Publications

Automatic verification of Finite Variant Property beyond convergent equational theories

Vincent Cheval and Caroline Fontaine

In 38th IEEE Computer Security Foundations Symposium‚ CSF 2023‚ June 16−20 2025. Santa Cruz‚ CA‚ USA. 2025.

Details about Automatic verification of Finite Variant Property beyond convergent equational theories | BibTeX data for Automatic verification of Finite Variant Property beyond convergent equational theories | Link to Automatic verification of Finite Variant Property beyond convergent equational theories

Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer−to−Peer Networks

Angeliki Aktypi and Kasper Rasmussen

In Proceedings of the 32nd Annual Network and Distributed System Security Symposium (NDSS '25). February, 2025.

Details about Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer−to−Peer Networks | BibTeX data for Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer−to−Peer Networks | Download  (pdf) of Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer−to−Peer Networks | DOI (10.14722/ndss.2025.240392)

DeepSec: Deciding Equivalence Properties for Security Protocols − Improved theory and practice

Vincent Cheval‚ Steve Kremer and Itsaka Rakotonirina

In TheoretiCS. Vol. 3. 2024.

Details about DeepSec: Deciding Equivalence Properties for Security Protocols − Improved theory and practice | BibTeX data for DeepSec: Deciding Equivalence Properties for Security Protocols − Improved theory and practice | DOI (10.46298/THEORETICS.24.4) | Link to DeepSec: Deciding Equivalence Properties for Security Protocols − Improved theory and practice

Symbolic protocol verification with dice

Vincent Cheval‚ Raphaëlle Crubillé and Steve Kremer

In J. Comput. Secur.. Vol. 31. No. 5. Pages 501–538. 2023.

Details about Symbolic protocol verification with dice | BibTeX data for Symbolic protocol verification with dice | DOI (10.3233/JCS-230037) | Download (pdf) of Symbolic protocol verification with dice

Election Verifiability with ProVerif

Vincent Cheval‚ Véronique Cortier and Alexandre Debant

In 36th IEEE Computer Security Foundations Symposium‚ CSF 2023‚ Dubrovnik‚ Croatia‚ July 10−14‚ 2023. Pages 43–58. IEEE. 2023.

Details about Election Verifiability with ProVerif | BibTeX data for Election Verifiability with ProVerif | DOI (10.1109/CSF57540.2023.00032) | Download (pdf) of Election Verifiability with ProVerif

Automatic verification of transparency protocols

Vincent Cheval‚ José Moreira and Mark Ryan

In 8th IEEE European Symposium on Security and Privacy‚ EuroS&P 2023‚ Delft‚ Netherlands‚ July 3−7‚ 2023. Pages 107–121. IEEE. 2023.

Details about Automatic verification of transparency protocols | BibTeX data for Automatic verification of transparency protocols | DOI (10.1109/EUROSP57164.2023.00016) | Download (pdf) of Automatic verification of transparency protocols

Indistinguishability Beyond Diff−Equivalence in ProVerif

Vincent Cheval and Itsaka Rakotonirina

In 36th IEEE Computer Security Foundations Symposium‚ CSF 2023‚ Dubrovnik‚ Croatia‚ July 10−14‚ 2023. Pages 184–199. IEEE. 2023.

Distinguished paper award

Details about Indistinguishability Beyond Diff−Equivalence in ProVerif | BibTeX data for Indistinguishability Beyond Diff−Equivalence in ProVerif | DOI (10.1109/CSF57540.2023.00036) | Download (pdf) of Indistinguishability Beyond Diff−Equivalence in ProVerif

Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses

Vincent Cheval‚ Cas Cremers‚ Alexander Dax‚ Lucca Hirschi‚ Charlie Jacomme and Steve Kremer

In Joseph A. Calandrino and Carmela Troncoso, editors, 32nd USENIX Security Symposium‚ USENIX Security 2023‚ Anaheim‚ CA‚ USA‚ August 9−11‚ 2023. Pages 5899–5916. USENIX Association. 2023.

Distinguish Paper Award

Details about Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses | BibTeX data for Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses | Download (pdf) of Hash Gone Bad: Automated discovery of protocol attacks that exploit hash function weaknesses

SAPIC+: protocol verifiers of the world‚ unite!

Vincent Cheval‚ Charlie Jacomme‚ Steve Kremer and Robert Künnemann

In Kevin R. B. Butler and Kurt Thomas, editors, 31st USENIX Security Symposium‚ USENIX Security 2022‚ Boston‚ MA‚ USA‚ August 10−12‚ 2022. Pages 3935–3952. USENIX Association. 2022.

Details about SAPIC+: protocol verifiers of the world‚ unite! | BibTeX data for SAPIC+: protocol verifiers of the world‚ unite! | Link to SAPIC+: protocol verifiers of the world‚ unite!

Symbolic protocol verification with dice: process equivalences in the presence of probabilities

Vincent Cheval‚ Raphaëlle Crubillé and Steve Kremer

In 35th IEEE Computer Security Foundations Symposium‚ CSF 2022‚ Haifa‚ Israel‚ August 7−10‚ 2022. Pages 319–334. IEEE. 2022.

Details about Symbolic protocol verification with dice: process equivalences in the presence of probabilities | BibTeX data for Symbolic protocol verification with dice: process equivalences in the presence of probabilities | DOI (10.1109/CSF54842.2022.9919644) | Download (pdf) of Symbolic protocol verification with dice: process equivalences in the presence of probabilities

ProVerif with Lemmas‚ Induction‚ Fast Subsumption‚ and Much More

Bruno Blanchet‚ Vincent Cheval and Véronique Cortier

In 43rd IEEE Symposium on Security and Privacy‚ SP 2022‚ San Francisco‚ CA‚ USA‚ May 22−26‚ 2022. Pages 69–86. IEEE. 2022.

Details about ProVerif with Lemmas‚ Induction‚ Fast Subsumption‚ and Much More | BibTeX data for ProVerif with Lemmas‚ Induction‚ Fast Subsumption‚ and Much More | DOI (10.1109/SP46214.2022.9833653) | Download (pdf) of ProVerif with Lemmas‚ Induction‚ Fast Subsumption‚ and Much More

A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello

Karthikeyan Bhargavan‚ Vincent Cheval and Christopher A. Wood

In Heng Yin‚ Angelos Stavrou‚ Cas Cremers and Elaine Shi, editors, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security‚ CCS 2022‚ Los Angeles‚ CA‚ USA‚ November 7−11‚ 2022. Pages 365–379. ACM. 2022.

Details about A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello | BibTeX data for A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello | DOI (10.1145/3548606.3559360) | Download (pdf) of A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello

Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing

Angeliki Aktypi‚ Dimitris Karnikis‚ Nikos Vasilakis and Kasper Rasmussen

In Proceedings of the 17th International Conference on Availability‚ Reliability and Security (ARES '22). ACM. August, 2022.

Details about Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing | BibTeX data for Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing | Download  (pdf) of Themis: A Secure Decentralized Framework for Microservice Interaction in Serverless Computing | DOI (10.1145/3538969.3538983)

Towards Models for Privacy Preservation in the Face of Metadata Exploitation

Marine Eviette and Andrew Simpson

2021.

