MARAM: tool support for mobile app review management.

Iacob, Claudia; Faily, Shamal; Harrison, Rachel

Rationalising decision-making about risk: a normative approach. (2018)
Presentation / Conference Contribution
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2018. Rationalising decision-making about risk: a normative approach. In Clarke, N.L. and Furnell, S.M. (eds.) Proceedings of the 12th International symposium on human aspects of information security and assurance (HAISA 2018), 29-31 August 2018, Dundee, UK. Plymouth: University of Plymouth, pages 263-271. Hosted on the CSCAN Archive [online]. Available from: https://www.cscan.org/?page=openaccess&eid=20&id=395

Techniques for determining and applying security decisions typically follow risk-based analytical approaches where alternative options are put forward and weighed in accordance to risk severity metrics based on goals and context. The reasoning or val... Read More about Rationalising decision-making about risk: a normative approach..

Translating contextual integrity into practice using CLIFOD. (2018)
Presentation / Conference Contribution
HENRIKSEN-BULMER, J., FAILY, S. and KATOS, V. 2018. Translating contextual integrity into practice using CLIFOD. Presented at the 2018 Networked privacy workshop: privacy in context: critically engaging with theory to guide privacy research and design, part of the 21st ACM conference on computer-supported cooperative work and social computing (CSCW 2018), 3 November 2018, Jersey City, USA.

Public open data increases transparency, but raises questions about the privacy implications of affected individuals. We present a case for using CLIFOD (ContextuaL Integrity for Open Data), a step-by-step privacy decision framework derived from cont... Read More about Translating contextual integrity into practice using CLIFOD..

Tool-supporting data protection impact assessments with CAIRIS. (2018)
Presentation / Conference Contribution
COLES, J., FAILY, S. and KI-ARIES, D. 2018. Tool-supporting data protection impact assessments with CAIRIS. In Beckers, K., Faily, S., Lee, S.-W. and Mead, N. (eds.) Proceedings of the 5th International workshop on evolving security and privacy requirements engineering (ESPRE 2018), 20 August 2018, Banff, Canada. Los Alamitos: IEEE Computer Society [online], pages 21-27. Available from: https://doi.org/10.1109/ESPRE.2018.00010

The General Data Protection Regulation (GDPR) encourages the use of Data Protection Impact Assessments (DPIAs) to integrate privacy into organisations' activities and practices from early design onwards. To date, however, there has been little prescr... Read More about Tool-supporting data protection impact assessments with CAIRIS..

Assessing system of systems security risk and requirements with OASoSIS. (2018)
Presentation / Conference Contribution
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2018. Assessing system of systems security risk and requirements with OASoSIS. In Beckers, K., Faily, S., Lee, S.-W. and Mead, N. (eds.) Proceedings of the 5th International workshop on evolving security and privacy requirements engineering (ESPRE 2018), 20 August 2018, Banff, Canada. Los Alamitos: IEEE Computer Society [online], pages 14-20. Available from: https://doi.org/10.1109/ESPRE.2018.00009

When independent systems come together as a System of Systems (SoS) to achieve a new purpose, dealing with requirements conflicts across systems becomes a challenge. Moreover, assessing and modelling security risk for independent systems and the SoS... Read More about Assessing system of systems security risk and requirements with OASoSIS..

Redesigning an undergraduate software engineering course for a large cohort. (2018)
Presentation / Conference Contribution
IACOB, C. and FAILY, S. 2018. Redesigning an undergraduate software engineering course for a large cohort. In Proceedings of the 40th ACM/IEEE international conference on software engineering: software engineering education and training (ICSE-SEET 2018), 27 May - 3 June 2018, Gothenburg, Sweden. New York: ACM [online], pages 163-171. Available from: https://doi.org/10.1145/3183377.3183381

Teaching Software Engineering on an undergraduate programme is challenging, particularly when dealing with large numbers of students. On one hand, a strong understanding of software and good programming skills are prerequisites. On the other hand, th... Read More about Redesigning an undergraduate software engineering course for a large cohort..

System of systems characterisation assisting security risk assessment. (2018)
Presentation / Conference Contribution
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2018. System of systems characterisation assisting security risk assessment. In Proceedings of the 13th IEEE system of systems engineering conference (SoSE 2018), 19-22 June 2018, Paris, France. Piscataway: IEEE [online], pages 485-492. Available from: https://doi.org/10.1109/SYSOSE.2018.8428765

System of Systems (SoS) is a term often used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, clarity is needed when using this term given that operational areas may be unfamiliar with... Read More about System of systems characterisation assisting security risk assessment..

