Security & Privacy by Design

Our research looks at design techniques and software tools that ensure security and privacy is built in at the earliest possible stages of a software or product’s design.  We have particular interests in security and privacy requirements engineering, design for risk, assured user experience, and software tool support.

Contacts:  Shamal Faily, Nan Jiang, Tim Orman

Projects: CAIRIS, Designing Systems for Risk Based Decision MakingGesture-based CAPTCHAPublic Open Data, Risk Assessment in Systems of Systems, Ethics and Design in Penetration Testing, Human-Centered Specification Exemplars

Related Publications

  • A. M’manga, S. Faily, J. McAlaney, C. Williams, Y. Kadobayashi, and D. Miyamoto, “Qualitative Adaptation: Informing Design for Risk-based Decision Making,” in Proceedings of the 2nd Workshop on the Challenges and Opportunities for Qualitative Data Research Methods in HCI, 2018.
    [Bibtex]
    @inproceedings{mfmwkm181,
    author = {Andrew M'manga and Shamal Faily and John McAlaney and Chris Williams and Youki Kadobayashi and Daisuke Miyamoto},
    booktitle = {{Proceedings of the 2nd Workshop on the Challenges and Opportunities for Qualitative Data Research Methods in HCI}},
    title = {{Qualitative Adaptation: Informing Design for Risk-based Decision Making}},
    publisher = {BCS},
    year = {2018}}
  • J. Henriksen-Bulmer, S. Faily, and S. Jeary, “DPIAs for Charities: a Charity Sector Specific DPIA Framework,” in Proceedings of the 13th International IFIP Summer School on Privacy and Identity Management, 2018.
    [Bibtex]
    @inproceedings{hefj18,
    author = {Jane Henriksen-Bulmer and Shamal Faily and Sheridan Jeary},
    booktitle = {{Proceedings of the 13th International IFIP Summer School on Privacy and Identity Management}},
    title = {{DPIAs for Charities: a Charity Sector Specific DPIA Framework}},
    publisher = {Springer},
    note = {To Appear},
    year = {2018}}
  • A. M’manga, S. Faily, J. McAlaney, C. Williams, Y. Kadobayashi, and D. Miyamoto, “Eliciting Persona Characteristics for Risk Based Decision Making,” in Proceedings of the 32nd International BCS Human Computer Interaction Conference, 2018.
    [Bibtex]
    @inproceedings{mfmwkm18,
    author = {Andrew M'manga and Shamal Faily and John McAlaney and Chris Williams and Youki Kadobayashi and Daisuke Miyamoto},
    booktitle = {{Proceedings of the 32nd International BCS Human Computer Interaction Conference}},
    title = {{Eliciting Persona Characteristics for Risk Based Decision Making}},
    publisher = {BCS},
    year = {2018}}
  • D. Ki-Aries, S. Faily, H. Dogan, and C. Williams, “System of Systems Characterisation assisting Security Risk Assessment,” in Proceedings of the IEEE 13th System of Systems Engineering Conference, 2018.
    [Bibtex]
    @inproceedings{kfdw18,
    author = {Duncan Ki-Aries and Shamal Faily and Huseyin Dogan and Christopher Williams},
    booktitle = {{Proceedings of the IEEE 13th System of Systems Engineering Conference}},
    title = {{System of Systems Characterisation assisting Security Risk Assessment}},
    publisher = {IEEE},
    note = {In Press},
    year = {2018}}
  • S. Faily, Designing Usable and Secure Software with IRIS and CAIRIS, Springer, 2018.
    [Bibtex]
    @book{fail18,
    author = {Shamal Faily},
    title = {{Designing Usable and Secure Software with IRIS and CAIRIS}},
    publisher = {Springer},
    note = {In Press},
    year = {2018}
    }
  • E. Throm, S. Faily, H. Dogan, and A. Bishop, “Cyber Security Threats to the Future Railway,” in Poster at: Sixth International Human Factors Rail Conference, 2017.
    [Bibtex]
    @inproceedings{tfdb17,
    author = {Eylem Throm and Shamal Faily and Huseyin Dogan and Alex Bishop},
    booktitle = {{Poster at: Sixth International Human Factors Rail Conference}},
    title = {{Cyber Security Threats to the Future Railway}},
    year = {2017}}
  • A. Atzeni, S. Faily, and R. Galloni, “Usable Security: HCI-Sec Issues and Motivations,” in Encyclopedia of Information Science and Technology, 4th ed., IGI Global, 2018, p. 5004–5013.
    [Bibtex]
    @incollection{atfg17,
    author = {A. Atzeni and S. Faily and R. Galloni},
    booktitle = {{Encyclopedia of Information Science and Technology}},
    title = {{Usable Security: HCI-Sec Issues and Motivations}},
    edition = {4th},
    pages = {5004--5013},
    publisher = {IGI Global},
    year = {2018}}
  • D. Ki-Aries and S. Faily, “Persona-Centred Information Security Awareness,” Computers & Security, vol. 70, p. 6–74, 2017.
