnetic Resonance (CMR) imagery: Challenges and opportunities. Simon Walton, Kai Berger, Jeyarajan Thiyagalingam, Brian Duffy, Hui Fang, Cameron Holloway, Anne E. Trefethen, Min Chen. Progress in Biophysics and Molecular Biology, 115 2-3, pp. 349-358. August 2014. DOI: 10.1016/j.pbiomolbio.2014.07.009

ASICS: Authenticated Key Exchange Security Incorporating Certification Systems. Colin Boyd, Cas Cremers, Michele Feltz, Kenneth G Paterson, Bertram Poettering, Douglas Stebila. In Computer Security – ESORICS 2013, Lecture Notes in Computer Science. DOI: 10.1007/978-3-642-40203-6_22

Beyond {eCK}: perfect forward secrecy under actor compromise and ephemeral-key reveal. Cas Cremers, Michèle Feltz. In Designs, Codes and Cryptography. 2013, pp. 1-36. DOI: 10.1007/s10623-013-9852-1

Efficient Construction of Machine-Checked Symbolic Protocol Security Proofs. Simon Meier, Cas Cremers, David Basin. In Journal of Computer Security 21:7 (2013), pp. 41-87.

Provably Repairing the {ISO/IEC 9798} Standard for Entity Authentication. David Basin, Cas Cremers, Simon Meier. Journal of Computer Security 21:6 (2013), pp. 817-846.

The TAMARIN Prover for the Symbolic Analysis of Security Protocols. Simon Meier, Benedikt Schmidt, Cas Cremers, David Basin. In Computer Aided Verification, 25th International Conference, CAV 2013, Princeton, USA, Proc., Lecture Notes in Computer Science. Springer 2013. pp. 696-701. DOI: 10.1007/978-3-642-39799-8_48

Building Confidence in Information-Trustworthiness Metrics for Decision Support. Jason R.C. Nurse‚ Ioannis Agrafiotis‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In The 12th IEEE International Conference on Trust‚ Security and Privacy in Computing and Communications (IEEE TrustCom−13). IEEE. 2013. DOI: 10.1109/TrustCom.2013.6

Cloud Computing: Insider Attacks on Virtual Machines During Migration. Adrian Duncan‚ Michael Goldsmith‚ Sadie Creese and James Quinton. In The 12th IEEE International Conference on Trust‚ Security and Privacy in Computing and Communications (IEEE TrustCom’13). IEEE. 2013. DOI: 10.1109/TrustCom.2013.62

Communicating Trustworthiness using Radar Graphs: A Detailed Look. Jason R.C. Nurse‚ Ioannis Agrafiotis‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In The 11th International Conference on Privacy‚ Security and Trust (PST). IEEE. 2013. DOI: 10.1109/PST.2013.6596085

Cyber Warfare: A Multidisciplinary Analysis. D Hodges, S Creese, G Neil, S Stevenage, S Black, H Meadows, S Creese, D Hodges, H He, W Pike, O Love, S Saxby, A Knight, I Hamlin, J Schultz, D Stanton-Fraser, C Bevan, L Emanuel, M Whitty, S Jamison-Powell, Monica Whitty, James Doodson, Sadie Creese, Duncan Hodges, Monica Whitty, James Doodson, Sadie Creese, Duncan Hodges, MT Whitty, S Creese, D Hodges, Duncan Hodges, Sadie Creese, Sadie Creese, Thomas Gibson-Robinson, Michael Goldsmith, Duncan Hodges, Dee Kim, Oriana Love, Jason RC Nurse, Bill Pike, Jean Schultz, Duncan Hodges, Sadie Creese, Lia Emanuel, Chris Bevan, Duncan Hodges, Sadie Creese, Duncan Hodges, Sue Jamison-Powell, Monica Whitty, Duncan Hodges, Sadie Creese, Michael Goldsmith, D Hodges, JRC Nurse, M Goldsmith, S Creese, RJ Watson, DD Hodges, DD Hodges, RJ Watson, AJ Townsend, RJ Watson, DD Hodges, RJ Watson, DD Hodges, AJ Townsend, RJ Watson, DD Hodges. In Pattern Analysis and Machine Intelligence, IEEE Transactions on. v57, pp 1210-1213, 2013. https://web.comlab.ox.ac.uk/people/publications/bibtex/Duncan.Hodges.html

CyberVis: Visualizing the Potential Impact of Cyber Attacks on the Wider Enterprise. Sadie Creese‚ Michael Goldsmith‚ Nick Moffat‚ Jassim Happa and Ioannis Agrafiotis. In 13th annual IEEE Conference on Technologies for Homeland Security (HST’13). 2013. DOI: 10.1109/THS.2013.6698979

Inadequacies of Current Risk Controls for the Cloud. Sadie Creese‚ Michael Goldsmith and Paul Hopkins. In Privacy and Security for Cloud Computing. Pages 235–255. Springer London. 2013. http://link.springer.com/chapter/10.1007/978-1-4471-4189-1_7#page-1

NetVis: a Visualization Tool Enabling Multiple Perspectives of Network Traffic Data. James Nicholls‚ Dominik Peters‚ Albert Slawinski‚ Thomas Spoor‚ Sergiu Vicol‚ Jassim Happa‚ Michael Goldsmith and Sadie Creese. In Theory and Practice of Computer Graphics. Pages 9–16. The Eurographics Association. 2013.

Reasoning about Vulnerabilities in Dependent Information Infrastructures: A Cyber Range Experiment. Adedayo O Adetoye‚ Sadie Creese and Michael H Goldsmith. In Critical Information Infrastructures Security. Pages 155–167. Springer Berlin Heidelberg. 2013. http://link.springer.com/chapter/10.1007/978-3-642-41485-5_14#page-1

Supporting Human Decision−Making Online using Information Trustworthiness Metrics. Jason R.C. Nurse‚ Sadie Creese‚ Michael Goldsmith and Syed S. Rahman. In International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 15th International Conference on Human−Computer Interaction (HCII). Springer. 2013. DOI: 10.1007/978-3-642-39345-7_33

The Meaning and Implementation of SKIP in CSP. Thomas Gibson−Robinson and Michael Goldsmith. In Communicating Process Architectures 2013. 2013. http://www.cs.ox.ac.uk/files/6232/Document.pdf

Tools for Understanding Identity. Sadie Creese‚ Thomas Gibson−Robinson‚ Michael Goldsmith‚ Duncan Hodges‚ Dee Kim‚ Oriana Love‚ Jason RC Nurse‚ Bill Pike and Jean Scholtz. In IEEE Conference on Technologies for Homeland Security (HST ’13). 2013. DOI: 10.1109/THS.2013.6699064

Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection. Sadie Creese Philip A. Legg Nick Moffat Jason R.C. Nurse Jassim Happa Ioannis Agrafiotis Michael Goldsmith. In Journal of Wireless Mobile Networks‚ Ubiquitous Computing‚ and Dependable Applications. Vol. 4. No. 4. Pages 20−37. 2013. http://isyou.info/jowua/papers/jowua-v4n4-2.pdf

