Publications

2017

  • D. Ki-Aries and S. Faily, “Persona-Centred Information Security Awareness,” Computers & Security, 2017.
    [Bibtex]
    @article{kifa17,
    Author = {Duncan Ki-Aries and Shamal Faily},
    Journal = {{Computers \& Security}},
    Publisher = {Elsevier},
    Title = {{Persona-Centred Information Security Awareness}},
    Note = {To Appear},
    Year = {2017}}
  • [PDF] S. Faily and C. Iacob, “Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS,” in Proceedings of 4th International Workshop on Evolving Security & Privacy Requirements Engineering, 2017.
    [Bibtex]
    @inproceedings{faia17,
    Author = {Shamal Faily and Claudia Iacob},
    Booktitle = {{Proceedings of 4th International Workshop on Evolving Security \& Privacy Requirements Engineering}},
    Title = {{Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS}},
    Publisher = {IEEE},
    Note = {To Appear},
    Year = {2017}}
  • [PDF] D. Ki-Aries, H. Dogan, S. Faily, P. Whittington, and C. Williams, “From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems,” in Proceedings of 4th International Workshop on Evolving Security & Privacy Requirements Engineering, 2017.
    [Bibtex]
    @inproceedings{kdfw17,
    Author = {Duncan Ki-Aries and Huseyin Dogan and Shamal Faily and Paul Whittington and Christopher Williams},
    Booktitle = {{Proceedings of 4th International Workshop on Evolving Security \& Privacy Requirements Engineering}},
    Title = {{From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems}},
    Publisher = {IEEE},
    Note = {To Appear},
    Year = {2017}}
  • [PDF] A. M’manga, S. Faily, J. McAlaney, and C. Williams, “Folk Risk Analysis: Factors Influencing Security Analysts’ Interpretation of Risk,” in Proceedings of the 3rd Workshop on Security Information Workers, 2017.
    [Bibtex]
    @inproceedings{mfmw17,
    Author = {Andrew M'manga and Shamal Faily and John McAlaney and Christopher Williams},
    Booktitle = {{Proceedings of the 3rd Workshop on Security Information Workers}},
    Note = {To Appear},
    Publisher = {USENIX Association},
    Title = {{Folk Risk Analysis: Factors Influencing Security Analysts' Interpretation of Risk}},
    Year = {2017}}
  • [PDF] J. Henriksen-Bulmer and S. Faily, “Applying Contextual Integrity to Open Data Publishing,” in Proceedings of the 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe, 2017.
    [Bibtex]
    @inproceedings{hefa17,
    Author = {Jane Henriksen-Bulmer and Shamal Faily},
    Booktitle = {{Proceedings of the 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Applying Contextual Integrity to Open Data Publishing}},
    Year = {2017}}
  • [PDF] D. Ki-Aries, S. Faily, H. Dogan, and C. Williams, “Re-framing “The AMN”: A Case Study Eliciting and Modelling a System of Systems using the Afghan Mission Network,” in Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science, 2017.
    [Bibtex]
    @inproceedings{ksdw17,
    Author = {Duncan Ki-Aries and Shamal Faily and Huseyin Dogan and Chris Williams},
    Booktitle = {{Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science}},
    Note = {To Appear},
    Publisher = {IEEE},
    Title = {{Re-framing ``The AMN'': A Case Study Eliciting and Modelling a System of Systems using the Afghan Mission Network}},
    Year = {2017}}
  • [PDF] A. M’manga, S. Faily, J. McAlaney, and C. Williams, “System Design Considerations for Risk Perception,” in Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science, 2017.
    [Bibtex]
    @inproceedings{mafm17,
    Author = {Andrew M'manga and Shamal Faily and John McAlaney and Chris Williams},
    Booktitle = {{Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science}},
    Note = {To Appear},
    Publisher = {IEEE},
    Title = {{System Design Considerations for Risk Perception}},
    Year = {2017}}

