@article{fafl12, title = "Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework", author = "Shamal Faily and Ivan Flechais", year = "2011", journal = "International Journal of Secure Software Engineering", number = "4", organization = "IGI Global", pages = "1--18", volume = "2", } @inproceedings{faflre11, title = "Eliciting Usable Security Requirements with Misusability Cases", author = "Shamal Faily and Ivan Flechais", year = "2011", booktitle = "Proceedings of the 19th IEEE International Requirements Engineering Conference", note = "Pre-print available at http://www.cs.ox.ac.uk/files/4125/PID1921187.pdf", pages = "339--340", publisher = "IEEE Computer Society", doi = "10.1109/RE.2011.6051665", } @inproceedings{atfasecse2011, title = "Here's Johnny: a Methodology for Developing Attacker Personas", author = "Andrea Atzeni and Shamal Faily and John Lyle and Cesare Cameroni and Ivan Flechais", year = "2011", booktitle = "Proceedings of the 6th International Conference on Availability, Reliability and Security", pages = "722--727", } @inproceedings{faflsecse2011, title = "User-Centered Information Security Policy Development in a Post-Stuxnet World", author = "Shamal Faily and Ivan Flechais", year = "2011", booktitle = "Proceedings of the 6th International Conference on Availability, Reliability and Security", pages = "716--721", } @inproceedings{fafl1101, title = "Persona Cases: A Technique for grounding Personas", author = "Shamal Faily and Ivan Flechais", year = "2011", address = "Vancouver, BC, Canada", booktitle = "CHI '11: Proceedings of the 29th International conference on Human factors in computing systems", location = "Vancouver, BC, Canada", pages = "2267-2270", publisher = "ACM", } @inproceedings{faflacsac2010, title = "Security through Usability: a user-centered approach for balanced security policy requirements", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Poster at: Annual Computer Security Applications Conference", location = "Austin TX, USA", } @inproceedings{flfa101, title = "Security and Usability: Searching for the philosopher's stone", author = "Ivan Flechais and Shamal Faily", year = "2010", booktitle = "Workshop on the development of EuroSOUPS (European Symposium on Usable Privacy and Security)", location = "Northumbria University, Newcastle, UK", } @inproceedings{fafl101, title = "Analysing and Visualising Security and Usability in IRIS", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Availability, Reliability and Security, 2010. ARES 10. Fifth International Conference on", month = "Feb", doi = "10.1109/ARES.2010.28", } @article{fafl106, title = "Towards tool-support for Usable Secure Requirements Engineering with CAIRIS", author = "Shamal Faily and Ivan Flechais", year = "2010", journal = "International Journal of Secure Software Engineering", number = "3", organization = "IGI Global", pages = "56--70", volume = "1", doi = "10.4018/ijsse.2010070104", } @inproceedings{fafl103, title = "A Meta-Model for Usable Secure Requirements Engineering", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Software Engineering for Secure Systems, 2010. SESS '10. ICSE Workshop on", month = "May", pages = "29--35", doi = "10.1145/1809100.1809105", } @inproceedings{fafl105, title = "Improving Secure Systems Design with Security Culture", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Poster at: Human Factors in Information Security", location = "London", month = "Feb", } @inproceedings{fafl106, title = "Barry is not the weakest link: Eliciting Secure System Requirements with Personas", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Proceedings of the 24th British HCI Group Annual Conference on People and Computers: Play is a Serious Business", pages = "113--120", publisher = "British Computer Society", series = "BCS-HCI '10", } @inproceedings{faflhcse, title = "The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "HCSE'2010: Proceedings of the 3rd Conference on Human-Centered Software Engineering", pages = "111--118", publisher = "Springer", } @article{failyimcs10, title = "Designing and Aligning e-Science Security Culture with Design", author = "Shamal Faily and Ivan Flechais", year = "2010", journal = "Information Management & Computer Security", number = "5", volume = "18", } @inproceedings{faflnspw10, title = "To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design", author = "Shamal Faily and Ivan Flechais", year = "2010", address = "New York, NY, USA", booktitle = "NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop", location = "Concord, Massachusetts, USA", pages = "73--84", publisher = "ACM", } @inproceedings{fafl10haisa, title = "A Model of Security Culture for e-Science", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Proceedings of the South African Information Security Multi-Conference (SAISMC 2010)", editor = "Nathan Clarke and Steven Furnell and Rossouw von