Test−data Generation for Control Coverage by Proof. A. Cavalcanti‚ S. King‚ C. O’Halloran, J. Woodcock. In Formal Aspects of Computing. pp. 1−29. 2013. DOI: 10.1007/s00165-013-0279-2

A static analysis framework for livelock freedom in CSP. Joel Ouaknine, Hristina Palikareva, AW Roscoe, James Worrell, 27 April 2013. http://arxiv.org/abs/1304.7394

Checking noninterference in Timed CSP. AW Roscoe, Jian Huang. Formal Aspects of Computing, v. 24, no 1, 3-35. DOI: 10.1007/s00165-012-0251-6

Human interactive secure key and identity exchange protocols in body sensor networks. Xin Huang, Bangdao Chen, Andrew Markham, Qinghua Wang, Zheng Yan, A William Roscoe. In IInformation Security IET, 7:1, pp 30-38. DOI: 10.1049/iet-ifs.2012.0080

Reverse authentication in financial transactions and identity management. Bangdao Chen, Long Hoang Nguyen, AW Roscoe. In Mobile Networks and Applications, v. 18: 5. pp. 712-727. 1 October 2013. http://link.springer.com/article/10.1007/s11036-012-0366-2#page-1

Slow abstraction through priority. AW Roscoe, Philippa J Hopcroft. Theories of Programming and Formal Methods. Lecture Notes in Computer Science Volume 8051, 2013, pp 326-345. http://link.springer.com/chapter/10.1007/978-3-642-39698-4_20#page-1

The automated verification of timewise refinement. AW Roscoe. In EIT-CPSE 2013. http://www.cs.ox.ac.uk/files/5585/twrs.pdf

A process algebraic approach to decomposition of communicating SysML blocks. J. Jacobs and A. C. Simpson. In Proceedings of the 2nd International Conference on System Engineering and Modeling (ICSEM2013). Pages 153−157. IACSIT. 2013. http://www.cs.ox.ac.uk/files/6621/icsem2013.pdf

Towards a process algebra framework for supporting behavioural consistency and requirements traceability in SysML. J. Jacobs and A. C. Simpson. In Proceedings of the 15th International Conference on Formal Engineering Methods (ICFEM 2013). Vol. 8144 of Lecture Notes in Computer Science. Pages 266−281. Springer. 2013. http://www.cs.ox.ac.uk/files/6620/icfem2013.pdf

Beyond eCK: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal. CJF Cremers, M Feltz. In Proceedings of the 17th European conference on Research in computer security, ESORICS 2012

A Data−Reachability Model for Elucidating Privacy and Security Risks Related to the Use of Online Social Networks. Sadie Creese‚ Michael Goldsmith‚ Jason R.C. Nurse and Elizabeth Phillips. In 11th IEEE International Conference on Trust‚ Security and Privacy in Computing and Communications (IEEE TrustCom−12). Pages 1124−1131. IEEE. 2012. DOI: 10.1109/TrustCom.2012.22

A Model for Identity in the Cyber and Natural Universes. Duncan Hodges‚ Sadie Creese and Michael Goldsmith. In Intelligence and Security Informatics Conference (EISIC)‚ 2012 European. Pages 115–122. IEEE. August, 2012. DOI: 10.1109/EISIC.2012.43

Accepting Information with a Pinch of Salt: Handling Untrusted Information Sources. Syed Rahman‚ Sadie Creese and Michael Goldsmith. In Security and Trust Management. Pages 223-238. Springer Berlin/Heidelberg LNCS. 2012. http://link.springer.com/chapter/10.1007/978-3-642-29963-6_16#page-1

An Initial Usability Evaluation of the Secure Situation Awareness System. Jason R.C. Nurse‚ Sadie Creese‚ Michael Goldsmith‚ R. Craddock and G. Jones. In The 9th International Conference on Information Systems for Crisis Response and Management (ISCRAM 2012). IAS of ISCRAM. 2012. http://www.iscramlive.org/ISCRAM2012/proceedings/240.pdf

Developing a Strategy for Automated Privacy Testing Suites. Ioannis Agrafiotis‚ Sadie Creese and Michael Goldsmith. In Privacy and Identity Management for Life. Pages 32–44. Springer Boston. 2012.

Formalising Requirements for a Biobank Case Study Using a Logic for Consent and Revocation. Ioannis Agrafiotis‚ Sadie Creese and Michael Goldsmith. In Privacy and Identity Management for Life. Pages 232–244. Springer Boston. 2012. http://link.springer.com/chapter/10.1007/978-3-642-31668-5_18#page-1

From Qualitative to Quantitative Information Erasure. Adedayo O. Adetoye and Michael H. Goldsmith. In International Workshop on Quantitative Aspects in Security Assurance (QASA 2012‚ colocated with ESORICS). September, 2012. http://www.cs.ox.ac.uk/files/5048/qasa2012-Erasure-SLIDES.pdf

Identity attribution across CyberSpace and the Natural Space. D. Hodges‚ J.R.C. Nurse‚ M. Goldsmith and S. Creese. In The International Crime and Intelligence Analysis Conference. 2012. https://web.comlab.ox.ac.uk/publications/publication6410-abstract.html

“Inside FDR (abstract of invited talk). Michael Goldsmith. http://www.swt-bamberg.de/AVoCS2012/AVoCS-Preproceedings.pdf#page=11
In Pre−Proceedings of the 12th International Workshop on Automated Verification of Critical Systems (AVoCS 2012). Page 11. 2012.”

Insider Attacks in Cloud Computing. Adrian J Duncan‚ Sadie Creese and Michael Goldsmith. In Trust‚ Security and Privacy in Computing and Communications (TrustCom)‚ 2012 IEEE 11th International Conference on. Pages 857–862. IEEE. 2012. DOI: 10.1109/TrustCom.2012.188

Recent developments in FDR. Philip Armstrong‚ Michael Goldsmith‚ Gavin Lowe‚ Joël Ouaknine‚ Hristina Palikareva‚ AW Roscoe and James Worrell. In Computer Aided Verification. Pages 699–704. Springer Berlin/Heidelberg. 2012. DOI: 10.1007/978-3-642-31424-7_52

Secure Communication in Disasters. Bangdao Chen‚ Ivan Flechais‚ Sadie Creese‚ Michael Goldsmith and AW Roscoe. In Proceedings of HCI 2012 − People & Computers XXVI: The 26th BCS Conference on Human Computer Interaction. 2012. http://ewic.bcs.org/upload/pdf/ewic_hci12_diss_paper2.pdf

Using Information Trustworthiness Advice in Decision Making. Jason RC Nurse‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In Socio−Technical Aspects in Security and Trust (STAST)‚ 2012 Workshop on. Pages 35–42. IEEE. 2012. DOI: 10.1109/STAST.2012.10

‘The Moral Status of Combatants during Military Humanitarian Intervention’, Utilitas, June 2012 vik 2, 237-258 (special edition on J. McMahan’s Killing in War, with contributions by C. Fabre, V. Tadros, A. Leveringhaus, and a reply by J. McMahan). http://dx.doi.org/10.1017/S0953820812000167