Qualitative adaptation: informing design for risk-based decision-making. (2018)
Presentation / Conference Contribution
M'MANGA, A., FAILY, S., MCALANEY, J., WILLIAMS, C., KADOBAYASHI, Y. and MIYAMOTO, D. 2018. Qualitative adaptation: informing design for risk-based decision-making. In Proceedings of the 2nd Workshop on the challenges and opportunities for qualitative data research methods in HCI, co-located with the 32nd International BCS human computer interaction conference (HCI 2018), 3 July 2018, Belfast, UK. Swindon: BCS [online], article number 216. Available from: https://doi.org/10.14236/ewic/HCI2018.216

Research on decision-making during risk and uncertainty facilitates risk-based decision-making, by understanding techniques that decision-makers use to arrive at informed decisions. Approaches to the research usually involve a mix of cognitive techni... Read More about Qualitative adaptation: informing design for risk-based decision-making..

Eliciting persona characteristics for risk-based decision making. (2018)
Presentation / Conference Contribution
M'MANGA, A., FAILY, S., MCALANEY, WILLIAMS, C., KADOBAYASHI, Y. and MIYAMOTO, D. 2018. Eliciting persona characteristics for risk-based decision making. In Proceedings of the 32nd International BCS human computer interaction conference (HCI 2018), 4-6 July 2018, Belfast, UK. Swindon: BCS [online], article number 158. Available from: https://doi.org/10.14236/ewic/HCI2018.158

Personas are behavioural specifications of archetypical users in Human Factors Engineering and User Interaction research, aimed at preventing biased views system designers may have of users. Personas are therefore nuanced representations of goals and... Read More about Eliciting persona characteristics for risk-based decision making..

Using extreme characters to teach requirements engineering. (2017)
Presentation / Conference Contribution
IACOB, C. and FAILY, S. 2017. Using extreme characters to teach requirements engineering. In Washizaki, H. and Mead, N. (eds.) Proceedings of the 30th IEEE conference on software engineering education and training (CSEET 2017), 7-9 November 2017, Savannah, USA. Los Alamitos: IEEE Computer Society [online], pages 107-111. Available from: https://doi.org/10.1109/CSEET.2017.25

One of the main challenges in teaching Software Engineering as an undergraduate course is making the need for software processes and documentation obvious. Armed with some knowledge of programming, students may feel inclined to skip any development p... Read More about Using extreme characters to teach requirements engineering..

From requirements to operation: components for risk assessment in a pervasive system of systems. (2017)
Presentation / Conference Contribution
KI-ARIES, D., DOGAN, H., FAILY, S., WHITTINGTON, P. and WILLIAMS, C. 2017. From requirements to operation: components for risk assessment in a pervasive system of systems. In Proceedings of the 4th Workshop on evolving security and privacy requirements engineering (ESPRE 2017), part of the 25th IEEE international requirements engineering conference workshops (REW 2017), 4-8 September 2017, Lisbon, Portugal. Los Alamitos: IEEE Computer Society [online], pages 83-89. Available from: https://doi.org/10.1109/REW.2017.36

Framing Internet of Things (IoT) applications as a System of Systems (SoS) can help us make sense of complexity associated with interoperability and emergence. However, assessing the risk of SoSs is a challenge due to the independence of component sy... Read More about From requirements to operation: components for risk assessment in a pervasive system of systems..

Design as code: facilitating collaboration between usability and security engineers using CAIRIS. (2017)
Presentation / Conference Contribution
FAILY, S. and IACOB, C. 2017. Design as code: facilitating collaboration between usability and security engineers using CAIRIS. In Proceedings of the 4th Workshop on evolving security and privacy requirements engineering (ESPRE 2017), part of the 25th IEEE international requirements engineering conference workshops (REW 2017), 4-8 September 2017, Lisbon, Portugal. Los Alamitos: IEEE Computer Society [online], pages 76-82. Available from: https://doi.org/10.1109/REW.2017.23

Designing usable and secure software is hard without tool-support. Given the importance of requirements, CAIRIS was designed to illustrate the form tool-support for specifying usable and secure systems might take. While CAIRIS supports a broad range... Read More about Design as code: facilitating collaboration between usability and security engineers using CAIRIS..

Persona-centred information security awareness. (2017)
Journal Article
KI-ARIES, D. and FAILY, S. 2017. Persona-centred information security awareness. Computers and security [online] 70, pages 663-674. Available from: https://doi.org/10.1016/j.cose.2017.08.001

Maintaining Information Security and protecting data assets remains a principal concern for businesses. Many data breaches continue to result from accidental, intentional or malicious human factors, leading to financial or reputational loss. One appr... Read More about Persona-centred information security awareness..

Applying contextual integrity to open data publishing. (2017)
Presentation / Conference Contribution
HENRIKSEN-BULMER, J. and FAILY, S. 2017. Applying contextual integrity to open data publishing. In Hall, L., Flint, T., O'Hara, S. and Turner, P. (eds.) Proceedings of the 31st International BCS human computer interaction conference (HCI 2017), 3-6 July 2017, Sunderland, UK. Swindon: BCS, paper number 95. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/HCI2017.95

Open data publishing by both corporate and public bodies has increased significantly in recent years and this type of data could soon be developing into a real commodity. However, not all organisations pay sufficient heed to privacy as part of the de... Read More about Applying contextual integrity to open data publishing..

