Skip to main content

Research Repository

Advanced Search

The secret lives of assumptions: developing and refining assumption personas for secure system design. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. The secret lives of assumptions: developing and refining assumption personas for secure system design. In Bernhaupt, R., Forbrig, P., Gulliksen, J. and Lárusdóttir, M. (eds.) Human-centred software engineering: proceedings of the 3rd International conference on human-centred software engineering (HCSE 2010), 14-15 October 2010, Reykjavik, Iceland. Lecture notes in computer science, 6409. Berlin: Springer [online], pages 111-118. Available from: https://doi.org/10.1007/978-3-642-16488-0_9

Personas are useful for obtaining an empirically grounded understanding of a secure system's user population, its contexts of use, and possible vulnerabilities and threats endangering it. Often, however, personas need to be partly derived from assump... Read More about The secret lives of assumptions: developing and refining assumption personas for secure system design..

Security through usability: a user-centered approach for balanced security policy requirements. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Security through usability: a user-centered approach for balanced security policy requirements. Presented at the 26th Annual computer security applications conference (ACSAC 2010), 6-10 December 2010, Austin, USA.

Security policy authors face a dilemma. On one hand, policies need to respond to a constantly evolving, well reported threat landscape, the consequences of which have heightened the security awareness of senior managers. On the other hand, the impact... Read More about Security through usability: a user-centered approach for balanced security policy requirements..

Security and usability: searching for the philosopher's stone. (2010)
Presentation / Conference
FLÉCHAIS, I. and FAILY, S. 2010. Security and usability: searching for the philosopher's stone. Presented at the Workshop on the development of EuroSOUPS, 24 November 2010, Newcastle, UK. Hosted on CoCoLab.org [online]. Available from: https://www.cocolab.org/soups/eurosoups

This paper describes the unique challenges facing usable security research and design, and introduces three proposals for addressing these. For all intents and purposes security design is currently a craft, where quality is dependent on individuals a... Read More about Security and usability: searching for the philosopher's stone..

Designing and aligning e-science security culture with design. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Designing and aligning e-science security culture with design. Information management and computer security [online], 18(5): selected papers from the South African information security multi-conference (SAISMC 2010), 17-18 May 2010, Port Elizabeth, South Africa, pages 339-349. Available from: https://doi.org/10.1108/09685221011095254

The purpose of this paper is to identify the key cultural concepts affecting security in multi-organisational systems, and to align these with design techniques and tools. A grounded theory model of security culture was derived from the related secur... Read More about Designing and aligning e-science security culture with design..

Organizational factors shaping software process improvement in small-medium sized software teams: a multi-case analysis. (2010)
Conference Proceeding
ALLISON, I. 2010. Organizational factors shaping software process improvement in small-medium sized software teams: a multi-case analysis. In Proceedings of the 7th International conference on the quality of information and communications technology (QUATIC 2010), 29 September - 2 October 2010, Porto, Portugal. Los Alamitos: IEEE Computing Society [online], article number 5655656, pages 418-423. Available from: https://doi.org/10.1109/QUATIC.2010.81

Previous work looking at software process improvement (SPI) in small organizations has highlighted difficulties faced by small organizations in implementing SPI successfully, but there is little analysis to understand why this is from an organization... Read More about Organizational factors shaping software process improvement in small-medium sized software teams: a multi-case analysis..

To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design. In Proceedings of the 2010 New security paradigms workshop (NSPW 2010), 21-23 September 2010, Concord, USA. New York: ACM [online], pages 73-84. Available from: https://doi.org/10.1145/1900546.1900557

When designing secure systems, we are inundated with an eclectic mix of security and non-security requirements; this makes predicting a successful outcome from the universe of possible security design decisions a difficult problem. We propose augment... Read More about To boldly go where invention isn't secure: applying security entrepreneurship to secure systems design..

Barry is not the weakest link: eliciting secure system requirements with personas. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Barry is not the weakest link: eliciting secure system requirements with personas. In Proceedings of the 24th International BCS human computer interaction conference (HCI 2010): games are a serious business, 6-10 September 2010, Dundee, UK. Swindon: BCS, pages 124-132. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/HCI2010.17

Building secure and usable systems means specifying systems for the people using it and the tasks they carry out, rather than vice-versa. User-centred design approaches encourage an early focus on users and their contexts of use, but these need to be... Read More about Barry is not the weakest link: eliciting secure system requirements with personas..

Perceiving and using genre by form: an eye-tracking study. (2010)
Journal Article
CLARK, M., RUTHVEN, I. and HOLT, P.O'B. 2010. Perceiving and using genre by form: an eye-tracking study. Libri [online], 60(3), pages 268-280. Available from: https://doi.org/10.1515/libr.2010.023

This paper reports on an approach to the analysis of genre recognition using eye-tracking. The researchers focused on eight different types of e-mail, such as calls for papers, newsletters and spam, which were chosen to represent different genres. Th... Read More about Perceiving and using genre by form: an eye-tracking study..