BottleCap: a Credential Manager for Capability Systems. Justin King−Lacroix and Andrew Martin. In Proceedings of The Seventh ACM Workshop on Scalable Trusted Computing. 2012. DOI: 10.1145/2382536.2382545

Hardware Security for Device Authentication in the Smart Grid. Andrew Paverd and Andrew Martin. In First Open EIT ICT Labs Workshop on Smart Grid Security − SmartGridSec12. Berlin‚ Germany. 2012. http://www.cs.ox.ac.uk/files/5559/AJPaverd_SmartGridSec12.pdf

On the design and development of webinos: a distributed mobile application middleware. John Lyle‚ Shamal Faily‚ Ivan Flechais‚ Andre Paul‚ Ayse Goker‚ Hans Myrhaug‚ Heiko Desruelle and Andrew Martin. In Proceedings of the 12th IFIP WG 6.1 international conference on Distributed applications and interoperable systems. Pages 140–147. 2012. http://www.cs.ox.ac.uk/files/4875/dais-middleware.pdf

Provenance as a Security Control. Andrew Martin‚ John Lyle and Cornelius Namiluko. In Proceedings of TaPP’12: the 4th USENIX Workshop on the Theory and Practice of Provenance. USENIX. 2012. https://www.usenix.org/conference/tapp12/provenance-security-control

Provenance−Based Model for Verifying Trust−Properties. Cornelius Namiluko and Andrew Martin. In Stefan Katzenbeisser‚ Edgar Weippl‚ L. Camp‚ Melanie Volkamer‚ Mike Reiter and Xinwen Zhang, editors, TRUST AND TRUSTWORTHY COMPUTING. Vol. 7344/2012 of Lecture. Notes in Computer Science. Pages 255−272. Springer Berlin / Heidelberg. 2012. DOI: 10.1007/978-3-642-30921-2_15

Bootstrapping body sensor networks using human controlled LED-camera channels. Xin Huang, Shangyuan Guo, Bangdao Chen, AW Roscoe. In Internet Technology And Secured Transactions, 2012 International Conference for. Pp. 433-438, 10 Dec 2012.

Human Interactive Secure ID Management in Body Sensor Networks. X Huang, X Ma, B Chen, A Markham, Q Wang, AW Roscoe. Journal of Networks 7 (9), 1400-1406. 2012. DOI: 10.4304/jnw.7.9.1400-1406

Human interactive secure key and ID exchange protocols in body sensor networks. Xin Huang Bangdao Chen, Andrew Markham, Quinghua Wang, Zheng Yan, AW Roscoe, Xin Huang, Xiao Ma, Bangdao Chen, Andrew Markham, Qinghua Wang, Andrew Roscoe, Xin Huang, Rong Fu, Bangdao Chen, Tingting Zhang, AW Roscoe, Xin Huang, Shangyuan Guo, Bangdao Chen, AW Roscoe, Bangdao Chen, LH Nguyen, AW Roscoe, Bangdao Chen, AW Roscoe, Bangdao Chen, Ivan Fléchais, Sadie Creese, Michael Goldsmith, AW Roscoe, Bangdao Chen, B Chen, L Nguyen, A Roscoe, Chen Bangdao, AW Roscoe, Chen Bangdao, LH Nguyen, AW Roscoe, Bangdao Chen, AW Roscoe. IET Information Security 7, 143. 2012

Multi-Channel Key Distribution Protocols Using Visible Light Communications in Body Sensor Networks. Xin Huang, Bangdao Chen, AW Roscoe. In Computer Science Student Conference 2012. 16 Nov 2012. http://www.cs.ox.ac.uk/conferences/OXFORD-CS-2012/proceedings2012.pdf#page=21

SAT-solving in CSP trace refinement. Hristina Palikareva, Joël Ouaknine, AW Roscoe. In Science of Computer Programming 77:10, pp. 1178-1197. September 2012. DOI: 10.1016/j.scico.2011.07.008

Simple construction of epsilon-biased distribution. LH Nguyen, AW Roscoe. IACR Cryptology ePrint Archive 2012, 429. 2012. http://eprint.iacr.org/2012/429

Social networks for importing and exporting security. B Chen, AW Roscoe. Large-Scale Complex IT Systems. Development, Operation and Management, 132-147. 2012. http://link.springer.com/chapter/10.1007/978-3-642-34059-8_7#page-1

User interactive Internet of things privacy preserved access control. Xin Huang, Rong Fu, Bangdao Chen, Tingting Zhang, AW Roscoe. In Internet Technology And Secured Transactions, 2012 International Conference for. Pp. 597-602, 10 Dec 2012. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6470887

On an infrastructure to support sharing and aggregating pre− and post−publication systems biology research data. Mark Slaymaker‚ James Osborne‚ Andrew Simpson and David Gavaghan. In Systems and Synthetic Biology. 2012. DOI: 10.1007/s11693-012-9095-x

Virtual experiments for reusable models. Jonathan Cooper‚ Gary Mirams‚ Mark Slaymaker‚ Andrew Simpson‚ Jon Olav Vik and Dagmar Waltemath. In Proceedings of VPH 2012. 2012.

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. Marco Casassa Mont‚ Siani Pearson‚ Sadie Creese‚ Michael Goldsmith and Nick Papanikolaou. In Privacy and Identity Management for Life: 6th IFIP WG 9. 2‚ 9. 6/11. 7‚ 11. 4‚ 11. 6/PrimeLife International Summer School‚ Helsingborg‚ Sweden‚ August 2−6‚ 2010‚ Revised Selected Papers. Vol. 352. Pages 258–271. Springer IFIP AICT. 2011. http://link.springer.com/chapter/10.1007/978-3-642-20769-3_21#page-1

A logical high−level framework for Critical Infrastructure resilience and risk assessment. Sadie Creese‚ Michael H Goldsmith and Adedayo O Adetoye. In Cyberspace Safety and Security (CSS)‚ 2011 Third International Workshop on. Pages 7–14. IEEE. 2011. DOI: 10.1109/CSS.2011.6058564

A Modelling Approach for Interdependency in Digital Systems-of-Systems Security. Adedayo Adetoye‚ Sadie Creese‚ Michael Goldsmith and Paul Hopkins. In Critical Information Infrastructure Security. Pages 153–156. Springer Berlin/Heidelberg. 2011. http://link.springer.com/chapter/10.1007/978-3-642-21694-7_13

Accepting Information with a Pinch of Salt: Handling Untrusted Information Sources. Syed Sadiqur Rahman‚ Michael Goldsmith and Sadie Creese. In Proceedings of STM’11 7th International Workshop on Security and Trust Management. June, 2011.

