University of Oxford Logo University of OxfordDepartment of Computer Science - Home

Ivan Flechais : Publications

By dateBy titleBy typeBibtex

Journal papers

[1]

Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework

Shamal Faily and Ivan Flechais

In International Journal of Secure Software Engineering. Vol. 2. No. 4. Pages 1–18. 2011.

[2]

Towards tool−support for Usable Secure Requirements Engineering with CAIRIS

Shamal Faily and Ivan Flechais

In International Journal of Secure Software Engineering. Vol. 1. No. 3. Pages 56–70. 2010.

[3]

Designing and Aligning e−Science Security Culture with Design

Shamal Faily and Ivan Flechais

In Information Management & Computer Security. Vol. 18. No. 5. 2010.

[4]

Human Vulnerabilities in Security Systems

Paul Kearney M. Angela Sasse Debi Ashenden Darren Lawrence Lizzie Coles−Kemp Ivan Flechais

In Human Factors Working Group White Paper‚ Cyber Security KTN Human Factors White Paper. 2007.

Conference papers

[1]

Policies in Context: Factors Influencing the Elicitation and Categorisation of Context−Sensitive Security Policies

Shamal Faily‚ John Lyle‚ Ivan Flechais‚ Andrea Atzeni‚ Cesare Cameroni‚ Hans Myrhaug‚ Ayse Goker and Robert Kleinfeld

In Proceedings of the Workshop on Home Usable Privacy and Security. 2013.

[2]

Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)

Shamal Faily‚ David Power‚ Philip Armstrong and Ivan Flechais

In Trust and Trustworthy Computing‚ 6th International Conference‚ TRUST 2013. 2013.

To Appear

[3]

Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS

Shamal Faily and Ivan Flechais

In Proceedings of BCS HCI 2012 Workshops: Designing Interactive Secure Systems. Pages 3:1–3:4. 2012.

[4]

Personal PKI for the smart device era

John Lyle‚ Andrew Paverd‚ Justin King−Lacroix‚ Andrea Atzeni‚ Habib Virji‚ Ivan Flechais and Shamal Faily

In 9th European PKI Workshop: Research and Applications. 2012.

[5]

On the design and development of webinos: a distributed mobile application middleware

John Lyle‚ Shamal Faily‚ Ivan Flechais‚ Andre Paul‚ Ayse Goker‚ Hans Myrhaug‚ Heiko Desruelle and Andrew Martin

In Proceedings of the 12th IFIP WG 6.1 international conference on Distributed applications and interoperable systems. Pages 140–147. 2012.

[6]

Eliciting Usable Security Requirements with Misusability Cases

Shamal Faily and Ivan Flechais

In Proceedings of the 19th IEEE International Requirements Engineering Conference. Pages 339–340. IEEE Computer Society. 2011.

Pre−print available at http://www.cs.ox.ac.uk/files/4125/PID1921187.pdf

[7]

Here's Johnny: a Methodology for Developing Attacker Personas

Andrea Atzeni‚ Shamal Faily‚ John Lyle‚ Cesare Cameroni and Ivan Flechais

In Proceedings of the 6th International Conference on Availability‚ Reliability and Security. Pages 722–727. 2011.

[8]

User−Centered Information Security Policy Development in a Post−Stuxnet World

Shamal Faily and Ivan Flechais

In Proceedings of the 6th International Conference on Availability‚ Reliability and Security. Pages 716–721. 2011.

[9]

Persona Cases: A Technique for grounding Personas

Shamal Faily and Ivan Flechais

In CHI '11: Proceedings of the 29th International conference on Human factors in computing systems. Pages 2267−2270. Vancouver‚ BC‚ Canada. 2011. ACM.

[10]

Security through Usability: a user−centered approach for balanced security policy requirements

Shamal Faily and Ivan Flechais

In Poster at: Annual Computer Security Applications Conference. 2010.

[11]

Security and Usability: Searching for the philosopher's stone

Ivan Flechais and Shamal Faily

In Workshop on the development of EuroSOUPS (European Symposium on Usable Privacy and Security). 2010.

[12]

Analysing and Visualising Security and Usability in IRIS

Shamal Faily and Ivan Flechais

In Availability‚ Reliability and Security‚ 2010. ARES 10. Fifth International Conference on. February, 2010.