Details about Towards Models for Privacy Preservation in the Face of Metadata Exploitation | BibTeX data for Towards Models for Privacy Preservation in the Face of Metadata Exploitation

The Hitchhiker's Guide to Decidability and Complexity of Equivalence Properties in Security Protocols

Vincent Cheval‚ Steve Kremer and Itsaka Rakotonirina

In Vivek Nigam‚ Tajana Ban Kirigin‚ Carolyn L. Talcott‚ Joshua D. Guttman‚ Stepan L. Kuznetsov‚ Boon Thau Loo and Mitsuhiro Okada, editors, Logic‚ Language‚ and Security − Essays Dedicated to Andre Scedrov on the Occasion of His 65th Birthday. Vol. 12300 of Lecture Notes in Computer Science. Pages 127–145. Springer. 2020.

Details about The Hitchhiker's Guide to Decidability and Complexity of Equivalence Properties in Security Protocols | BibTeX data for The Hitchhiker's Guide to Decidability and Complexity of Equivalence Properties in Security Protocols | DOI (10.1007/978-3-030-62077-6_10) | Download (pdf) of The Hitchhiker's Guide to Decidability and Complexity of Equivalence Properties in Security Protocols

SeCaS: Secure Capability Sharing Framework for IoT Devices in a Structured P2P Network

Angeliki Aktypi‚ Kubra Kalkan and Kasper B. Rasmussen

In Proceedings of the 10th ACM Conference on Data and Application Security and Privacy (CODASPY '20). ACM. March, 2020.

Details about SeCaS: Secure Capability Sharing Framework for IoT Devices in a Structured P2P Network | BibTeX data for SeCaS: Secure Capability Sharing Framework for IoT Devices in a Structured P2P Network | Download  (pdf) of SeCaS: Secure Capability Sharing Framework for IoT Devices in a Structured P2P Network | DOI (10.1145/3374664.3375739)

If you can't understand it‚ you can't properly assess it! The reality of assessing security risks in Internet of Things systems

Jason R. C. Nurse‚ Petar Radanliev‚ Sadie Creese and David De Roure

In Living in the Internet of Things: Cybersecurity of the IoT Conference. IET. 2018.

To appear

Details about If you can't understand it‚ you can't properly assess it! The reality of assessing security risks in Internet of Things systems | BibTeX data for If you can't understand it‚ you can't properly assess it! The reality of assessing security risks in Internet of Things systems | Download  (pdf) of If you can't understand it‚ you can't properly assess it! The reality of assessing security risks in Internet of Things systems

An Ethics Framework for Research into Heterogeneous Systems

Jassim Happa‚ Jason R C Nurse‚ Michael Goldsmith‚ Sadie Creese and Rebecca Williams

In Living in the Internet of Things: Cybersecurity of the IoT Conference. IET. 2018.

To appear

Details about An Ethics Framework for Research into Heterogeneous Systems | BibTeX data for An Ethics Framework for Research into Heterogeneous Systems

Sonification in Security Operations Centres: What do Security Practitioners Think?

Louise M. Axon‚ Bushra Alahmadi‚ Jason R. C. Nurse‚ Michael Goldsmith and Sadie Creese

In Workshop on Usable Security (USEC) at the Network and Distributed System Security (NDSS) Symposium. Internet Society. 2018.

To appear

Details about Sonification in Security Operations Centres: What do Security Practitioners Think? | BibTeX data for Sonification in Security Operations Centres: What do Security Practitioners Think? | Download  (pdf) of Sonification in Security Operations Centres: What do Security Practitioners Think?

A Capability−oriented Approach to Assessing Privacy Risk in Smart Home Ecosystems

Jack Sturgess‚ Jason R C Nurse and Jun Zhao

In Living in the Internet of Things: Cybersecurity of the IoT Conference. IET. 2018.

Details about A Capability−oriented Approach to Assessing Privacy Risk in Smart Home Ecosystems | BibTeX data for A Capability−oriented Approach to Assessing Privacy Risk in Smart Home Ecosystems | Download  (pdf) of A Capability−oriented Approach to Assessing Privacy Risk in Smart Home Ecosystems | DOI (10.1049/cp.2018.0037)

Unwinding Ariadne's Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks

Angeliki Aktypi‚ Jason R.C. Nurse and Michael Goldsmith

In Proceedings of the 2017 International Workshop on Multimedia Privacy and Security (MPS '17). ACM. October, 2017.

Details about Unwinding Ariadne's Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks | BibTeX data for Unwinding Ariadne's Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks | Download  (pdf) of Unwinding Ariadne's Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks | DOI (10.1145/3137616.3137617)

Mapping the Coverage of Security Controls in Cyber Insurance Proposal Forms

Daniel Woods‚ Ioannis Agrafiotis‚ Jason RC Nurse and Sadie Creese

In Journal of Internet Services and Applications. 2017.

Details about Mapping the Coverage of Security Controls in Cyber Insurance Proposal Forms | BibTeX data for Mapping the Coverage of Security Controls in Cyber Insurance Proposal Forms | DOI (10.1186/s13174-017-0059-y)

A Formalised Approach to Designing Sonification Systems for Network−Security Monitoring

Louise Axon; Jason R. C. Nurse; Michael Goldsmith; Sadie Creese

In International Journal On Advances in Security. 2017.

Details about A Formalised Approach to Designing Sonification Systems for Network−Security Monitoring | BibTeX data for A Formalised Approach to Designing Sonification Systems for Network−Security Monitoring | Download  (pdf) of A Formalised Approach to Designing Sonification Systems for Network−Security Monitoring

Privacy is the boring bit: User perceptions and behaviour in the Internet−of−Things

Meredydd Williams‚ Jason R.C. Nurse and Sadie Creese

In 15th International Conference on Privacy‚ Security and Trust (PST). IEEE. 2017.

(To appear)

Details about Privacy is the boring bit: User perceptions and behaviour in the Internet−of−Things | BibTeX data for Privacy is the boring bit: User perceptions and behaviour in the Internet−of−Things | Download  (pdf) of Privacy is the boring bit: User perceptions and behaviour in the Internet−of−Things

An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System

Jason R.C. Nurse; Ioannis Agrafiotis; Arnau Erola; Maria Bada; Taylor Roberts; Meredydd Williams; Michael Goldsmith; Sadie Creese

In International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 19th International Conference on Human−Computer Interaction (HCII). Springer. 2017.

Details about An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System | BibTeX data for An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System | Download  (pdf) of An Assessment of the Security and Transparency Procedural Components of the Estonian Internet Voting System | DOI (10.1007/978-3-319-58460-7_26)

Security risk assessment in Internet of Things systems

Jason R. C. Nurse; Sadie Creese; David De Roure

In IEEE IT Professional (IT Pro). Vol. 19. No. 5. Pages 20–26. 2017.

Details about Security risk assessment in Internet of Things systems | BibTeX data for Security risk assessment in Internet of Things systems | Download  (pdf) of Security risk assessment in Internet of Things systems | DOI (10.1109/MITP.2017.3680959) | Link to Security risk assessment in Internet of Things systems

Exploring the use of Intel SGX for Secure Many−Party Applications

K.A. Küçük‚ A. Paverd‚ A. Martin‚ N. Asokan‚ A. Simpson and R. Ankele

In Proceedings of the 1st Workshop on System Software for Trusted Execution (SysTEX '16). New York‚ NY‚ USA. 2016. ACM.

