@inproceedings{fahup13, title = "Policies in Context: Factors Influencing the Elicitation and Categorisation of Context-Sensitive Security Policies", author = "Shamal Faily and John Lyle and Ivan Flechais and Andrea Atzeni and Cesare Cameroni and Hans Myrhaug and Ayse Goker and Robert Kleinfeld", year = "2013", booktitle = "Proceedings of the Workshop on Home Usable Privacy and Security", } @inproceedings{fapat13, title = "Security Patterns Considered Harmful?", author = "Shamal Faily", year = "2013", booktitle = "Proceedings of The Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns", note = "To Appear", } @inproceedings{falyew, title = "Guidelines for Integrating Personas into Software Engineering Tools", author = "Shamal Faily and John Lyle", year = "2013", booktitle = "Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems", pages = "69--74", series = "EICS '13", } @inproceedings{fapotrust, title = "Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)", author = "Shamal Faily and David Power and Philip Armstrong and Ivan Flechais", year = "2013", booktitle = "Trust and Trustworthy Computing, 6th International Conference, TRUST 2013", note = "To Appear", } @inbook{atlf13, title = "Developing secure, unified multi-device and multi-domain platforms: A case study from the webinos project", author = "Andrea Atzeni and John Lyle and Shamal Faily", year = "2013", booktitle = "Architectures and Protocols for Secure Information Technology", note = "To Appear", publisher = "IGI Global", } @inproceedings{faco13, title = "Designing Interactive Secure Systems: CHI 2013 Special Interest Group", author = "Shamal Faily and Lizzie Coles-Kemp and Paul Dunphy and Mike Just and Yoko Akama and Alexander De Luca", year = "2013", booktitle = "CHI '13 Extended Abstracts on Human Factors in Computing Systems", note = "To Appear", publisher = "ACM", series = "CHI EA '13", } @inproceedings{sac13-extending-web, title = "Extending the web to support personal network services", author = "John Lyle and Shamal Faily and Claes Nilsson and Anders Isberg", year = "2013", booktitle = "(To appear) In the Proceedings of the 28th ACM Symposium On Applied Computing (SAC '13)", } @inproceedings{failymdsec2012, title = "Model-driven architectural risk analysis using architectural and contextualised attack patterns", author = "Shamal Faily and John Lyle and Cornelius Namiluko and Andrea Atzeni and Cesare Cameroni", year = "2012", booktitle = "Proceedings of the Workshop on Model-Driven Security", pages = "3:1--3:6", publisher = "ACM", } @inproceedings{falyhcse12, title = "Requirements Sensemaking using Concept Maps", author = "Shamal Faily and John Lyle and Andre Paul and Andrea Atzeni and Dieter Blomme and Heiko Desruelle and Krishna Bangalore", year = "2012", booktitle = "HCSE'2012: Proceedings of the 4th International Conference on Human-Centered Software Engineering", pages = "217--232", publisher = "Springer", } @inproceedings{fafldiss2012, title = "Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS", author = "Shamal Faily and Ivan Flechais", year = "2012", booktitle = "Proceedings of BCS HCI 2012 Workshops: Designing Interactive Secure Systems", pages = "3:1--3:4", } @inproceedings{falpdiss2012, title = "Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems", author = "Shamal Faily and John Lyle and Simon Parkin", year = "2012", booktitle = "Proceedings of BCS HCI 2012 Workshops: Designing Interactive Secure Systems", pages = "5:1--5:4", } @inproceedings{lypaepki12, title = "Personal PKI for the smart device era", author = "John Lyle and Andrew Paverd and Justin King-Lacroix and Andrea Atzeni and Habib Virji and Ivan Flechais and Shamal Faily", year = "2012", booktitle = "9th European PKI Workshop: Research and Applications", } @incollection{falp12, title = "Tool-support Premortems with Attack and Security Patterns", author = "Shamal Faily and John Lyle and Simon Parkin", year = "2012", booktitle = "First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns", pages = "10--11", } @inproceedings{lyfadais12, title = "On the design and development of webinos: a distributed mobile application middleware", author = "John Lyle and Shamal Faily and Ivan Flechais and Andre Paul and Ayse Goker and Hans Myrhaug and Heiko Desruelle and Andrew Martin", year = "2012", booktitle = "Proceedings of the 12th IFIP WG 6.1 international conference on Distributed applications and interoperable systems", pages = "140--147", series = "DAIS' 12", } @inproceedings{lymo12, title = "Cross-platform access control for mobile web applications", author = "John