Analysis of Dependencies in Critical Infrastructures. Adedayo O. Adetoye‚ Sadie Creese and Michael H Goldsmith In 6th International Conference on Critical Information Infrastructure Security (CRITIS’11). 2011. http://link.springer.com/chapter/10.1007/978-3-642-41476-3_2#page-1

Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements. Ioannis Agrafiotis‚ Sadie Creese‚ Michael Goldsmith and Nick Papanikolaou. In Privacy and Identity Management for Life. Vol. 352. Pages 271–282. Springer IFIP AICT. 2011. http://link.springer.com/chapter/10.1007/978-3-642-20769-3_22#page-1

Developing a Strategy for Automated Privacy Testing Suites. M. Goldsmith I. Agrafiotis S. Creese. In Proceedings of the IFIP Summer School. September, 2011. http://link.springer.com/chapter/10.1007/978-3-642-31668-5_3#page-1

EnCoRe: Towards A Conceptual Model For Privacy Policies. Marco Casassa Mont‚ Siani Pearson‚ Sadie Creese‚ Michael Goldsmith and Nick Papanikolaou. In Privacy and Identity Management for Life. Vol. 352. Springer IFIP AICT. 2011. http://www.researchgate.net/publication/229051566_EnCoRe_Towards_A_Conceptual_Model_For_Privacy_Policies/file/9fcfd5092c4291cf4b.pdf

Guidelines for Usable Cybersecurity: Past and Present. Jason R.C. Nurse‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In The 3rd International Workshop on Cyberspace Safety and Security (CSS 2011) at The 5th International Conference on Network and System Security (NSS 2011). IEEE 2011. DOI: 10.1109/CSS.2011.6058566

Guidelines for usable cybersecurity: past and present. Jason RC Nurse‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In Cyberspace Safety and Security (CSS)‚ 2011 Third International Workshop on. Pages 21–26. IEEE. 2011.

Information Quality and Trustworthiness: A Topical State-of-the-Art Review. Jason R.C. Nurse‚ Syed Sadiqur Rahman‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In The International Conference on Computer Applications and Network Security (ICCANS) 2011. IEEE. 2011. http://www.cs.ox.ac.uk/files/6637/ICCANS2011_NRCGL_final.pdf

Information Quality and Trustworthiness: A Topical State-of-the-Art Review. Jason RC Nurse‚ Syed S Rahman‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In International Conference on Computer Applications and Network Security. IEEE. 2011. https://web.comlab.ox.ac.uk/publications/publication5464-abstract.html

Refinement Checking for Privacy Policies. S. Creese N. Papanikolaou M. Goldsmith. In Science of Computer Programming. 2011.. DOI: 10.1016/j.scico.2011.07.009

Towards A Conceptual Model For Privacy Policies. Casassa Mont‚ Marco‚ Siani Pearson‚ Sadie Creese‚ Michael Goldsmith and Nick Papanikolaou. In Privacy and Identity Management for Life. Vol. 352. Springer IFIP AICT. 2011. http://www.hpl.hp.com/techreports/2010/HPL-2010-82.html?jumpid=reg_R1002_USEN

Trustworthy and Effective Communication of Cybersecurity Risks: A Review. Jason R.C. Nurse‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In The 1st Workshop on Socio−Technical Aspects in Security and Trust (STAST 2011) at The 5th International Conference on Network and System Security (NSS 2011). IEEE. 2011. DOI: 10.1109/STAST.2011.6059257

Trustworthy and effective communication of cybersecurity risks: a review. Jason RC Nurse‚ Sadie Creese‚ Michael Goldsmith and Koen Lamberts. In 1st Workshop on Socio−Technical Aspects in Security and Trust (STAST) at 5th International Conference on Network and System Security (NSS). 2011. DOI: 10.1109/STAST.2011.6059257

A Survey of Trust in Workflows and Relevant Contexts. W. Viriyasitavat and A. Martin. In Communications Surveys Tutorials‚ IEEE. Vol. PP. No. 99. Pages 1 −30. 2011. DOI: 10.1109/SURV.2011.072811.00081

Achieving attestation with less effort: an indirect and configurable approach to integrity reporting. Jun Ho Huh‚ Hyoungshick Kim‚ John Lyle and Andrew Martin. In Proceedings of the sixth ACM workshop on Scalable trusted computing. Pages 31–36. ACM. 2011. DOI: 10.1145/2046582.2046589

Formalizing Trust Requirements and Specification in Service Workflow Environments. Wattana Viriyasitavat and Andrew Martin. In Runtong Zhang‚ Jose Cordeiro‚ Xuewei Li‚ Zhenji Zhang and Juliang Zhang, editors, ICEIS (3). Pages 196−206. SciTePress. 2011. http://dblp.uni-trier.de/db/conf/iceis/iceis2011-3.html#ViriyasitavatM11

In the Relation of Workflow and Trust Characteristics‚ and Requirements in Service Workflows. Wattana Viriyasitavat and Andrew Martin. In Abd Manaf‚ Azizah‚ Akram Zeki‚ Mazdak Zamani‚ Suriayati Chuprat and Eyas El−Qawasmeh, editors, Informatics Engineering and Information Science. Vol. 251 o. Communications in Computer and Information Science. Pages 492−506. Springer Berlin Heidelberg. 2011. DOI: 10.1007/978−3−642−25327−0_42

Secure Virtual Layer Management of Clouds. Imad M. Abbadi‚ Muntaha Alawneh and Andrew Martin. In The 10th IEEE International Conference on Trust‚ Security and Privacy in Computing and Communications (IEEE TrustCom−11). IEEE. November, 2011.

Trust in Clouds. Imad Abbadi and Andrew Martin. In Elsevier Information Security Technical Report. 2011. DOI: 10.1016/j.istr.2011.08.006

Trustworthy Middleware Services in the Cloud. Imad M. Abbadi‚ Mina Deng‚ Marco Nalin‚ Andrew Martin‚ Milan Petkovic‚ Ilaria Baroni and Alberto Sanna. In CloudDB’11. ACM Press‚ NY. October, 2011.

Verifying Trustworthiness of Virtual Appliances in Collaborative Environments. Cornelius Namiluko‚ Jun Ho Huh and Andrew Martin. Proceedings of TRUST 2011 Conference. http://www.cs.ox.ac.uk/publications/publication4923-abstract.html

From Control Law Diagrams to Ada via Circus. A. Cavalcanti‚ P. Clayton and C. O’Halloran. In Formal Aspects of Computing. Vol. 23. Pages 465−512. 2011. DOI: 10.1007/s00165-010-0170-3

Authentication protocols based on low-bandwidth unspoofable channels: a comparative survey. LH Nguyen, AW Roscoe. Journal of Computer Security 19 (1), 139-201. 2011. DOI: 10.3233/JCS-2010-0403

Body sensor network key distribution using human interactive channels. Xin Huang, Qinghua Wang, Chen Bangdao, Andrew Markham, Riku Jäntti, AW Roscoe. In Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies. p. 143, 26 Oct 2011. DOI: 10.1145/2093698.2093841

CSP (Communicating Sequential Processes). AW Roscoe, J Davies. Encyclopedia of Parallel Computing, 478-482. 2011. http://link.springer.com/referenceworkentry/10.1007/978-0-387-09766-4_186#page-1