The theoretical construct of a Trusted Third Party (TTP) has the potential to solve many security and privacy challenges. In particular‚ a TTP is an ideal way to achieve secure multiparty computation—a privacy−enhancing technique in which mutually distrusting participants jointly compute a function over their private inputs without revealing these inputs. Although there exist cryptographic protocols to achieve this‚ their performance often limits them to the two−party case‚ or to a small number of participants. However‚ many real−world applications involve thousands or tens of thousands of participants. Examples of this type of many−party application include privacy−preserving energy metering‚ location−based services‚ and mobile network roaming. Challenging the notion that a trustworthy TTP does not exist‚ recent research has shown how trusted hardware and remote attestation can be used to establish a sufficient level of assurance in a real system such that it can serve as a trustworthy remote entity (TRE). We explore the use of Intel SGX‚ the most recent and arguably most promising trusted hardware technology‚ as the basis for a TRE for many−party applications. Using privacy−preserving energy metering as a case study‚ we design and implement a prototype TRE using SGX‚ and compare its performance to a previous system based on the Trusted Platform Module (TPM). Our results show that even without specialized optimizations‚ SGX provides comparable performance to the optimized TPM system‚ and therefore has significant potential for large−scale many−party applications.

Details about Exploring the use of Intel SGX for Secure Many−Party Applications | BibTeX data for Exploring the use of Intel SGX for Secure Many−Party Applications | DOI (10.1145/3007788.3007793) | Link to Exploring the use of Intel SGX for Secure Many−Party Applications

Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications

R. Ankele‚ K.A. Küçük‚ A.P. Martin‚ A.C. Simpson and A. Paverd

In Proceedings of the 13th IEEE International Conference on Advanced and Trusted Computing (ATC 2016). 2016.

The significant improvements in technology that have been seen in recent years have resulted in a shift in the computing paradigm: from isolated computational tasks to distributed tasks executed in multi−party settings. Secure Multi−Party Computation (MPC) allows for multiple parties to jointly compute a function on their private inputs. Unfortunately‚ traditional MPC algorithms are inefficient in the presence of a large number of participants. Moreover‚ in the traditional setting‚ MPC is only concerned with privacy of the input values. However‚ there is often a need to preserve the privacy of individuals on the basis of the output of the computation. Techniques proposed by the Trusted Computing community have shown promise in the context of new secure‚ efficient large−scale applications. In this paper‚ we define‚ analyse several use cases related to large−scale applications of the MPC paradigm. From these use cases‚ we derive requirements‚ criteria to evaluate certain MPC protocols used for large−scale applications. Furthermore‚ we propose the utilisation of a Trustworthy Remote Entity‚ privacy−preserving algorithms to achieve confidentiality‚ privacy in such settings.

Details about Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications | BibTeX data for Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications | DOI (10.1109/UIC-ATC-ScalCom-CBDCom-IoP-SmartWorld.2016.0077) | Link to Applying the Trustworthy Remote Entity to Privacy−Preserving Multiparty Computation: Requirements and Criteria for Large−Scale Applications

Insider threat response and recovery strategies in financial services firms

Jason R. C. Nurse Jacqueline Eggenschwiler Ioannis Agrafiotis

In Computer Fraud & Security. 2016.

Details about Insider threat response and recovery strategies in financial services firms | BibTeX data for Insider threat response and recovery strategies in financial services firms | Download  (pdf) of Insider threat response and recovery strategies in financial services firms | DOI (10.1016/S1361-3723(16)30091-4)

A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models

Tabish Rashid‚ Ioannis Agrafiotis and Jason R.C. Nurse

In 8th ACM CCS International Workshop on Managing Insider Security Threats (MIST). ACM. 2016.

Details about A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models | BibTeX data for A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models | Download  (pdf) of A New Take on Detecting Insider Threats: Exploring the use of Hidden Markov Models | DOI (10.1145/2995959.2995964)

Attacker−Parametrised Attack Graphs

Alastair Janse van Rensburg‚ Jason R.C. Nurse and Michael Goldsmith

In 10th International Conference on Emerging Security Information‚ Systems and Technologies. Pages 316–319. 2016.

Details about Attacker−Parametrised Attack Graphs | BibTeX data for Attacker−Parametrised Attack Graphs | Download  (pdf) of Attacker−Parametrised Attack Graphs

A Pragmatic System−failure Assessment and Response Model

Jassim Happa‚ Graham Fairclough‚ Jason R.C. Nurse‚ Ioannis Agrafiotis‚ Michael Goldsmith and Sadie Creese

In 2nd International Conference on Information Systems Security and Privacy. 2016.

Details about A Pragmatic System−failure Assessment and Response Model | BibTeX data for A Pragmatic System−failure Assessment and Response Model | Download  (pdf) of A Pragmatic System−failure Assessment and Response Model | DOI (10.5220/0005795105030508)

Determining the veracity of rumours on Twitter

Georgios Giasemidis‚ Colin Singleton‚ Ioannis Agrafiotis‚ Jason R.C. Nurse‚ Alan Pilgrim and Chris Willis

In 8th International Conference on Social Informatics (SocInfo 2016). Pages 185–205. Springer. 2016.

Details about Determining the veracity of rumours on Twitter | BibTeX data for Determining the veracity of rumours on Twitter | Download  (pdf) of Determining the veracity of rumours on Twitter | DOI (10.1007/978-3-319-47880-7_12)

Exploring a Controls−Based Assessment of Infrastructure Vulnerability

Oliver Farnan and Jason R. C. Nurse

In Risks and Security of Internet and Systems. Vol. 9572 of Lecture Notes in Computer Science. Pages 144−159. Springer. 2016.

Details about Exploring a Controls−Based Assessment of Infrastructure Vulnerability | BibTeX data for Exploring a Controls−Based Assessment of Infrastructure Vulnerability | Download  (pdf) of Exploring a Controls−Based Assessment of Infrastructure Vulnerability | DOI (10.1007/978-3-319-31811-0_9)

Future scenarios and challenges for security and privacy

Meredydd Williams‚ Louise Axon‚ Jason R. C. Nurse and Sadie Creese

In 2nd International Forum on Research and Technologies for Society and Industry (RTSI 2016). IEEE. 2016.

Details about Future scenarios and challenges for security and privacy | BibTeX data for Future scenarios and challenges for security and privacy | Download  (pdf) of Future scenarios and challenges for security and privacy | DOI (10.1109/RTSI.2016.7740625) | Link to Future scenarios and challenges for security and privacy

Perspectives on privacy in the use of online systems

Meredydd Williams and Jason R. C. Nurse

In 30th British Human Computer Interaction Conference (B−HCI). BCS. 2016.

Details about Perspectives on privacy in the use of online systems | BibTeX data for Perspectives on privacy in the use of online systems | Download  (pdf) of Perspectives on privacy in the use of online systems | Link to Perspectives on privacy in the use of online systems

Reflecting on the Use of Sonification for Network Monitoring

Louise Axon‚ Sadie Creese‚ Michael Goldsmith and Jason R.C. Nurse

In 10th International Conference on Emerging Security Information‚ Systems and Technologies. Pages 254–261. 2016.

