Search For:

Displaying 1-24 out of 24 total
Silver Bullet Talks with Ross Anderson
Found in: IEEE Security and Privacy
By Gary McGraw, Ross Anderson
Issue Date:July 2007
pp. 10-13
Gary McGraw chats with Ross Anderson, professor of security engineering at the Computer Laboratory at Cambridge University and author of Security Engineering. Gary and Ross discuss the simple reasons why most systems fail, the economic imbalance between en...
How to Cheat at the Lottery (or, Massively Parallel Requirements Engineering)
Found in: Computer Security Applications Conference, Annual
By Ross Anderson
Issue Date:December 1999
pp. 1
Collaborative software projects such as Linux and Apache have shown that a large, complex system can be built and maintained by many developers working in a highly parallel, relatively unstructured way. In this note, I report an experiment to see whether a...
Guest Editors' Introduction: Economics of Information Security
Found in: IEEE Security and Privacy
By Ross Anderson, Bruce Schneier
Issue Date:January 2005
pp. 12-13
Often, the economic considerations of security are more important than the technical considerations. Guests editors Ross Anderson and Bruce Schneier present six articles that delve into all aspects of this economic angle.
Software Security: State of the Art
Found in: IEEE Security and Privacy
By Ross Anderson
Issue Date:January 2007
pp. 8
Ross Anderson reviews Gary McGraw's book, Software Security: Building Security In.
API-Level Attacks on Embedded Systems
Found in: Computer
By Mike Bond, Ross Anderson
Issue Date:October 2001
pp. 67-75
<p>A growing number of embedded systems use security processors to distribute control, billing, and metering among devices with intermittent or restricted online connectivity. The more obvious examples include smart cards, microcontrollers used as va...
How Certification Systems Fail: Lessons from the Ware Report
Found in: IEEE Security & Privacy
By Steven J. Murdoch,Mike Bond,Ross Anderson
Issue Date:November 2012
pp. 40-44
The 1970 Security Controls for Computer Systems report, which helped shape computer systems' standard evaluation criteria, can shed light on current certification systems' shortcomings.
Chip and PIN is Broken
Found in: Security and Privacy, IEEE Symposium on
By Steven J. Murdoch, Saar Drimer, Ross Anderson, Mike Bond
Issue Date:May 2010
pp. 433-446
EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduc...
Failures of Tamper-Proofing in PIN Entry Devices
Found in: IEEE Security and Privacy
By Saar Drimer, Steven J. Murdoch, Ross Anderson
Issue Date:November 2009
pp. 39-45
Bank customers are forced to rely on PIN entry devices in stores and bank branches to protect account details. The authors examined two market-leading devices and found them easy to compromise owing to both their design and the processes used to certify th...
Thinking Inside the Box: System-Level Failures of Tamper Proofing
Found in: Security and Privacy, IEEE Symposium on
By Saar Drimer, Steven J. Murdoch, Ross Anderson
Issue Date:May 2008
pp. 281-295
PIN entry devices (PEDs) are critical security components in EMV smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. In this paper, we demonstrate ...
Combining Crypto with Biometrics Effectively
Found in: IEEE Transactions on Computers
By Feng Hao, Ross Anderson, John Daugman
Issue Date:September 2006
pp. 1081-1088
We propose the first practical and secure way to integrate the iris biometric into cryptographic applications. A repeatable binary string, which we call a biometric key, is generated reliably from genuine iris codes. A well-known difficulty has been how to...
The Economics of Resisting Censorship
Found in: IEEE Security and Privacy
By George Danezis, Ross Anderson
Issue Date:January 2005
pp. 45-50
Early peer-to-peer systems sought to resist censorship by distributing content randomly over the entire Internet. The most popular ones simply let nodes serve the resources they were most interested in. The authors offer the first model inspired by economi...
Key Infection: Smart Trust for Smart Dust
Found in: Network Protocols, IEEE International Conference on
By Ross Anderson, Haowen Chan, Adrian Perrig
Issue Date:October 2004
pp. 206-215
Future distributed systems may include large self-organizing networks of locally communicating sensor nodes, any small number of which may be subverted by an adversary. Providing security for these sensor networks is important, but the problem is complicat...