    [Bibtex]
    @article{kifa17,
    author = {Duncan Ki-Aries and Shamal Faily},
    journal = {{Computers \& Security}},
    publisher = {Elsevier},
    title = {{Persona-Centred Information Security Awareness}},
    volume = {70},
    pages = {6--74},
    Year = {2017}}
  • S. Faily and C. Iacob, “Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS,” in Proceedings of 4th International Workshop on Evolving Security & Privacy Requirements Engineering, 2017.
    [Bibtex]
    @inproceedings{faia17,
    Author = {Shamal Faily and Claudia Iacob},
    Booktitle = {{Proceedings of 4th International Workshop on Evolving Security \& Privacy Requirements Engineering}},
    Title = {{Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS}},
    Publisher = {IEEE},
    Year = {2017}}
  • D. Ki-Aries, H. Dogan, S. Faily, P. Whittington, and C. Williams, “From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems,” in Proceedings of 4th International Workshop on Evolving Security & Privacy Requirements Engineering, 2017.
    [Bibtex]
    @inproceedings{kdfw17,
    Author = {Duncan Ki-Aries and Huseyin Dogan and Shamal Faily and Paul Whittington and Christopher Williams},
    Booktitle = {{Proceedings of 4th International Workshop on Evolving Security \& Privacy Requirements Engineering}},
    Title = {{From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems}},
    Publisher = {IEEE},
    Year = {2017}}
  • A. M’manga, “Designing Systems for Risk Based Decision Making,” in British HCI 2017 Doctoral Consortium, 2017.
    [Bibtex]
    @inproceedings{mman17,
    Author = {Andrew M'manga},
    Booktitle = {{British HCI 2017 Doctoral Consortium}},
    Title = {{Designing Systems for Risk Based Decision Making}},
    Year = {2017}}
  • A. M’manga, S. Faily, J. McAlaney, and C. Williams, “Folk Risk Analysis: Factors Influencing Security Analysts’ Interpretation of Risk,” in Proceedings of the 3rd Workshop on Security Information Workers, 2017.
    [Bibtex]
    @inproceedings{mfmw17,
    Author = {Andrew M'manga and Shamal Faily and John McAlaney and Christopher Williams},
    Booktitle = {{Proceedings of the 3rd Workshop on Security Information Workers}},
    Publisher = {USENIX Association},
    Title = {{Folk Risk Analysis: Factors Influencing Security Analysts' Interpretation of Risk}},
    Year = {2017}}
  • J. Henriksen-Bulmer and S. Faily, “Applying contextual integrity to open data publishing,” in Proceedings of the 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe, 2017.
    [Bibtex]
    @inproceedings{hefa17,
    Author = {Jane Henriksen-Bulmer and Shamal Faily},
    Booktitle = {{Proceedings of the 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {Applying Contextual Integrity to Open Data Publishing},
    Year = {2017}}
  • N. Jiang, H. Dogan, and F. Tian, “Designing Mobile Friendly CAPTCHAs: An Exploratory Study,” in Proceedings of the 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe, 2017.
    [Bibtex]
    @inproceedings{jidt17,
    Author = {Nan Jiang and Huseyin Dogan and Feng Tian},
    Booktitle = {{Proceedings of the 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Designing Mobile Friendly CAPTCHAs: An Exploratory Study}},
    Year = {2017}}
  • D. Ki-Aries, S. Faily, H. Dogan, and C. Williams, “Re-framing “The AMN”: A Case Study Eliciting and Modelling a System of Systems using the Afghan Mission Network,” in Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science, 2017, p. 103–108.
    [Bibtex]
    @inproceedings{ksdw17,
    Author = {Duncan Ki-Aries and Shamal Faily and Huseyin Dogan and Chris Williams},
    Booktitle = {{Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science}},
    Pages = {103--108},
    Publisher = {IEEE},
    Title = {{Re-framing ``The AMN'': A Case Study Eliciting and Modelling a System of Systems using the Afghan Mission Network}},
    Year = {2017}}
  • A. M’manga, S. Faily, J. McAlaney, and C. Williams, “System Design Considerations for Risk Perception,” in Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science, 2017, p. 322–327.
    [Bibtex]
    @inproceedings{mafm17,
    Author = {Andrew M'manga and Shamal Faily and John McAlaney and Chris Williams},
    Booktitle = {{Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science}},
    Pages = {322--327},
    Publisher = {IEEE},
    Title = {{System Design Considerations for Risk Perception}},
    Year = {2017}}
  • M. Favale, N. McDonald, S. Faily, and C. Gatzidis, “Human aspects in digital rights management: the perspectives of content developers,” SCRIPTed, vol. 13, iss. 3, p. 289–304, 2016.
