Back to top

Biography

I am a Principal Lecturer in Systems Security Engineering and co-ordinator of the Bournemouth University Cyber Security Research group (BUCSR)

Before joining BU, I was previously a Post-doctoral Researcher at the Department of Computer Science at the University of Oxford, and a Teaching Fellow at the Information Security Group at University College London. I completed my DPhil in Computer Science at the University of Oxford. Prior to my doctoral research, I was a software engineer within Logica's Space business. Software I developed has been used to support flight dynamics operations for several European Space Agency (ESA) missions, including Mars Express and Rosetta.

Research

My research explores how security can be 'built in' at the earliest stages of a software product or service's design, and how software can be designed to ensure it remains secure and usable when used in different contexts.

I am particularly interested in the role User Experience (UX) artefacts like personas can play in design for security and privacy, and how software tools can help rather than hinder the design of secure and usable software. I maintain the free and open-source CAIRIS platform, and am author of the textbook 'Designing Usable and Secure Software with IRIS and CAIRIS' (Springer, 2018).

Journal Articles

Books

  • Faily, S., 2018. Designing Usable and Secure Software with IRIS and CAIRIS. Springer.
  • Beckers, K., Faily, S., Lee, S.-W. and Mead, N., 2017. Proceedings of the 4th International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2017). IEEE.
  • Beckers, K., Lee, S.-W. and Mead, N., 2016. Proceedings of the 3rd International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2016). IEEE.
  • Faily, S., Jiang, N., Dogan, H. and Taylor, J., 2016. Proceedings of the 30th International BCS Human Computer Interaction Conference (HCI 2016). British Computer Society.
  • Proceedings of the 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2015). IEEE.
  • Proceedings of the 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2014). IEEE.
  • Proceedings of the Workshop on Web Applications and Secure Hardware (WASH'13). CEUR-WS.
  • Proceedings of the BCS HCI 2012 Workshop on Designing Interactive Secure Systems. BCS.
  • Faily, S., Živny, S., Fogelberg, C., Salamon, A. and Schäfer, M., 2008. Proceedings of the Oxford University Computing Laboratory Student Conference 2008. Oxford University Computing Laboratory.

Chapters

  • Atzeni, A., Faily, S. and Galloni, R., 2017. Usable Security: HCI-Sec Issues and Motivations. Encyclopedia of Information Science and Technology. IGI Global.
  • Atzeni, A., Lyle, J. and Faily, S., 2017. Developing secure, unified, multi-device, and multi-domain platforms: A case study from the webinos project. Application Development and Design: Concepts, Methodologies, Tools, and Applications. 539-564.
  • Faily, S., 2014. Evaluating the Implications of Attack and Security Patterns with Premortems. In: Blackwell, C. and Zhu, H., eds. Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns. Springer.
  • Atzeni, A., Lyle, J. and Faily, S., 2014. Developing secure, unified multi-device and multi-domain platforms: A case study from the webinos project. Architectures and Protocols for Secure Information Technology. IGI Global, 310-333.
  • Faily, S., Lyle, J. and Parkin, S., 2012. Tool-support Premortems with Attack and Security Patterns. First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns. 10-11.