Improvements related to the authentication of messages. Andrew William Roscoe, Long Haang Nguyen. US Patent App. 12/999,980, 2009. http://www.google.com/patents/US20110185182

Mobile electronic identity: securing payment on mobile phones. Chen Bangdao, AW Roscoe. Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. Pp. 22-37, January 2011. http://link.springer.com/chapter/10.1007/978-3-642-21040-2_2#page-1

On the construction of digest functions for manual authentication protocols.. LH Nguyen, AW Roscoe. IACR Cryptology ePrint Archive 2011, 116. 2011. http://www.cs.ox.ac.uk/files/4130/digest.pdf

Reflections on the Work of CAR Hoare. AW Roscoe, CB Jones, KR Wood. http://link.springer.com/book/10.1007/978-1-84882-912-1

Static livelock analysis in CSP. J Ouaknine, H Palikareva, AW Roscoe, J Worrell. CONCUR 2011–Concurrency Theory, 389-403. 2011. http://link.springer.com/chapter/10.1007/978-3-642-23217-6_26#page-1

When context is better than identity: authentication by context using empirical channels. B Chen, LH Nguyen, AW Roscoe. Security Protocols XIX, 115-125. 2011. http://link.springer.com/chapter/10.1007/978-3-642-25867-1_10#page-1

Automatic conformance checking of role−based access control policies in Alloy. David Power‚ Mark Slaymaker and Andrew Simpson. In Proceedings of Engineering Secure Software and Systems (ESSoS 2011). Pages 15–28. Springer−Verlag Lecture Notes in Computer Science‚ volume 6542. 2011.

Conformance checking of dynamic access control policies. D.J. Power‚ M.A. Slaymaker and A.C. Simpson. In Proceedings of the 13th international conference on Formal methods and software engineering (ICFEM 2011). Vol. 6255 of Springer−Verlag Lecture Notes in Computer Science. Pages 227–242. 2011.

On privacy and public data: a study of data.gov.uk. Andrew Simpson. In Journal of Privacy and Confidentiality. Vol. 3. No. 1. Pages article number 4. 2011. http://www.cs.ox.ac.uk/files/4621/PublicationFile

A Modelling Approach for Interdependency in Digital Systems−of−Systems Security – Extended Abstract. M. Goldsmith A. Adetoye S. Creese. In Proceedings of CRITIS’10. 2010.

Applying formal methods to describe the privacy−control requirements in real case−study scenario: emerging ambiguities and proposed solutions. N. Papanikolaou I. Agrafiotis S. Creese M. Goldsmith In Proceedings of 2010 IFIP/PrimeLife Summer School. 2010.

Defining Consent and Revocation Policies. S. Pearson I. Agrafiotis S. Creese M. Goldsmith N. Papanikolaou M Casassa Mont. In Proceedings of 2010 IFIP/PrimeLife Summer School. 2010.

EnCoRe: Towards a holistic approach to privacy. Nick Papanikolaou‚ Sadie Creese‚ Michael Goldsmith‚ Marco Casassa Mont and Siani Pearson. In Security and Cryptography (SECRYPT)‚ Proceedings of the 2010 International Conference on. Pages 1–6. IEEE. 2010.

EnCoRe: Towards a Holistic Approach to Privacy. S. Pearson N. Papanikolaou S. Creese M. Goldsmith M. Casassa Mont. In Proceedings of SECRYPT2010. 2010. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5741646

Inadequacies of Current Risk Controls for the Cloud. Michael Auty‚ Sadie Creese‚ M Goldsmith and P Hopkins. In Cloud Computing Technology and Science (CloudCom)‚ 2010 IEEE Second International Conference on. Pages 659–666. IEEE. 2010. DOI: 10.1109/CloudCom.2010.49

Inadequacies of Current Risk Controls for the Cloud. P. Hopkins M. Auty S. Creese M. Goldsmith. In Proceedings of CloudCom 2010. November, 2010.

Reaching for informed revocation: shutting off the tap on personal data. Ioannis Agrafiotis‚ Sadie Creese‚ Michael Goldsmith and Nick Papanikolaou .In Privacy and Identity Management for Life. Vol. 320. Pages 246–258. Springer IFIP AICT. 2010. http://link.springer.com/chapter/10.1007/978-3-642-14282-6_20#page-1

Refinement−Friendly Bigraphs and Spygraphs. Michael Goldsmith and Sadie Creese. In Software Engineering and Formal Methods (SEFM)‚ 2010 8th IEEE International Cnference on. Pages 203–207. IEEE. 2010. DOI: 10.1109/SEFM.2010.25

Refinement−Friendly Bigraphs and Spygraphs. S. Creese M. Goldsmith. In Proceedings of SEFM’10. 2010.

A multiple comparative study of test−with development product changes and their effects on team speed and product quality. Steve Bannerman and Andrew Martin. In Empirical Software Engineering. 2010. DOI: 10.1007/s10664-010-9137-5

A Multiple Comparative Study of Test−With Development Product Changes and their Effects on Team Speed and Product Quality. Steve Bannerman and Andrew Martin. No. RR−10−03. April, 2010. http://www.cs.ox.ac.uk/files/3018/RR-10-03.pdf

Engineering Attestable Services (short paper). John Lyle and Andrew Martin. In Ahmad−Reza Acquisti Alessandro; Smith Sean W.; Sadeghi, editor, Proceedings of the 3rd International Conference on Trust and Trustworthy Computing. Pages 257–264. Springer. June, 2010. DOI: 10.1007/978-3-642-13869-0

Trusted Computing and Provenance: Better Together. John Lyle and Andrew Martin. In Proceedings of the 2nd Workshop on the Theory and Practice of Provenance. Usenix. 2010. http://www.cs.ox.ac.uk/files/5278/tapp10-cameraready.pdf

CSP is expressive enough for π. AW Roscoe. Reflections on the Work of CAR Hoare, 371-404. 2010. http://link.springer.com/chapter/10.1007/978-1-84882-912-1_16#page-1

Insight, innovation and collaboration. CB Jones, AW Roscoe. Reflections on the Work of CAR Hoare. Springer, Berlin. 2010.