On a New Way to Read Data from Memory
Found in: Security in Storage Workshop, International IEEE
By David Samyde, Sergei Skorobogatov, Ross Anderson, Jean-Jacques Quisquater
Issue Date:December 2002
pp. 65
This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi- invasive probing methods to induce measurable ...
Free Speech Online and Offline
Found in: Computer
By Ross Anderson
Issue Date:June 2002
pp. 28-30
<p>Esther Dyson famously argued that as the world will never be perfect, whether online or offline, it is foolish to expect higher standards on the Internet than we accept in real life. Legislators are now turning this argument around, arguing that t...
Improving Smart Card Security Using Self-Timed Circuits
Found in: Asynchronous Circuits and Systems, International Symposium on
By Ross Anderson, Robert Mullins, George Taylor, Simon Moore, Paul Cunningham
Issue Date:April 2002
pp. 211
We demonstrate how 1-of-n encoded speed-independent circuits provide a good framework for constructing smart card functions that are resistant to side channel attacks and fault injection. A novel alarm propagation technique is also introduced. These techni...
The Resurrecting Duckling: Security Issues for Ubiquitous Computing (Supplement to Computer Magazine)
Found in: Computer
By Frank Stajano, Ross Anderson
Issue Date:April 2002
pp. 22-26
A common view of the Internet divides its history into three waves: originally, mainframes and terminals; until yesterday, PCs, browsers, and a GUI; starting tomorrow, wirelessly networked processors embedded in everyday objects.
Rendezvous: A search engine for binary code
Found in: 2013 10th IEEE Working Conference on Mining Software Repositories (MSR 2013)
By Wei Ming Khoo,Alan Mycroft,Ross Anderson
Issue Date:May 2013
pp. 329-338
The problem of matching between binaries is important for software copyright enforcement as well as for identifying disclosed vulnerabilities in software. We present a search engine prototype called Rendezvous which enables indexing and searching for code ...
Eight friends are enough: social graph approximation via public listings
Found in: Proceedings of the Second ACM EuroSys Workshop on Social Network Systems (SNS '09)
By Frank Stajano, Jonathan Anderson, Joseph Bonneau, Ross Anderson
Issue Date:March 2009
pp. 13-18
The popular social networking website Facebook exposes a "public view" of user profiles to search engines which includes eight of the user's friendship links. We examine what interesting properties of the complete social graph can be inferred from this pub...
PIN skimmer: inferring PINs through the camera and microphone
Found in: Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices (SPSM '13)
By Laurent Simon, Ross Anderson
Issue Date:November 2013
pp. 67-78
Today's smartphones provide services and uses that required a panoply of dedicated devices not so long ago. With them, we listen to music, play games or chat with our friends; but we also read our corporate email and documents, manage our online banking; a...
Security economics: a personal perspective
Found in: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)
By Ross Anderson
Issue Date:December 2012
pp. 139-144
This paper describes the origins of security economics. The birth of this thriving new discipline is sometimes credited to a talk I gave at ACSAC in December 2001, but the story is more complex. After sabbatical visits to Berkeley in 2001--2 to work with H...
Technical perspectiveA chilly sense of security
Found in: Communications of the ACM
By Ross Anderson
Issue Date:May 2009
pp. 101-104
The convergence of CS and biology will serve both disciplines, providing each with greater power and relevance.
Protecting domestic power-line communications
Found in: Proceedings of the second symposium on Usable privacy and security (SOUPS '06)
By Larry Yonge, Richard Newman, Ross Anderson, Sherman Gavette
Issue Date:July 2006
pp. 122-132
In this paper we describe the protection goals and mechanisms in HomePlug AV, a next-generation power-line communications standard. This is a fascinating case-history in security usability. There are also novel protocol issues; interactions with mechanisms...
Why cryptosystems fail
Found in: Proceedings of the 1st ACM conference on Computer and communications security (CCS '93)
By Ross Anderson
Issue Date:November 1993
pp. 215-227
Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes.In ...
Free speech online and offline
Found in: Communications of the ACM
By Ross Anderson
Issue Date:January 1988
pp. 120
There will always be a need for power … but at what cost?