Conferences

  • Henriksen-Bulmer, J., Faily, S. and Jeary, S., 2019. Implementing GDPR in the Charity Sector: A Case Study. In: 13th International IFIP Summer School on Privacy and Identity Management – Fairness, accountability and transparency in the age of big data 20-24 August 2018 Vienna, Austria. Springer.
  • M'MANGA, A., Faily, S., McAlaney, J. and Williams, C., 2018. Rationalising Decision Making about Risk: A Normative Approach. In: 12th International Symposium on Human Aspects of Information Security & Assurance 29-31 August 2018 Dundee, UK. University of Plymouth.
  • Coles, J., Faily, S. and Ki-Aries, D., 2018. Tool-supporting Data Protection Impact Assessments with CAIRIS. In: 5th International Workshop on Evolving Security & Privacy Requirements Engineering 20 August 2018 Banff, Canada.
  • Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2018. Assessing System of Systems Security Risk and Requirements with OASoSIS. In: 5th International Workshop on Evolving Security & Privacy Requirements Engineering 20 August 2018 Banff, Canada.
  • M'MANGA, A., Faily, S., McAlaney, J., Williams, C., Kadobayashi, Y. and Miyamoto, D., 2018. Eliciting Persona Characteristics for Risk Based Decision Making. In: 32nd International BCS Human Computer Interaction Conference 2-6 July 2018 Belfast, UK.
  • M'MANGA, A., Faily, S., McAlaney, J., Kadobayashi, Y. and Miyamoto, D., 2018. Qualitative Adaptation: Informing Design for Risk-based Decision Making. In: 2nd Workshop on the Challenges and Opportunities for Qualitative Data Research Methods in HCI 2-6 July 2018 Belfast, UK.
  • Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2018. System of Systems Characterisation assisting Security Risk Assessment. In: IEEE 13th System of Systems Engineering Conference 19 June-22 April 2018 Paris, France. IEEE.
  • Iacob, C. and Faily, S., 2018. Redesigning an Undergraduate Software Engineering Course for a Large Cohort. In: Proceedings of 40th International Conference on Software Engineering 27 May-3 June 2018 Gothenburg, Sweden. ACM.
  • Iacob, C. and Faily, S., 2017. Using Extreme Characters to Teach Requirements Engineering. In: 30th IEEE Conference on Software Engineering, Education, and Training 7-9 November 2017 Savannah, USA. IEEE.
  • Beckers, K., Faily, S., Lee, S.W. and Mead, N., 2017. Welcome to the fourth international workshop on evolving security and privacy requirements engineering (ESPRE'17). xix.
  • Faily, S. and Iacob, C., 2017. Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS. In: Fourth International Workshop on Evolving Security & Privacy Requirements Engineering 4 September 2017 Lisbon, Portugal.
  • Ki-Aries, D., Dogan, H., Faily, S., Whittington, P. and Williams, C., 2017. From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems. In: Fourth International Workshop on Evolving Security & Privacy Requirements Engineering 4 September 2017 Lisbon, Portugal.
  • M'manga, A., Faily, S., McAlaney, J. and Williams, C., 2017. Folk Risk Analysis: Factors Influencing Security Analysts’ Interpretation of Risk. In: 3rd Workshop on Security Information Workers 12-14 July 2017 Santa Clara, USA. Usenix Association.
  • Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2017. Re-framing 'the AMN': A case study eliciting and modelling a System of Systems using the Afghan Mission Network. 103-108.
  • M'manga, A., Faily, S., McAlaney, J. and Williams, C., 2017. System Design Considerations for Risk Perception. In: Proceedings of the 11th IEEE International Conference on Research Challenges in Information Science 10-12 May 2017 Brighton, UK.
  • Jane, H.B. and Faily, S., 2017. Applying contextual integrity to open data publishing. 1-7.
  • Iacob, C., Faily, S. and Harrison, R., 2016. MARAM: Tool Support for Mobile App Review Management. In: 8th EAI International Conference on Mobile Computing, Applications and Services 30 November-1 December 2016 Cambridge, UK. ACM.
  • Iacob, C. and Faily, S., 2016. Improving Human-Reviews Interaction: A Study of the Role, Use, and Place of Online Reviews. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Faily, S., Iacob, C. and Field, S., 2016. Ethical Hazards and Safeguards in Penetration Testing. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK. British Computer Society.
