Skip to main content

Research Repository

Advanced Search

Dr Shamal Faily


Automation and cyber security risks on the railways: the human factors implications. (2022)
Presentation / Conference
THON, E. and FAILY, S. 2022. Automation and cyber security risks on the railways: the human factors implications. Presented at the 2022 International conference on ergonomics and human factors, part one (EHF2022 Online), 11-12 April 2022, [virtual event].

Automation improves rail passenger experience, but may reduce cyber resilience because it fails to adequately account for human factors. Preliminary results from a study on signallers and automation confirms this, but judicious use of modelling tools... Read More about Automation and cyber security risks on the railways: the human factors implications..

Translating contextual integrity into practice using CLIFOD. (2018)
Presentation / Conference
HENRIKSEN-BULMER, J., FAILY, S. and KATOS, V. 2018. Translating contextual integrity into practice using CLIFOD. Presented at the 2018 Networked privacy workshop: privacy in context: critically engaging with theory to guide privacy research and design, part of the 21st ACM conference on computer-supported cooperative work and social computing (CSCW 2018), 3 November 2018, Jersey City, USA.

Public open data increases transparency, but raises questions about the privacy implications of affected individuals. We present a case for using CLIFOD (ContextuaL Integrity for Open Data), a step-by-step privacy decision framework derived from cont... Read More about Translating contextual integrity into practice using CLIFOD..

Folk risk analysis: factors influencing security analysts' interpretation of risk. (2017)
Presentation / Conference
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2017. Folk risk analysis: factors influencing security analysts' interpretation of risk. Presented at the 3rd Workshop on security information workers (WSIW 2017), part of the 13th Symposium on usable privacy and security (SOUPS 2017), co-located with the 2017 USENIX annual technical conference (USENIX ATC 2017), 12-14 July 2017, Santa Clara, USA. Hosted on the USENIX website [online]. Available from: https://www.usenix.org/conference/soups2017/workshop-program/wsiw2017/mmanga

There are several standard approaches to risk analysis recommended for use in information security, however, the actual application of risk analysis by security analysts follows an opaque mix of standard risk analysis procedures and adaptations based... Read More about Folk risk analysis: factors influencing security analysts' interpretation of risk..

Human aspects of digital rights management: the perspective of content developers. [Conference Paper] (2015)
Presentation / Conference
FAVALE, M., MCDONALD, N., FAILY, S. and GATZIDIS, C. 2015. Human aspects of digital rights management: the perspective of content developers. Presented at the 4th International workshop on artificial intelligence and IP law (AIIP 2015): the story(s) of copyright, 9 December 2015, Braga, Portugal.

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security a... Read More about Human aspects of digital rights management: the perspective of content developers. [Conference Paper].

The mystery of security design. (2015)
Presentation / Conference
VALLINDRAS, A. and FAILY, S. 2015. The mystery of security design. Presented at the 29th British human computer interaction conference (British HCI 2015), 13-17 July 2015, Lincoln, UK.

Designing for security is hard without security getting in the way of design. Unfortunately, security is often promoted through fear, uncertainty, and doubt (FUD). As a result, the scale of FUD has now become so great that it hinders people's ability... Read More about The mystery of security design..

Embedding professional practice into the cybersecurity curriculum using ethics. (2015)
Presentation / Conference
FAILY, S. and JONES, M. 2015. Embedding professional practice into the cybersecurity curriculum using ethics. Presented at the UK workshop on cybersecurity training and education, 11 June 2015, Liverpool, UK.

Cybersecurity graduates are ready to tackle the technical problems they might face, but employability needs to be incorporated into the curriculum should they wish to tackle ill-defined professional challenges as well. We describe how employability w... Read More about Embedding professional practice into the cybersecurity curriculum using ethics..

Security lessons learned building concept apps for webinos. (2013)
Presentation / Conference
FAILY, S. and LYLE, J. 2013. Security lessons learned building concept apps for webinos. Presented at the Human aspects in mobile apps engineering workshop (HAMAE 2013), part of the 27th International BCS human computer interaction conference (HCI 2013): the Internet of Things, 9 September 2013, London, UK.

Concept applications provide a means for tackling security infrastructure problems. Not only do they provide feedback to infrastructure design, they can also inform subsequent research activities. However, to directly influence the architectural desi... Read More about Security lessons learned building concept apps for webinos..

Formal evaluation of persona trustworthiness with EUSTACE. (2013)
Presentation / Conference
FAILY, S., POWER, D., ARMSTRONG, P. and FLÉCHAIS, I. 2013. Formal evaluation of persona trustworthiness with EUSTACE. Presented at the 6th International conference on trust and trustworthy computing (TRUST 2013), 17-19 June 2013, London, UK.

Personas are useful for considering how users of a system might behave, but problematic when accounting for hidden behaviours not obvious from their descriptions alone. Formal methods can potentially identify such subtleties in interactive systems, b... Read More about Formal evaluation of persona trustworthiness with EUSTACE..

Analysing chindōgu: applying defamiliarisation to security design. (2012)
Presentation / Conference
FAILY, S. 2012. Analysing chindōgu: applying defamiliarisation to security design. Presented at the Workshop on defamiliarization in innovation and usability, part of the 30th ACM SIGCHI conference on human factors in computing systems (CHI 2012), 5 May 2012, Austin, Texas.

Envisaging how secure systems might be attacked is difficult without adequate attacker models or relying on stereotypes. Defamiliarisation removes this need for a priori domain knowledge and encourages designers to think critically about system prope... Read More about Analysing chindōgu: applying defamiliarisation to security design..

Eliciting usable security requirements with misusability cases. (2011)
Presentation / Conference
FAILY, S. and FLÉCHAIS, I. 2011. Eliciting usable security requirements with misusability cases. Presented at the 19th IEEE international requirements engineering conference (RE 2011), 29 August - 2 September 2011, Trento, Italy.

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly descr... Read More about Eliciting usable security requirements with misusability cases..