    [Bibtex]
    @article{famf161,
    Author = {Marcelle Favale and Neil McDonald and Shamal Faily and Christos Gatzidis},
    Journal = {{SCRIPTed}},
    Number = {3},
    Pages = {289--304},
    Title = {Human Aspects in Digital Rights Management: The Perspectives of Content Developers},
    Volume = {13},
    Year = {2016}}
  • J. Henriksen-Bulmer and S. Jeary, “Re-identification attacks: a systematic literature review,” International Journal of Information Management, vol. 36, iss. 6, Part B, p. 1184–1192, 2016.
    [Bibtex]
    @article{hebj16,
    Author = {Jane Henriksen-Bulmer and Sheridan Jeary},
    Journal = {{International Journal of Information Management}},
    Number = {6, Part B},
    Pages = {1184--1192},
    Title = {Re-identification Attacks: A Systematic Literature Review},
    Volume = {36},
    Year = {2016}}
  • [PDF] A. Partridge and S. Faily, “The application of useless japanese inventions for requirements elicitation in information security,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{pafa16,
    Author = {Anton Partridge and Shamal Faily},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {The Application of useless Japanese Inventions for Requirements Elicitation in Information Security},
    Year = {2016}}
  • [PDF] D. Ki-Aries, S. Faily, and K. Beckers, “Persona-Driven Information Security Awareness,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{kifa16,
    Author = {Duncan Ki-Aries and Shamal Faily and Kristian Beckers},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Persona-Driven Information Security Awareness}},
    Year = {2016}}
  • [PDF] S. Faily, G. Lykou, A. Partridge, D. Gritzalis, A. Mylonas, and V. Katos, “Human-Centered Specification Exemplars for Critical Infrastructure Environments,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers, 2016.
    [Bibtex]
    @inproceedings{falp16,
    Author = {Shamal Faily and Georgia Lykou and Anton Partridge and Dimitris Gritzalis and Alexios Mylonas and Vasilios Katos},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers}},
    Note = {To Appear},
    Title = {{Human-Centered Specification Exemplars for Critical Infrastructure Environments}},
    Year = {2016}}
  • [PDF] S. Faily, G. Stergiopoulos, V. Katos, and D. Gritzalis, ““water, water, every where”: nuances for a water industry critical infrastructure specification exemplar,” in Critical information infrastructures security: 10th international conference, critis 2015, berlin, germany, october 5-7, 2015, revised selected papers, E. Rome, M. Theocharidou, and S. Wolthusen, Eds., Springer International Publishing, 2016, p. 243–246.
    [Bibtex]
    @incollection{fsvg15,
    Author = {Faily, Shamal and Stergiopoulos, George and Katos, Vasilios and Gritzalis, Dimitris},
    Booktitle = {Critical Information Infrastructures Security: 10th International Conference, CRITIS 2015, Berlin, Germany, October 5-7, 2015, Revised Selected Papers},
    Editor = {Rome, Erich and Theocharidou, Marianthi and Wolthusen, Stephen},
    Pages = {243--246},
    Publisher = {Springer International Publishing},
    Title = {``Water, Water, Every Where'': Nuances for a Water Industry Critical Infrastructure Specification Exemplar},
    Year = {2016}}
  • [PDF] S. Faily, D. Power, and I. Fléchais, “Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas,” Journal of Trust Management, vol. 3, iss. 1, p. 1–22, 2016.
    [Bibtex]
    @article{fapf16,
    Author = {Shamal Faily and David Power and Ivan Fl\'{e}chais},
    Journal = {{Journal of Trust Management}},
    Number = {1},
    Pages = {1--22},
    Title = {{Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas}},
    Volume = {3},
    Year = {2016}}
  • [PDF] S. Faily and I. Fléchais, “Finding and Resolving Security Misusability with Misusability Cases,” Requirements Engineering, vol. 21, iss. 2, p. 209–223, 2016.
    [Bibtex]
    @article{fafl141,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {{Requirements Engineering}},
    Number = {2},
    Pages = {209--223},
    Publisher = {Springer},
    Title = {{Finding and Resolving Security Misusability with Misusability Cases}},
    Volume = {21},
    Year = {2016}}
  • [PDF] J. Henriksen-Bulmer, “A Framework for Public Bodies for Managing the Secure and Appropriate Release of Open Source Data,” in British HCI 2016 Doctoral Consortium, 2016.
    [Bibtex]
    @inproceedings{henr16,
    Author = {Jane Henriksen-Bulmer},
    Booktitle = {{British HCI 2016 Doctoral Consortium}},
    Title = {{A Framework for Public Bodies for Managing the Secure and Appropriate Release of Open Source Data}},
    Year = {2016}}
  • N. Jiang and F. Tian, “A novel gesture-based captcha design for smart devices,” in Proceedings of the 27th international bcs human computer interaction conference, 2013, p. 49:1–49:5.
