Bridging user-centered design and requirements engineering with GRL and persona cases.

Faily, Shamal

Online reviews as first class artifacts in mobile app development. (2014)
Conference Proceeding
IACOB, C., HARRISON, R. and FAILY, S. 2014. Online reviews as first class artifacts in mobile app development. In Memmi, G. and Blanke, U. (eds.) Mobile computing, applications and services: revised selected papers from the proceedings of the 5th International conference on mobile computing, applications and services (MobiCase 2013), 7-8 November 2013, Paris, France. Lecture notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 130. Cham: Springer [online], pages 47-53. Available from: https://doi.org/10.1007/978-3-319-05452-0_4

This paper introduces a framework for developing mobile apps. The framework relies heavily on app stores and, particularly, on online reviews from app users. The underlying idea is that app stores are proxies for users because they contain direct fee... Read More about Online reviews as first class artifacts in mobile app development..

Personal PKI for the smart device era. (2013)
Conference Proceeding
LYLE, J., PAVERD, A., KING-LACROIX, J., ATZENI, A., VIRJI, H., FLÉCHAIS, I. and FAILY, S. 2013. Personal PKI for the smart device era. In De Capitani di Vimercati, S. and Mitchell, C. (eds.) Public key infrastructures, services and applications: revised selected papers from the 9th European workshop on public key infrastructures, services and applications (EuroPKI 2012), 13-14 September 2012, Pisa, Italy. Lecture notes in computer science, 7868. Heidelberg: Springer [online], pages 69-84. Available from: https://doi.org/10.1007/978-3-642-40012-4_5

As people use an increasing number of smart devices for their everyday computing, it is surprising that these powerful, internet-enabled devices are rarely connected together to create personal networks. The webinos project is an attempt to make this... Read More about Personal PKI for the smart device era..

Continuous integration for web-based software infrastructures: lessons learned on the webinos project. (2013)
Conference Proceeding
SU, T., LYLE, J., ATZENI, A., FAILY, S., VIRJI, H., NTANOS, C. and BOTSIKAS, C. 2013. Continuous integration for web-based software infrastructures: lessons learned on the webinos project. In Bertacco, V. and Legay, A. (eds.) Hardware and software: verification and testing: proceedings of the 9th International Haifa verification conference (HVC 2013), 5-7 November 2013, Haifa, Israel. Lecture notes in computer science, 8244. Cham: Springer [online], pages 145-150. Available from: https://doi.org/10.1007/978-3-319-03077-7_10

Testing web-based software infrastructures is challenging. The need to interact with different services running on different devices, with different expectations for security and privacy contributes not only to the complexity of the infrastructure, b... Read More about Continuous integration for web-based software infrastructures: lessons learned on the webinos project..

Security patterns considered harmful? (2013)
Conference Proceeding
FAILY, S. 2013. Security patterns considered harmful? In Proceedings of the 2nd International workshop on cyberpatterns (Cyberpatterns 2013): unifying design patterns with security, attack and forensic patterns, 8-9 July 2013, Abingdon, UK. Oxford: Oxford Brookes University, pages 108-109.

While a useful source of repeatable security knowledge, ambiguity about what security patterns are and how they might be applied call into question their reliability as a design tool. To provoke discussion about their usefulness, this paper claims th... Read More about Security patterns considered harmful?.

Proceedings of the Workshop on web applications and secure hardware (WASH 2013). (2013)
Conference Proceeding
LYLE, J., FAILY, S. and WINANDY, M. (eds.) 2013. Proceedings of the Workshop on web applications and secure hardware (WASH 2013), co-located with the 6th International conference on trust and trustworthy computing (TRUST 2013), 20 June 2013, London, UK. CEUR workshop proceedings, 1011. Aachen: CEUR-WS [online]. Available from: http://ceur-ws.org/Vol-1011/

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of... Read More about Proceedings of the Workshop on web applications and secure hardware (WASH 2013)..

Guidelines for integrating personas into software engineering tools. (2013)
Conference Proceeding
FAILY, S. and LYLE, J. 2013. Guidelines for integrating personas into software engineering tools. In Proceedings of the 5th ACM SIGCHI symposium on engineering interactive computing systems (EICS 2013), 24-27 June 2013, London, UK. New York: ACM [online], pages 69-74. Available from: https://doi.org/10.1145/2494603.2480318

Personas have attracted the interest of many in the usability and software engineering communities. To date, however, there has been little work illustrating how personas can be integrated into software tools to support these engineering activities.... Read More about Guidelines for integrating personas into software engineering tools..

Designing interactive secure systems: CHI 2013 special interest group. (2013)
Conference Proceeding
FAILY, S., COLES-KEMP, L., DUNPHY, P., JUST, M., AKAMA, Y. and DE LUCA, A. 2013. Designing interactive secure systems: CHI 2013 special interest group. In Baudisch, P., Beaudouin-Lafon, M. and Mackay, W.E. (eds.) Extended abstracts from the 31st Annual CHI conference on human factors in computing systems (CHI 2013): changing perspectives, 27 April - 2 May 2013, Paris, France. New York: ACM [online], volume 3, pages 2469-2472. Available from: https://doi.org/10.1145/2468356.2468807

Despite a growing interest in the design and engineering of interactive secure systems, there is also a noticeable amount of fragmentation. This has led to a lack of awareness about what research is currently being carried out, and misunderstandings... Read More about Designing interactive secure systems: CHI 2013 special interest group..

