Skip to main content

Research Repository

Advanced Search

Barry is not the weakest link: eliciting secure system requirements with personas. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Barry is not the weakest link: eliciting secure system requirements with personas. In Proceedings of the 24th International BCS human computer interaction conference (HCI 2010): games are a serious business, 6-10 September 2010, Dundee, UK. Swindon: BCS, pages 124-132. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/HCI2010.17

Building secure and usable systems means specifying systems for the people using it and the tasks they carry out, rather than vice-versa. User-centred design approaches encourage an early focus on users and their contexts of use, but these need to be... Read More about Barry is not the weakest link: eliciting secure system requirements with personas..

Towards tool-support for usable secure requirements engineering with CAIRIS. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Towards tool-support for usable secure requirements engineering with CAIRIS. International journal of secure software engineering [online], 1(3), pages 56-70. Available from: https://doi.org/10.4018/jsse.2010070104

Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of d... Read More about Towards tool-support for usable secure requirements engineering with CAIRIS..

A meta-model for usable secure requirements engineering. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. A meta-model for usable secure requirements engineering. In Proceedings of the 2010 ICSE workshop on software engineering for secure systems (SESS '10): co-located with the 32nd ACM/IEEE international conference on software engineering (ICSE 2010), 2-8 May 2010, Cape Town, South Africa. New York: ACM [online], pages 29-35. Available from: https://doi.org/10.1145/1809100.1809105

There is a growing recognition of the need for secure software engineering approaches addressing both technical and human factors. Existing approaches to secure software engineering focus on the need for technical security to the detriment of usabili... Read More about A meta-model for usable secure requirements engineering..

Analysing and visualising security and usability in IRIS. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Analysing and visualising security and usability in IRIS. In Proceedings of the 5th International conference on availability, reliability and security (ARES 2010), 15-18 February 2010, Krakow, Poland. Los Alamitos: IEEE Computer Society [online], pages 543-548. Available from: https://doi.org/10.1109/ares.2010.28

Despite a long-standing need to incorporate human factors into security risk analysis, taking a balanced approach to analysing security and usability concerns remains a challenge. Balancing security and usability is difficult due to human biases in s... Read More about Analysing and visualising security and usability in IRIS..

Improving secure systems design with security culture. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Improving secure systems design with security culture. Presented at the Human factors in information security conference (HFIS 2010), 22-24 February 2010, London, UK.

This poster summarises how the concept of security culture can be used to improve systems security and secure systems design. It highlights: the use of personas and user-centred design; environment modeling and understanding a system's context; and t... Read More about Improving secure systems design with security culture..

Context-sensitive requirements and risk analysis. (2009)
Presentation / Conference
FAILY, S. 2009. Context-sensitive requirements and risk analysis. Presented at the Doctoral symposium of the 17th IEEE international requirements engineering conference (RE2009), 1 September 2009, Atlanta, USA.

When a system's context of use changes, the security impact may be felt in other contexts. Risks mitigated for one operational context may continue to pose a danger in others due to contextual differences in assets, threats and vulnerabilities. The r... Read More about Context-sensitive requirements and risk analysis..

Context-sensitive requirements and risk management with IRIS. (2009)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2009. Context-sensitive requirements and risk management with IRIS. Presented at the 17th IEEE international requirements engineering conference (RE2009), 31 August - 4 September 2009, Atlanta, USA.

Many systems are not designed for their contexts of operation. Subtle changes to context may lead to an increase in severity and likelihood of vulnerabilities and threats. The IRIS framework integrates the notion of context into requirements and risk... Read More about Context-sensitive requirements and risk management with IRIS..

Proceedings of the 2008 Oxford University Computing Laboratory student conference. (2008)
Conference Proceeding
FAILY, S. and ŽIVNÝ, S. (eds.) Proceedings of the 2008 Oxford University Computing Laboratory student conference, October 2008, Oxford, UK. Oxford: Oxford University Computing Laboratory [online]. Available from: https://www.cs.ox.ac.uk/files/1328/RR-08-10.pdf

This conference serves two purposes. First, the event is a useful pedagogical exercise for all participants, from the conference committee and referees, to the presenters and the audience. For some presenters, the conference may be the first time the... Read More about Proceedings of the 2008 Oxford University Computing Laboratory student conference..

Towards requirements engineering practice for professional end user developers: a case study. (2008)
Conference Proceeding
FAILY, S. 2008. Towards requirements engineering practice for professional end user developers: a case study. In Proceedings of the 2008 Requirements engineering education and training conference (REET 2008), 8 September 2008, Barcelona, Spain. Washington, D.C.: IEEE Computer Society [online], pages 38-44. Available from: https://doi.org/10.1109/REET.2008.8

End-user development has received a lot of attention in the research community. Despite the importance of requirements engineering in the software development life-cycle, comparatively little exists in the way of prescriptive advice or case studies o... Read More about Towards requirements engineering practice for professional end user developers: a case study..

Making the invisible visible: a theory of security culture for secure and usable grids. (2008)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2008. Making the invisible visible: a theory of security culture for secure and usable grids. Presented at the 2008 UK e-science all hands meeting (AHM 2008), 8-11 September 2008, Edinburgh, UK.

This presentation addressed the concept of security culture and how it might be applied to grid-based collaborative environments. The presentation outlined some guidelines for fostering a healthy security culture and proposed ideas for future work.

Living with flight dynamics: proposals and possible pitfalls for harmonising flight dynamics systems with EGOS. (2007)
Presentation / Conference
FAILY, S. 2007. Living with flight dynamics: proposals and possible pitfalls for harmonising flight dynamics systems with EGOS. Presented at the 2nd European ground system architecture workshop (ESAW 2007), 12-13 June 2007, Darmstadt, Germany.

This presentation advocates for harmonisation of flight dynamics systems, while addressing the possible challenges that might be encountered. Specifically, the presentation makes four proposals for harmonisation: telemetry monitoring software; low le... Read More about Living with flight dynamics: proposals and possible pitfalls for harmonising flight dynamics systems with EGOS..