    [Bibtex]
    @inproceedings{jiti13,
    Author = {Jiang, Nan and Tian, Feng},
    Booktitle = {Proceedings of the 27th International BCS Human Computer Interaction Conference},
    Pages = {49:1--49:5},
    Publisher = {British Computer Society},
    Series = {BCS-HCI '13},
    Title = {A Novel Gesture-based CAPTCHA Design for Smart Devices},
    Year = {2013}}
  • N. Jiang and H. Dogan, “A Gesture-based CAPTCHA Design Supporting Mobile Devices,” in Proceedings of the 2015 british hci conference, 2015, p. 202–207.
    [Bibtex]
    @inproceedings{jido15,
    Author = {Jiang, Nan and Dogan, Huseyin},
    Booktitle = {Proceedings of the 2015 British HCI Conference},
    Pages = {202--207},
    Publisher = {ACM},
    Series = {British HCI '15},
    Title = {{A Gesture-based CAPTCHA Design Supporting Mobile Devices}},
    Year = {2015}}
  • R. E. Gunstone, “Integrating privacy during requirements capture for ubiquious computing,” in Proceedings of 1st international conference on social eco-informatics, 2011.
    [Bibtex]
    @inproceedings{gune11,
    Author = {R. E. Gunstone},
    Booktitle = {Proceedings of 1st International Conference on Social Eco-Informatics},
    Title = {Integrating privacy during requirements capture for ubiquious computing},
    Year = {2011}}
  • [PDF] A. Vallindras and S. Faily, “The Mystery of Security Design,” in Proceedings of the 2015 British Human Computer Interaction Conference , 2015, p. 316–317.
    [Bibtex]
    @inproceedings{vafa15,
    Author = {Antonios Vallindras and Shamal Faily},
    Booktitle = {{Proceedings of the 2015 British Human Computer Interaction Conference }},
    Pages = {316--317},
    Publisher = {ACM},
    Title = {{The Mystery of Security Design}},
    Year = {2015}}
  • [PDF] S. Faily, “Engaging stakeholders during late stage security design with assumption personas,” Information and computer security, vol. 23, iss. 4, p. 435–446, 2015.
    [Bibtex]
    @article{fail15,
    Author = {Shamal Faily},
    Journal = {Information and Computer Security},
    Number = {4},
    Pages = {435--446},
    Title = {Engaging Stakeholders during Late Stage Security Design with Assumption Personas},
    Volume = {23},
    Year = {2015}}
  • [PDF] S. Faily, J. Lyle, I. Fléchais, and A. Simpson, “Usability and Security by Design: A Case Study in Research and Development,” in Proceedings of the ndss workshop on usable security, 2015.
    [Bibtex]
    @inproceedings{flfs15,
    Author = {Shamal Faily and John Lyle and Ivan Fl\'{e}chais and Andrew Simpson},
    Booktitle = {Proceedings of the NDSS Workshop on Usable Security},
    Publisher = {Internet Society},
    Title = {{Usability and Security by Design: A Case Study in Research and Development}},
    Year = {2015}}
  • [PDF] I. Fléchais and S. Faily, “Seeking the philosopher’s stone,” Interfaces: Quarterly Magazine of BCS Interaction Group, iss. 86, p. 14–15, 2011.
    [Bibtex]
    @article{flfa11,
    Author = {Ivan Fl\'{e}chais and Shamal Faily},
    Journal = {{Interfaces: Quarterly Magazine of BCS Interaction Group}},
    Month = {Spring},
    Number = {86},
    Pages = {14--15},
    Title = {Seeking the Philosopher's Stone},
    Year = {2011}}
  • [PDF] S. Faily and I. Fléchais, “Context-Sensitive Requirements and Risk Management with IRIS,” in Proceedings of the 17th IEEE International Requirements Engineering Conference, 2009, p. 379–380.
    [Bibtex]
    @inproceedings{faily091,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 17th IEEE International Requirements Engineering Conference}},
    Pages = {379--380},
    Publisher = {IEEE Computer Society},
    Title = {{Context-Sensitive Requirements and Risk Management with IRIS}},
    Year = {2009}}
  • [PDF] S. Faily and I. Fléchais, “Security through usability: a user-centered approach for balanced security policy requirements,” in Poster at: computer security applications conference, 2010. acsac ’10. annual, 2010.
    [Bibtex]
    @inproceedings{fafl109,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Poster at: Computer Security Applications Conference, 2010. ACSAC '10. Annual},
    Month = {Dec.},
    Title = {Security through Usability: a user-centered approach for balanced security policy requirements},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Eliciting Usable Security Requirements with Misusability Cases,” in Proceedings of the 19th IEEE International Requirements Engineering Conference, 2011, p. 339–340.
    [Bibtex]
    @inproceedings{fafl112,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 19th IEEE International Requirements Engineering Conference}},
    Pages = {339--340},
    Publisher = {IEEE Computer Society},
    Title = {{Eliciting Usable Security Requirements with Misusability Cases}},
    Year = {2011}}
  • [PDF] C. Fuhrhop, J. Lyle, and S. Faily, “The webinos project,” in Proceedings of the 21st international conference companion on world wide web, 2012, p. 259–262.