Extending the web to support personal network services. (2013)
Conference Proceeding
LYLE, J., NILSSON, C., ISBERG, A. and FAILY, S. 2013. Extending the web to support personal network services. In Proceedings of the 28th Annual ACM symposium on applied computing (SAC 2013), 18-22 March 2013, Coimbra, Portugal. New York: ACM [online], volume 1, pages 711-716. Available from: https://doi.org/10.1145/2480362.2480499

Web browsers are able to access resources hosted anywhere in the world, yet content and features on personal devices remain largely inaccessible. Because of routing, addressing and security issues, web applications are unable to use local sensors, ca... Read More about Extending the web to support personal network services..

On the design and development of webinos: a distributed mobile application middleware. (2012)
Conference Proceeding
LYLE, J., FAILY, S., FLÉCHAIS, I., PAUL, A., GÖKER, A., MYRHAUG, H., DESRUELLE, H. and MARTIN, A. 2012. On the design and development of webinos: a distributed mobile application middleware. In Göschka, K.M. and Haridi, S. (eds.) Distributed applications and interoperable systems: proceedings of the 12th International Federation for Information Processing (IFIP) Working Group 6.1 international conference on distributed applications and interoperable systems (DAIS 2012), 13-16 June 2012, Stockholm, Sweden. Lecture notes in computer science, 7272. Heidelberg: Springer [online], pages 140-147. Available from: https://doi.org/10.1007/978-3-642-30823-9_12

As personal devices become smarter, opportunities arise for sharing services, applications and data between them. While web technologies hold the promise of being a unifying layer, browsers lack functionality for supporting inter-device communication... Read More about On the design and development of webinos: a distributed mobile application middleware..

Requirements sensemaking using concept maps. (2012)
Conference Proceeding
FAILY, S., LYLE, J., PAUL, A., ATZENI, A., BLOMME, D., DESRUELLE, H. and BANGALORE, K. 2012. Requirements sensemaking using concept maps. In Winckler, M., Forbrig, P. and Bernhaupt, R. (eds.) Human-centered software engineering: proceedings of the 4th International conference on human-centered software engineering (HCSE 2012), 29-31 October 2012, Toulouse, France. Lecture notes in computer science, 7623. Heidelberg: Springer [online], pages 217-232. Available from: https://doi.org/10.1007/978-3-642-34347-6_13

Requirements play an important role in software engineering, but their perceived usefulness means that they often fail to be properly maintained. Traceability is often considered a means for motivating and maintaining requirements, but this is diffic... Read More about Requirements sensemaking using concept maps..

Model-driven architectural risk analysis using architectural and contextualised attack patterns. (2012)
Conference Proceeding
FAILY, S., LYLE, J., NAMILUKO, C., ATZENI, A. and CAMERONI, C. 2012. Model-driven architectural risk analysis using architectural and contextualised attack patterns. In Proceedings of the 1st Model-driven security workshop (MDsec 2012), co-located with the 15th International conference on model-driven engineering languages and systems (MoDELS 2012), 1-5 October 2012, Innsbruck, Austria. New York: ACM [online], article number 3. Available from: https://doi.org/10.1145/2422498.2422501

A secure system architecture is often based on a variety of design and security model elements. Without some way of evaluating the impact of these individual design elements in the face of possible attacks, design flaws may weaken a software architec... Read More about Model-driven architectural risk analysis using architectural and contextualised attack patterns..

Secure system? Challenge accepted: finding and resolving security failures using security premortems. (2012)
Conference Proceeding
FAILY, S., PARKIN, S. and LYLE, J. 2012. Secure system? Challenge accepted: finding and resolving security failures using security premortems. In Faily, S., Fléchais, I. and Coles-Kemp, L. (eds.) Proceedings of the Designing interactive secure systems workshop (DISS 2012), part of the 26th International BCS human computer interaction conference (HCI 2012): people and computers, 11 September 2012, Birmingham, UK. Swindon: BCS [online], article number 66. Available from: https://doi.org/10.14236/ewic/HCI2012.66

Risk-driven approaches are dominant in secure systems design; these aim to elicit and treat vulnerabilities and the threats exploiting them. Such approaches, however, are so focused on driving risks out of system design, they fail to recognise the us... Read More about Secure system? Challenge accepted: finding and resolving security failures using security premortems..

Software for interactive secure systems design: lessons learned developing and applying CAIRIS. (2012)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2012. Software for interactive secure systems design: lessons learned developing and applying CAIRIS. In Faily, S., Fléchais, I. and Coles-Kemp, L. (eds.) Proceedings of the Designing interactive secure systems workshop (DISS 2012), part of the 26th International BCS human computer interaction conference (HCI 2012): people and computers, 11 September 2012, Birmingham, UK. Swindon: BCS [online], article number 64. Available from: https://doi.org/10.14236/ewic/HCI2012.64

As systems become more complex, the potential for security vulnerabilities being introduced increases. If we are to provide assurances about systems we design then we need the means of analysing, managing, and generally making sense of the data that... Read More about Software for interactive secure systems design: lessons learned developing and applying CAIRIS..

