All Outputs (20)

Automation and cyber security risks on the railways: the human factors implications. (2022)
Presentation / Conference
THON, E. and FAILY, S. 2022. Automation and cyber security risks on the railways: the human factors implications. Presented at the 2022 International conference on ergonomics and human factors, part one (EHF2022 Online), 11-12 April 2022, [virtual event].

Automation improves rail passenger experience, but may reduce cyber resilience because it fails to adequately account for human factors. Preliminary results from a study on signallers and automation confirms this, but judicious use of modelling tools... Read More about Automation and cyber security risks on the railways: the human factors implications..

Translating contextual integrity into practice using CLIFOD. (2018)
Presentation / Conference
HENRIKSEN-BULMER, J., FAILY, S. and KATOS, V. 2018. Translating contextual integrity into practice using CLIFOD. Presented at the 2018 Networked privacy workshop: privacy in context: critically engaging with theory to guide privacy research and design, part of the 21st ACM conference on computer-supported cooperative work and social computing (CSCW 2018), 3 November 2018, Jersey City, USA.

Public open data increases transparency, but raises questions about the privacy implications of affected individuals. We present a case for using CLIFOD (ContextuaL Integrity for Open Data), a step-by-step privacy decision framework derived from cont... Read More about Translating contextual integrity into practice using CLIFOD..

Folk risk analysis: factors influencing security analysts' interpretation of risk. (2017)
Presentation / Conference
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2017. Folk risk analysis: factors influencing security analysts' interpretation of risk. Presented at the 3rd Workshop on security information workers (WSIW 2017), part of the 13th Symposium on usable privacy and security (SOUPS 2017), co-located with the 2017 USENIX annual technical conference (USENIX ATC 2017), 12-14 July 2017, Santa Clara, USA. Hosted on the USENIX website [online]. Available from: https://www.usenix.org/conference/soups2017/workshop-program/wsiw2017/mmanga

There are several standard approaches to risk analysis recommended for use in information security, however, the actual application of risk analysis by security analysts follows an opaque mix of standard risk analysis procedures and adaptations based... Read More about Folk risk analysis: factors influencing security analysts' interpretation of risk..

Human aspects of digital rights management: the perspective of content developers. [Conference Paper] (2015)
Presentation / Conference
FAVALE, M., MCDONALD, N., FAILY, S. and GATZIDIS, C. 2015. Human aspects of digital rights management: the perspective of content developers. Presented at the 4th International workshop on artificial intelligence and IP law (AIIP 2015): the story(s) of copyright, 9 December 2015, Braga, Portugal.

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security a... Read More about Human aspects of digital rights management: the perspective of content developers. [Conference Paper].

The mystery of security design. (2015)
Presentation / Conference
VALLINDRAS, A. and FAILY, S. 2015. The mystery of security design. Presented at the 29th British human computer interaction conference (British HCI 2015), 13-17 July 2015, Lincoln, UK.

Designing for security is hard without security getting in the way of design. Unfortunately, security is often promoted through fear, uncertainty, and doubt (FUD). As a result, the scale of FUD has now become so great that it hinders people's ability... Read More about The mystery of security design..

Embedding professional practice into the cybersecurity curriculum using ethics. (2015)
Presentation / Conference
FAILY, S. and JONES, M. 2015. Embedding professional practice into the cybersecurity curriculum using ethics. Presented at the UK workshop on cybersecurity training and education, 11 June 2015, Liverpool, UK.

Cybersecurity graduates are ready to tackle the technical problems they might face, but employability needs to be incorporated into the curriculum should they wish to tackle ill-defined professional challenges as well. We describe how employability w... Read More about Embedding professional practice into the cybersecurity curriculum using ethics..

Security lessons learned building concept apps for webinos. (2013)
Presentation / Conference
FAILY, S. and LYLE, J. 2013. Security lessons learned building concept apps for webinos. Presented at the Human aspects in mobile apps engineering workshop (HAMAE 2013), part of the 27th International BCS human computer interaction conference (HCI 2013): the Internet of Things, 9 September 2013, London, UK.

Concept applications provide a means for tackling security infrastructure problems. Not only do they provide feedback to infrastructure design, they can also inform subsequent research activities. However, to directly influence the architectural desi... Read More about Security lessons learned building concept apps for webinos..

Formal evaluation of persona trustworthiness with EUSTACE. (2013)
Presentation / Conference
FAILY, S., POWER, D., ARMSTRONG, P. and FLÉCHAIS, I. 2013. Formal evaluation of persona trustworthiness with EUSTACE. Presented at the 6th International conference on trust and trustworthy computing (TRUST 2013), 17-19 June 2013, London, UK.

Personas are useful for considering how users of a system might behave, but problematic when accounting for hidden behaviours not obvious from their descriptions alone. Formal methods can potentially identify such subtleties in interactive systems, b... Read More about Formal evaluation of persona trustworthiness with EUSTACE..

Analysing chindōgu: applying defamiliarisation to security design. (2012)
Presentation / Conference
FAILY, S. 2012. Analysing chindōgu: applying defamiliarisation to security design. Presented at the Workshop on defamiliarization in innovation and usability, part of the 30th ACM SIGCHI conference on human factors in computing systems (CHI 2012), 5 May 2012, Austin, Texas.

Envisaging how secure systems might be attacked is difficult without adequate attacker models or relying on stereotypes. Defamiliarisation removes this need for a priori domain knowledge and encourages designers to think critically about system prope... Read More about Analysing chindōgu: applying defamiliarisation to security design..