Details about Reflecting on the Use of Sonification for Network Monitoring | BibTeX data for Reflecting on the Use of Sonification for Network Monitoring | Download  (pdf) of Reflecting on the Use of Sonification for Network Monitoring

The Anatomy of Online Deception: What Makes Automated Text Convincing?

Richard Everett‚ Jason R.C. Nurse and Arnau Erola

In 31st ACM/SIGAPP Symposium on Applied Computing (SAC). ACM. 2016.

Details about The Anatomy of Online Deception: What Makes Automated Text Convincing? | BibTeX data for The Anatomy of Online Deception: What Makes Automated Text Convincing? | Download  (pdf) of The Anatomy of Online Deception: What Makes Automated Text Convincing? | DOI (10.1145/2851613.2851813)

Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home

Jason R.C. Nurse‚ Ahmad Atamli and Andrew Martin

In International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 18th International Conference on Human−Computer Interaction (HCI). Pages 255−267. Springer. 2016.

Details about Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home | BibTeX data for Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home | Download  (pdf) of Towards a Usable Framework for Modelling Security and Privacy Risks in the Smart Home | DOI (10.1007/978-3-319-39381-0_23)

Towards Designing a Multipurpose Cybercrime Intelligence Framework

Mariam Nouh‚ Jason R.C. Nurse and Michael Goldsmith

In European Intelligence and Security Informatics Conference (EISIC). IEEE. 2016.

Details about Towards Designing a Multipurpose Cybercrime Intelligence Framework | BibTeX data for Towards Designing a Multipurpose Cybercrime Intelligence Framework | Download  (pdf) of Towards Designing a Multipurpose Cybercrime Intelligence Framework | DOI (10.1109/EISIC.2016.018) | Link to Towards Designing a Multipurpose Cybercrime Intelligence Framework

Baiting the Hook: Factors Impacting Susceptibility to Phishing Attacks

Cristian Iuga‚ Jason R.C. Nurse and Arnau Erola

In Journal of Human−centric Computing and Information Sciences. Vol. 6. No. 8. 2016.

Details about Baiting the Hook: Factors Impacting Susceptibility to Phishing Attacks | BibTeX data for Baiting the Hook: Factors Impacting Susceptibility to Phishing Attacks | DOI (10.1186/s13673-016-0065-2) | Link to Baiting the Hook: Factors Impacting Susceptibility to Phishing Attacks

Analytics for characterising and measuring the naturalness of online personae

Jason R.C. Nurse‚ Arnau Erola‚ Thomas Gibson−Robinson‚ Michael Goldsmith and Sadie Creese

In Security Informatics Journal. Vol. 5. No. 3. 2016.

Details about Analytics for characterising and measuring the naturalness of online personae | BibTeX data for Analytics for characterising and measuring the naturalness of online personae | Download  (pdf) of Analytics for characterising and measuring the naturalness of online personae | DOI (10.1186/s13388-016-0028-1) | Link to Analytics for characterising and measuring the naturalness of online personae

Attack Tree Analysis for Insider Threats on the IoT using Isabelle

Florian Kammüller‚ Jason R.C. Nurse and Christian W. Probst

In International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 18th International Conference on Human−Computer Interaction (HCI). Pages 234−246. Springer. 2016.

Details about Attack Tree Analysis for Insider Threats on the IoT using Isabelle | BibTeX data for Attack Tree Analysis for Insider Threats on the IoT using Isabelle | DOI (10.1007/978-3-319-39381-0_21)

Optional data disclosure and the online privacy paradox: A UK perspective

Meredydd Williams and Jason R.C. Nurse

In Fourth International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 18th International Conference on Human−Computer Interaction (HCI). Springer. Pages 186−197. Springer. 2016.

Details about Optional data disclosure and the online privacy paradox: A UK perspective | BibTeX data for Optional data disclosure and the online privacy paradox: A UK perspective | DOI (10.1007/978-3-319-39381-0_17)

Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices

Chika Eze‚ Jason R.C. Nurse and Jassim Happa

In Journal of Wireless Mobile Networks‚ Ubiquitous Computing‚ and Dependable Applications (JoWUA). Vol. 7. No. 1. 2016.

Details about Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices | BibTeX data for Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices | Download  (pdf) of Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices | Link to Using Visualizations to Enhance Users' Understanding of App Activities on Android Devices

Practical Attacks Against Privacy and Availability in 4G/LTE

Altaf Shaik‚ Ravishankar Borgaonkar‚ Jean−Pierre Seifert‚ N. Asokan and Valtteri Niemi

In 23nd Annual Network and Distributed System Security Symposium‚ NDSS 2016‚ San Diego‚ California‚ USA‚ February 21−24‚ 2016. 2016.

Details about Practical Attacks Against Privacy and Availability in 4G/LTE | BibTeX data for Practical Attacks Against Privacy and Availability in 4G/LTE | Link to Practical Attacks Against Privacy and Availability in 4G/LTE

Exploring the risks to identity security and privacy in cyberspace

Jason R.C. Nurse

In XRDS: Crossroads‚ The ACM Magazine for Students. Vol. 21. No. 3. Pages 42–47. 2015.

Details about Exploring the risks to identity security and privacy in cyberspace | BibTeX data for Exploring the risks to identity security and privacy in cyberspace | Download  (pdf) of Exploring the risks to identity security and privacy in cyberspace | DOI (10.1145/2730912) | Link to Exploring the risks to identity security and privacy in cyberspace

On the Security of the Automatic Dependent Surveillance−Broadcast Protocol

Martin Strohmeier‚ Vincent Lenders and Ivan Martinovic

In IEEE Communications Surveys & Tutorials. Vol. 17. No. 2. Pages 1066 − 1087. 2015.

Details about On the Security of the Automatic Dependent Surveillance−Broadcast Protocol | BibTeX data for On the Security of the Automatic Dependent Surveillance−Broadcast Protocol | Download  (pdf) of On the Security of the Automatic Dependent Surveillance−Broadcast Protocol | DOI (10.1109/COMST.2014.2365951) | Link to On the Security of the Automatic Dependent Surveillance−Broadcast Protocol

OpenSky: A Swiss Army Knife for Air Traffic Security Research

Martin Strohmeier‚ Matthias Schäfer‚ Markus Fuchs‚ Vincent Lenders and Ivan Martinovic

In Digital Avionics Systems Conference (DASC)‚ 2015 IEEE/AIAA 34th. IEEE. September, 2015.

(Best Paper of Conference Award!)

Details about OpenSky: A Swiss Army Knife for Air Traffic Security Research | BibTeX data for OpenSky: A Swiss Army Knife for Air Traffic Security Research | Download Strohmeier - DASC 2015 - Paper.pdf of OpenSky: A Swiss Army Knife for Air Traffic Security Research | Download Strohmeier - DASC 2015 - Slides.pdf of OpenSky: A Swiss Army Knife for Air Traffic Security Research | DOI (10.1109/DASC.2015.7311411) | Link to OpenSky: A Swiss Army Knife for Air Traffic Security Research

On Passive Data Link Layer Fingerprinting of Aircraft Transponders

Martin Strohmeier and Ivan Martinovic

In 1st ACM Workshop on Cyber−Physical Systems Security & Privacy (CPS−SPC). ACM. October, 2015.