2016

  • [PDF] M. Favale, N. McDonald, S. Faily, and C. Gatzidis, “Human Aspects in Digital Rights Management: The Perspectives of Content Developers,” SCRIPTed, vol. 13, iss. 3, pp. 289-304, 2016.
    [Bibtex]
    @article{famf161,
    Author = {Marcella Favale and Neil McDonald and Shamal Faily and Christos Gatzidis},
    Journal = {{SCRIPTed}},
    Number = {3},
    Pages = {289--304},
    Title = {{Human Aspects in Digital Rights Management: The Perspectives of Content Developers}},
    Volume = {13},
    Year = {2016}}
  • [PDF] C. Iacob, S. Faily, and R. Harrison, “Maram: tool support for mobile app review management,” in Proceedings of the 8th International Conference on Mobile Computing, Applications, and Services (MobiCASE), 2016.
    [Bibtex]
    @inproceedings{iafh16,
    Author = {Claudia Iacob and Shamal Faily and Rachel Harrison},
    Booktitle = {{Proceedings of the 8th International Conference on Mobile Computing, Applications, and Services (MobiCASE)}},
    Note = {To Appear},
    Title = {MARAM: Tool Support for Mobile App Review Management},
    Year = {2016}}
  • [PDF] S. Faily, D. Power, and I. Fléchais, “Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas,” Journal of Trust Management, vol. 1, iss. 4, pp. 1-22, 2016.
    [Bibtex]
    @article{fapf16,
    Author = {Shamal Faily and David Power and Ivan Fl\'{e}chais},
    Journal = {{Journal of Trust Management}},
    Number = {4},
    Pages = {1-22},
    Title = {{Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas}},
    Volume = {1},
    Publisher = {Springer},
    Year = {2016}}
  • [PDF] A. Partridge and S. Faily, “The application of useless japanese inventions for requirements elicitation in information security,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{pafa16,
    Author = {Anton Partridge and Shamal Faily},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {The Application of useless Japanese Inventions for Requirements Elicitation in Information Security},
    Year = {2016}}
  • [PDF] D. Ki-Aries, S. Faily, and K. Beckers, “Persona-Driven Information Security Awareness,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{kifa16,
    Author = {Duncan Ki-Aries and Shamal Faily and Kristian Beckers},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Persona-Driven Information Security Awareness}},
    Year = {2016}}
  • [PDF] S. Faily, C. Iacob, and S. Field, “Ethical Hazards and Safeguards in Penetration Testing,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{faif16,
    Author = {Shamal Faily and Claudia Iacob and Sarah Field},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Ethical Hazards and Safeguards in Penetration Testing}},
    Year = {2016}}
  • [PDF] S. Faily, G. Lykou, A. Partridge, D. Gritzalis, A. Mylonas, and V. Katos, “Human-Centered Specification Exemplars for Critical Infrastructure Environments,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers, 2016.
    [Bibtex]
    @inproceedings{falp16,
    Author = {Shamal Faily and Georgia Lykou and Anton Partridge and Dimitris Gritzalis and Alexios Mylonas and Vasilios Katos},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers}},
    Note = {To Appear},
    Title = {{Human-Centered Specification Exemplars for Critical Infrastructure Environments}},
    Year = {2016}}
  • [PDF] S. Faily and I. Fléchais, “Finding and Resolving Security Misusability with Misusability Cases,” Requirements Engineering, vol. 21, iss. 2, pp. 209-223, 2016.
    [Bibtex]
    @article{fafl141,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {{Requirements Engineering}},
    Number = {2},
    Pages = {209--223},
    Publisher = {Springer},
    Title = {{Finding and Resolving Security Misusability with Misusability Cases}},
    Volume = {21},
    Year = {2016}}
  • [PDF] C. Iacob and S. Faily, “Improving Human-Reviews Interaction: A Study of the Role, Use, and Place of Online Reviews,” in Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion, 2016.
    [Bibtex]
    @inproceedings{iafa16,
    Author = {Claudia Iacob and Shamal Faily},
    Booktitle = {{Proceedings of the 30th British HCI Group Annual Conference on People and Computers: Fusion}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Improving Human-Reviews Interaction: A Study of the Role, Use, and Place of Online Reviews}},
    Year = {2016}}
  • [PDF] M. Favale, N. McDonald, S. Faily, and C. Gatzidis, “Human aspects in digital rights management: the perspectives of content developers,” in Proceedings of the fourth international workshop on artificial intelligence and ip law, 2016.
    [Bibtex]
    @inproceedings{famf16,
    Author = {Marcelle Favale and Neil McDonald and Shamal Faily and Christos Gatzidis},
    Booktitle = {Proceedings of the Fourth International Workshop on Artificial Intelligence and IP Law},
    Title = {Human Aspects in Digital Rights Management: The Perspectives of Content Developers},
    Year = {2016}}