Eliciting usable security requirements with misusability cases. (2011)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2011. Eliciting usable security requirements with misusability cases. Presented at the 19th IEEE international requirements engineering conference (RE 2011), 29 August - 2 September 2011, Trento, Italy.

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly descr... Read More about Eliciting usable security requirements with misusability cases..

Do we know each other or is it just our devices? A federated context model for describing social activity across devices. (2011)
Presentation / Conference
GIONIS, G., DESRUELLE, H., BLOMME, D., LYLE, J., FAILY, S. and BASSBOUSS, L. 2011. Do we know each other or is it just our devices? A federated context model for describing social activity across devices. Presented at the Federated social web Europe conference, 3-5 June 2011, Berlin, Germany.

The availability of connected devices is rapidly growing. In our everyday life, we already use a multitude of personal devices that are connected to the Internet. The number of shipped smart-phones at the end of 2010 even surpassed the traditional co... Read More about Do we know each other or is it just our devices? A federated context model for describing social activity across devices..

Security goes to ground: on the applicability of security entrepreneurship to grassroot activism. (2011)
Presentation / Conference
FAILY, S. 2011. Security goes to ground: on the applicability of security entrepreneurship to grassroot activism. Presented at the Workshop on HCI, politics and the city, part of the 29th Annual CHI conference on human factors in computing systems (CHI 2011), 7-8 May 2011, Vancouver, Canada.

Designing security for grassroot movements raises several challenges not particular to the organisations that are catered to by conventional approaches to security design. Drawing on analogies between Social Entrepreneurship and Grassroot Activism, a... Read More about Security goes to ground: on the applicability of security entrepreneurship to grassroot activism..

Two requirements for usable and secure software engineering. (2011)
Presentation / Conference
FAILY, S. 2011. Two requirements for usable and secure software engineering. Presented at the 1st Software and usable security aligned for good engineering workshop (SAUSAGE 2011), 5-6 April 2011, Gaithersburg, USA.

Despite the acknowledged need for systems to be both usable and secure, we lack guidance on how developers might build such systems. Based on recent research, we believe evidence exists that blending techniques from Security, Usability, and Software... Read More about Two requirements for usable and secure software engineering..

Security through usability: a user-centered approach for balanced security policy requirements. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Security through usability: a user-centered approach for balanced security policy requirements. Presented at the 26th Annual computer security applications conference (ACSAC 2010), 6-10 December 2010, Austin, USA.

Security policy authors face a dilemma. On one hand, policies need to respond to a constantly evolving, well reported threat landscape, the consequences of which have heightened the security awareness of senior managers. On the other hand, the impact... Read More about Security through usability: a user-centered approach for balanced security policy requirements..

Security and usability: searching for the philosopher's stone. (2010)
Presentation / Conference
FLÉCHAIS, I. and FAILY, S. 2010. Security and usability: searching for the philosopher's stone. Presented at the Workshop on the development of EuroSOUPS, 24 November 2010, Newcastle, UK. Hosted on CoCoLab.org [online]. Available from: https://www.cocolab.org/soups/eurosoups

This paper describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes security design is currently a craft, where quality is dependent on individuals a... Read More about Security and usability: searching for the philosopher's stone..

Improving secure systems design with security culture. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Improving secure systems design with security culture. Presented at the Human factors in information security conference (HFIS 2010), 22-24 February 2010, London, UK.

This poster summarises how the concept of security culture can be used to improve systems security and secure systems design. It highlights: the use of personas and user-centred design; environment modeling and understanding a system's context; and t... Read More about Improving secure systems design with security culture..

Context-sensitive requirements and risk analysis. (2009)
Presentation / Conference
FAILY, S. 2009. Context-sensitive requirements and risk analysis. Presented at the Doctoral symposium of the 17th IEEE international requirements engineering conference (RE2009), 1 September 2009, Atlanta, USA.

When a system's context of use changes, the security impact may be felt in other contexts. Risks mitigated for one operational context may continue to pose a danger in others due to contextual differences in assets, threats and vulnerabilities. The r... Read More about Context-sensitive requirements and risk analysis..

Context-sensitive requirements and risk management with IRIS. (2009)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2009. Context-sensitive requirements and risk management with IRIS. Presented at the 17th IEEE international requirements engineering conference (RE2009), 31 August - 4 September 2009, Atlanta, USA.

Many systems are not designed for their contexts of operation. Subtle changes to context may lead to an increase in severity and likelihood of vulnerabilities and threats. The IRIS framework integrates the notion of context into requirements and risk... Read More about Context-sensitive requirements and risk management with IRIS..

Making the invisible visible: a theory of security culture for secure and usable grids. (2008)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2008. Making the invisible visible: a theory of security culture for secure and usable grids. Presented at the 2008 UK e-science all hands meeting (AHM 2008), 8-11 September 2008, Edinburgh, UK.

This presentation addressed the concept of security culture and how it might be applied to grid-based collaborative environments. The presentation outlined some guidelines for fostering a healthy security culture and proposed ideas for future work.

Living with flight dynamics: proposals and possible pitfalls for harmonising flight dynamics systems with EGOS. (2007)
Presentation / Conference
FAILY, S. 2007. Living with flight dynamics: proposals and possible pitfalls for harmonising flight dynamics systems with EGOS. Presented at the 2nd European ground system architecture workshop (ESAW 2007), 12-13 June 2007, Darmstadt, Germany.

This presentation advocates for harmonisation of flight dynamics systems, while addressing the possible challenges that might be encountered. Specifically, the presentation makes four proposals for harmonisation: telemetry monitoring software; low le... Read More about Living with flight dynamics: proposals and possible pitfalls for harmonising flight dynamics systems with EGOS..