Skip to main content

Research Repository

Advanced Search

The secret lives of assumptions: developing and refining assumption personas for secure system design. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. The secret lives of assumptions: developing and refining assumption personas for secure system design. In Bernhaupt, R., Forbrig, P., Gulliksen, J. and Lárusdóttir, M. (eds.) Human-centred software engineering: proceedings of the 3rd International conference on human-centred software engineering (HCSE 2010), 14-15 October 2010, Reykjavik, Iceland. Lecture notes in computer science, 6409. Berlin: Springer [online], pages 111-118. Available from: https://doi.org/10.1007/978-3-642-16488-0_9

Personas are useful for obtaining an empirically grounded understanding of a secure system's user population, its contexts of use, and possible vulnerabilities and threats endangering it. Often, however, personas need to be partly derived from assump... Read More about The secret lives of assumptions: developing and refining assumption personas for secure system design..

Security through usability: a user-centered approach for balanced security policy requirements. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Security through usability: a user-centered approach for balanced security policy requirements. Presented at the 26th Annual computer security applications conference (ACSAC 2010), 6-10 December 2010, Austin, USA.

Security policy authors face a dilemma. On one hand, policies need to respond to a constantly evolving, well reported threat landscape, the consequences of which have heightened the security awareness of senior managers. On the other hand, the impact... Read More about Security through usability: a user-centered approach for balanced security policy requirements..

Security and usability: searching for the philosopher's stone. (2010)
Presentation / Conference
FLÉCHAIS, I. and FAILY, S. 2010. Security and usability: searching for the philosopher's stone. Presented at the Workshop on the development of EuroSOUPS, 24 November 2010, Newcastle, UK. Hosted on CoCoLab.org [online]. Available from: https://www.cocolab.org/soups/eurosoups

This paper describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes security design is currently a craft, where quality is dependent on individuals a... Read More about Security and usability: searching for the philosopher's stone..

Designing and aligning e-science security culture with design. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Designing and aligning e-science security culture with design. Information management and computer security [online], 18(5): selected papers from the South African information security multi-conference (SAISMC 2010), 17-18 May 2010, Port Elizabeth, South Africa, pages 339-349. Available from: https://doi.org/10.1108/09685221011095254

The purpose of this paper is to identify the key cultural concepts affecting security in multi-organisational systems, and to align these with design techniques and tools. A grounded theory model of security culture was derived from the related secur... Read More about Designing and aligning e-science security culture with design..

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. In Proceedings of the 2010 New security paradigms workshop (NSPW 2010), 21-23 September 2010, Concord, USA. New York: ACM [online], pages 73-84. Available from: https://doi.org/10.1145/1900546.1900557

When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augment... Read More about To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design..

Barry is not the weakest link: eliciting secure system requirements with personas. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Barry is not the weakest link: eliciting secure system requirements with personas. In Proceedings of the 24th International BCS human computer interaction conference (HCI 2010): games are a serious business, 6-10 September 2010, Dundee, UK. Swindon: BCS, pages 124-132. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/HCI2010.17

Building secure and usable systems means specifying systems for the people using it and the tasks they carry out, rather than vice-versa. User-centred design approaches encourage an early focus on users and their contexts of use, but these need to be... Read More about Barry is not the weakest link: eliciting secure system requirements with personas..

Towards tool-support for usable secure requirements engineering with CAIRIS. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Towards tool-support for usable secure requirements engineering with CAIRIS. International journal of secure software engineering [online], 1(3), pages 56-70. Available from: https://doi.org/10.4018/jsse.2010070104

Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of d... Read More about Towards tool-support for usable secure requirements engineering with CAIRIS..

A meta-model for usable secure requirements engineering. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. A meta-model for usable secure requirements engineering. In Proceedings of the 2010 ICSE workshop on software engineering for secure systems (SESS '10): co-located with the 32nd ACM/IEEE international conference on software engineering (ICSE 2010), 2-8 May 2010, Cape Town, South Africa. New York: ACM [online], pages 29-35. Available from: https://doi.org/10.1145/1809100.1809105

There is a growing recognition of the need for secure software engineering approaches addressing both technical and human factors. Existing approaches to secure software engineering focus on the need for technical security to the detriment of usabili... Read More about A meta-model for usable secure requirements engineering..

Analysing and visualising security and usability in IRIS. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Analysing and visualising security and usability in IRIS. In Proceedings of the 5th International conference on availability, reliability and security (ARES 2010), 15-18 February 2010, Krakow, Poland. Los Alamitos: IEEE Computer Society [online], pages 543-548. Available from: https://doi.org/10.1109/ares.2010.28

Despite a long-standing need to incorporate human factors into security risk analysis, taking a balanced approach to analysing security and usability concerns remains a challenge. Balancing security and usability is difficult due to human biases in s... Read More about Analysing and visualising security and usability in IRIS..

Improving secure systems design with security culture. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Improving secure systems design with security culture. Presented at the Human factors in information security conference (HFIS 2010), 22-24 February 2010, London, UK.

This poster summarises how the concept of security culture can be used to improve systems security and secure systems design. It highlights: the use of personas and user-centred design; environment modeling and understanding a system's context; and t... Read More about Improving secure systems design with security culture..