The Initial Costs and Maintenance Costs of Protocols

  • Ross Anderson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4631)


Software-engineering academics focussed for many years on the costs of developing the first version of a product, and ignored the costs of subsequent maintenance. We taught our students the ‘waterfall model’, and biased research towards the sort of tools and ideas that complemented it, such as formal methods. Meanwhile the economics of software had changed. Software is now so complex that the only way to build version N is to start with version N-1. Iterative development methodologies now rule, and the tools that real developers say have helped them most in the last fifteen years are not theorem provers, but automated regression-testing and bug-reporting systems. Nowadays, the maintenance is the product.

Security engineers have been falling into a similar trap. For years, we thought that the problem of authentication began and ended with trustworthy bootstrapping. Once Alice and Bob shared that elusive session key - and could prove mathematically that no-one else did - we could type up the research paper and head for the pub. Again, the real world has changed. Security maintainability is the elephant in the living room; people know there’s an awful problem but are generally too polite to mention it (especially as we don’t really know what to do with the beast). Vendors used to not care very much; after all, people replace their mobile phones every year, and their PCs every three to five years, so why not just wait for the vulnerable equipment to be thrown on the skip? With luck, vulnerability scares might even help stoke the upgrade cycle.


Shared Secret Security Protocol Competition Authority Card Payment Operating System Principle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Chan, H., Perrig, A.: Key Infection: Smart Trust for Smart Dust. In: Proceedings of the 2004 International Conference on Network Protocols, pp. 206–215. IEEE Computer Society Press, Los Alamitos (2004), CrossRefGoogle Scholar
  2. 2.
    Varian, H.: System Reliability and Free Riding. In: Workshop on Economics and Information Security (2002),
  3. 3.
    Anderson, R.: Why Information Security is Hard – An Economic Perspective. In: Proceedings of the 17th Computer Security Applications Conference, Banff, also given as a distinguished lecture at the Symposium on Operating Systems Principles, pp. 358–365. IEEE Computer Society Press, Los Alamitos (2001),
  4. 4.
    Anderson, R., Bond, M.: API-Level Attacks on Embedded Systems. IEEE Computer 34(10), 67–75 (2001), Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ross Anderson
    • 1
  1. 1.University of Cambridge 

Personalised recommendations