Skip to main content

Research Repository

Advanced Search

All Outputs (11)

Here's Johnny: a methodology for developing attacker personas. (2011)
Conference Proceeding
ATZENI, A., CAMERONI, C., FAILY, S., LYLE, J. and FLÉCHAIS, I. 2011. Here's Johnny: a methodology for developing attacker personas. In Proceedings of the 6th International conference on availability, reliability and security (ARES 2011), 22-26 Aug 2011, Vienna, Austria. Los Alamitos: IEEE Computer Society [online], pages 722-727. Available from: https://doi.org/10.1109/ARES.2011.115

The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona developm... Read More about Here's Johnny: a methodology for developing attacker personas..

User-centered information security policy development in a post-Stuxnet world. (2011)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2011. User-centered information security policy development in a post-Stuxnet world. In Proceedings of the 5th International workshop on secure software engineering (SecSE 2011), part of the 6th International conference on availability, reliability and security (ARES 2011), 22-26 Aug 2011, Vienna, Austria. Los Alamitos: IEEE Computer Society [online], pages 716-721. Available from: https://doi.org/10.1109/ARES.2011.111

A balanced approach is needed for developing information security policies in Critical National Infrastructure (CNI) contexts. Requirements Engineering methods can facilitate such an approach, but these tend to focus on either security at the expense... Read More about User-centered information security policy development in a post-Stuxnet world..

Eliciting policy requirements for critical national infrastructure using the IRIS framework. (2011)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2011. Eliciting policy requirements for critical national infrastructure using the IRIS framework. International journal of secure software engineering [online], 2(4), pages 1-18. Available from: https://doi.org/10.4018/jsse.2011100101

Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a bette... Read More about Eliciting policy requirements for critical national infrastructure using the IRIS framework..

Eliciting usable security requirements with misusability cases. (2011)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2011. Eliciting usable security requirements with misusability cases. Presented at the 19th IEEE international requirements engineering conference (RE 2011), 29 August - 2 September 2011, Trento, Italy.

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly descr... Read More about Eliciting usable security requirements with misusability cases..

Bridging user-centered design and requirements engineering with GRL and persona cases. (2011)
Conference Proceeding
FAILY, S. 2011. Bridging user-centered design and requirements engineering with GRL and persona cases. In Castro, J., Franch, X., Mylopoulos, J. and Yu, E. (eds.) Proceedings of the 5th International i* workshop (iStar 2011), 28-29 August 2011, Trento, Italy. CEUR workshop proceedings, 766. Aachen: CEUR-WS [online], pages 114-119. Available from: http://ceur-ws.org/Vol-766/paper20.pdf

Despite the large body of i* research, there has been comparatively little work on how goal-modelling techniques can help identify usability concerns. Recent work has considered how goal models might better integrate with User-Centered Design. This p... Read More about Bridging user-centered design and requirements engineering with GRL and persona cases..

Do we know each other or is it just our devices? A federated context model for describing social activity across devices. (2011)
Presentation / Conference
GIONIS, G., DESRUELLE, H., BLOMME, D., LYLE, J., FAILY, S. and BASSBOUSS, L. 2011. Do we know each other or is it just our devices? A federated context model for describing social activity across devices. Presented at the Federated social web Europe conference, 3-5 June 2011, Berlin, Germany.

The availability of connected devices is rapidly growing. In our everyday life, we already use a multitude of personal devices that are connected to the Internet. The number of shipped smart-phones at the end of 2010 even surpassed the traditional co... Read More about Do we know each other or is it just our devices? A federated context model for describing social activity across devices..

Security goes to ground: on the applicability of security entrepreneurship to grassroot activism. (2011)
Presentation / Conference
FAILY, S. 2011. Security goes to ground: on the applicability of security entrepreneurship to grassroot activism. Presented at the Workshop on HCI, politics and the city, part of the 29th Annual CHI conference on human factors in computing systems (CHI 2011), 7-8 May 2011, Vancouver, Canada.

Designing security for grassroot movements raises several challenges not particular to the organisations that are catered to by conventional approaches to security design. Drawing on analogies between Social Entrepreneurship and Grassroot Activism, a... Read More about Security goes to ground: on the applicability of security entrepreneurship to grassroot activism..

Persona cases: a technique for grounding personas. (2011)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2011. Persona cases: a technique for grounding personas. In Proceedings of the 29th Annual CHI conference on human factors in computing systems (CHI 2011), 7-12 May 2011, Vancouver, Canada. New York: ACM [online], pages 2267-2270. Available from: https://doi.org/10.1145/1978942.1979274

Personas are a popular technique in User-Centered Design, however their validity can be called into question. While the techniques used to developed personas and their integration with other design activities provide some measure of validity, a perso... Read More about Persona cases: a technique for grounding personas..

Two requirements for usable and secure software engineering. (2011)
Presentation / Conference
FAILY, S. 2011. Two requirements for usable and secure software engineering. Presented at the 1st Software and usable security aligned for good engineering workshop (SAUSAGE 2011), 5-6 April 2011, Gaithersburg, USA.

Despite the acknowledged need for systems to be both usable and secure, we lack guidance on how developers might build such systems. Based on recent research, we believe evidence exists that blending techniques from Security, Usability, and Software... Read More about Two requirements for usable and secure software engineering..

Seeking the philosopher's stone. (2011)
Journal Article
FLÉCHAIS, I. and FAILY, S. 2011. Seeking the philosopher's stone. Interfaces: the quarterly magazine of BCS Interaction Group [online], 86, pages 14-15. Available from: https://www.bcs.org/media/5326/interfaces86-spring2011.pdf

This article describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes, security design is currently a craft, where quality is dependent on individual... Read More about Seeking the philosopher's stone..

A model of security culture for e-science. (2011)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2011. A model of security culture for e-science. In Clarke, N., Furnell, S. and Von Solms, R. (eds.) Proceedings of the South African information security multi-conference (SAISMC 2010), 17-18 May 2010, Port Elizabeth, South Africa. Plymouth: University of Plymouth, pages 154-164.

There is a need to understand the cultural issues affecting security in large, distributed and heterogeneous systems; such systems are typified by e-Science projects. We present a model of security culture for e-Science, grounded both in the security... Read More about A model of security culture for e-science..