publications on Computer Security

In the US Department of Defense, a 'trusted system or component' is defined as 'one which can break the security policy'. ...
You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him.

-- Ross Anderson
TCPA / Palladium Frequently Asked Questions

2008

refereed workshop and conference papers

Joss Wright, Susan Stepney.
Enforcing Behaviour with Anonymity .
AlPACa 2008, Istanbul, Turkey, September 2008 . ACM 2008

2005

refereed workshop and conference papers

John A. Clark, Susan Stepney, Howard Chivers.
Breaking the Model: finalisation and a taxonomy of security attacks .
REFINE 2005, Surrey, UK . ENTCS 137 (2):225-242, 2005

Yang Liu, John A. Clark, Susan Stepney.
"Devices are People Too": using process patterns to elicit security requirements in novel domains .
In Security of Pervasive Computing, SPC'05, Boppard, Germany . LNCS 3450:31-45. Springer, 2005

technical reports

Joss Wright, Susan Stepney, John A. Clark, Jeremy Jacob.
Formalizing Anonymity: a review .
Technical Report YCS-2005-389, University of York. 2005

2004

journal papers

Phillip J. Brooke, Richard F. Paige, John A. Clark, Susan Stepney.
Playing the Game: cheating, loopholes, and virtual identity .
ACM Computers and Society , 34 (2), Sept 2004

technical reports

John A. Clark, Susan Stepney, Howard Chivers.
Breaking the Model: finalisation and a taxonomy of security attacks .
Technical Report YCS-2004-371, University of York. 2004

2003

refereed workshop and conference papers

Howard Chivers, John A. Clark, Susan Stepney.
Smart Devices and Software Agents .
In Security of Pervasive Computing, SPC'03, Boppard, Germany . LNCS 2804. Springer, 2003

Susan Stepney.
Critical Critical Systems .
In Formal Aspects of Security, FASeC'02, London, December 2002 . LNCS 2629. Springer, 2003

1986

journal papers

Susan Stepney, Stephen P. Lord.
Formal Specification of an Access Control System .
Software-Practice and Experience , 17 (9):575-593, 1987.

1987

refereed workshop and conference papers

Stephen P. Lord, N. H. Pope, Susan Stepney.
Access Management in multi-administration networks .
In 2nd International Conference on Secure Communication Systems, London . IEE, 1986.