    [Bibtex]
    @inproceedings{fuly12,
    Acmid = {2188024},
    Author = {Fuhrhop, Christian and Lyle, John and Faily, Shamal},
    Booktitle = {Proceedings of the 21st international conference companion on World Wide Web},
    Pages = {259--262},
    Publisher = {ACM},
    Series = {WWW '12 Companion},
    Title = {The webinos project},
    Year = {2012}}
  • [PDF] S. Faily, D. Power, P. Armstrong, and I. Fléchais, “Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract),” in Proceedings of the 6th international conference on trust & trustworthy computing, 2013, p. 267–268.
    [Bibtex]
    @inproceedings{fpaf13,
    Author = {Shamal Faily and David Power and Philip Armstrong and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 6th International Conference on Trust \& Trustworthy Computing},
    Pages = {267--268},
    Publisher = {Springer},
    Title = {{Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)}},
    Year = {2013}}
  • S. Faily, “Context-Sensitive Requirements and Risk Analysis,” in Proceedings of the 17th International Conference on Requirements Engineering – Doctoral Symposium, 2009.
    [Bibtex]
    @inproceedings{failyrephd09,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the 17th International Conference on Requirements Engineering - Doctoral Symposium}},
    Title = {{Context-Sensitive Requirements and Risk Analysis}},
    Year = {2009}}
  • [PDF] S. Faily, “Two Requirements for Usable and Secure Software Engineering,” in Proceedings of the 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop, National Institute of Standards and Technology (NIST), Gaithersburg MD, USA, 2011.
    [Bibtex]
    @inproceedings{failysausage11,
    Address = {National Institute of Standards and Technology (NIST), Gaithersburg MD, USA},
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop}},
    Title = {{Two Requirements for Usable and Secure Software Engineering}},
    Year = {2011}}
  • [PDF] S. Faily, “Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism,” in Proceedings of the chi workshop on hci, politics and the city, 2011.
    [Bibtex]
    @inproceedings{fail112,
    Author = {Shamal Faily},
    Booktitle = {Proceedings of the CHI Workshop on HCI, Politics and the City},
    Title = {{Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism}},
    Year = {2011}}
  • [PDF] G. Gionis, H. Desruelle, D. Blomme, J. Lyle, S. Faily, and L. Bassbouss, ““do we know each other or is it just our devices?”: a federated context model for describing social activity across devices,” in Proceedings of the W3C Workshop: Federated Social Architectures and Protocols, 2011.
    [Bibtex]
    @inproceedings{gide11,
    Author = {George Gionis and Heiko Desruelle and Dieter Blomme and John Lyle and Shamal Faily and Louay Bassbouss},
    Booktitle = {{Proceedings of the W3C Workshop: Federated Social Architectures and Protocols}},
    Title = {``Do we know each other or is it just our Devices?'': A Federated Context Model for Describing Social Activity Across Devices},
    Year = {2011}}
  • [PDF] S. Faily, “Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases,” in Proceedings of the 5th international i* workshop, 2011, p. 114–119.
    [Bibtex]
    @inproceedings{failyre11,
    Author = {Shamal Faily},
    Booktitle = {Proceedings of the 5th International i* Workshop},
    Pages = {114--119},
    Publisher = {CEUR Workshop Proceedings},
    Title = {{Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases}},
    Year = {2011}}
  • [PDF] S. Faily, “Analysing chindogu: applying defamiliarisation to security design,” in Proceedings of the CHI 2012 Workshop on Defamiliarisation in Innovation and Usability, 2012.
    [Bibtex]
    @inproceedings{failydefam,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the CHI 2012 Workshop on Defamiliarisation in Innovation and Usability}},
    Title = {Analysing Chindogu: Applying Defamiliarisation to Security Design},
    Year = {2012}}
  • S. Faily, J. Lyle, and S. Parkin, “Tool-supported premortems with attack and security patterns,” in Proceedings of the First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns, 2012, p. 10–11.
    [Bibtex]
    @inproceedings{falp12,
    Author = {Shamal Faily and John Lyle and Simon Parkin},
    Booktitle = {{Proceedings of the First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns}},
    Pages = {10--11},
    Title = {Tool-supported premortems with Attack and Security Patterns},
    Year = {2012}}
  • S. Faily, “Security Patterns Considered Harmful?,” in Proceedings of the Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns, 2012, p. 108–109.
    [Bibtex]
    @inproceedings{fail13,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns}},
    Pages = {108--109},
    Title = {{Security Patterns Considered Harmful?}},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, and S. Parkin, “Secure Sytem? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems,” in Designing interactive secure systems: workshop at british hci 2012, 2012.