Folk risk analysis: factors influencing security analysts' interpretation of risk. (2017)
Presentation / Conference Contribution
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2017. Folk risk analysis: factors influencing security analysts' interpretation of risk. Presented at the 3rd Workshop on security information workers (WSIW 2017), part of the 13th Symposium on usable privacy and security (SOUPS 2017), co-located with the 2017 USENIX annual technical conference (USENIX ATC 2017), 12-14 July 2017, Santa Clara, USA. Hosted on the USENIX website [online]. Available from: https://www.usenix.org/conference/soups2017/workshop-program/wsiw2017/mmanga

There are several standard approaches to risk analysis recommended for use in information security, however, the actual application of risk analysis by security analysts follows an opaque mix of standard risk analysis procedures and adaptations based... Read More about Folk risk analysis: factors influencing security analysts' interpretation of risk..

Usable security. (2017)
Other
ATZENI, A., FAILY, S. and GALLONI, R. 2018. Usable security. In Khosrow-Pour, M. (ed.) Encyclopedia of information science and technology. 4th edition. Hershey: IGI Global [online], chapter 433, pages 5004-5013. Available from: https://doi.org/10.4018/978-1-5225-2255-3.ch433

Traditionally, security is only considered as strong as its weakest link, and people were considered as the weak links (Schneier, 2003). This thinking triggers a vicious circle. (Adam & Sasse, 1999) stated that users are informed as little as possibl... Read More about Usable security..

System design considerations for risk perception. (2017)
Presentation / Conference Contribution
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2017. System design considerations for risk perception. In Assar, S., Pastor, O. and Mouratidis, H. (eds.) Proceedings of the 11th IEEE international conference on research challeneges in information science (RCIS 2017), 10-12 May 2017, Brighton, UK. Piscataway: IEEE [online], pages 322-327. Available from: https://doi.org/10.1109/RCIS.2017.7956554

The perception of risk is a driver for security analysts' decision making. However, security analysts may have conflicting views of a risk based on personal, system and environmental factors. This difference in perception and opinion, may impact effe... Read More about System design considerations for risk perception..

Re-framing "the AMN": a case study eliciting and modelling a system of systems using the Afghan Mission Network. (2017)
Presentation / Conference Contribution
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2017. Re-framing "the AMN": a case study eliciting and modelling a system of systems using the Afghan Mission Network. In Assar, S., Pastor, O. and Mouratidis, H. (eds.) Proceedings of the 11th IEEE international conference on research challenges in information science (RCIS 2017), 10-12 May 2017, Brighton, UK. Piscataway: IEEE [online], pages 103-108. Available from: https://doi.org/10.1109/RCIS.2017.7956524

The term System of Systems (SoS) is often used to classify an arrangement of independent and interdependent systems delivering unique capabilities. There appear to be many examples of SoSs, but the term has become a source of confusion. While many ap... Read More about Re-framing "the AMN": a case study eliciting and modelling a system of systems using the Afghan Mission Network..

Proceedings of the 3rd IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2016). (2016)
Presentation / Conference Contribution
BECKERS, K., FAILY, S., LEE, S.-W. and MEAD, N. (eds.) 2016. Proceedings of the 3rd IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2016), co-located with the 24th IEEE international requirements engineering conference (RE 2016), 12 September 2016, Beijing, China. In Proceedings of the 2016 IEEE 24th international requirements engineering conference workshops. Los Alamitos: IEEE Computer Society [online], pages 53-91. Available from: https://ieeexplore.ieee.org/xpl/conhome/7801359/proceeding

ESPRE 2016 was a multi-disciplinary, one-day workshop, co-located with the RE'16 conference. The ESPRE workshop series brings together practitioners and researchers interested in security and privacy requirements. This workshop probed the interfaces... Read More about Proceedings of the 3rd IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2016)..

Human aspects of digital rights management: the perspective of content developers. [Journal Article] (2016)
Journal Article
FAVALE, M., MCDONALD, N., FAILY, S. and GATZIDIS, C. 2016. Human aspects of digital rights management: the perspective of content developers. SCRIPTed [online], 13(3), pages 289-304. Available from: https://doi.org/10.2966/scrip.130316.289

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security a... Read More about Human aspects of digital rights management: the perspective of content developers. [Journal Article].

MARAM: tool support for mobile app review management. (2016)
Presentation / Conference Contribution
IACOB, C., FAILY, S. and HARRISON, R. 2016. MARAM: tool support for mobile app review management. In Kawsar, F., Zhang, P. and Musolesi, M. (eds.) Proceedings of the 8th International conference on mobile computing, applications and services (MobiCase 2016), 30 November - 1 December 2016, Cambridge, UK. Brussels: Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (ICST), pages 42-50.

Mobile apps today have millions of user reviews available online. Such reviews cover a large broad of themes and are usually expressed in an informal language. They provide valuable information to developers, such as feature requests, bug reports, an... Read More about MARAM: tool support for mobile app review management..

All Outputs (113)