[13]

Context−Sensitive Requirements and Risk Management with IRIS

Shamal Faily and Ivan Flechais

In International Requirements Engineering‚ 2009. RE'09. 17th IEEE. IEEE. August, 2009.

[14]

Making the invisible visible: a theory of security culture for secure and usable grids

Shamal Faily and Ivan Flechais

In UK e−Science All Hands Conference 2008‚ Edinburgh‚ UK (Oral Presentation). 2008.

[15]

A Meta−Model for Usable Secure Requirements Engineering

Shamal Faily and Ivan Flechais

In Software Engineering for Secure Systems‚ 2010. SESS '10. ICSE Workshop on. Pages 29–35. May, 2010.

[16]

Improving Secure Systems Design with Security Culture

Shamal Faily and Ivan Flechais

In Poster at: Human Factors in Information Security. February, 2010.

[17]

Barry is not the weakest link: Eliciting Secure System Requirements with Personas

Shamal Faily and Ivan Flechais

In Proceedings of the 24th British HCI Group Annual Conference on People and Computers: Play is a Serious Business. Pages 113–120. British Computer Society. 2010.

[18]

The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design

Shamal Faily and Ivan Flechais

In HCSE'2010: Proceedings of the 3rd Conference on Human−Centered Software Engineering. Pages 111–118. Springer. 2010.

[19]

To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design

Shamal Faily and Ivan Flechais

In NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop. Pages 73–84. New York‚ NY‚ USA. 2010. ACM.

[20]

A Model of Security Culture for e−Science

Shamal Faily and Ivan Flechais

In Nathan Clarke‚ Steven Furnell and Rossouw von Solms, editors, Proceedings of the South African Information Security Multi−Conference (SAISMC 2010). Pages 154–164. University of Plymouth. 2010.

[21]

Two Heads are Better Than One: Security and Usability of Device Associations in Group Scenarios

A. W. Roscoe Ronald Kainda Ivan Flechais

In Proceedings of the 2010 Symposium on Usable Privacy and Security (SOUPS 2010). 2010.

[22]

Secure and Usable Out−Of−Band Channels for Ad hoc Mobile Device Interactions

Ronald Kainda‚ Ivan Flechais and A.W Roscoe

2010.

[23]

Security and Usability: Analysis and Evaluation

A. W. Roscoe Ronald Kainda Ivan Flechais

2010.

[24]

Secure Mobile Ad−hoc Interactions: Reasoning About Out−Of−Band (OOB) Channels

A. W. Roscoe Ronald Kainda Ivan Flechais

In Proceedings of IWSSI 2010‚ Second International Workshop on Security for Spontaneous Interaction‚ The Eighth International Conference on Pervasive Computing (Pervasive 2010). 2010.

[25]

Usability and Security of Out−Of−Band Channels in Secure Device Pairing Protocols

A. W. Roscoe Ronald Kainda Ivan Flechais

In SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security. 2009.

[26]

Stakeholder involvement‚ motivation‚ responsibility‚ communication: How to design usable security in e−Science

I. Flechais and M. A. Sasse

Vol. 67. No. 4. Pages 281−296. 2009.

[27]

Bringing Security Home: A Process for Developing Secure and Usable Systems

I. Flechais‚ M. A. Sasse and S. M. V. Hailes

In ACM/SIGSAC New Security Paradigms Workshop. 2003.

[28]

Developing Secure and Usable Software

I. Flechais and M. A. Sasse

In OT2003.

[29]

Divide and Conquer: The Role of Trust and Assurance in the Design of Secure Socio−Technical Systems

I. Flechais‚ J. Riegelsberger and M. A. Sasse

In New Security Paradigms Workshop. 2005.

[30]

Integrating Security and Usability into the Requirements and Design Process

I. Flechais‚ C. Mascolo and M. A. Sasse

In Second International Conference on Global E−Security. 2006.

Theses

[1]

Designing Secure and Usable Systems

I. Flechais

PhD Thesis University College‚ London. 2005.

Miscellaneous

[1]

Usable Security: What Is It? How Do We Get It?

M. A. Sasse and I. Flechais

In Lorrie Faith Cranor and Simson Garfinkel, editors, Security and Usability: Designing Secure Systems that People can Use. O'Reilly Books. 2005.