Lyle and Salvatore Monteleone and Shamal Faily and Davide Patti and Fabio Ricciato", year = "2012", booktitle = "Policies for Distributed Systems and Networks (POLICY), 2012 IEEE International Symposium on", pages = "37--44", } @inproceedings{lyfa12, title = "The webinos project", author = "Christian Fuhrhop and John Lyle and Shamal Faily", year = "2012", booktitle = "Proceedings of the 21st international conference companion on World Wide Web", location = "Lyon, France", pages = "259--262", publisher = "ACM", series = "WWW '12 Companion", } @inproceedings{failydefam2012, title = "Analysing Chindogu: Applying Defamiliarisation to Security Design", author = "Shamal Faily", year = "2012", booktitle = "CHI 2012 Workshop on Defamiliarisation in Innovation and Usability", } @article{fafl12, title = "Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework", author = "Shamal Faily and Ivan Flechais", year = "2011", journal = "International Journal of Secure Software Engineering", number = "4", organization = "IGI Global", pages = "1--18", volume = "2", } @inproceedings{fswec11-webinos, title = "“Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices", author = "George Gionis and Heiko Desruelle and Dieter Blomme and John Lyle and Shamal Faily and Louay Bassbouss", year = "2011", booktitle = "W3C/PrimeLife Federated Social Web Europe Conference 2011", month = "June", url = "http://d-cent.org/fsw2011/wp-content/uploads/fsw2011-A-Federated-Context-Model-for-Describing-Social-Activity-Across-Devices.pdf", } @inproceedings{failyistar11, title = "Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases", author = "Shamal Faily", year = "2011", booktitle = "Proceedings of the 5th International i* Workshop", pages = "114--119", } @phdthesis{failythesis, title = "A framework for usable and secure system design", author = "Shamal Faily", year = "2011", school = "University of Oxford", } @inproceedings{faflre11, title = "Eliciting Usable Security Requirements with Misusability Cases", author = "Shamal Faily and Ivan Flechais", year = "2011", booktitle = "Proceedings of the 19th IEEE International Requirements Engineering Conference", note = "Pre-print available at http://www.cs.ox.ac.uk/files/4125/PID1921187.pdf", pages = "339--340", publisher = "IEEE Computer Society", doi = "10.1109/RE.2011.6051665", } @inproceedings{atfasecse2011, title = "Here's Johnny: a Methodology for Developing Attacker Personas", author = "Andrea Atzeni and Shamal Faily and John Lyle and Cesare Cameroni and Ivan Flechais", year = "2011", booktitle = "Proceedings of the 6th International Conference on Availability, Reliability and Security", pages = "722--727", } @inproceedings{faflsecse2011, title = "User-Centered Information Security Policy Development in a Post-Stuxnet World", author = "Shamal Faily and Ivan Flechais", year = "2011", booktitle = "Proceedings of the 6th International Conference on Availability, Reliability and Security", pages = "716--721", } @inproceedings{faflchiw11, title = "Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism", author = "Shamal Faily", year = "2011", booktitle = "CHI Workshop on HCI, Politics and the City: Engaging with Urban Grassroots Movements for Reflection and Action", } @inproceedings{failysausage2011, title = "Two Requirements for Usable and Secure Software Engineering", author = "Shamal Faily", year = "2011", booktitle = "1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop", location = "National Institute of Standards and Technology (NIST), Gaithersburg MD, USA", } @inproceedings{fafl1101, title = "Persona Cases: A Technique for grounding Personas", author = "Shamal Faily and Ivan Flechais", year = "2011", address = "Vancouver, BC, Canada", booktitle = "CHI '11: Proceedings of the 29th International conference on Human factors in computing systems", location = "Vancouver, BC, Canada", pages = "2267-2270", publisher = "ACM", } @inproceedings{faflacsac2010, title = "Security through Usability: a user-centered approach for balanced security policy requirements", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Poster at: Annual Computer Security Applications Conference", location = "Austin TX, USA", } @inproceedings{flfa101, title = "Security and Usability: Searching for the philosopher's stone", author = "Ivan Flechais and Shamal Faily", year = "2010", booktitle = "Workshop on the development of EuroSOUPS (European Symposium on Usable Privacy and Security)", location = "Northumbria University, Newcastle, UK", } @article{failyimcs10, title = "Designing and Aligning e-Science Security Culture