2015

  • [PDF] R. Ali, J. McAlaney, S. Faily, K. Phalp, and V. Katos, “Mitigating Circumstances in Cybercrime: A Position Paper,” in Proceedings of the 3rd International Workshop on Cybercrime and Emerging Web Environments, 2015.
    [Bibtex]
    @inproceedings{aafp15,
    Author = {Raian Ali and John McAlaney and Shamal Faily and Keith Phalp and Vasilos Katos},
    Booktitle = {{Proceedings of the 3rd International Workshop on Cybercrime and Emerging Web Environments}},
    Note = {To Appear},
    Publisher = {IEEE},
    Title = {{Mitigating Circumstances in Cybercrime: A Position Paper}},
    Year = {2015}}
  • [PDF] S. Faily, G. Stergiopoulos, V. Katos, and D. Gritzalis, ““Water, Water, Every Where”: Nuances for a Water Industry Critical Infrastructure Specification Exemplar,” in Proceedings of the 10th International Conference on Critical Information Infrastructures Security, 2015.
    [Bibtex]
    @inproceedings{fsvg15,
    Author = {Shamal Faily and George Stergiopoulos and Vasilos Katos and Dimitris Gritzalis},
    Booktitle = {{Proceedings of the 10th International Conference on Critical Information Infrastructures Security}},
    Note = {To Appear},
    Publisher = {Springer},
    Title = {{``Water, Water, Every Where'': Nuances for a Water Industry Critical Infrastructure Specification Exemplar}},
    Year = {2015}}
  • [PDF] A. Vallindras and S. Faily, “The Mystery of Security Design,” in Proceedings of the 2015 British Human Computer Interaction Conference , 2015, pp. 316-317.
    [Bibtex]
    @inproceedings{vafa15,
    Author = {Antonios Vallindras and Shamal Faily},
    Booktitle = {{Proceedings of the 2015 British Human Computer Interaction Conference }},
    Pages = {316--317},
    Publisher = {ACM},
    Title = {{The Mystery of Security Design}},
    Year = {2015}}
  • [PDF] S. Faily and M. Jones, “Embedding professional practice into the cybersecurity curriculum using ethics,” in Proceedings of the 1st UK Workshop on Cybersecurity Training & Education, 2015.
    [Bibtex]
    @inproceedings{fajo15,
    Author = {Shamal Faily and Michael Jones},
    Booktitle = {{Proceedings of the 1st UK Workshop on Cybersecurity Training \& Education}},
    Title = {Embedding Professional Practice into the Cybersecurity Curriculum using Ethics},
    Year = {2015}}
  • [PDF] S. Faily, J. McAlaney, and C. Iacob, “Ethical Dilemmas and Dimensions in Penetration Testing,” in Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), 2015, pp. 233-242.
    [Bibtex]
    @inproceedings{fami15,
    Author = {Shamal Faily and John McAlaney and Claudia Iacob},
    Booktitle = {{Proceedings of the 9th International Symposium on Human Aspects of Information Security \& Assurance (HAISA 2015)}},
    Pages = {233--242},
    Publisher = {University of Plymouth},
    Title = {{Ethical Dilemmas and Dimensions in Penetration Testing}},
    Year = {2015}}
  • [PDF] N. McDonald, S. Faily, M. Favale, and C. Gatzidis, “Digital Rights Management: The Four Perspectives of Developers, Distributors, Users, and Lawyers,” in Proceedings of the 9th International Symposium on Human Aspects on Information Security & Assurance (HAISA 2015), 2015, pp. 276-285.
    [Bibtex]
    @inproceedings{mffg15,
    Author = {Neil McDonald and Shamal Faily and Marcella Favale and Christos Gatzidis},
    Booktitle = {{Proceedings of the 9th International Symposium on Human Aspects on Information Security \& Assurance (HAISA 2015)}},
    Pages = {276--285},
    Publisher = {University of Plymouth},
    Title = {{Digital Rights Management: The Four Perspectives of Developers, Distributors, Users, and Lawyers}},
    Year = {2015}}
  • [PDF] S. Faily, “Engaging stakeholders during late stage security design with assumption personas,” Information and computer security, vol. 23, iss. 4, pp. 435-446, 2015.
    [Bibtex]
    @article{fail15,
    Author = {Shamal Faily},
    Journal = {Information and Computer Security},
    Number = {4},
    Pages = {435--446},
    Title = {Engaging Stakeholders during Late Stage Security Design with Assumption Personas},
    Volume = {23},
    Year = {2015}}
  • [PDF] J. McAlaney, J. Taylor, and S. Faily, “The social psychology of cybersecurity,” in Proceedings of the 1st International Conference on Cyber Security for Sustainable Society, 2015.
    [Bibtex]
    @inproceedings{mctf15,
    Author = {John McAlaney and Jacqui Taylor and Shamal Faily},
    Booktitle = {{Proceedings of the 1st International Conference on Cyber Security for Sustainable Society}},
    Note = {To Appear},
    Publisher = {Working Papers of the SSN+},
    Title = {The Social Psychology of Cybersecurity},
    Year = {2015}}
  • [PDF] S. Faily, J. Lyle, I. Fléchais, and A. Simpson, “Usability and Security by Design: A Case Study in Research and Development,” in Proceedings of the ndss workshop on usable security, 2015.
    [Bibtex]
    @inproceedings{flfs15,
    Author = {Shamal Faily and John Lyle and Ivan Fl\'{e}chais and Andrew Simpson},
    Booktitle = {Proceedings of the NDSS Workshop on Usable Security},
    Date-Modified = {2015-10-22 14:55:13 +0000},
    Publisher = {Internet Society},
    Title = {{Usability and Security by Design: A Case Study in Research and Development}},
    Year = {2015}}