Proceedings of the Designing interactive secure systems workshop (DISS 2012). (2012)
Conference Proceeding
FAILY, S., FLÉCHAIS, I. and COLES-KEMP, L. (eds.) 2012. Proceedings of the Designing interactive secure systems workshop (DISS 2012), part of the 26th International BCS human computer interaction conference (HCI 2012): people and computers, 11 September 2012, Birmingham, UK. Swindon: BCS [online], article numbers 62-70. Preface available from: https://doi.org/10.14236/ewic/HCI2012.70

In recent years, the field of usable security has attracted researchers from HCI and Information Security, and led to a better understanding of the interplay between human factors and security mechanisms. Despite these advances, designing systems whi... Read More about Proceedings of the Designing interactive secure systems workshop (DISS 2012)..

Cross-platform access control for mobile web applications. (2012)
Conference Proceeding
LYLE, J., MONTELEONE, S., FAILY, S., PATTI, D. and RICCIATO, F. 2012. Cross-platform access control for mobile web applications. In Proceedings of the 2012 IEEE international symposium on policies for distributed systems and networks (POLICY 2012), 16-18 July 2012, Chapel Hill, USA. Los Alamitos: IEEE Computer Society [online], pages 37-44. Available from: https://doi.org/10.1109/POLICY.2012.9

Web browsers are a common platform for delivering cross-platform applications. However, they currently fail to provide consistent access control for security and privacy sensitive JavaScript APIs, such as geolocation and local storage. This problem i... Read More about Cross-platform access control for mobile web applications..

Tool-supported premortems with attack and security patterns. (2012)
Conference Proceeding
FAILY, S., LYLE, J. and PARKIN, S. 2012. Tool-supported premortems with attack and security patterns. In Proceedings of the 1st International workshop on cyberpatterns (Cyberpatterns 2012): unifying design patterns with security, attack and forensic patterns, 9-10 July 2012, Abingdon, UK. Oxford: Oxford Brookes University, pages 10-11.

Security patterns are a useful technique for packaging and applying security knowledge. However, because patterns represent partial knowledge of a problem and solution space, there is little certainty that addressing the consequences of one problem w... Read More about Tool-supported premortems with attack and security patterns..

The webinos project. (2012)
Conference Proceeding
FUHRHOP, C., LYLE, J. and FAILY, S. 2012. The webinos project. In Proceedings of the 21st Annual conference on World Wide Web companion (WWW 2012 Companion), 16-20 April 2012, Lyon, France. New York: ACM [online], pages 263-266. Available from: https://doi.org/10.1145/2187980.2188024

This poster paper describes the webinos project and presents the architecture and security features developed in webinos. It highlights the main objectives and concepts of the project and describes the architecture derived to achive the objectives.

Here's Johnny: a methodology for developing attacker personas. (2011)
Conference Proceeding
ATZENI, A., CAMERONI, C., FAILY, S., LYLE, J. and FLÉCHAIS, I. 2011. Here's Johnny: a methodology for developing attacker personas. In Proceedings of the 6th International conference on availability, reliability and security (ARES 2011), 22-26 Aug 2011, Vienna, Austria. Los Alamitos: IEEE Computer Society [online], pages 722-727. Available from: https://doi.org/10.1109/ARES.2011.115

The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona developm... Read More about Here's Johnny: a methodology for developing attacker personas..

User-centered information security policy development in a post-Stuxnet world. (2011)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2011. User-centered information security policy development in a post-Stuxnet world. In Proceedings of the 5th International workshop on secure software engineering (SecSE 2011), part of the 6th International conference on availability, reliability and security (ARES 2011), 22-26 Aug 2011, Vienna, Austria. Los Alamitos: IEEE Computer Society [online], pages 716-721. Available from: https://doi.org/10.1109/ARES.2011.111

A balanced approach is needed for developing information security policies in Critical National Infrastructure (CNI) contexts. Requirements Engineering methods can facilitate such an approach, but these tend to focus on either security at the expense... Read More about User-centered information security policy development in a post-Stuxnet world..

Bridging user-centered design and requirements engineering with GRL and persona cases. (2011)
Conference Proceeding
FAILY, S. 2011. Bridging user-centered design and requirements engineering with GRL and persona cases. In Castro, J., Franch, X., Mylopoulos, J. and Yu, E. (eds.) Proceedings of the 5th International i* workshop (iStar 2011), 28-29 August 2011, Trento, Italy. CEUR workshop proceedings, 766. Aachen: CEUR-WS [online], pages 114-119. Available from: http://ceur-ws.org/Vol-766/paper20.pdf

Despite the large body of i* research, there has been comparatively little work on how goal-modelling techniques can help identify usability concerns. Recent work has considered how goal models might better integrate with User-Centered Design. This p... Read More about Bridging user-centered design and requirements engineering with GRL and persona cases..

All Outputs (69)