Solms", location = "Port Elizabeth, South Africa", pages = "154--164", publisher = "University of Plymouth", } @inproceedings{kainda2010c, title = "Two Heads are Better Than One: Security and Usability of Device Associations in Group Scenarios", author = "Ronald Kainda, Ivan Flechais, A. W. Roscoe", year = "2010", booktitle = "Proceedings of the 2010 Symposium on Usable Privacy and Security (SOUPS 2010)", location = "Redmond, WA", } @inproceedings{kainda2010b, title = "Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions", author = "Ronald Kainda and Ivan Flechais and A.W Roscoe", year = "2010", journal = "Information Security Theory and Practice. Security and Privacy of Pervasive Systems and Smart Devices", } @inproceedings{kainda2010, title = "Security and Usability: Analysis and Evaluation", author = "Ronald Kainda, Ivan Flechais, A. W. Roscoe", year = "2010", journal = "Availability, Reliability and Security, 2010. ARES 10. Fifth International Conference on", } @inproceedings{3123, title = "Secure Mobile Ad-hoc Interactions: Reasoning About Out-Of-Band (OOB) Channels", author = "Ronald Kainda, Ivan Flechais, A. W. Roscoe", year = "2010", booktitle = "Proceedings of IWSSI 2010, Second International Workshop on Security for Spontaneous Interaction, The Eighth International Conference on Pervasive Computing (Pervasive 2010)", location = "Helsinki, Finland", } @inproceedings{faily091, title = "Context-Sensitive Requirements and Risk Management with IRIS", author = "Shamal Faily and Ivan Flechais", year = "2009", booktitle = "International Requirements Engineering, 2009. RE'09. 17th IEEE", month = "Aug", organization = "IEEE", doi = "10.1109/RE.2009.54", } @inproceedings{kainda2009, title = "Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols", author = "Ronald Kainda, Ivan Flechais, A. W. Roscoe", year = "2009", booktitle = "SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security", location = "Mountain View, CA", } @inproceedings{Flechais*2007:Stakeholder, title = "Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science", author = "I. Flechais and M. A. Sasse", year = "2009", issn = "1071-5819", journal = "International Journal of Human Computer Studies", number = "4", pages = "281-296", url = "http://www.sciencedirect.com/science/article/B6WGR-4PV94FB-2/2/81f2861921dabe354e4c684f6202429d", volume = "67", doi = "10.1016/j.ijhcs.2007.10.002", } @inproceedings{failyahm08, title = "Making the invisible visible: a theory of security culture for secure and usable grids", author = "Shamal Faily and Ivan Flechais", year = "2008", booktitle = "UK e-Science All Hands Conference 2008, Edinburgh, UK (Oral Presentation)", } @article{ktnwhitepaper, title = "Human Vulnerabilities in Security Systems", author = "M. Angela Sasse, Debi Ashenden, Darren Lawrence, Lizzie Coles-Kemp, Ivan Flechais, Paul Kearney", year = "2007", journal = "Human Factors Working Group White Paper, Cyber Security KTN Human Factors White Paper", url = "http://www.ktn.qinetiq-tim.net/content/files/groups/humanvuln/HFWGWhitePaperfinal.pdf", } @inproceedings{Flechais*2006:Integrating, title = "Integrating Security and Usability into the Requirements and Design Process", author = "I. Flechais and C. Mascolo and M. A. Sasse", year = "2006", booktitle = "Second International Conference on Global E-Security", url = "http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/icges.pdf", } @incollection{Sasse&Flechais2005:Usable, title = "Usable Security: What Is It? How Do We Get It?", author = "M. A. Sasse and I. Flechais", year = "2005", booktitle = "Security and Usability: Designing Secure Systems that People can Use", editor = "Lorrie Faith Cranor and Simson Garfinkel", publisher = "O'Reilly Books", } @inproceedings{Flechais*2005:Divide, title = "Divide and Conquer: The Role of Trust and Assurance in the Design of Secure Socio-Technical Systems", author = "I. Flechais and J. Riegelsberger and M. A. Sasse", year = "2005", booktitle = "New Security Paradigms Workshop", url = "http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/nspw2005.pdf", } @phdthesis{Flechais2005:Building, title = "Designing Secure and Usable Systems", author = "I. Flechais", year = "2005", school = "University College, London", url = "http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/thesis.pdf", } @inproceedings{Flechais*2003:Bringing, title = "Bringing Security Home: A Process for Developing Secure and Usable Systems", author = "I. Flechais and M. A. Sasse and S. M. V. Hailes", year = "2003", booktitle = "ACM/SIGSAC New Security Paradigms Workshop", url = "http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/nspw2003.pdf", } @inproceedings{Flechais&Sasse2003:Developing, title = "Developing Secure and Usable Software", author = "I. Flechais and M. A. Sasse", booktitle = "OT2003", url = "http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/ot2003.pdf", }