Details about On Passive Data Link Layer Fingerprinting of Aircraft Transponders | BibTeX data for On Passive Data Link Layer Fingerprinting of Aircraft Transponders | Download  (pdf) of On Passive Data Link Layer Fingerprinting of Aircraft Transponders | DOI (10.1145/2808705.2808712) | Link to On Passive Data Link Layer Fingerprinting of Aircraft Transponders

Lightweight Location Verification in Air Traffic Surveillance Networks

Martin Strohmeier‚ Vincent Lenders and Ivan Martinovic

In Proceedings of the 1st ACM Workshop on Cyber−Physical System Security (CPSS '15). Pages 49−60. ACM. April, 2015.

(Best Paper Award!)

Details about Lightweight Location Verification in Air Traffic Surveillance Networks | BibTeX data for Lightweight Location Verification in Air Traffic Surveillance Networks | Download  (pdf) of Lightweight Location Verification in Air Traffic Surveillance Networks | DOI (10.1145/2732198.2732202) | Link to Lightweight Location Verification in Air Traffic Surveillance Networks

Intrusion Detection for Airborne Communication using PHY−Layer Information

Martin Strohmeier‚ Vincent Lenders and Ivan Martinovic

In Detection of Intrusions and Malware‚ and Vulnerability Assessment (DIMVA). Vol. 9148 of Lecture Notes in Computer Science. Pages 67−77. Springer International Publishing. July, 2015.

Details about Intrusion Detection for Airborne Communication using PHY−Layer Information | BibTeX data for Intrusion Detection for Airborne Communication using PHY−Layer Information | Download  (pdf) of Intrusion Detection for Airborne Communication using PHY−Layer Information | DOI (10.1007/978-3-319-20550-2_4) | Link to Intrusion Detection for Airborne Communication using PHY−Layer Information

Online banking malware ontology

Rodrigo Carvalho‚ Michael Goldsmith and Jason R. C. Nurse

In International Crime and Intelligence Analysis Conference (ICIA). 2015.

Details about Online banking malware ontology | BibTeX data for Online banking malware ontology | Download  (pdf) of Online banking malware ontology

Applying Social Network Analysis to Security

Elizabeth Phillips‚ Jason R. C. Nurse‚ Michael Goldsmith and Sadie Creese

In International Conference on Cyber Security for Sustainable Society. Pages 11–27. 2015.

Details about Applying Social Network Analysis to Security | BibTeX data for Applying Social Network Analysis to Security | Download  (pdf) of Applying Social Network Analysis to Security

Investigating the leakage of sensitive personal and organisational information in email headers

Jason R. C. Nurse‚ Arnau Erola‚ Michael Goldsmith and Sadie Creese

In Journal of Internet Services and Information Security. Vol. 5. No. 1. 2015.

Details about Investigating the leakage of sensitive personal and organisational information in email headers | BibTeX data for Investigating the leakage of sensitive personal and organisational information in email headers | Download  (pdf) of Investigating the leakage of sensitive personal and organisational information in email headers | Download (pdf) of Investigating the leakage of sensitive personal and organisational information in email headers

Predicting Graphical Passwords

Matthieu Devlin‚ Jason R. C. Nurse‚ Duncan Hodges‚ Michael Goldsmith and Sadie Creese

In Theo Tryfonas and Ioannis Askoxylakis, editors, International Conference on Human Aspects of Information Security‚ Privacy and Trust at the 17th International Conference on Human−Computer Interaction (HCI). Pages 23–35. Springer. 2015.

Details about Predicting Graphical Passwords | BibTeX data for Predicting Graphical Passwords | Download  (pdf) of Predicting Graphical Passwords | DOI (10.1007/978-3-319-20376-8_3)

Understanding Insider Threat: A Framework for Characterising Attacks

Jason R.C. Nurse‚ Oliver Buckley‚ Philip A. Legg‚ Michael Goldsmith‚ Sadie Creese‚ Gordon R.T. Wright and Monica Whitty

In Workshop on Research for Insider Threat (WRIT) held as part of the IEEE Computer Society Security and Privacy Workshops (SPW14)‚ in conjunction with the IEEE Symposium on Security and Privacy (SP).. IEEE. 2014.

Details about Understanding Insider Threat: A Framework for Characterising Attacks | BibTeX data for Understanding Insider Threat: A Framework for Characterising Attacks | Download of Understanding Insider Threat: A Framework for Characterising Attacks | DOI (10.1109/SPW.2014.38) | Link to Understanding Insider Threat: A Framework for Characterising Attacks

Realities and Challenges of NextGen Air Traffic Management: The Case of ADS−B

Martin Strohmeier‚ Matthias Schäfer‚ Vincent Lenders and Ivan Martinovic

In Communications Magazine‚ IEEE. Vol. 52. No. 5. Pages 111−118. May, 2014.

Details about Realities and Challenges of NextGen Air Traffic Management: The Case of ADS−B | BibTeX data for Realities and Challenges of NextGen Air Traffic Management: The Case of ADS−B | DOI (10.1109/MCOM.2014.6815901) | Link to Realities and Challenges of NextGen Air Traffic Management: The Case of ADS−B

Demonstration Abstract − OpenSky: A Large−scale ADS−B Sensor Network for Research

Matthias Schäfer‚ Martin Strohmeier‚ Vincent Lenders‚ Ivan Martinovic and Matthias Wilhelm

In Proceedings of the 13th International Symposium on Information Processing in Sensor Networks. Pages 313–314. IEEE Press. April, 2014.

(Best Demo Award: 1st Runner Up)

Details about Demonstration Abstract − OpenSky: A Large−scale ADS−B Sensor Network for Research | BibTeX data for Demonstration Abstract − OpenSky: A Large−scale ADS−B Sensor Network for Research | Download  (pdf) of Demonstration Abstract − OpenSky: A Large−scale ADS−B Sensor Network for Research | DOI (10.1109/IPSN.2014.6846779) | Link to Demonstration Abstract − OpenSky: A Large−scale ADS−B Sensor Network for Research

Bringing Up OpenSky: A Large−scale ADS−B Sensor Network for Research

Matthias Schäfer‚ Martin Strohmeier‚ Vincent Lenders‚ Ivan Martinovic and Matthias Wilhelm

In Proceedings of the 13th International Symposium on Information Processing in Sensor Networks. Pages 83−94. IEEE Press. April, 2014.

Details about Bringing Up OpenSky: A Large−scale ADS−B Sensor Network for Research | BibTeX data for Bringing Up OpenSky: A Large−scale ADS−B Sensor Network for Research | Download  (pdf) of Bringing Up OpenSky: A Large−scale ADS−B Sensor Network for Research | DOI (10.1109/IPSN.2014.6846743) | Link to Bringing Up OpenSky: A Large−scale ADS−B Sensor Network for Research

Security and Privacy in Smart Grid Demand Response Systems

Andrew J Paverd‚ Andrew P Martin and Ian Brown

In Jorge Cuellar, editor, Smart Grid Security. Pages 1−15. Springer International Publishing. 2014.