  • Faily, S., Lykou, G., Partridge, A., Gritzalis, D., Mylonas, A. and Katos, V., 2016. Human-Centered Specification Exemplars for Critical Infrastructure Environments. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Partridge, A. and Faily, S., 2016. The application of useless japanese inventions for requirements elicitation in information security. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Ki-Aries, D., Faily, S. and Beckers, K., 2016. Persona-Driven Information Security Awareness. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Favale, M., McDonald, N., Faily, S. and Gatzidis, C., 2015. Human Aspects in Digital Rights Management: The Perspective of Content Developers​. In: Fourth International Workshop on Artificial Intelligence and IP Law 9 December-9 November 2015 Braga, Portugal.
  • Ali, R., McAlaney, J., Faily, S., Phalp, K. and Katos, V., 2015. Mitigating Circumstances in Cybercrime: a Position Paper. In: 3rd International Workshop on Cybercrimes and Emerging Web Environments 26-28 October 2015 Liverpool, UK.
  • Faily, S., Stergiopoulos, G., Katos, V. and Gritzalis, D., 2015. "Water, Water, Every Where": Nuances for a Water Industry Critical Infrastructure Specification Exemplar. In: 10th International Conference on Critical Information Infrastructures Security 5-7 October 2015 Berlin, Germany. Springer.
  • Vallindras, A. and Faily, S., 2015. The Mystery of Security Design. In: British HCI 2015 15-17 July 2015 Lincoln, UK. ACM.
  • Faily, S., McAlaney, J. and Iacob, C., 2015. Ethical Dilemmas and Dimensions in Penetration Testing. In: 9th International Symposium on Human Aspects of Information Security & Assurance 1-3 July 2015 Lesvos, Greece.
  • Faily, S. and Jones, M., 2015. Embedding Professional Practice into the Cybersecurity Curriculum using Ethics. In: 1st UK Workshop on Cybersecurity Training & Education 11 June 2015 Liverpool.
  • Faily, S., Lyle, J., Fléchais, I. and Simpson, A., 2015. Usability and Security by Design: A Case Study in Research and Development. In: NDSS Workshop on Usable Security 8 February-8 January 2015 2015.
  • McDonald, N., Faily, S., Favale, M. and Gatzidis, C., 2015. Digital rights management: The four perspectives of developers, distributors, users, and lawyers. 276-285.
  • Faily, S. and Fléchais, I., 2014. Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models. In: 6th International Workshop on Social Software Engineering 17 November-17 August 2014 Hong Kong. ACM.
  • Faily, S., Lyle, J., Fléchais, I., Atzeni, A., Cameroni, C., Myrhaug, H., Göker, A. and Kleinfeld, R., 2014. Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework. In: 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky 9-12 September 2014 Southport, UK. British Computer Society.
  • Faily, S., 2014. Engaging Stakeholders in Security Design: An Assumption-Driven Approach. In: International Symposium on Human Aspects on Information Security & Assurance (HAISA 2014) 8-10 July 2014 Plymouth University.
  • Faily, S., 2014. Ethical Hacking Assessment as a Vehicle for Undergraduate Cyber-Security Education. In: BCS 19th Annual INSPIRE Conference 15 April 2014 Southampton.
  • Iacob, C., Harrison, R. and Faily, S., 2013. Online Reviews as First Class Artifacts in Mobile App Development. In: Fifth International Conference on Mobile Computing, Applications and Services 7-8 November 2013 Paris, France. 47-53.
  • Lyle, J., Faily, S. and Winandy,, M., 2013. The Workshop on Web Applications and Secure Hardware. In: Workshop on Web Applications and Secure Hardware (WASH’13), Co-located with the 6th International Conference on Trust and Trustworthy Computing (TRUST 2013) 20 June 2013 London. CEUR-WS.org.
  • Faily, S. and Lyle, J., 2013. Security Lessons Learned Building Concept Apps for webinos. In: BCS HCI 2013 Workshops: Human Aspects in Mobile App Engineering 9 September 2013 Brunel University, London.
  • Su, T., Lyle, J., Atzeni, A., Faily, S., Virji, H., Ntanos, C. and Botsikas, C., 2013. Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project. Springer.
  • Faily, S., Lyle, J., Flechais, I., Atzeni, A., Cameroni, C., Myrhaug, H., Goker, A. and Kleinfeld, R., 2013. Policies in Context: Factors Influencing the Elicitation and Categorisation of Context-Sensitive Security Policies.
  • Faily, S., 2013. Security Patterns Considered Harmful? 108-109.
  • Faily, S. and Lyle, J., 2013. Guidelines for Integrating Personas into Software Engineering Tools. 69-74.
  • Faily, S., Power, D., Armstrong, P. and Flechais, I., 2013. Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract). 267-268.
  • Faily, S., Coles-Kemp, L., Dunphy, P., Just, M., Akama, Y. and Luca, A.D., 2013. Designing Interactive Secure Systems: CHI 2013 Special Interest Group. ACM, 2469-2472.