2014

  • [PDF] S. Faily and I. Fléchais, “Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models,” in Proceedings of the 6th International Workshop on Social Software Engineering, 2014, pp. 17-24.
    [Bibtex]
    @inproceedings{fafl142,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 6th International Workshop on Social Software Engineering}},
    Pages = {17--24},
    Publisher = {ACM},
    Title = {{Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models}},
    Year = {2014}}
  • [PDF] S. Faily, “Ethical Hacking Assessment as a Vehicle for Undergraduate Cybersecurity Education,” in Processing of the BCS 19th Annual INSPIRE Conference, 2014.
    [Bibtex]
    @inproceedings{fail141,
    Author = {Shamal Faily},
    Booktitle = {{Processing of the BCS 19th Annual INSPIRE Conference}},
    Note = {In Press},
    Title = {{Ethical Hacking Assessment as a Vehicle for Undergraduate Cybersecurity Education}},
    Year = {2014}}
  • [PDF] S. Faily, “Engaging Stakeholders in Security Design: An Assumption-Driven Approach,” in Proceedings of the 8th international symposium on human aspects of information security & assurance, 2014, pp. 21-29.
    [Bibtex]
    @inproceedings{fail14,
    Author = {Shamal Faily},
    Booktitle = {Proceedings of the 8th International Symposium on Human Aspects of Information Security \& Assurance},
    Pages = {21-29},
    Publisher = {University of Plymouth},
    Title = {{Engaging Stakeholders in Security Design: An Assumption-Driven Approach}},
    Year = {2014}}
  • [PDF] S. Faily, J. Lyle, I. Fléchais, A. Atzeni, C. Cameroni, H. Myrhaug, A. Göker, and R. Kleinfeld, “Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework,” in Proceedings of the 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky, 2014.
    [Bibtex]
    @inproceedings{falf14,
    Author = {Shamal Faily and John Lyle and Ivan Fl\'{e}chais and Andrea Atzeni and Cesare Cameroni and Hans Myrhaug and Ayse G\"{o}ker and Robert Kleinfeld},
    Booktitle = {{Proceedings of the 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky}},
    Note = {To Appear},
    Publisher = {British Computer Society},
    Title = {{Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework}},
    Year = {2014}}
  • [PDF] S. Faily, S. Parkin, and J. Lyle, “Evaluating the Implications of Attack and Security Patterns with Premortems,” in Cyberpatterns – Unifying Design Patterns with Security, Attack and Forensic Patterns, Springer, 2014, pp. 199-209.
    [Bibtex]
    @incollection{fapl14,
    Author = {Shamal Faily and Simon Parkin and John Lyle},
    Booktitle = {{Cyberpatterns - Unifying Design Patterns with Security, Attack and Forensic Patterns}},
    Pages = {199--209},
    Publisher = {Springer},
    Title = {{Evaluating the Implications of Attack and Security Patterns with Premortems}},
    Year = {2014}}
  • K. Beckers, S. Faily, S. Lee, and N. Mead, Proceedings of the 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE ’14), IEEE, 2014.
    [Bibtex]
    @book{bflm14,
    Author = {Kristan Beckers and Shamal Faily and Seok-Won Lee and Nancy Mead},
    Publisher = {IEEE},
    Title = {{Proceedings of the 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE '14)}},
    Year = {2014}}