    [Bibtex]
    @inproceedings{falp121,
    Author = {Shamal Faily and John Lyle and Simon Parkin},
    Booktitle = {Designing Interactive Secure Systems: Workshop at British HCI 2012},
    Publisher = {British Computer Society},
    Title = {{Secure Sytem? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems}},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, C. Namiluko, A. Atzeni, and C. Cameroni, “Model-driven architectural risk analysis using architectural and contextualised attack patterns,” in Proceedings of the workshop on model-driven security, 2012, p. 3:1–3:6.
    [Bibtex]
    @inproceedings{faln12,
    Author = {Faily, Shamal and Lyle, John and Namiluko, Cornelius and Atzeni, Andrea and Cameroni, Cesare},
    Booktitle = {Proceedings of the Workshop on Model-Driven Security},
    Pages = {3:1--3:6},
    Publisher = {ACM},
    Title = {Model-driven architectural risk analysis using architectural and contextualised attack patterns},
    Year = {2012}}
  • [PDF] S. Faily and J. Lyle, “Security lessons learned building concept apps for webinos,” in Human aspects in mobile apps engineering: workshop at british hci 2013, 2013.
    [Bibtex]
    @inproceedings{faly132,
    Author = {Shamal Faily and John Lyle},
    Booktitle = {Human Aspects in Mobile Apps Engineering: Workshop at British HCI 2013},
    Title = {Security Lessons Learned Building Concept Apps for webinos},
    Year = {2013}}
  • [PDF] S. Faily and I. Fléchais, “Analysing and Visualising Security and Usability in IRIS,” in Proceedings of the 5th International Conference on Availability, Reliability and Security, 2010, p. 543–548.
    [Bibtex]
    @inproceedings{fafl101,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 5th International Conference on Availability, Reliability and Security}},
    Pages = {543--548},
    Publisher = {IEEE},
    Title = {{Analysing and Visualising Security and Usability in IRIS}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “A Meta-Model for Usable Secure Requirements Engineering,” in Proceedings of the 6th international workshop on software engineering for secure systems, 2010, pp. 126-135.
    [Bibtex]
    @inproceedings{fafl102,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 6th International Workshop on Software Engineering for Secure Systems},
    Pages = {126-135},
    Publisher = {IEEE},
    Title = {{A Meta-Model for Usable Secure Requirements Engineering}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Barry is not the weakest link: eliciting secure system requirements with personas,” in Proceedings of the 24th BCS Interaction Specialist Group Conference, 2010, p. 124–132.
    [Bibtex]
    @inproceedings{fafl106,
    Author = {Faily, Shamal and Fl{\'e}chais, Ivan},
    Booktitle = {{Proceedings of the 24th BCS Interaction Specialist Group Conference}},
    Pages = {124--132},
    Publisher = {British Computer Society},
    Title = {Barry is not the weakest link: eliciting secure system requirements with personas},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “To boldly go where invention isn’t secure: applying Security Entrepreneurship to secure systems design,” in Proceedings of the 2010 new security paradigms workshop, 2010, p. 73–84.
    [Bibtex]
    @inproceedings{fafl107,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 2010 New Security Paradigms Workshop},
    Pages = {73--84},
    Publisher = {ACM},
    Title = {{To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “The secret lives of assumptions: developing and refining assumption personas for secure system design,” in Proceedings of the 3rd Conference on Human-Centered Software Engineering, 2010, p. 111–118.
    [Bibtex]
    @inproceedings{fafl108,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 3rd Conference on Human-Centered Software Engineering}},
    Pages = {111--118},
    Publisher = {Springer},
    Title = {The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Persona Cases: A Technique for Grounding Personas,” in Proceedings of the 29th international conference on Human factors in computing systems, 2011, p. 2267–2270.
    [Bibtex]
    @inproceedings{fafl111,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 29th international conference on Human factors in computing systems}},
    Pages = {2267--2270},
    Publisher = {ACM},
    Title = {{Persona Cases: A Technique for Grounding Personas}},
    Year = {2011}}
  • [PDF] S. Faily and I. Fléchais, “User-centered information security policy development in a post-stuxnet world,” in Proceedings of the 6th International Conference on Availability, Reliability and Security, 2011, p. 716–721.
    [Bibtex]
    @inproceedings{fafl113,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 6th International Conference on Availability, Reliability and Security}},
    Pages = {716--721},
    Title = {User-Centered Information Security Policy Development in a Post-Stuxnet World},
    Year = {2011}}
  • [PDF] A. Atzeni, C. Cameroni, S. Faily, J. Lyle, and I. Fléchais, “Here’s Johnny: a Methodology for Developing Attacker Personas,” in Proceedings of the 6th international conference on availability, reliability and security, 2011, p. 722–727.