with Design", author = "Shamal Faily and Ivan Flechais", year = "2010", journal = "Information Management & Computer Security", number = "5", volume = "18", } @inproceedings{faflhcse, title = "The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "HCSE'2010: Proceedings of the 3rd Conference on Human-Centered Software Engineering", pages = "111--118", publisher = "Springer", } @inproceedings{faflnspw10, title = "To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design", author = "Shamal Faily and Ivan Flechais", year = "2010", address = "New York, NY, USA", booktitle = "NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop", location = "Concord, Massachusetts, USA", pages = "73--84", publisher = "ACM", } @inproceedings{fafl106, title = "Barry is not the weakest link: Eliciting Secure System Requirements with Personas", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Proceedings of the 24th British HCI Group Annual Conference on People and Computers: Play is a Serious Business", pages = "113--120", publisher = "British Computer Society", series = "BCS-HCI '10", } @inproceedings{fafl10haisa, title = "A Model of Security Culture for e-Science", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Proceedings of the South African Information Security Multi-Conference (SAISMC 2010)", editor = "Nathan Clarke and Steven Furnell and Rossouw von Solms", location = "Port Elizabeth, South Africa", pages = "154--164", publisher = "University of Plymouth", } @article{fafl106, title = "Towards tool-support for Usable Secure Requirements Engineering with CAIRIS", author = "Shamal Faily and Ivan Flechais", year = "2010", journal = "International Journal of Secure Software Engineering", number = "3", organization = "IGI Global", pages = "56--70", volume = "1", doi = "10.4018/ijsse.2010070104", } @inproceedings{fafl105, title = "Improving Secure Systems Design with Security Culture", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Poster at: Human Factors in Information Security", location = "London", month = "Feb", } @inproceedings{fafl103, title = "A Meta-Model for Usable Secure Requirements Engineering", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Software Engineering for Secure Systems, 2010. SESS '10. ICSE Workshop on", month = "May", pages = "29--35", doi = "10.1145/1809100.1809105", } @inproceedings{fafl101, title = "Analysing and Visualising Security and Usability in IRIS", author = "Shamal Faily and Ivan Flechais", year = "2010", booktitle = "Availability, Reliability and Security, 2010. ARES 10. Fifth International Conference on", month = "Feb", doi = "10.1109/ARES.2010.28", } @inproceedings{failydocsym09, title = "Context-Sensitive Requirements and Risk Analysis", author = "Shamal Faily", year = "2009", booktitle = "Requirements Engineering Doctoral Symposium", } @unpublished{failyrom09, title = "Context Matters: designing security for contexts of use", author = "Shamal Faily", year = "2009", booktitle = "Romulus 2009", } @inproceedings{faily091, title = "Context-Sensitive Requirements and Risk Management with IRIS", author = "Shamal Faily and Ivan Flechais", year = "2009", booktitle = "International Requirements Engineering, 2009. RE'09. 17th IEEE", month = "Aug", organization = "IEEE", doi = "10.1109/RE.2009.54", } @techreport{RR-08-10, title = "PROCEEDINGS OF THE OXFORD UNIVERSITY COMPUTING LABORATORY STUDENT CONFERENCE 2008", author = "Programme Co-Chairs: Shamal Faily and Stanislav \v{Z}ivn\'y Conference Co-Chairs: Christo Fogelberg and Andras Salamon and Max Schafer", year = "2008", institution = "OUCL", month = "October", number = "RR-08-10", pages = "33", } @inproceedings{failyahm08, title = "Making the invisible visible: a theory of security culture for secure and usable grids", author = "Shamal Faily and Ivan Flechais", year = "2008", booktitle = "UK e-Science All Hands Conference 2008, Edinburgh, UK (Oral Presentation)", } @inproceedings{fail08, title = "Towards Requirements Engineering Practice for Professional End User Developers: A Case Study", author = "Shamal Faily", year = "2008", booktitle = "Requirements Engineering Education and Training, 2008. REET '08", location = "Barcelona, Spain", month = "September", pages = "38-44", publisher = "IEEE", doi = "10.1109/REET.2008.8", } @inproceedings{failyesaw07, title = "Living with Flight Dynamics : Proposals and Possible Pitfalls for Harmonising Flight Dynamics Systems with EGOS", author = "Shamal Faily", year = "2007", booktitle = "European Ground System Architecture Workshop (ESAW) 2007, ESOC, Darmstadt, Germany (Oral Presentation)", }