Professional Documents
Culture Documents
Home:
Mobile:
Email:
Web:
01483 822403
07973 742473
james@chiastic-security.co.uk
http://www.chiastic-security.co.uk
Summary
Software developer with 15+ years of Java experience, and 15+ years of academic research into computer security, formal verification
of concurrent and distributed systems, and secure electronic voting.
Programming languages: Java (including Android), Haskell, CSP, bash, Python, C
Technologies: OOP, Swing, Hibernate, MySQL, Apache Lucene, XML, FDR
Operating systems: Linux/UNIX, Android
Dev/build tools: Eclipse, JUnit, Ant, Maven, GIT, subversion, make
Employment record
2014
Managing Director, Chiastic Security Ltd: software development and computer security consultancy
20102014
20012010
Education
19972001
19961997
19931996
BA in Mathematics and Computation, Corpus Christi College, Oxford (First Class Honours)
Achievements
To present
2014
Consultancy: conducted code review of mixnet developed by Victorian Electoral Commission (VEC) for use in
verifiable voting system
Technologies used: Java, JUnit, gradle, GIT
2014
2013
Invited speaker at European Parliaments Privacy Platform on surveillance, in response to Edward Snowden
revelations. One of four panellists, with Jacob Appelbaum (former spokesperson for WikiLeaks); Ladar Levison
(Lavabit); Troels Oerting (Director of the EUs European Cybercrime Centre)
2013
Invited speaker at EVT2013, the most prestigious secure voting conference, to talk about work with Victorian
Electoral Commission
2012
Contract secured with VEC to develop verifiable voting system for use in Victorian state elections from Nov 2014
2010
Awarded 45K from Royal Academy of Engineering for Real-World Secure Elections Fellowship project, running
Oct 2010 to Oct 2011 (highly competitiveonly seven awarded nationally each year)
2010
Interviewed on BBC Radio about an article in Times Higher Education on my work ([3]) on security weaknesses
in Turnitin, the plagiarism detection system.
2010
2009
Awarded 1.06M from Engineering and Physical Sciences Research Council for Trustworthy Voting Systems
project, running Apr 2009 to Apr 2014. This is the only time a public research council anywhere in the world
has approved funding on this scale to look at secure electronic voting.
2008
Ran tournament for British Computer Society using The Arena, a system I created to stimulate students interest
in programming, through competition. Provides a framework for hosting two-player, turn-based strategy games.
Students write Java code that takes a game in progress, and returns their favoured move from that position; The
Arena uses students player modules to run a large tournament on a cluster. Much of the codebase deals with
security and sandboxing, to stop player modules breaking rules or compromising the host system.
Technologies used: Java, MySQL, bash scripting, cluster deployment, heavily multithreaded/distributed
2008
Interviewed on BBC Radio, ABC Radio (Aus), and Colombian National Radio, about voting research
2007
VoComp (International Voting Systems Competition): Best Design award, and second place overall. Led a
team of five in designing and building a verifiable voting system, to a very tight timescale.
Technologies used: Java, MySQL, LATEX, BouncyCastle, svn
2007
2006
Consultancy for Microsoft to determine physical distance travelled by a computer mouse over one year
2002
Provided bespoke security tuition for the Swedish Security Service, including training in cryptographic techniques and general security topics
Key projects
20092014
Trustworthy Voting Systems (EPSRC): Research into how to provide two critical and seemingly conflicting properties of a voting system: (1) voter privacy and anonymity; (2) a means for voters to verify that their vote was
included, unaltered, in the count, and challenge the election if not. The initial plan was for a simple prototype of
a verifiable voting system, with the UKs fairly simplistic electoral system in mind; but it led to a real implementation for use in governmental state elections in Victoria. I led this project, and was responsible for managing a
team of 2 academics, 3 post-docs, and 3 PhD students.
20102011
Real-world Secure Elections (Royal Academy of Engineering): Fellowship project that allowed me to spend an
extended period in Melbourne working on various aspects of voter privacy. Conversations I had there with a key
manager at the Victorian Electoral Commission led to the invitation to design and build a system for them.
20122014
Building a verifiable voting system for use in Victoria (VEC): adapting our prototype for use in Victorian state
elections (3.6M voters, with a complex ballot system). The system will be deployed in a state-wide governmental
election for the first time in Nov 2014. This will be the first governmental use worldwide of a large-scale verifiable
voting system.
The hardest aspect of applying the Trustworthy Voting Systems work to the Australian context was the sheer
complexity of the ballots used in Australia: there may be up to 50 candidates in some Victorian elections, and
voters in some cases are required to rank them in preference order, with these orderings then subjected to a
complex tallying process to determine the winners. Applying verifiable voting in Victoria involved a significant
upward shift in ambitions for the field of voting, taking things from an academic toy to a real-world solution in
one of the most complex electoral environments in existence.
Surrey designed and developed most of the system (available at https://bitbucket.org/tvsproject),
under my direction. I was also responsible for code review of the part developed outside Surrey.
Technologies used: Java, MongoDB, MySQL, BouncyCastle, ElGamal/ECC, GIT, svn, JUnit
Key publications arising from these projects: establishing a formal framework ([2]) for analysing voting systems for coercion resistance; follow-up work ([1]) to improve the techniques to enable the analysis to be automated.
Other skills/activities
Good understanding of, and relationship with, academic computer security community
Leader of student team on a Christian holiday camp for 1418 year olds each summer (1994present)
Selected publications
[1] Murat Moran, James A. Heather, and Steve A. Schneider. Verifying Anonymity in Voting Systems using CSP. Formal Aspects
of Computing, 26(1):6398, 2014. Available at http://epubs.surrey.ac.uk/745657/1/facsanon.pdf.
[2] James A. Heather and Steve A. Schneider. A Formal Framework for Modelling Coercion Resistance and Receipt Freeness. In
Proceedings of Formal Methods (FM) 2012, volume 7436, pages 217231, Paris, August 2012. Available at http://epubs.
surrey.ac.uk/726040/1/MASTER.pdf.
[3] James A. Heather. Turnitoff: identifying and fixing a hole in current plagiarism detection software. Journal of Assessment
and Evaluation in Higher Education, 35(6):647660, 2010. Available at http://epubs.surrey.ac.uk/107387/2/
turnitoff-named.pdf.
[4] James A. Heather, Gavin Lowe, and Steve A. Schneider. How to avoid type flaw attacks on security protocols. Journal of
Computer Security, 11(2):217244, 2003. Available at http://epubs.surrey.ac.uk/1901/1/fulltext.pdf.