    [Bibtex]
    @inproceedings{atfa11,
    Author = {Andrea Atzeni and Cesare Cameroni and Shamal Faily and John Lyle and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 6th International Conference on Availability, Reliability and Security},
    Pages = {722--727},
    Title = {{Here's Johnny: a Methodology for Developing Attacker Personas}},
    Year = {2011}}
  • [PDF] J. Lyle, S. Monteleone, S. Faily, D. Patti, and F. Ricciato, “Cross-plaform access control for mobile web applications,” in Policies for Distributed Systems and Networks (POLICY), 2012 IEEE International Symposium on, 2012, p. 37–44.
    [Bibtex]
    @inproceedings{lymo12,
    Author = {John Lyle and Salvatore Monteleone and Shamal Faily and Davide Patti and Fabio Ricciato},
    Booktitle = {{Policies for Distributed Systems and Networks (POLICY), 2012 IEEE International Symposium on}},
    Pages = {37--44},
    Publisher = {IEEE},
    Title = {{Cross-plaform access control for mobile web applications}},
    Year = {2012}}
  • [PDF] J. Lyle, S. Faily, I. Fléchais, A. Paul, A. Göker, H. Myrhaug, H. Desruelle, and A. Martin, “On the design and development of webinos: a distributed mobile application middleware,” in Proceedings of the 12th IFIP WG 6.1 International Conference on Distributed Applications and Interoperable Systems, 2012, p. 140–147.
    [Bibtex]
    @inproceedings{lyff12,
    Author = {John Lyle and Shamal Faily and Ivan Fl\'{e}chais and Andre Paul and Ayse G\"{o}ker and Hans Myrhaug and Heiko Desruelle and Andrew Martin},
    Booktitle = {{Proceedings of the 12th IFIP WG 6.1 International Conference on Distributed Applications and Interoperable Systems}},
    Pages = {140--147},
    Publisher = {Springer},
    Title = {{On the design and development of webinos: a distributed mobile application middleware}},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, A. Paul, A. Atzeni, D. Blomme, H. Desruelle, and K. Bangalore, “Requirements Sensemaking using Concept Maps,” in Proceedings of the 4th International Conference on Human-Centered Software Engineering, 2012, p. 217–232.
    [Bibtex]
    @inproceedings{fapa12,
    Author = {Shamal Faily and John Lyle and Andre Paul and Andrea Atzeni and Dieter Blomme and Heiko Desruelle and Krishna Bangalore},
    Booktitle = {{Proceedings of the 4th International Conference on Human-Centered Software Engineering}},
    Pages = {217--232},
    Publisher = {Springer},
    Title = {{Requirements Sensemaking using Concept Maps}},
    Year = {2012}}
  • [PDF] J. Lyle, A. Paverd, J. King-Lacroix, A. Atzeni, H. Virji, I. Fléchais, and S. Faily, “Personal PKI for the smart device era,” in Public Key Infrastructures, Services and Applications (EuroPKI 2012), 2013, p. 69–84.
    [Bibtex]
    @inproceedings{lypa13,
    Author = {John Lyle and Andrew Paverd and Justin King-Lacroix and Andrea Atzeni and Habib Virji and Ivan Fl\'{e}chais and Shamal Faily},
    Booktitle = {{Public Key Infrastructures, Services and Applications (EuroPKI 2012)}},
    Pages = {69--84},
    Publisher = {Springer},
    Title = {{Personal PKI for the smart device era}},
    Year = {2013}}
  • [PDF] J. Lyle, C. Nilsson, A. Isberg, and S. Faily, “Extending the web to support personal network services,” in Proceedings of the 28th ACM Symposium on Applied Computing, 2013, p. 711–716.
    [Bibtex]
    @inproceedings{lnif13,
    Author = {John Lyle and Claes Nilsson and Anders Isberg and Shamal Faily},
    Booktitle = {{Proceedings of the 28th ACM Symposium on Applied Computing}},
    Pages = {711--716},
    Publisher = {ACM},
    Title = {{Extending the web to support personal network services}},
    Year = {2013}}
  • [PDF] S. Faily, L. Coles-Kemp, P. Dunphy, M. Just, Y. Akama, and A. De Luca, “Designing Interactive Secure Systems: CHI 2013 Special Interest Group,” in CHI ’13 Extended Abstracts on Human Factors in Computing Systems, 2013, p. 2469–2472.
    [Bibtex]
    @inproceedings{faco13,
    Author = {Faily, Shamal and Coles-Kemp, Lizzie and Dunphy, Paul and Just, Mike and Akama, Yoko and De Luca, Alexander},
    Booktitle = {{CHI '13 Extended Abstracts on Human Factors in Computing Systems}},
    Pages = {2469--2472},
    Publisher = {ACM},
    Title = {{Designing Interactive Secure Systems: CHI 2013 Special Interest Group}},
    Year = {2013}}
  • [PDF] S. Faily and J. Lyle, “Guidelines for integrating personas into software engineering tools,” in Proceedings of the 5th acm sigchi symposium on engineering interactive computing systems, 2013, p. 69–74.
