Skip to main content

Research Repository

Advanced Search

Outputs (113)

Finding and resolving security misusability with misusability cases. (2014)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2016. Finding and resolving security misusability with misusability cases. Requirements engineering [online], 21(2), pages 209-223. Available from: https://doi.org/10.1007/s00766-014-0217-8

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly descr... Read More about Finding and resolving security misusability with misusability cases..

Eliciting and visualising trust expectations using persona trust characteristics and goal models. (2014)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2014. Eliciting and visualising trust expectations using persona trust characteristics and goal models. In Lanubile, F. and Ali, R. (eds.) Proceedings of the 6th International workshop on social software engineering (SSE 2014), 17 November 2014, Hong Kong, China. New York: ACM [online], pages 17-24. Available from: https://doi.org/10.1145/2661685.2661690

Developers and users rely on trust to simplify complexity when building and using software. Unfortunately, the invisibility of trust and the richness of a system's context of use means that factors influencing trust are difficult to see, and assessin... Read More about Eliciting and visualising trust expectations using persona trust characteristics and goal models..

Authorisation in context: incorporating context-sensitivity into an access control framework. (2014)
Conference Proceeding
FAILY, S., LYLE, J., FLÉCHAIS, I., ATZENI, A., CAMERONI, C., MYRHAUG, H., GÖKER, A. and KLEINFELD, R. 2014. Authorisation in context: incorporating context-sensitivity into an access control framework. In Proceedings of the 28th International BCS human computer interaction conference (HCI 2014): sand, sea and sky: holiday HCI, 9-12 September 2014, Southport, UK. Swindon: BCS, pages 189-194. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/hci2014.29

With sensitive information about ourselves now distributed across personal devices, people need to make access control decisions for different contexts of use. However, despite advances in improving the usability of access control for both developers... Read More about Authorisation in context: incorporating context-sensitivity into an access control framework..

Proceedings of the 1st IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2014). (2014)
Conference Proceeding
BECKERS, K., FAILY, S., LEE, S.-W. and MEAD, N. (eds.) 2014. Proceedings of the 1st IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2014), co-located with the 22nd IEEE international requirements engineering conference (RE 2014), 25 August 2014, Karlskrona, Sweden. Piscataway: IEEE [online]. Available from: https://ieeexplore.ieee.org/xpl/conhome/6883269/proceeding

The main focus of ESPRE is to bring together practitioners and researchers interested in security and privacy requirements. ESPRE probes the interfaces between requirements engineering, security and privacy, and takes the first step in evolving secur... Read More about Proceedings of the 1st IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2014)..

Online reviews as first class artifacts in mobile app development. (2014)
Conference Proceeding
IACOB, C., HARRISON, R. and FAILY, S. 2014. Online reviews as first class artifacts in mobile app development. In Memmi, G. and Blanke, U. (eds.) Mobile computing, applications and services: revised selected papers from the proceedings of the 5th International conference on mobile computing, applications and services (MobiCase 2013), 7-8 November 2013, Paris, France. Lecture notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 130. Cham: Springer [online], pages 47-53. Available from: https://doi.org/10.1007/978-3-319-05452-0_4

This paper introduces a framework for developing mobile apps. The framework relies heavily on app stores and, particularly, on online reviews from app users. The underlying idea is that app stores are proxies for users because they contain direct fee... Read More about Online reviews as first class artifacts in mobile app development..

Evaluating the implications of attack and security patterns with premortems. (2014)
Book Chapter
FAILY, S., PARKIN, S. and LYLE, J. 2014. Evaluating the implications of attack and security patterns with premortems. In Blackwell, C. and Zhu, H. (eds.) Cyberpatterns: unifying design patterns with security and attack patterns. Cham: Springer [online], chapter 16, pages 199-209. Available from: https://doi.org/10.1007/978-3-319-04447-7_16

Security patterns are a useful way of describing, packaging and applying security knowledge which might otherwise be unavailable. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that ad... Read More about Evaluating the implications of attack and security patterns with premortems..

Personal PKI for the smart device era. (2013)
Conference Proceeding
LYLE, J., PAVERD, A., KING-LACROIX, J., ATZENI, A., VIRJI, H., FLÉCHAIS, I. and FAILY, S. 2013. Personal PKI for the smart device era. In De Capitani di Vimercati, S. and Mitchell, C. (eds.) Public key infrastructures, services and applications: revised selected papers from the 9th European workshop on public key infrastructures, services and applications (EuroPKI 2012), 13-14 September 2012, Pisa, Italy. Lecture notes in computer science, 7868. Heidelberg: Springer [online], pages 69-84. Available from: https://doi.org/10.1007/978-3-642-40012-4_5

As people use an increasing number of smart devices for their everyday computing, it is surprising that these powerful, internet-enabled devices are rarely connected together to create personal networks. The webinos project is an attempt to make this... Read More about Personal PKI for the smart device era..

Continuous integration for web-based software infrastructures: lessons learned on the webinos project. (2013)
Conference Proceeding
SU, T., LYLE, J., ATZENI, A., FAILY, S., VIRJI, H., NTANOS, C. and BOTSIKAS, C. 2013. Continuous integration for web-based software infrastructures: lessons learned on the webinos project. In Bertacco, V. and Legay, A. (eds.) Hardware and software: verification and testing: proceedings of the 9th International Haifa verification conference (HVC 2013), 5-7 November 2013, Haifa, Israel. Lecture notes in computer science, 8244. Cham: Springer [online], pages 145-150. Available from: https://doi.org/10.1007/978-3-319-03077-7_10

Testing web-based software infrastructures is challenging. The need to interact with different services running on different devices, with different expectations for security and privacy contributes not only to the complexity of the infrastructure, b... Read More about Continuous integration for web-based software infrastructures: lessons learned on the webinos project..

Security lessons learned building concept apps for webinos. (2013)
Presentation / Conference
FAILY, S. and LYLE, J. 2013. Security lessons learned building concept apps for webinos. Presented at the Human aspects in mobile apps engineering workshop (HAMAE 2013), part of the 27th International BCS human computer interaction conference (HCI 2013): the Internet of Things, 9 September 2013, London, UK.

Concept applications provide a means for tackling security infrastructure problems. Not only do they provide feedback to infrastructure design, they can also inform subsequent research activities. However, to directly influence the architectural desi... Read More about Security lessons learned building concept apps for webinos..

Security patterns considered harmful? (2013)
Conference Proceeding
FAILY, S. 2013. Security patterns considered harmful? In Proceedings of the 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns, 8-9 July 2013, Abingdon, UK. Oxford: Oxford Brookes University, pages 108-109.

While a useful source of repeatable security knowledge, ambiguity about what security patterns are and how they might be applied call into question their reliability as a design tool. To provoke discussion about their usefulness, this paper claims th... Read More about Security patterns considered harmful?.