  • Lyle, J., Nilsson, C., Isberg, A. and Faily, S., 2013. Extending the web to support personal network services. 711-716.
  • Faily, S., Lyle, J., Namiluko, C., Atzeni, A. and Cameroni, C., 2012. Model-driven architectural risk analysis using architectural and contextualised attack patterns. ACM, 3:1-3:6.
  • Faily, S., Lyle, J., Paul, A., Atzeni, A., Blomme, D., Desruelle, H. and Bangalore, K., 2012. Requirements Sensemaking using Concept Maps. Springer, 217-232.
  • Faily, S. and Flechais, I., 2012. Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS. In: BCS HCI 2012 Workshops: Designing Interactive Secure Systems 12-14 September 2012 Birmingham, UK. 3:1-3:4.
  • Faily, S., Lyle, J. and Parkin, S., 2012. Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems. In: BCS HCI 2012 Workshops: Designing Interactive Secure Systems 12-14 September 2012 Birmingham, UK. 5:1-5:4.
  • Lyle, J., Paverd, A., King-Lacroix, J., Atzeni, A., Virji, H., Flechais, I. and Faily, S., 2012. Personal PKI for the smart device era.
  • Lyle, J., Faily, S., Flechais, I., Paul, A., Goker, A., Myrhaug, H., Desruelle, H. and Martin, A., 2012. On the design and development of webinos: a distributed mobile application middleware. 140-147.
  • Lyle, J., Monteleone, S., Faily, S., Patti, D. and Ricciato, F., 2012. Cross-platform access control for mobile web applications. 37-44.
  • Fuhrhop, C., Lyle, J. and Faily, S., 2012. The webinos project. ACM, 259-262.
  • Faily, S., 2012. Analysing Chindogu: Applying Defamiliarisation to Security Design.
  • Gionis, G., Desruelle, H., Blomme, D., Lyle, J., Faily, S. and Bassbouss, L., 2011. “Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices.
  • Faily, S., 2011. Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases. In: CEUR iStar 2011 5th International i* Workshop 28-29 August 2011 Trento, Italy. 114-119.
  • Faily, S. and Flechais, I., 2011. Eliciting Usable Security Requirements with Misusability Cases. IEEE Computer Society, 339-340.
  • Faily, S., 2011. Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism. In: CHI Workshop on HCI, Politics and the City: Engaging with Urban Grassroots Movements for Reflection and Action 7-12 May 2011 Vancouver, BC, Canada.
  • Faily, S., 2011. Two Requirements for Usable and Secure Software Engineering. In: 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop 5-6 April 2011 National Institute of Standards and Technology Gaithersburg, MD USA.
  • Faily, S. and Flechais, I., 2011. Persona Cases: A Technique for grounding Personas. Vancouver, BC, Canada: ACM, 2267-2270.
  • Atzeni, A.S., Cameroni, C., Faily, S., Lyle, J. and Flechais, I., 2011. Here's Johnny: A Methodology for Developing Attacker Personas. IEEE, 722-727.
  • Faily, S. and Flechais, I., 2011. User-Centered Information Security Policy Development in a Post-Stuxnet World. IEEE Computer Society, 716-721.
  • Faily, S. and Flechais, I., 2010. A Meta-Model for Usable Secure Requirements Engineering. 29-35.
  • Faily, S. and Flechais, I., 2010. Improving Secure Systems Design with Security Culture.
  • Faily, S. and Flechais, I., 2010. Analysing and Visualising Security and Usability in IRIS.
  • Faily, S. and Flechais, I., 2010. Security through Usability: a user-centered approach for balanced security policy requirements.
  • Flechais, I. and Faily, S., 2010. Security and Usability: Searching for the philosopher’s stone.
  • Faily, S. and Flechais, I., 2010. The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design. Springer, 111-118.
  • Faily, S. and Flechais, I., 2010. To boldly go where invention isn’t secure: applying Security Entrepreneurship to secure systems design. New York, NY, USA: ACM, 73-84.
  • Faily, S. and Flechais, I., 2010. A Model of Security Culture for e-Science. University of Plymouth, 154-164.
  • Faily, S. and Flechais, I., 2010. Barry is not the weakest link: eliciting secure system requirements with personas. ACM, 124-132.
  • Faily, S. and Flechais, I., 2009. Context-Sensitive Requirements and Risk Management with IRIS.
  • Faily, S., 2008. Towards Requirements Engineering Practice for Professional End User Developers: A Case Study. IEEE, 38-44.
  • Faily, S. and Flechais, I., 2008. Making the invisible visible: a theory of security culture for secure and usable grids.
  • Faily, S., 2007. Living with Flight Dynamics : Proposals and Possible Pitfalls for Harmonising Flight Dynamics Systems with EGOS.