Keynote Abstract-The Effectiveness of CSP Model Checking. AW Roscoe. Engineering of Complex Computer Systems (ICECCS), 2010 15th IEEE International Conference on. 22 March 2010. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5628572&tag=1

Reverse authentication in financial transactions. AW Roscoe, Chen Bangdao, LH Nguyen. 2nd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. May 2010. http://www.medien.ifi.lmu.de/iwssi2010/papers/iwssi-spmu2010-roscoe.pdf

Secure and usable out-of-band channels for ad hoc mobile device interactions. R Kainda, I Flechais, AW Roscoe. Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. Springer Berlin Heidelberg 2010. p. 2308-315. http://link.springer.com/chapter/10.1007/978-3-642-12368-9_24#page-1

Secure mobile ad-hoc interactions: reasoning about out-of-band (oob) channels. R Kainda, I Flechais, AW Roscoe. IWSSI/SPMU 2010, 10-15. 2010. http://www.medien.ifi.lmu.de/iwssi2010/papers/iwssi-spmu2010-kainda.pdf

Security and usability: Analysis and evaluation. R Kainda, I Flechais, AW Roscoe. Availability, Reliability, and Security, 2010, ARES’10 International Conference on. Pp. 275-282. 15 Feb 2010. DOI: 10.1109/ARES.2010.77

The Missing Link: Human Interactive Security Protocols in Mobile Payment. C Bangdao, AW Roscoe, R Kainda, LH Nguyen. IWSEC (Short Papers), 94-109. 2010. http://www.academia.edu/download/30909273/IWSEC-missinglink.pdf

“Two heads are better than one: security and usability of device associations in group scenarios. R Kainda, I Flechais, AW Roscoe. Proceedings of the Sixth Symposium on Usable Privacy and Security, 5. 2010. DOI: 10.1145/1837110.1837117

Understanding concurrent systems. AW Roscoe. Springer-Verlag New York Inc. 2010. http://books.google.co.uk/books?hl=en&lr=&id=SZCWr4bCCtcC&oi=fnd&pg=PR5&ots=DZDAbIYNEP&sig=ndfnrKYLsf2ZboqcL4Ew95wSET0#v=onepage&q&f=false

Formalising and validating RBAC−to−XACML translation using lightweight formal methods. Mark Slaymaker‚ David Power and Andrew Simpson. In Proceedings of Abstract State Machines‚ Alloy‚ B and Z (ABZ 2010). Pages 349–362. Springer−Verlag Lecture Notes in Computer Science‚ volume 5977. 2010.

GIMI: the past‚ the present‚ and the future. A. C. Simpson‚ D. J. Power‚ D. Russell‚ M. A. Slaymaker‚ V. Bailey‚ C. E. Tromans‚ J. M. Brady and L. Tarassenko. In Philosophical Transactions of the Royal Society A: Mathematical‚ Physical and Engineering Sciences. Vol. 368. Pages 3891–3905. 2010.

On the modelling and analysis of Amazon Web Services access policies. David Power‚ Mark Slaymaker and Andrew Simpson. In Proceedings of Abstract State Machines‚ Alloy‚ B and Z (ABZ 2010). Pages 394. Springer−Verlag Lecture Notes in Computer Science‚ volume 5977. 2010.

On the secure sharing and aggregation of data to support Systems Biology research. Andrew Simpson‚ Mark Slaymaker and David Gavaghan. In Proceedings of the 7th International Conference on Data Integration in the Life Sciences (DILS 2010). Pages 58–73. Springer−Verlag Lecture Notes in Computer Science‚ volume 6254. 2010.

Towards Formally Templated Relational Database Representations in ZNicolas Wu and Andrew Simpson. In Proceedings of the Second International Conference on Abstract State Machines‚ Alloy‚ B and Z (ABZ 2010). Vol. 5977 of Lecture Notes in Computer Science. Pages 363−376. Springer−Verlag. 2010.

Beyond Mobility: What Next After CSP/π. Michael Goldsmith. In The thirty−second Communicating Process Architectures Conference‚ CPA. Pages 1–6. 2009. http://books.google.co.uk/books?hl=en&lr=&id=RJvfFRMmllMC&oi=fnd&pg=PA1&ots=jxe5iy6srh&sig=5X7zFUpRzjNv9QmOuaB3f6XSN0Q#v=onepage&q&f=false

Ensuring Consent and Revocation: Towards a Taxonomy of Consen. N. Papnikolaou S. Creese M. Goldsmith. In Proceedings of WebSci’09: Society On−Line. 2009.

Ensuring Consent and Revocation: Towards a Taxonomy of Consent. Sadie Creese‚ Michael Goldsmith and Nikolaos Papanikolaou. In WebSci’09: Society Online. 2009. http://journal.webscience.org/245/

Policy Refinement Checking. Nick Papanikolaou, Sadie Creese, Michael Goldsmith. Full version of paper presented at Ninth International Workshop on Automated Verification of Critical Systems (AVoCS 2009), Swansea University/Gregynog Conference Centre, Wales, 23-25 September 2009.

Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. N. Papanikolaou I. Agrafiotis S. Creese M. Goldsmith. In Privacy and Identity Management for Life‚ Proceedings of 5th PrimeLife/IFIP International Summer School. Springer IFIP AICT 320. 2009.

Towards an Integrated Approach to the Management‚ Specification and Enforcement of Privacy Policies. Marco Casassa Mont‚ Siani Pearson‚ Sadie Creese‚ Michael Goldsmith and Nick Papanikolaou. In Proceedings of W3C Workshop on Access Control Application Scenarios. 2009. http://www.w3.org/2009/policy-ws/papers/Papanikolaou.pdf

On the Feasibility of Remote Attestation for Web Services. John Lyle and Andrew Martin. In SecureCom09: Proceedings of the International Symposium on Secure Computing. Pages 283−288. IEEE. 2009. http://www.cs.ox.ac.uk/files/5275/PublicationFile

Towards a Trustable Virtual Organisation. Jun Ho Huh and Andrew Martin. Pages 425−431. Los Alamitos‚ CA‚ USA. November, 2009. IEEE Computer Society. DOI: 10.1109/ISPA.2009.72

A new bound for t-wise almost universal hash functions. LH Nguyen, AW Roscoe. IACR Cryptology ePrint Archive, Report 2009/153. 2009

Faster FDR counterexample generation using SAT-solving. H Palikareva, J Ouaknine, B Roscoe. Electronic Communications of the EASST 23 (0). 2009. http://journal.ub.tu-berlin.de/index.php/eceasst/article/view/307

Local search in model checking. AW Roscoe, PJ Armstrong, Pragyesh .Automated Technology for Verification and Analysis, 22-38. 2009. http://link.springer.com/chapter/10.1007/978-3-642-04761-9_3#page-1

Revivals, stuckness and the hierarchy of CSP models. AW Roscoe. The Journal of Logic and Algebraic Programming 78 (3), 163-190. 2009. DOI: 0.1016/j.jlap.2008.10.002

Separating two roles of hashing in one-way message authentication. LH Nguyen, AW Roscoe. IACR Cryptology ePrint Archive 2009, 3. 2009. http://eprint.iacr.org/2009/003.pdf

Usability and security of out-of-band channels in secure device pairing protocols. R Kainda, I Flechais, AW Roscoe. Proceedings of the 5th Symposium on Usable Privacy and Security, 11. 2009. DOI: 10.1145/1572532.1572547

GIMI: the past‚ the present‚ and the future. A. C. Simpson‚ D. J. Power‚ D. Russell‚ M. A. Slaymaker‚ V. Bailey‚ C. Tromans‚ J. M. Brady and L. Tarassenko. In Proceedings of the 2009 UK e−Science All Hands Meeting. 2009.