2013

  • [PDF] S. Faily, D. Power, P. Armstrong, and I. Fléchais, “Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract),” in Proceedings of the 6th international conference on trust & trustworthy computing, 2013, pp. 267-268.
    [Bibtex]
    @inproceedings{fpaf13,
    Author = {Shamal Faily and David Power and Philip Armstrong and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 6th International Conference on Trust \& Trustworthy Computing},
    Pages = {267--268},
    Publisher = {Springer},
    Title = {{Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract)}},
    Year = {2013}}
  • [PDF] S. Faily and J. Lyle, “Security lessons learned building concept apps for webinos,” in Human aspects in mobile apps engineering: workshop at british hci 2013, 2013.
    [Bibtex]
    @inproceedings{faly132,
    Author = {Shamal Faily and John Lyle},
    Booktitle = {Human Aspects in Mobile Apps Engineering: Workshop at British HCI 2013},
    Title = {Security Lessons Learned Building Concept Apps for webinos},
    Year = {2013}}
  • [PDF] J. Lyle, A. Paverd, J. King-Lacroix, A. Atzeni, H. Virji, I. Fléchais, and S. Faily, “Personal PKI for the smart device era,” in Public Key Infrastructures, Services and Applications (EuroPKI 2012), 2013, pp. 69-84.
    [Bibtex]
    @inproceedings{lypa13,
    Author = {John Lyle and Andrew Paverd and Justin King-Lacroix and Andrea Atzeni and Habib Virji and Ivan Fl\'{e}chais and Shamal Faily},
    Booktitle = {{Public Key Infrastructures, Services and Applications (EuroPKI 2012)}},
    Pages = {69--84},
    Publisher = {Springer},
    Title = {{Personal PKI for the smart device era}},
    Year = {2013}}
  • [PDF] J. Lyle, C. Nilsson, A. Isberg, and S. Faily, “Extending the web to support personal network services,” in Proceedings of the 28th ACM Symposium on Applied Computing, 2013, pp. 711-716.
    [Bibtex]
    @inproceedings{lnif13,
    Author = {John Lyle and Claes Nilsson and Anders Isberg and Shamal Faily},
    Booktitle = {{Proceedings of the 28th ACM Symposium on Applied Computing}},
    Pages = {711--716},
    Publisher = {ACM},
    Title = {{Extending the web to support personal network services}},
    Year = {2013}}
  • [PDF] S. Faily, L. Coles-Kemp, P. Dunphy, M. Just, Y. Akama, and A. De Luca, “Designing Interactive Secure Systems: CHI 2013 Special Interest Group,” in CHI ’13 Extended Abstracts on Human Factors in Computing Systems, 2013, pp. 2469-2472.
    [Bibtex]
    @inproceedings{faco13,
    Author = {Faily, Shamal and Coles-Kemp, Lizzie and Dunphy, Paul and Just, Mike and Akama, Yoko and De Luca, Alexander},
    Booktitle = {{CHI '13 Extended Abstracts on Human Factors in Computing Systems}},
    Pages = {2469--2472},
    Publisher = {ACM},
    Title = {{Designing Interactive Secure Systems: CHI 2013 Special Interest Group}},
    Year = {2013}}
  • [PDF] S. Faily and J. Lyle, “Guidelines for integrating personas into software engineering tools,” in Proceedings of the 5th acm sigchi symposium on engineering interactive computing systems, 2013, pp. 69-74.
    [Bibtex]
    @inproceedings{faly131,
    Author = {Shamal Faily and John Lyle},
    Booktitle = {Proceedings of the 5th ACM SIGCHI symposium on Engineering interactive computing systems},
    Pages = {69--74},
    Publisher = {ACM},
    Series = {EICS '13},
    Title = {Guidelines for Integrating Personas into Software Engineering Tools},
    Year = {2013}}
  • [PDF] T. Su, J. Lyle, A. Atzeni, S. Faily, H. Virji, C. Ntanos, and C. Botsikas, “Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project,” in Proceedings of the 9th International Haifa Verification Conference, 2013, pp. 145-150.
    [Bibtex]
    @inproceedings{sula13,
    Author = {Tao Su and John Lyle and Andrea Atzeni and Shamal Faily and Habib Virji and Christos Ntanos and Christos Botsikas},
    Booktitle = {{Proceedings of the 9th International Haifa Verification Conference}},
    Pages = {145--150},
    Publisher = {Springer},
    Title = {{Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project}},
    Year = {2013}}
  • [PDF] C. Iacob, R. Harrison, and S. Faily, “Online Reviews as First Class Artifacts in Mobile App Development,” in Proceedings of the 5th International Conference on Mobile Computing, Applications, and Services (MobiCASE), 2013, pp. 47-53.
    [Bibtex]
    @inproceedings{iahf13,
    Author = {Claudia Iacob and Rachel Harrison and Shamal Faily},
    Booktitle = {{Proceedings of the 5th International Conference on Mobile Computing, Applications, and Services (MobiCASE)}},
    Pages = {47--53},
    Publisher = {Springer},
    Title = {{Online Reviews as First Class Artifacts in Mobile App Development}},
    Year = {2013}}
  • A. Atzeni, J. Lyle, and S. Faily, “Developing secure, unified multi-device and multi-domain platforms: a case study from the webinos project,” in Architectures and protocols for secure information technology, IGI Global, 2013, pp. 310-333.
    [Bibtex]
    @incollection{atlf13,
    Author = {Andrea Atzeni and John Lyle and Shamal Faily},
    Booktitle = {Architectures and Protocols for Secure Information Technology},
    Pages = {310--333},
    Publisher = {IGI Global},
    Title = {Developing secure, unified multi-device and multi-domain platforms: A case study from the webinos project},
    Year = {2013}}
  • [PDF] J. Lyle, S. Faily, and M. Winandy, Proceedings of the Workshop on Web Applications and Secure Hardware (WASH ’13), CEUR Workshop Proceedings, 2013.
    [Bibtex]
    @book{lyfw13,
    Author = {John Lyle and Shamal Faily and Marcus Winandy},
    Publisher = {CEUR Workshop Proceedings},
    Title = {{Proceedings of the Workshop on Web Applications and Secure Hardware (WASH '13)}},
    Year = {2013}}