Details about Security and Privacy in Smart Grid Demand Response Systems | BibTeX data for Security and Privacy in Smart Grid Demand Response Systems | Download  (pdf) of Security and Privacy in Smart Grid Demand Response Systems | DOI (10.1007/978-3-319-10329-7_1) | Link to Security and Privacy in Smart Grid Demand Response Systems

Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing

Andrew J Paverd‚ Andrew P Martin and Ian Brown

In Fifth IEEE International Conference on Smart Grid Communications (SmartGridComm 2014). 2014.

Details about Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing | BibTeX data for Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing | Download Paverd-SmartGridComm-2014.pdf of Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing | Download Paverd-SmartGridComm-2014-slides.pdf of Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing | DOI (10.1109/SmartGridComm.2014.7007758) | Link to Privacy−Enhanced Bi−Directional Communication in the Smart Grid using Trusted Computing

Characteristic−Based Security Analysis for the Personal Network

Andrew J. Paverd‚ Fadi El−Moussa and Ian Brown

In HomeSys Workshop at ACM UbiComp. 2014.

Details about Characteristic−Based Security Analysis for the Personal Network | BibTeX data for Characteristic−Based Security Analysis for the Personal Network | Download Paverd-HomeSys-2014-slides.pdf of Characteristic−Based Security Analysis for the Personal Network | Download Paverd-HomeSys-2014-v4.pdf of Characteristic−Based Security Analysis for the Personal Network | DOI (10.1145/2638728.2641549) | Link to Characteristic−Based Security Analysis for the Personal Network

Security and Privacy in Smart Grid Demand Response Systems

Andrew Paverd‚ Andrew Martin and Ian Brown

In Second Open EIT ICT Labs Workshop on Smart Grid Security − SmartGridSec14. 2014.

Details about Security and Privacy in Smart Grid Demand Response Systems | BibTeX data for Security and Privacy in Smart Grid Demand Response Systems | Download  (pdf) of Security and Privacy in Smart Grid Demand Response Systems

Security of ADS−B: State of the Art and Beyond

Martin Strohmeier‚ Vincent Lenders and Ivan Martinovic

No. RR−13−10. DCS. 2013.

Details about Security of ADS−B: State of the Art and Beyond | BibTeX data for Security of ADS−B: State of the Art and Beyond | Download  (pdf) of Security of ADS−B: State of the Art and Beyond

Neighborhood Watch: On Network Coding Throughput and Key Sharing

Martin Strohmeier‚ Ivan Martinovic‚ Utz Roedig‚ Karim El Defrawy and Jens Schmitt

In Global Communications Conference (GLOBECOM)‚ 2013 IEEE. Pages 849 − 854. IEEE. December, 2013.

Details about Neighborhood Watch: On Network Coding Throughput and Key Sharing | BibTeX data for Neighborhood Watch: On Network Coding Throughput and Key Sharing | Download  (pdf) of Neighborhood Watch: On Network Coding Throughput and Key Sharing | DOI (10.1109/GLOCOM.2013.6831179) | Link to Neighborhood Watch: On Network Coding Throughput and Key Sharing

Policies in Context: Factors Influencing the Elicitation and Categorisation of Context−Sensitive Security Policies

Shamal Faily‚ John Lyle‚ Ivan Flechais‚ Andrea Atzeni‚ Cesare Cameroni‚ Hans Myrhaug‚ Ayse Goker and Robert Kleinfeld

In Proceedings of the Workshop on Home Usable Privacy and Security. 2013.

Details about Policies in Context: Factors Influencing the Elicitation and Categorisation of Context−Sensitive Security Policies | BibTeX data for Policies in Context: Factors Influencing the Elicitation and Categorisation of Context−Sensitive Security Policies

Security Patterns Considered Harmful?

Shamal Faily

In Proceedings of The Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security‚ Attack and Forensic Patterns. 2013.

To Appear

Details about Security Patterns Considered Harmful? | BibTeX data for Security Patterns Considered Harmful?

Trustworthy Remote Entities in the Smart Grid

Andrew Paverd

In 28th ACM Symposium On Applied Computing − SAC2013. Coimbra‚ Portugal. 2013.

Student Research Competition Finalist

Details about Trustworthy Remote Entities in the Smart Grid | BibTeX data for Trustworthy Remote Entities in the Smart Grid | Download  (pdf) of Trustworthy Remote Entities in the Smart Grid | Link to Trustworthy Remote Entities in the Smart Grid

Guidelines for Integrating Personas into Software Engineering Tools

Shamal Faily and John Lyle

In Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems. Pages 69–74. 2013.

Details about Guidelines for Integrating Personas into Software Engineering Tools | BibTeX data for Guidelines for Integrating Personas into Software Engineering Tools

Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)

Shamal Faily‚ David Power‚ Philip Armstrong and Ivan Flechais

In Trust and Trustworthy Computing‚ 6th International Conference‚ TRUST 2013. 2013.

To Appear

Details about Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract) | BibTeX data for Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)

Developing secure‚ unified multi−device and multi−domain platforms: A case study from the webinos project

Andrea Atzeni‚ John Lyle and Shamal Faily

In Architectures and Protocols for Secure Information Technology. IGI Global. 2013.

To Appear

Details about Developing secure‚ unified multi−device and multi−domain platforms: A case study from the webinos project | BibTeX data for Developing secure‚ unified multi−device and multi−domain platforms: A case study from the webinos project

Designing Interactive Secure Systems: CHI 2013 Special Interest Group

Shamal Faily‚ Lizzie Coles−Kemp‚ Paul Dunphy‚ Mike Just‚ Yoko Akama and Alexander De Luca

In CHI '13 Extended Abstracts on Human Factors in Computing Systems. ACM. 2013.

To Appear

Details about Designing Interactive Secure Systems: CHI 2013 Special Interest Group | BibTeX data for Designing Interactive Secure Systems: CHI 2013 Special Interest Group | Download  (pdf) of Designing Interactive Secure Systems: CHI 2013 Special Interest Group

A Practical Man−In−The−Middle Attack on Signal−Based Key Generation Protocols

Simon Eberz‚ Martin Strohmeier‚ Matthias Wilhelm and Ivan Martinovic

In 17th European Symposium on Research in Computer Security (ESORICS). Vol. 7459 of Lecture Notes in Computer Science. Pages 235−252. Springer. September, 2012.

Details about A Practical Man−In−The−Middle Attack on Signal−Based Key Generation Protocols | BibTeX data for A Practical Man−In−The−Middle Attack on Signal−Based Key Generation Protocols | Download  (pdf) of A Practical Man−In−The−Middle Attack on Signal−Based Key Generation Protocols | DOI (10.1007/978-3-642-33167-1_14) | Link to A Practical Man−In−The−Middle Attack on Signal−Based Key Generation Protocols

Hardware Security for Device Authentication in the Smart Grid

Andrew Paverd and Andrew Martin

In First Open EIT ICT Labs Workshop on Smart Grid Security − SmartGridSec12. Berlin‚ Germany. 2012.