    [Bibtex]
    @inproceedings{faly131,
    Author = {Shamal Faily and John Lyle},
    Booktitle = {Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems},
    Pages = {69--74},
    Publisher = {ACM},
    Series = {EICS '13},
    Title = {Guidelines for Integrating Personas into Software Engineering Tools},
    Year = {2013}}
  • [PDF] T. Su, J. Lyle, A. Atzeni, S. Faily, H. Virji, C. Ntanos, and C. Botsikas, “Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project,” in Proceedings of the 9th International Haifa Verification Conference, 2013, p. 145–150.
    [Bibtex]
    @inproceedings{sula13,
    Author = {Tao Su and John Lyle and Andrea Atzeni and Shamal Faily and Habib Virji and Christos Ntanos and Christos Botsikas},
    Booktitle = {{Proceedings of the 9th International Haifa Verification Conference}},
    Pages = {145--150},
    Publisher = {Springer},
    Title = {{Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project}},
    Year = {2013}}
  • [PDF] S. Faily, “Engaging Stakeholders in Security Design: An Assumption-Driven Approach,” in Proceedings of the 8th international symposium on human aspects of information security & assurance, 2014, pp. 21-29.
    [Bibtex]
    @inproceedings{fail14,
    Author = {Shamal Faily},
    Booktitle = {Proceedings of the 8th International Symposium on Human Aspects of Information Security \& Assurance},
    Pages = {21-29},
    Publisher = {University of Plymouth},
    Title = {{Engaging Stakeholders in Security Design: An Assumption-Driven Approach}},
    Year = {2014}}
  • [PDF] S. Faily, J. Lyle, I. Fléchais, A. Atzeni, C. Cameroni, H. Myrhaug, A. Göker, and R. Kleinfeld, “Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework,” in Proceedings of the 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky, 2014.
    [Bibtex]
    @inproceedings{falf14,
    Author = {Shamal Faily and John Lyle and Ivan Fl\'{e}chais and Andrea Atzeni and Cesare Cameroni and Hans Myrhaug and Ayse G\"{o}ker and Robert Kleinfeld},
    Booktitle = {{Proceedings of the 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework}},
    Year = {2014}}
  • [PDF] S. Faily and I. Fléchais, “Towards tool-support for Usable Secure Requirements Engineering with CAIRIS,” International journal of secure software engineering, vol. 1, iss. 3, p. 56–70, 2010.
    [Bibtex]
    @article{fafl103,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {International Journal of Secure Software Engineering},
    Month = {July-September},
    Number = {3},
    Organization = {IGI Global},
    Pages = {56--70},
    Title = {{Towards tool-support for Usable Secure Requirements Engineering with CAIRIS}},
    Volume = {1},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Designing and Aligning e-Science Security Culture with Design,” Information management and computer security, vol. 18, iss. 5, p. 339–349, 2010.
    [Bibtex]
    @article{fafl1010,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {Information Management and Computer Security},
    Number = {5},
    Pages = {339--349},
    Title = {{Designing and Aligning e-Science Security Culture with Design}},
    Volume = {18},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework,” International journal of secure software engineering, vol. 2, iss. 4, p. 114–119, 2011.
    [Bibtex]
    @article{fafl114,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {International Journal of Secure Software Engineering},
    Number = {4},
    Pages = {114--119},
    Title = {{Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework}},
    Volume = {2},
    Year = {2011}}
  • A. Atzeni, J. Lyle, and S. Faily, “Developing secure, unified multi-device and multi-domain platforms: a case study from the webinos project,” in Architectures and protocols for secure information technology, IGI Global, 2013, p. 310–333.
    [Bibtex]
    @incollection{atlf13,
    Author = {Andrea Atzeni and John Lyle and Shamal Faily},
    Booktitle = {Architectures and Protocols for Secure Information Technology},
    Pages = {310--333},
    Publisher = {IGI Global},
    Title = {Developing secure, unified multi-device and multi-domain platforms: A case study from the webinos project},
    Year = {2013}}
  • [PDF] S. Faily, I. Fléchais, and L. Coles-Kemp, Proceedings of Designing Interactive Secure Systems: Workshop at British HCI 2012 (DISS ’12), British Computer Society, 2012.
    [Bibtex]
    @book{fafc12,
    Author = {Shamal Faily and Ivan Fl\'{e}chais and Lizzie Coles-Kemp},
    Howpublished = {\url{http://ewic.bcs.org/content/ConWebDoc/48809}},
    Publisher = {British Computer Society},
    Title = {{Proceedings of Designing Interactive Secure Systems: Workshop at British HCI 2012 (DISS '12)}},
    Year = {2012}}
  • K. Beckers, S. Faily, S. Lee, and N. Mead, Proceedings of the 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE ’14), IEEE, 2014.
    [Bibtex]
    @book{bflm14,
    Author = {Kristan Beckers and Shamal Faily and Seok-Won Lee and Nancy Mead},
    Publisher = {IEEE},
    Title = {{Proceedings of the 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE '14)}},
    Year = {2014}}