On formalising and normalising role−based access control systems. D. J. Power M. A. Slaymaker and A. C. Simpson .In The Computer Journal. Vol. 52. No. 3. Pages 305−325. 2009. DOI: 10.1093/comjnl/bxn016

On Quality Assurance of Web Services in Agile Projects—An Experience Report. G. Kouadri Mostefaoui and A. C. Simpson. In Proceedings of the Third ACM Workshop on Software Engineering for Pervasive Services at ICPS 2008‚ July 6–10 2008‚ Sorrento‚ Italy. Pages 21–26. 2008.

On the construction and verification of self−modifying access control policies. David Power‚ Mark Slaymaker and Andrew Simpson. In Proceedings of Secure Data Management (SDM) 2009. Vol. 5776 of Lecture Notes in Computer Science. Pages 107–121. Spring−Verlag. 2009.

On the modelling and analysis of Amazon Web Services access policies. David Power‚ Mark Slaymaker and Andrew Simpson. No. RR−09−15. Oxford University Computing Laboratory. November, 2009. http://www.cs.ox.ac.uk/files/2594/RR-09-15.pdf

On the secure sharing of legacy data. X. Ma D. Russell D. J. Power M. A. Slaymaker G. Kouadri Mostefaoui and A. C. Simpson. In Proceedings of the 2009 IEEE Conference on IT: Next Generation (ITNG 2009). Pages 1676–1679. 2009.

On the utilisation of a service−oriented infrastructure to support radiologist training. Andrew Simpson‚ Mark Slaymaker‚ Moi Hoon Yap‚ Alastair Gale‚ David Power and Douglas Russell. In Proceedings of the 22nd IEEE Symposium on Computer−Based Medical Systems (CBMS 2009). Pages 1–4. IEEE Computer Society Press. 2009.

A Representative Function Approach to Symmetry Exploitation for CSP Refinement Checking. Nick Moffat‚ Michael Goldsmith and Bill Roscoe. In Formal methods and software engineering: 10th International Conference on Formal Engineering Methods‚ ICFEM 2008‚ Kitakyushu−City‚ Japan‚ October 27−31‚ 2008. proceedings. Pages 258–277. Springer−Verlag New York Inc. 2008. http://link.springer.com/chapter/10.1007/978-3-540-88194-0_17#page-1

Assumption-Commitment Support for CSP Model Checking. Nick Moffat and Michael Goldsmith. In Journal of Automated Reasoning. Vol. 41. No. 3. Pages 365–398. 2008. DOI: 10.1007/s10817-008-9111-8

Requirements and Concepts for Information Assurance and Pervasive Adaptation Co−design. Sadie Creese and Michael Goldsmith. In Second IEEE International Conference on Self−Adaptive and Self−Organizing Systems‚ Workshop on Pervasive Adaptation‚ 2008. SASO/PerAda 2008. Pages 73-77. IEEE. 2008. DOI: 10.1109/SASOW.2008.68

The Ten Page Introduction to Trusted Computing. Andrew Martin. No. RR−08−11. OUCL. December, 2008. http://www.cs.ox.ac.uk/files/1873/RR-08-11.PDF

Trusted Logging for Grid Computing. Jun Ho Huh and Andrew Martin. In Third Asia−Pacific Trusted Infrastructure Technologies Conference. Pages 30−42. Los Alamitos‚ CA‚ USA. October, 2008. IEEE Computer Society. DOI: 10.1109/APTC.2008.9

A Representative Function Approach to Symmetry Exploitation for CSP Refinement Checking. N Moffat, M Goldsmith, B Roscoe. Formal Methods and Software Engineering, 258-277. 2008. http://link.springer.com/chapter/10.1007/978-3-540-88194-0_17#page-1

Authenticating ad hoc networks by comparison of short digests. LH Nguyen, AW Roscoe. Information and Computation 206 (2), 250-271. 2008. DOI: 10.1016/j.ic.2007.07.010

Nets with tokens which carry data. R Lazic, T Newcomb, J Ouaknine, AW Roscoe, J Worrell .Fundamenta Informaticae 88 (3), 251-274. 2008.

Nets with tokens which carry data. R Lazić, T Newcomb, J Ouaknine, AW Roscoe, J Worrell. Fundamenta Informaticae 88 (3), 251-274. 2008. http://iospress.metapress.com/content/b81rl42686x233m1/

Security in computing networks. AW Roscoe, LH Nguyen. Electronic Patent 1,998,494. 2008. http://www.google.com/patents/US8230229

The three platonic models of divergence-strict CSP. AW Roscoe. Theoretical Aspects of Computing-ICTAC 2008, 23-49. http://link.springer.com/chapter/10.1007/978-3-540-85762-4_3#page-1

A healthcare−driven framework for facilitating the secure sharing of data across organisational boundaries. X. Ma A. C. Simpson D. J. Power D. Russell M. A. Slaymaker G. Kouadri−Mostefaoui and G. Wilson. In Proceedings of HealthGrid 2008. 2008.

Accessing and aggregating legacy data sources for healthcare research‚ delivery and training. M. A. Slaymaker‚ D. J. Power‚ D. Russell‚ G. Wilson and A. C. Simpson. In Proceedings of SAC 2008. 2008.

n the facilitation of fine−grained access to distributed healthcare data. D. Russell M. A. Slaymaker D. J. Power and A. C. Simpson. In Proceedings of Secure Data Management 2008.

On formal descriptions of synchronization requirements in multimedia systems. A. C. M. Fong and A. C. Simpson. In Proceedings of the IEEE Conference on IT: Next Generation. Pages 1255–1256. 2008.

On the need for user−defined fine−grained access control policies for social networking applications. A. C. Simpson. In Proceedings of the 2008 workshop on Security in Opportunistic and SOCial networks (SOSOC 2008). 2008.

The development‚ testing‚ and deployment of a web services infrastructure for distributed healthcare delivery‚ research‚ and training. A. C. Simpson‚ D. J. Power‚ D. Russell‚ M. A. Slaymaker‚ G. Kouadri Mostefaoui‚ G. Wilson and X. Ma. In K. Khan, editor, Managing Web Services Quality: Measuring Outcomes and Effectiveness. Pages 1–22. 2008.