Theses

Software

Others

PhD Students

  • Jane Henriksen-Bulmer. A Framework for Public Bodies for Managing the Secure and Appropriate Release of Open Source Data
  • Andrew M'Manga. Designing Systems for Risk-based Decision Making and Assurance
  • Duncan Ki-Aries. Risk Assessment for Complex Systems of Systems
  • Mohammad Naiseh. Designing Self-Adaptive Electronic Prescription Service (EPS) for Improved User Experience for Repeat Prescriptions
  • Amna Altaf. Integrating Safety, Security, and Human Factors Engineering
  • Guy Thompson
  • Omolola Fagbule

Profile of Teaching PG

  • Security by Design (Level 7)

Profile of Teaching UG

  • Ethical Hacking and Countermeasures (Level 5)
  • Security by Design (Level 6)

Invited Lectures

  • Bringing Security, Usability, and Software Engineering together with Personas. Oxford Brookes University. 2013.
  • HCI-Security: An Overview. Cranfield University. April 2014.

Grants

  • HuaHana: Phase 3 (Innovate UK, 06 Sep 2018). In Progress
  • Integrating Safety, Security, and Human Factors Engineering (Ricardo, 03 Sep 2018). Awarded
  • HuaHana: Phase 2 (Innovate UK, 09 May 2018). Completed
  • Data Protection Impact Assessment of StreetScene (Bournemouth University, 13 Feb 2018). Completed
  • HuaHana:a productivity platform for usable and secure software design (Innovate UK, 01 Feb 2018). Completed
  • Commercialisation of CAIRIS (DCMS / SETsquared, 27 Jan 2017). Completed
  • Risk Assessment for Complex Systems of Systems (Defence Science and Technology Laboratory, 01 Sep 2016). In Progress
  • Bournemouth-Athens Network in Critical Infrastructure Security (BANCIS) (BU Fusion Investment Fund, 01 Sep 2016). Completed
  • Designing Systems for Risk-Based Decision Making and Assurance (Defence Science and Technology Laboratory, 09 Dec 2015). In Progress
  • Bournemouth University Computer Human Interaction (BUCHI) (BU Fusion Investment Fund, 01 Mar 2015). Completed
  • Making sense of DRM in game development (Madrigal) (Bournemouth University - Fusion Investment Fund, 01 Feb 2015). Completed
  • Bournemouth European Network In Cyber Security (BENICS) (BU Fusion Investment Fund, 01 Mar 2014). Completed
  • Evaluating the Usability, Security, and Trustworthiness of Ad-hoc Collaborative Environments (EUSTACE) (EPSRC, 30 May 2012). Completed

External Responsibilities

  • European Intelligence and Security Informatics Conference (EISIC) 2015, Programme Committee (2015-)
  • IEEE Joint Intelligence and Security Informatics Conference (JISIC), Programme Committee (2014-)
  • 1st International Workshop on Evolving Security & Privacy Requirements Engineering, Organising Co-Chair (2014-), http://espre2014.org/
  • International Conference on Trust & Trustworthy Computing (Socio-economics Strand, Programme Committee (2013-)
  • Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack, and Forensic Patterns, Programme Committee (2013-)
  • European Intelligence and Security Informatics Conference, Programme Committee (2013-)
  • Human Aspects in Mobile App Engineering: Workshop at British HCI 2013, Workshop Co-Chair (2013-)
  • Workshop on Web Applications and Secure Hardware (Co-located with Trust 2013), Workshop Co-Chair (2013-)
  • Designing Interactive Secure Systems SIG at ACM Conference on Human Factors in Computer System, Organiser (2013-)
  • 6th International Conference on Trust & Trustworthy Computing, Publicity Co-Chair (2013-)
  • Designing Interactive Secure Systems: Workshop at British HCI 2012, Workshop Co-Chair (2012-)
  • ACM SIGCHI Symposium on Engineering Interactive Computing Systems, Reviewer (2011-2012)
  • BCS Conference on Human-Computer Interaction, Reviewer (2011-2014)
  • ACM Conference on Human Factors in Computer Systems, Reviewer (2010-2016)
  • Journal of Systems and Software (Elsevier), Reviewer
  • Pervasive and Mobile Computing (Elsevier), Reviewer
  • Behaviour & Information Technology (Taylor & Francis), Reviewer
  • International Journal of Secure Software Engineering (IGI Global), Reviewer
  • Computers & Security (Elsevier), Reviewer

Internal Responsibilities

  • Co-ordinator, BU Cyber Security Research Group

Conference Presentations

  • First International Conference on Cyber Security for Sustainable Society 2015, The Social Psychology of Cybersecurity, 26 Feb 2015, Coventry

Qualifications

  • DPhil in Computer Science (University of Oxford, 2011)
  • BSc (Hons) in Business Computing Systems (City University, 1998)
  • Postgraduate Certificate in Software Engineering (University of Oxford, 2008)
  • PG Cert in Education Practice (Bournemouth University, 2015)

Memberships

  • ACM, Member,
  • Association for Computing Machinery, Member,
  • British Computer Society, Member,
  • Higher Education Academy, Fellow,

External Media and Press

The data on this page was last updated at 04:12 on February 20, 2019.