Both businesses and individuals have very real needs for secure computer systems that can protect valuable assets from loss, misuse and general undesirable events. Faced with this reality, it has become apparent that the state of the art of security, and more specifically the process of designing and building secure systems is complex, expensive, time-consuming and frequently does not take into account the real-world needs of flexibility, usability, functionality, etc.
One consequence of this is that developers are struggling to deal with the complexity of designing securely. This is visible in many projects where different requirements such as functionality, usability, efficiency, simplicity, etc. all compete with each other and with security. In order to address this, the design methodology AEGIS was developed as a means of fostering an approachable, cost-effective design rationale, aimed at supporting developers in making informed decisions about technical security and its usability.
My current research interests revolve around continuing to improve AEGIS and gaining a better understanding of the socio-organisational factors of secure systems, particularly with a view to designing with these in mind.
I have dual french-british nationality, and was educated in France until I came to university. I studied for a BSc and a PhD in Computer Science at University College London. I am now working as a Research Lecturer in the area of security for the Software Engineering Programme at Oxford.
Policies in Context: Factors Influencing the Elicitation and Categorisation of Context−Sensitive Security Policies
Shamal Faily‚ John Lyle‚ Ivan Flechais‚ Andrea Atzeni‚ Cesare Cameroni‚ Hans Myrhaug‚ Ayse Goker and Robert Kleinfeld
In Proceedings of the Workshop on Home Usable Privacy and Security. 2013.
Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)
Shamal Faily‚ David Power‚ Philip Armstrong and Ivan Flechais
In Trust and Trustworthy Computing‚ 6th International Conference‚ TRUST 2013. 2013.
Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS
Shamal Faily and Ivan Flechais
In Proceedings of BCS HCI 2012 Workshops: Designing Interactive Secure Systems. Pages 3:1–3:4. 2012.