A capacity result for batch steganography. Andrew D. Ker. IEEE Signal Processing Letters, 14(8):525-528, 2007. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK24E.pdf

Batch steganography and the threshold game. Andrew D. Ker. In Security, Steganography, and Watermarking of of Multimedia Contents IX, volume 6505 of Proc. SPIE, pages 0401-0413. SPIE, 2007. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK21B.pdf

Derivation of error distribution in least-squares steganalysis. Andrew D. Ker. IEEE Transactions on Information Forensics and Security, 2(2):140-148, 2007. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK22F.pdf

Optimally weighted least-squares steganalysis. Andrew D. Ker. In Security, Steganography, and Watermarking of of Multimedia Contents IX, volume 6505 of Proc. SPIE, pages 0601-0616. SPIE, 2007. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK23B.pdf

Steganalysis of embedding in two least significant bits. Andrew D. Ker. IEEE Transactions on Information Forensics and Security, 2(1):46-54, 2007. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK20D.pdf

Association of parameter‚ software‚ and hardware variation with large−scale behavior across 57‚000 climate models. Christopher G. Knight‚ Sylvia H. E. Knight‚ Neil Massey‚ Tolu Aina‚ Carl Christensen‚ Dave J. Frame‚ Jamie A. Kettleborough‚ Andrew Martin‚ Stephen Pascoe‚ Ben Sanderson, David A. Stainforth and Myles R. Allen. In Proceedings of the National Academy of Sciences in the United States of America. Vol. 104. No. 30. Pages 12259–12264. July, 2007.. DOI: 10.1073/pnas.0608144104

Method and Device for Mutual Authentication. AW Roscoe. US Patent App. 12/520,475. 2007. http://www.google.com/patents/US20100115277

Responsiveness and stable revivals. JN Reed, AW Roscoe, JE Sinclair. Formal Aspects of Computing 19 (3), 303-319. 2007. http://link.springer.com/article/10.1007/s00165-007-0032-9#page-1

Bootstrapping multi-party ad-hoc security. Sadie Creese, Michael Goldsmith, Bill Roscoe, Ming Xiao. In Proceedings of the 2006 ACM symposium on Applied computing, 23 April 2006, pp 369-375. http://dl.acm.org/citation.cfm?id=1141362

Talking quotients in CSP. Michael Goldsmith. In Conference in Topology and Theoretical Computer Science in honour of Peter Collins and Mike Reed, 2006.

A two-factor error model for quantitative steganalysis. Rainer Böhme and Andrew D. Ker. In Security, Steganography, and Watermarking of of Multimedia Contents VIII, volume 6072 of Proc. SPIE, pages 59-74. SPIE, 2006. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK15B-rev.pdf

Batch steganography and pooled steganalysis. Andrew D. Ker. In Proc. 8th Information Hiding Workshop, volume 4437 of LNCS, pages 265-281. Springer, 2006. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK18D.pdf

Fourth-order structural steganalysis and analysis of cover assumptions. Andrew D. Ker. In Security, Steganography, and Watermarking of of Multimedia Contents VIII, volume 6072 of Proc. SPIE, pages 25-38. SPIE, 2006. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK14B.pdf

The UN Global Compact. In H.K. Anheiner, M. Kaldor & M. Glasius (eds.), Global Civil Society 2005-2006 (London: Sage, 2006), pp. 178-179. http://www.uk.sagepub.com/books/Book228113

Exploiting empirical engagement in authentication protocol design. Sadie Creese, Michael Goldsmith, Richard Harrison, Bill Roscoe, Paul Whittaker, Irfan Zakiuddin. In Security in Pervasive Computing, 119-133. Springer Berlin/Heidelberg, 2005. http://link.springer.com/chapter/10.1007/978-3-540-32004-3_14#page-1

Operational semantics for fun and profit. Michael Goldsmith. In Communicating Sequential Processes. The First 25 Years. Pp. 265-274. Springer Berlin/Heidelberg 2005. http://link.springer.com/chapter/10.1007/11423348_16#page-1

A general framework for the structural steganalysis of LSB replacement. Andrew D. Ker. In Proc. 7th Information Hiding Workshop, volume 3727 of LNCS, pages 296-311. Springer, 2005. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK13D.pdf

Resampling and the detection of LSB matching in colour bitmaps. Andrew D. Ker. In Security, Steganography, and Watermarking of of Multimedia Contents VII, volume 5681 of Proc. SPIE, pages 1-15. SPIE, 2005. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK11B.pdf

Steganalysis of LSB matching in grayscale images. Andrew D. Ker. IEEE Signal Processing Letters, 12(6):441-444, 2005. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK09D.pdf

Cyberinfrastructure for e-Science. Tony Hey, Anne E. Trefethen. Science v 308, no. 5723, pp 817-821. 6 May 2005. DOI: 10.1126/science.1110410

Authentication for pervasive computing. Sadie Creese, Michael Goldsmith, Bill Roscoe, Irfan Zakiuddin. In Security in pervasive computing, Sprnger Berlin/Heidelberg 2004, pp. 493-488. http://link.springer.com/chapter/10.1007/978-3-540-39881-3_12#page-1

CSP: The Best Concurrent-System Description Language in the World-Probably! Michael Goldsmith. In Commpuicating Process Architectures. September 2004, pp 227-232. http://books.google.co.uk/books?hl=en&lr=&id=iDiRVk3gem0C&oi=fnd&pg=PA227&ots=Z3_yQgPzWv&sig=0AYrDrEyjMszU3bZlAt8W_751Ac#v=onepage&q&f=false

Security properties and mechanisms in human-centric computing. SJ Creese, MH Goldsmith, AW Roscoe, Irfan Zakiuddin. In Privacy, Security and Trust within the Context of Pervasive Computing, Kluwer International Series in Engineering and Computer Science. Springer. April 2004.

“Improved detection of LSB steganography in grayscale images. Andrew D. Ker.
In Proc. 6th Information Hiding Workshop, volume 3200 of LNCS, pages 97-115. Springer, 2004.”

Quantitive evaluation of Pairs and RS steganalysis. Andrew D. Ker. In Security, Steganography, and Watermarking of of Multimedia Contents VI, volume 5306 of Proc. SPIE, pages 83-97. SPIE, 2004. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK08B.pdf

A methodology for model-checking ad-hoc networks. Irfan Zakiuddin, Michael Goldsmith, Paul Whittaker, Paul Gardiner. In Proceedings of the 10th international conference on Model checking software, Springer-Verlag, 9 May 2003. pp. 181-196. http://link.springer.com/chapter/10.1007/3-540-44829-2_12#page-1

Adapting game models for the böhm tree lambda-theory. Andrew D. Ker, Hanno Nickau, and C.-H. Luke Ong. In Theoretical Computer Science, 308:333-366, 2003. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK04C.pdf

The Data Deluge: An e-Science Perspective. Tony Hey, Anne Trefethen. UK e-Science Core Programme. 2003. http://eprints.soton.ac.uk/257648/1/The_Data_Deluge.pdf

Innocent game models of untyped lambda-calculus. Andrew D. Ker, Hanno Nickau, and C.-H. Luke Ong. In Theoretical Computer Science, 272:247-292, 2002. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK01D.pdf

An idea for a blind watermarking scheme resistant to StirMark. Andrew D. Ker. In Programming Research Group Research Report RR-01-14. Oxford University Computing Laboratory, 2001. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK06B.pdf

Innocent game models of untyped lambda-calculus. Andrew D. Ker. DPhil Thesis, Oxford University, 2000. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK03D.pdf

A universal innocent game model for the bohm tree lambda theory. Andrew D. Ker. In Computer Science Logic: Proceedings of the 8th Annual Conference of the EACSL, volume 1683 of LNCS, pages 405-419. Springer, 1999. http://www.cs.ox.ac.uk/andrew.ker/docs/ADK02C.pdf

The Theory and Practice of Concurrency. international series in computer science. Prentice-Hall, 1997. http://www.cs.ox.ac.uk/bill.roscoe/publications/68b.pdf