2012

  • [PDF] C. Fuhrhop, J. Lyle, and S. Faily, “The webinos project,” in Proceedings of the 21st international conference companion on world wide web, 2012, pp. 259-262.
    [Bibtex]
    @inproceedings{fuly12,
    Acmid = {2188024},
    Author = {Fuhrhop, Christian and Lyle, John and Faily, Shamal},
    Booktitle = {Proceedings of the 21st international conference companion on World Wide Web},
    Pages = {259--262},
    Publisher = {ACM},
    Series = {WWW '12 Companion},
    Title = {The webinos project},
    Year = {2012}}
  • [PDF] S. Faily, “Analysing chindogu: applying defamiliarisation to security design,” in Proceedings of the CHI 2012 Workshop on Defamiliarisation in Innovation and Usability, 2012.
    [Bibtex]
    @inproceedings{failydefam,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the CHI 2012 Workshop on Defamiliarisation in Innovation and Usability}},
    Title = {Analysing Chindogu: Applying Defamiliarisation to Security Design},
    Year = {2012}}
  • [PDF] S. Faily and I. Fléchais, “Software for interactive secure systems design: lessons learned developing and applying cairis,” in Designing Interactive Secure Systems: Workshop at British HCI 2012, 2012.
    [Bibtex]
    @inproceedings{fafl121,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Designing Interactive Secure Systems: Workshop at British HCI 2012}},
    Title = {Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS},
    Year = {2012}}
  • S. Faily, J. Lyle, and S. Parkin, “Tool-supported premortems with attack and security patterns,” in Proceedings of the First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns, 2012, pp. 10-11.
    [Bibtex]
    @inproceedings{falp12,
    Author = {Shamal Faily and John Lyle and Simon Parkin},
    Booktitle = {{Proceedings of the First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns}},
    Pages = {10--11},
    Title = {Tool-supported premortems with Attack and Security Patterns},
    Year = {2012}}
  • S. Faily, “Security Patterns Considered Harmful?,” in Proceedings of the Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns, 2012, pp. 108-109.
    [Bibtex]
    @inproceedings{fail13,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns}},
    Pages = {108--109},
    Title = {{Security Patterns Considered Harmful?}},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, and S. Parkin, “Secure Sytem? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems,” in Designing interactive secure systems: workshop at british hci 2012, 2012.
    [Bibtex]
    @inproceedings{falp121,
    Author = {Shamal Faily and John Lyle and Simon Parkin},
    Booktitle = {Designing Interactive Secure Systems: Workshop at British HCI 2012},
    Publisher = {British Computer Society},
    Title = {{Secure Sytem? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems}},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, C. Namiluko, A. Atzeni, and C. Cameroni, “Model-driven architectural risk analysis using architectural and contextualised attack patterns,” in Proceedings of the workshop on model-driven security, 2012, p. 3:1–3:6.
    [Bibtex]
    @inproceedings{faln12,
    Author = {Faily, Shamal and Lyle, John and Namiluko, Cornelius and Atzeni, Andrea and Cameroni, Cesare},
    Booktitle = {Proceedings of the Workshop on Model-Driven Security},
    Pages = {3:1--3:6},
    Publisher = {ACM},
    Title = {Model-driven architectural risk analysis using architectural and contextualised attack patterns},
    Year = {2012}}
  • [PDF] J. Lyle, S. Monteleone, S. Faily, D. Patti, and F. Ricciato, “Cross-plaform access control for mobile web applications,” in Policies for Distributed Systems and Networks (POLICY), 2012 IEEE International Symposium on, 2012, pp. 37-44.
    [Bibtex]
    @inproceedings{lymo12,
    Author = {John Lyle and Salvatore Monteleone and Shamal Faily and Davide Patti and Fabio Ricciato},
    Booktitle = {{Policies for Distributed Systems and Networks (POLICY), 2012 IEEE International Symposium on}},
    Pages = {37--44},
    Publisher = {IEEE},
    Title = {{Cross-plaform access control for mobile web applications}},
    Year = {2012}}
  • [PDF] J. Lyle, S. Faily, I. Fléchais, A. Paul, A. Göker, H. Myrhaug, H. Desruelle, and A. Martin, “On the design and development of webinos: a distributed mobile application middleware,” in Proceedings of the 12th IFIP WG 6.1 International Conference on Distributed Applications and Interoperable Systems, 2012, pp. 140-147.
    [Bibtex]
    @inproceedings{lyff12,
    Author = {John Lyle and Shamal Faily and Ivan Fl\'{e}chais and Andre Paul and Ayse G\"{o}ker and Hans Myrhaug and Heiko Desruelle and Andrew Martin},
    Booktitle = {{Proceedings of the 12th IFIP WG 6.1 International Conference on Distributed Applications and Interoperable Systems}},
    Pages = {140--147},
    Publisher = {Springer},
    Title = {{On the design and development of webinos: a distributed mobile application middleware}},
    Year = {2012}}
  • [PDF] S. Faily, J. Lyle, A. Paul, A. Atzeni, D. Blomme, H. Desruelle, and K. Bangalore, “Requirements Sensemaking using Concept Maps,” in Proceedings of the 4th International Conference on Human-Centered Software Engineering, 2012, pp. 217-232.
    [Bibtex]
    @inproceedings{fapa12,
    Author = {Shamal Faily and John Lyle and Andre Paul and Andrea Atzeni and Dieter Blomme and Heiko Desruelle and Krishna Bangalore},
    Booktitle = {{Proceedings of the 4th International Conference on Human-Centered Software Engineering}},
    Pages = {217--232},
    Publisher = {Springer},
    Title = {{Requirements Sensemaking using Concept Maps}},
    Year = {2012}}
  • [PDF] S. Faily, I. Fléchais, and L. Coles-Kemp, Proceedings of Designing Interactive Secure Systems: Workshop at British HCI 2012 (DISS ’12), British Computer Society, 2012.
    [Bibtex]
    @book{fafc12,
    Author = {Shamal Faily and Ivan Fl\'{e}chais and Lizzie Coles-Kemp},
    Howpublished = {\url{http://ewic.bcs.org/content/ConWebDoc/48809}},
    Publisher = {British Computer Society},
    Title = {{Proceedings of Designing Interactive Secure Systems: Workshop at British HCI 2012 (DISS '12)}},
    Year = {2012}}

