I've been involved in research on-and-off (mostly on) for more than 15 years, starting in maths and moving into computing. For the last ten years I've worked in computer security, and am currently a Research Associate at the University of Cambridge working on the Pico project. The project, run by Frank Stajano, will rid the world of pesky passwords. Everyone I speak to about it seems to think this would be a Good Thing™.

Here are some links with more details related to my research.

About me

My portrait

I originally studied Mathematics and Philosophy at St. Peter's College, part of the University of Oxford. Having completed my degree I then went on to do a PhD in Mathematical Logic and Model theory at Birmingham University under the supervision of Richard Kaye. If this interests you, take a look at the maths page.

After my PhD I worked briefly for Codemasters as a programmer on Toca Race Driver, a driving game. I stayed there for nearly two years, but eventually decided to move back into academia. Until recently I worked at Liverpool John Moores University, mostly on security research as Reader in Computer Security.

Then in October 2015 I moved to the University of Cambridge as a Research Associate working on the Pico project. Check out the project's website for the gory details.

Research interests

  • Usable Security: An area that's desperate for solutions. For most people there seems to be an inescapable trade-off between security and usability. This needn't be the case and when security aligns itself with incentives, workflow and user behaviour, beautiful things can happen.
  • Secure Component Composition: A feature of network computing is the constant interaction between systems. This includes Web services, embedded devices, Websites and Internet-enabled devices of all sorts. This has important ramifications in terms of security, as the composition of multiple components can have unexpected effects on the security properties of a larger system. An important part of my research involves considering how component composition affects security properties, and how this can be used advantageously.
  • Security Visualisation: most people are quite-rightly ambivalent about security. They know it's important, but don't want to have to spend lots of time dealing with it. On the other hand, Internet security can be technical and abstract. Presenting security information in an understandable, immediate, interactive and accurate way is challenging. I feel it's important to find rigorous and systematic ways to achieve this.
  • Code Analysis and Reasoning: establishing security properties of executable code can be difficult. One way to achieve this is by performing code analysis, in order to turn the code into a form of propositional logic that a computer can then reason about. The processes involved are exciting (to me!), and I'm very interested in researching techniques that can allow code analysis to be performed automatically and efficiently. Part of this work involves automatic proof generation, based on the logical statements obtained.
  • Model Theory and Logic: my PhD area was in mathematical logic and model theory, considering the characteristics of the automorphism groups of models of Presburger Arithmetic. This is a very pure subject, but is fascinating in its own right. There's also scope for using results in this area to improve how computers can reason about code through Direct Code Analysis, for example for security analysis.


Contact me by e-mailed at I'll be overjoyed to if you send me PGP encrypted e-mail using my public key with fingerprint 696F 8647 2837 F81D 606F DA0F 07BC F007 F2D4 019F.


blog comments powered by Disqus