Details about Hardware Security for Device Authentication in the Smart Grid | BibTeX data for Hardware Security for Device Authentication in the Smart Grid | Download  (pdf) of Hardware Security for Device Authentication in the Smart Grid | Link to Hardware Security for Device Authentication in the Smart Grid

BottleCap: a Credential Manager for Capability Systems

Justin King−Lacroix and Andrew Martin

In Proceedings of The Seventh ACM Workshop on Scalable Trusted Computing. 2012.

To appear

Details about BottleCap: a Credential Manager for Capability Systems | BibTeX data for BottleCap: a Credential Manager for Capability Systems

From Qualitative to Quantitative Information Erasure

Adedayo O. Adetoye and Michael H. Goldsmith

In International Workshop on Quantitative Aspects in Security Assurance (QASA 2012‚ colocated with ESORICS). September, 2012.

To appear

Details about From Qualitative to Quantitative Information Erasure | BibTeX data for From Qualitative to Quantitative Information Erasure | Download qasa2012-Erasure-SLIDES.pdf of From Qualitative to Quantitative Information Erasure | Download erasure-QASA.pdf of From Qualitative to Quantitative Information Erasure

Model−driven architectural risk analysis using architectural and contextualised attack patterns

Shamal Faily‚ John Lyle‚ Cornelius Namiluko‚ Andrea Atzeni and Cesare Cameroni

In Proceedings of the Workshop on Model−Driven Security. Pages 3:1–3:6. ACM. 2012.

Details about Model−driven architectural risk analysis using architectural and contextualised attack patterns | BibTeX data for Model−driven architectural risk analysis using architectural and contextualised attack patterns | Download  (pdf) of Model−driven architectural risk analysis using architectural and contextualised attack patterns

Requirements Sensemaking using Concept Maps

Shamal Faily‚ John Lyle‚ Andre Paul‚ Andrea Atzeni‚ Dieter Blomme‚ Heiko Desruelle and Krishna Bangalore

In HCSE'2012: Proceedings of the 4th International Conference on Human−Centered Software Engineering. Pages 217–232. Springer. 2012.

Details about Requirements Sensemaking using Concept Maps | BibTeX data for Requirements Sensemaking using Concept Maps | Download  (pdf) of Requirements Sensemaking using Concept Maps

Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS

Shamal Faily and Ivan Flechais

In Proceedings of BCS HCI 2012 Workshops: Designing Interactive Secure Systems. Pages 3:1–3:4. 2012.

Details about Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS | BibTeX data for Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS | Download  (pdf) of Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS

Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems

Shamal Faily‚ John Lyle and Simon Parkin

In Proceedings of BCS HCI 2012 Workshops: Designing Interactive Secure Systems. Pages 5:1–5:4. 2012.

Details about Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems | BibTeX data for Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems | Download  (pdf) of Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems

Personal PKI for the smart device era

John Lyle‚ Andrew Paverd‚ Justin King−Lacroix‚ Andrea Atzeni‚ Habib Virji‚ Ivan Flechais and Shamal Faily

In 9th European PKI Workshop: Research and Applications. 2012.

Details about Personal PKI for the smart device era | BibTeX data for Personal PKI for the smart device era | Download  (pdf) of Personal PKI for the smart device era

Provenance as a Security Control

Andrew Martin‚ John Lyle and Cornelius Namiluko

In Proceedings of TaPP'12: the 4th USENIX Workshop on the Theory and Practice of Provenance. USENIX. 2012.

Details about Provenance as a Security Control | BibTeX data for Provenance as a Security Control | Link to Provenance as a Security Control

Tool−support Premortems with Attack and Security Patterns

Shamal Faily‚ John Lyle and Simon Parkin

In First International Workshop on Cyberpatterns: Unifying Design Patterns with Security‚ Attack and Forensic Patterns. Pages 10–11. 2012.

Details about Tool−support Premortems with Attack and Security Patterns | BibTeX data for Tool−support Premortems with Attack and Security Patterns

On the design and development of webinos: a distributed mobile application middleware

John Lyle‚ Shamal Faily‚ Ivan Flechais‚ Andre Paul‚ Ayse Goker‚ Hans Myrhaug‚ Heiko Desruelle and Andrew Martin

In Proceedings of the 12th IFIP WG 6.1 international conference on Distributed applications and interoperable systems. Pages 140–147. 2012.

Details about On the design and development of webinos: a distributed mobile application middleware | BibTeX data for On the design and development of webinos: a distributed mobile application middleware | Download  (pdf) of On the design and development of webinos: a distributed mobile application middleware

The webinos project

Christian Fuhrhop‚ John Lyle and Shamal Faily

In Proceedings of the 21st international conference companion on World Wide Web. Pages 259–262. ACM. 2012.

Details about The webinos project | BibTeX data for The webinos project | Download  (pdf) of The webinos project

Cross−platform access control for mobile web applications

John Lyle‚ Salvatore Monteleone‚ Shamal Faily‚ Davide Patti and Fabio Ricciato

In Policies for Distributed Systems and Networks (POLICY)‚ 2012 IEEE International Symposium on. Pages 37–44. 2012.

Details about Cross−platform access control for mobile web applications | BibTeX data for Cross−platform access control for mobile web applications | Download  (pdf) of Cross−platform access control for mobile web applications

Analysing Chindogu: Applying Defamiliarisation to Security Design

Shamal Faily

In CHI 2012 Workshop on Defamiliarisation in Innovation and Usability. 2012.

Details about Analysing Chindogu: Applying Defamiliarisation to Security Design | BibTeX data for Analysing Chindogu: Applying Defamiliarisation to Security Design | Download  (pdf) of Analysing Chindogu: Applying Defamiliarisation to Security Design

Persona Cases: A Technique for grounding Personas

Shamal Faily and Ivan Flechais

In CHI '11: Proceedings of the 29th International conference on Human factors in computing systems. Pages 2267−2270. Vancouver‚ BC‚ Canada. 2011. ACM.

Details about Persona Cases: A Technique for grounding Personas | BibTeX data for Persona Cases: A Technique for grounding Personas

Here's Johnny: a Methodology for Developing Attacker Personas

Andrea Atzeni‚ Shamal Faily‚ John Lyle‚ Cesare Cameroni and Ivan Flechais

In Proceedings of the 6th International Conference on Availability‚ Reliability and Security. Pages 722–727. 2011.

Details about Here's Johnny: a Methodology for Developing Attacker Personas | BibTeX data for Here's Johnny: a Methodology for Developing Attacker Personas | Download  (pdf) of Here's Johnny: a Methodology for Developing Attacker Personas

“Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices

George Gionis‚ Heiko Desruelle‚ Dieter Blomme‚ John Lyle‚ Shamal Faily and Louay Bassbouss

In W3C/PrimeLife Federated Social Web Europe Conference 2011. June, 2011.

Details about “Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices | BibTeX data for “Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices | Download (pdf) of “Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices

Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework

Shamal Faily and Ivan Flechais

In International Journal of Secure Software Engineering. Vol. 2. No. 4. Pages 1–18. 2011.

Details about Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework | BibTeX data for Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework

User−Centered Information Security Policy Development in a Post−Stuxnet World

Shamal Faily and Ivan Flechais

In Proceedings of the 6th International Conference on Availability‚ Reliability and Security. Pages 716–721. 2011.