2011

  • [PDF] I. Fléchais and S. Faily, “Seeking the philosopher’s stone,” Interfaces: Quarterly Magazine of BCS Interaction Group, iss. 86, pp. 14-15, 2011.
    [Bibtex]
    @article{flfa11,
    Author = {Ivan Fl\'{e}chais and Shamal Faily},
    Journal = {{Interfaces: Quarterly Magazine of BCS Interaction Group}},
    Month = {Spring},
    Number = {86},
    Pages = {14--15},
    Title = {Seeking the Philosopher's Stone},
    Year = {2011}}
  • [PDF] S. Faily and I. Fléchais, “Eliciting Usable Security Requirements with Misusability Cases,” in Proceedings of the 19th IEEE International Requirements Engineering Conference, 2011, pp. 339-340.
    [Bibtex]
    @inproceedings{fafl112,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 19th IEEE International Requirements Engineering Conference}},
    Pages = {339--340},
    Publisher = {IEEE Computer Society},
    Title = {{Eliciting Usable Security Requirements with Misusability Cases}},
    Year = {2011}}
  • [PDF] S. Faily, “Two Requirements for Usable and Secure Software Engineering,” in Proceedings of the 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop, National Institute of Standards and Technology (NIST), Gaithersburg MD, USA, 2011.
    [Bibtex]
    @inproceedings{failysausage11,
    Address = {National Institute of Standards and Technology (NIST), Gaithersburg MD, USA},
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop}},
    Title = {{Two Requirements for Usable and Secure Software Engineering}},
    Year = {2011}}
  • [PDF] S. Faily, “Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism,” in Proceedings of the chi workshop on hci, politics and the city, 2011.
    [Bibtex]
    @inproceedings{fail112,
    Author = {Shamal Faily},
    Booktitle = {Proceedings of the CHI Workshop on HCI, Politics and the City},
    Title = {{Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism}},
    Year = {2011}}
  • [PDF] G. Gionis, H. Desruelle, D. Blomme, J. Lyle, S. Faily, and L. Bassbouss, ““do we know each other or is it just our devices?”: a federated context model for describing social activity across devices,” in Proceedings of the W3C Workshop: Federated Social Architectures and Protocols, 2011.
    [Bibtex]
    @inproceedings{gide11,
    Author = {George Gionis and Heiko Desruelle and Dieter Blomme and John Lyle and Shamal Faily and Louay Bassbouss},
    Booktitle = {{Proceedings of the W3C Workshop: Federated Social Architectures and Protocols}},
    Title = {``Do we know each other or is it just our Devices?'': A Federated Context Model for Describing Social Activity Across Devices},
    Year = {2011}}
  • [PDF] S. Faily, “Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases,” in Proceedings of the 5th international i* workshop, 2011, pp. 114-119.
    [Bibtex]
    @inproceedings{failyre11,
    Author = {Shamal Faily},
    Booktitle = {Proceedings of the 5th International i* Workshop},
    Pages = {114--119},
    Publisher = {CEUR Workshop Proceedings},
    Title = {{Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases}},
    Year = {2011}}
  • [PDF] S. Faily and I. Fléchais, “Persona Cases: A Technique for Grounding Personas,” in Proceedings of the 29th international conference on Human factors in computing systems, 2011, pp. 2267-2270.
    [Bibtex]
    @inproceedings{fafl111,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 29th international conference on Human factors in computing systems}},
    Pages = {2267--2270},
    Publisher = {ACM},
    Title = {{Persona Cases: A Technique for Grounding Personas}},
    Year = {2011}}
  • [PDF] S. Faily and I. Fléchais, “User-centered information security policy development in a post-stuxnet world,” in Proceedings of the 6th International Conference on Availability, Reliability and Security, 2011, pp. 716-721.
    [Bibtex]
    @inproceedings{fafl113,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 6th International Conference on Availability, Reliability and Security}},
    Pages = {716--721},
    Title = {User-Centered Information Security Policy Development in a Post-Stuxnet World},
    Year = {2011}}
  • [PDF] A. Atzeni, C. Cameroni, S. Faily, J. Lyle, and I. Fléchais, “Here’s Johnny: a Methodology for Developing Attacker Personas,” in Proceedings of the 6th international conference on availability, reliability and security, 2011, pp. 722-727.
    [Bibtex]
    @inproceedings{atfa11,
    Author = {Andrea Atzeni and Cesare Cameroni and Shamal Faily and John Lyle and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 6th International Conference on Availability, Reliability and Security},
    Pages = {722--727},
    Title = {{Here's Johnny: a Methodology for Developing Attacker Personas}},
    Year = {2011}}
  • [PDF] S. Faily and I. Fléchais, “Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework,” International journal of secure software engineering, vol. 2, iss. 4, pp. 114-119, 2011.
    [Bibtex]
    @article{fafl114,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {International Journal of Secure Software Engineering},
    Number = {4},
    Pages = {114--119},
    Title = {{Eliciting Policy Requirements for Critical National Infrastructure using the IRIS Framework}},
    Volume = {2},
    Year = {2011}}

