Analysing and visualising security and usability in IRIS.

Faily, Shamal; Fl�chais, Ivan

doi:10.1109/ares.2010.28

All Outputs (5)

The secret lives of assumptions: developing and refining assumption personas for secure system design. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. The secret lives of assumptions: developing and refining assumption personas for secure system design. In Bernhaupt, R., Forbrig, P., Gulliksen, J. and Lárusdóttir, M. (eds.) Human-centred software engineering: proceedings of the 3rd International conference on human-centred software engineering (HCSE 2010), 14-15 October 2010, Reykjavik, Iceland. Lecture notes in computer science, 6409. Berlin: Springer [online], pages 111-118. Available from: https://doi.org/10.1007/978-3-642-16488-0_9

Personas are useful for obtaining an empirically grounded understanding of a secure system's user population, its contexts of use, and possible vulnerabilities and threats endangering it. Often, however, personas need to be partly derived from assump... Read More about The secret lives of assumptions: developing and refining assumption personas for secure system design..

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. In Proceedings of the 2010 New security paradigms workshop (NSPW 2010), 21-23 September 2010, Concord, USA. New York: ACM [online], pages 73-84. Available from: https://doi.org/10.1145/1900546.1900557

When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augment... Read More about To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design..

Barry is not the weakest link: eliciting secure system requirements with personas. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Barry is not the weakest link: eliciting secure system requirements with personas. In Proceedings of the 24th International BCS human computer interaction conference (HCI 2010): games are a serious business, 6-10 September 2010, Dundee, UK. Swindon: BCS, pages 124-132. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/HCI2010.17

Building secure and usable systems means specifying systems for the people using it and the tasks they carry out, rather than vice-versa. User-centred design approaches encourage an early focus on users and their contexts of use, but these need to be... Read More about Barry is not the weakest link: eliciting secure system requirements with personas..

A meta-model for usable secure requirements engineering. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. A meta-model for usable secure requirements engineering. In Proceedings of the 2010 ICSE workshop on software engineering for secure systems (SESS '10): co-located with the 32nd ACM/IEEE international conference on software engineering (ICSE 2010), 2-8 May 2010, Cape Town, South Africa. New York: ACM [online], pages 29-35. Available from: https://doi.org/10.1145/1809100.1809105

There is a growing recognition of the need for secure software engineering approaches addressing both technical and human factors. Existing approaches to secure software engineering focus on the need for technical security to the detriment of usabili... Read More about A meta-model for usable secure requirements engineering..

Analysing and visualising security and usability in IRIS. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Analysing and visualising security and usability in IRIS. In Proceedings of the 5th International conference on availability, reliability and security (ARES 2010), 15-18 February 2010, Krakow, Poland. Los Alamitos: IEEE Computer Society [online], pages 543-548. Available from: https://doi.org/10.1109/ares.2010.28

Despite a long-standing need to incorporate human factors into security risk analysis, taking a balanced approach to analysing security and usability concerns remains a challenge. Balancing security and usability is difficult due to human biases in s... Read More about Analysing and visualising security and usability in IRIS..