Details about User−Centered Information Security Policy Development in a Post−Stuxnet World | BibTeX data for User−Centered Information Security Policy Development in a Post−Stuxnet World | Download  (pdf) of User−Centered Information Security Policy Development in a Post−Stuxnet World

Two Requirements for Usable and Secure Software Engineering

Shamal Faily

In 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop. 2011.

Details about Two Requirements for Usable and Secure Software Engineering | BibTeX data for Two Requirements for Usable and Secure Software Engineering | Download  (pdf) of Two Requirements for Usable and Secure Software Engineering

Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism

Shamal Faily

In CHI Workshop on HCI‚ Politics and the City: Engaging with Urban Grassroots Movements for Reflection and Action. 2011.

Details about Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism | BibTeX data for Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism

Eliciting Usable Security Requirements with Misusability Cases

Shamal Faily and Ivan Flechais

In Proceedings of the 19th IEEE International Requirements Engineering Conference. Pages 339–340. IEEE Computer Society. 2011.

Pre−print available at http://www.cs.ox.ac.uk/files/4125/PID1921187.pdf

Details about Eliciting Usable Security Requirements with Misusability Cases | BibTeX data for Eliciting Usable Security Requirements with Misusability Cases | Download  (pdf) of Eliciting Usable Security Requirements with Misusability Cases | DOI (10.1109/RE.2011.6051665)

Bridging User−Centered Design and Requirements Engineering with GRL and Persona Cases

Shamal Faily

In Proceedings of the 5th International i* Workshop. Pages 114–119. 2011.

Details about Bridging User−Centered Design and Requirements Engineering with GRL and Persona Cases | BibTeX data for Bridging User−Centered Design and Requirements Engineering with GRL and Persona Cases | Download  (pdf) of Bridging User−Centered Design and Requirements Engineering with GRL and Persona Cases

A framework for usable and secure system design

Shamal Faily

PhD Thesis University of Oxford. 2011.

Details about A framework for usable and secure system design | BibTeX data for A framework for usable and secure system design | Download  (pdf) of A framework for usable and secure system design

Designing and Aligning e−Science Security Culture with Design

Shamal Faily and Ivan Flechais

In Information Management & Computer Security. Vol. 18. No. 5. 2010.

Details about Designing and Aligning e−Science Security Culture with Design | BibTeX data for Designing and Aligning e−Science Security Culture with Design

To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design

Shamal Faily and Ivan Flechais

In NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop. Pages 73–84. New York‚ NY‚ USA. 2010. ACM.

Details about To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design | BibTeX data for To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design | Download  (pdf) of To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design

The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design

Shamal Faily and Ivan Flechais

In HCSE'2010: Proceedings of the 3rd Conference on Human−Centered Software Engineering. Pages 111–118. Springer. 2010.

Details about The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design | BibTeX data for The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design | Download  (pdf) of The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design

Security and Usability: Searching for the philosopher's stone

Ivan Flechais and Shamal Faily

In Workshop on the development of EuroSOUPS (European Symposium on Usable Privacy and Security). 2010.

Details about Security and Usability: Searching for the philosopher's stone | BibTeX data for Security and Usability: Searching for the philosopher's stone | Download  (pdf) of Security and Usability: Searching for the philosopher's stone

A Meta−Model for Usable Secure Requirements Engineering

Shamal Faily and Ivan Flechais

In Software Engineering for Secure Systems‚ 2010. SESS '10. ICSE Workshop on. Pages 29–35. May, 2010.

Details about A Meta−Model for Usable Secure Requirements Engineering | BibTeX data for A Meta−Model for Usable Secure Requirements Engineering | Download  (pdf) of A Meta−Model for Usable Secure Requirements Engineering | DOI (10.1145/1809100.1809105)

Towards tool−support for Usable Secure Requirements Engineering with CAIRIS

Shamal Faily and Ivan Flechais

In International Journal of Secure Software Engineering. Vol. 1. No. 3. Pages 56–70. 2010.

Details about Towards tool−support for Usable Secure Requirements Engineering with CAIRIS | BibTeX data for Towards tool−support for Usable Secure Requirements Engineering with CAIRIS | DOI (10.4018/ijsse.2010070104)

Security through Usability: a user−centered approach for balanced security policy requirements

Shamal Faily and Ivan Flechais

In Poster at: Annual Computer Security Applications Conference. 2010.

Details about Security through Usability: a user−centered approach for balanced security policy requirements | BibTeX data for Security through Usability: a user−centered approach for balanced security policy requirements | Download  (pdf) of Security through Usability: a user−centered approach for balanced security policy requirements

Improving Secure Systems Design with Security Culture

Shamal Faily and Ivan Flechais

In Poster at: Human Factors in Information Security. February, 2010.

Details about Improving Secure Systems Design with Security Culture | BibTeX data for Improving Secure Systems Design with Security Culture | Download  (pdf) of Improving Secure Systems Design with Security Culture

Barry is not the weakest link: Eliciting Secure System Requirements with Personas

Shamal Faily and Ivan Flechais

In Proceedings of the 24th British HCI Group Annual Conference on People and Computers: Play is a Serious Business. Pages 113–120. British Computer Society. 2010.

Details about Barry is not the weakest link: Eliciting Secure System Requirements with Personas | BibTeX data for Barry is not the weakest link: Eliciting Secure System Requirements with Personas | Download  (pdf) of Barry is not the weakest link: Eliciting Secure System Requirements with Personas

Analysing and Visualising Security and Usability in IRIS

Shamal Faily and Ivan Flechais

In Availability‚ Reliability and Security‚ 2010. ARES 10. Fifth International Conference on. February, 2010.

Details about Analysing and Visualising Security and Usability in IRIS | BibTeX data for Analysing and Visualising Security and Usability in IRIS | Download  (pdf) of Analysing and Visualising Security and Usability in IRIS | DOI (10.1109/ARES.2010.28)

A Model of Security Culture for e−Science

Shamal Faily and Ivan Flechais

In Nathan Clarke‚ Steven Furnell and Rossouw von Solms, editors, Proceedings of the South African Information Security Multi−Conference (SAISMC 2010). Pages 154–164. University of Plymouth. 2010.

Details about A Model of Security Culture for e−Science | BibTeX data for A Model of Security Culture for e−Science | Download  (pdf) of A Model of Security Culture for e−Science

Context−Sensitive Requirements and Risk Management with IRIS

Shamal Faily and Ivan Flechais

In International Requirements Engineering‚ 2009. RE'09. 17th IEEE. IEEE. August, 2009.

Details about Context−Sensitive Requirements and Risk Management with IRIS | BibTeX data for Context−Sensitive Requirements and Risk Management with IRIS | Download  (pdf) of Context−Sensitive Requirements and Risk Management with IRIS | DOI (10.1109/RE.2009.54)

Making the invisible visible: a theory of security culture for secure and usable grids

Shamal Faily and Ivan Flechais

In UK e−Science All Hands Conference 2008‚ Edinburgh‚ UK (Oral Presentation). 2008.

Details about Making the invisible visible: a theory of security culture for secure and usable grids | BibTeX data for Making the invisible visible: a theory of security culture for secure and usable grids | Download  (pdf) of Making the invisible visible: a theory of security culture for secure and usable grids