2010

  • [PDF] S. Faily and I. Fléchais, “Security through usability: a user-centered approach for balanced security policy requirements,” in Poster at: computer security applications conference, 2010. acsac ’10. annual, 2010.
    [Bibtex]
    @inproceedings{fafl109,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Poster at: Computer Security Applications Conference, 2010. ACSAC '10. Annual},
    Month = {Dec.},
    Title = {Security through Usability: a user-centered approach for balanced security policy requirements},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Analysing and Visualising Security and Usability in IRIS,” in Proceedings of the 5th International Conference on Availability, Reliability and Security, 2010, pp. 543-548.
    [Bibtex]
    @inproceedings{fafl101,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 5th International Conference on Availability, Reliability and Security}},
    Pages = {543--548},
    Publisher = {IEEE},
    Title = {{Analysing and Visualising Security and Usability in IRIS}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “A Meta-Model for Usable Secure Requirements Engineering,” in Proceedings of the 6th international workshop on software engineering for secure systems, 2010, pp. 126-135.
    [Bibtex]
    @inproceedings{fafl102,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 6th International Workshop on Software Engineering for Secure Systems},
    Pages = {126-135},
    Publisher = {IEEE},
    Title = {{A Meta-Model for Usable Secure Requirements Engineering}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “A Model of Security Culture for e-Science,” in Proceedings of the south african information security multi-conference (saismc 2010), 2010, pp. 154-164.
    [Bibtex]
    @inproceedings{fafl104,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the South African Information Security Multi-Conference (SAISMC 2010)},
    Pages = {154--164},
    Publisher = {University of Plymouth},
    Title = {{A Model of Security Culture for e-Science}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Barry is not the weakest link: eliciting secure system requirements with personas,” in Proceedings of the 24th BCS Interaction Specialist Group Conference, 2010, pp. 124-132.
    [Bibtex]
    @inproceedings{fafl106,
    Author = {Faily, Shamal and Fl{\'e}chais, Ivan},
    Booktitle = {{Proceedings of the 24th BCS Interaction Specialist Group Conference}},
    Pages = {124--132},
    Publisher = {British Computer Society},
    Title = {Barry is not the weakest link: eliciting secure system requirements with personas},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “To boldly go where invention isn’t secure: applying Security Entrepreneurship to secure systems design,” in Proceedings of the 2010 new security paradigms workshop, 2010, pp. 73-84.
    [Bibtex]
    @inproceedings{fafl107,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {Proceedings of the 2010 New Security Paradigms Workshop},
    Pages = {73--84},
    Publisher = {ACM},
    Title = {{To boldly go where invention isn't secure: applying Security Entrepreneurship to secure systems design}},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “The secret lives of assumptions: developing and refining assumption personas for secure system design,” in Proceedings of the 3rd Conference on Human-Centered Software Engineering, 2010, pp. 111-118.
    [Bibtex]
    @inproceedings{fafl108,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 3rd Conference on Human-Centered Software Engineering}},
    Pages = {111--118},
    Publisher = {Springer},
    Title = {The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Towards tool-support for Usable Secure Requirements Engineering with CAIRIS,” International journal of secure software engineering, vol. 1, iss. 3, pp. 56-70, 2010.
    [Bibtex]
    @article{fafl103,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {International Journal of Secure Software Engineering},
    Month = {July-September},
    Number = {3},
    Organization = {IGI Global},
    Pages = {56--70},
    Title = {{Towards tool-support for Usable Secure Requirements Engineering with CAIRIS}},
    Volume = {1},
    Year = {2010}}
  • [PDF] S. Faily and I. Fléchais, “Designing and Aligning e-Science Security Culture with Design,” Information management and computer security, vol. 18, iss. 5, pp. 339-349, 2010.
    [Bibtex]
    @article{fafl1010,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Journal = {Information Management and Computer Security},
    Number = {5},
    Pages = {339--349},
    Title = {{Designing and Aligning e-Science Security Culture with Design}},
    Volume = {18},
    Year = {2010}}

2009

  • [PDF] S. Faily and I. Fléchais, “Context-Sensitive Requirements and Risk Management with IRIS,” in Proceedings of the 17th IEEE International Requirements Engineering Conference, 2009, pp. 379-380.
    [Bibtex]
    @inproceedings{faily091,
    Author = {Shamal Faily and Ivan Fl\'{e}chais},
    Booktitle = {{Proceedings of the 17th IEEE International Requirements Engineering Conference}},
    Pages = {379--380},
    Publisher = {IEEE Computer Society},
    Title = {{Context-Sensitive Requirements and Risk Management with IRIS}},
    Year = {2009}}
  • S. Faily, “Context-Sensitive Requirements and Risk Analysis,” in Proceedings of the 17th International Conference on Requirements Engineering – Doctoral Symposium, 2009.
    [Bibtex]
    @inproceedings{failyrephd09,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the 17th International Conference on Requirements Engineering - Doctoral Symposium}},
    Title = {{Context-Sensitive Requirements and Risk Analysis}},
    Year = {2009}}

2008

  • [PDF] S. Faily, “Towards requirements engineering practice for professional end user developers: a case study,” in Proceedings of the 3rd International Workshop on Requirements Engineering Education and Training, 2008, pp. 38-44.
    [Bibtex]
    @inproceedings{fail08,
    Author = {Shamal Faily},
    Booktitle = {{Proceedings of the 3rd International Workshop on Requirements Engineering Education and Training}},
    Pages = {38--44},
    Publisher = {IEEE Computer Society},
    Title = {Towards Requirements Engineering Practice for Professional End User Developers: a Case Study},
    Year = {2008}}

2005

  • S. Faily, “Does Object-Oriented Domain Analysis Work?,” Newsletter of the British Computer Society Requirements Engineering Specialist Interest Group, iss. 37, pp. 10-11, 2005.
    [Bibtex]
    @article{fail05,
    Author = {Shamal Faily},
    Journal = {{Newsletter of the British Computer Society Requirements Engineering Specialist Interest Group}},
    Number = {37},
    Pages = {10-11},
    Title = {{Does Object-Oriented Domain Analysis Work?}},
    Year = {2005}}