Multi-HDCS: solving DisCSPs with complex local problems cooperatively. (2010)
Conference Proceeding
LEE, D., ARANA, I., AHRIZ, H. and HUI, K. 2009. Multi-HDCS: solving DisCSPs with complex local problems cooperatively. In Huang, X.J., Ghorbani, A.A., Hacid, M.-S. and Yamaguchi, T. (eds.) Proceedings of the 2010 IEEE/WIC/ACM international conference on intelligent agent technology (IAT 2010), co-located with the 2010 IEEE/WIC/ACM international conference on web intelligence (WI 2010), and the joint conference workshops (WI-IAT Workshops 2010), 31 August - 3 September 2010, Toronto, Canada. Los Alamitos: IEEE Computer Society [online], volume 2, article number 5614767, pages 295-302. Available from: https://doi.org/10.1109/WI-IAT.2010.141

We propose Multi-HDCS, a new hybrid approach for solving Distributed CSPs with complex local problems. In Multi-HDCS, each agent concurrently: (i) runs a centralised systematic search for its complex local problem; (ii) participates in a distributed... Read More about Multi-HDCS: solving DisCSPs with complex local problems cooperatively..

Automatic features characterization from 3d facial images. (2010)
Conference Proceeding
ELYAN, E. and UGAIL, H. 2010. Automatic features characterization from 3d facial images. In Arabnia, H.R., Deligiannidis, L. and Solo, A.M.G. (eds.) Proceedings of the 14th International computer graphics and virtual reality conference (CGVR 2010), 12-15 July 2010, Las Vegas, USA. Georgia, USA: CSREA Press, pages 67-73.

This paper presents a novel and computationally fast method for automatic identification of symmetry profile from 3D facial images. The algorithm is based on the concepts of computational geometry which yield fast and accurate results. In order to de... Read More about Automatic features characterization from 3d facial images..

Towards tool-support for usable secure requirements engineering with CAIRIS. (2010)
Journal Article
FAILY, S. and FLÉCHAIS, I. 2010. Towards tool-support for usable secure requirements engineering with CAIRIS. International journal of secure software engineering [online], 1(3), pages 56-70. Available from: https://doi.org/10.4018/jsse.2010070104

Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the voluminous amounts of d... Read More about Towards tool-support for usable secure requirements engineering with CAIRIS..

Developing tools to encourage reflection in first year students blogs. (2010)
Conference Proceeding
MCDERMOTT, R., BRINDLEY, G. and ECCLESTON, G. 2010. Developing tools to encourage reflection in first year students blogs. In Proceedings of the 15th Innovation and technology in computer science education annual conference (ITiCSE '10), 26-30 June 2010, Ankara, Turkey. New York: ACM [online], pages 147-151. Available from: https://doi.org/10.1145/1822090.1822132

The pedagogical basis of a project aimed at encouraging students to engage in reflective activities using blogs to document their learning experiences is described. It also gives some details of the practical implementation of this work. Activities w... Read More about Developing tools to encourage reflection in first year students blogs..

A meta-model for usable secure requirements engineering. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. A meta-model for usable secure requirements engineering. In Proceedings of the 2010 ICSE workshop on software engineering for secure systems (SESS '10): co-located with the 32nd ACM/IEEE international conference on software engineering (ICSE 2010), 2-8 May 2010, Cape Town, South Africa. New York: ACM [online], pages 29-35. Available from: https://doi.org/10.1145/1809100.1809105

There is a growing recognition of the need for secure software engineering approaches addressing both technical and human factors. Existing approaches to secure software engineering focus on the need for technical security to the detriment of usabili... Read More about A meta-model for usable secure requirements engineering..

Hybrid algorithms for distributed constraint satisfaction. (2010)
Thesis
LEE, D.A.J. 2010. Hybrid algorithms for distributed constraint satisfaction.. Robert Gordon University, PhD thesis.

A Distributed Constraint Satisfaction Problem (DisCSP) is a CSP which is divided into several inter-related complex local problems, each assigned to a different agent. Thus, each agent has knowledge of the variables and corresponding domains of its l... Read More about Hybrid algorithms for distributed constraint satisfaction..

Analysing and visualising security and usability in IRIS. (2010)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2010. Analysing and visualising security and usability in IRIS. In Proceedings of the 5th International conference on availability, reliability and security (ARES 2010), 15-18 February 2010, Krakow, Poland. Los Alamitos: IEEE Computer Society [online], pages 543-548. Available from: https://doi.org/10.1109/ares.2010.28

Despite a long-standing need to incorporate human factors into security risk analysis, taking a balanced approach to analysing security and usability concerns remains a challenge. Balancing security and usability is difficult due to human biases in s... Read More about Analysing and visualising security and usability in IRIS..

Improving secure systems design with security culture. (2010)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2010. Improving secure systems design with security culture. Presented at the Human factors in information security conference (HFIS 2010), 22-24 February 2010, London, UK.

This poster summarises how the concept of security culture can be used to improve systems security and secure systems design. It highlights: the use of personas and user-centred design; environment modeling and understanding a system's context; and t... Read More about Improving secure systems design with security culture..