Back to top

Biography

I am a Senior Lecturer in Systems Security Engineering and co-ordinator of the Bournemouth University Cyber Security Research group (BUCSR)

Before joining BU as a lecturer in 2013, I was previously a post-doctoral researcher at the Department of Computer Science at the University of Oxford, and a teaching fellow at the Information Security Group at University College London. I completed my DPhil in Computer Science at the University of Oxford in 2011. Prior to my doctoral research, I was a software engineer within Logica's Space business.

Research

My work explores how both security and usability can be 'built in' to software. In doing so, we not only want assurance that security is incorporated into software design, but that software remains secure when used in different physical, social, and cultural contexts of use.

I am interested in the role of usability artifacts for providing assurance about a system’s design, and particularly interested in the role that personas -- a popular technique focussing on archetypes of user behaviour -- might play.

I am particularly interested in the role of tool-support for designing secure and usable systems. I maintain CAIRIS (Computer Aided Integration of Requirements and Information Security): an open-source platform for eliciting, specifying, and validating secure and usable systems.

Journal Articles

Books

  • Faily, S., 2018. Designing Usable and Secure Software with IRIS and CAIRIS. Springer.
  • Beckers, K., Faily, S., Lee, S.-W. and Mead, N., 2017. Proceedings of the 4th International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2017). IEEE.
  • Beckers, K., Lee, S.-W. and Mead, N., 2016. Proceedings of the 3rd International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2016). IEEE.
  • Faily, S., Jiang, N., Dogan, H. and Taylor, J., 2016. Proceedings of the 30th International BCS Human Computer Interaction Conference (HCI 2016). British Computer Society.
  • Proceedings of the 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2015). IEEE.
  • Proceedings of the 1st Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2014). IEEE.
  • Proceedings of the Workshop on Web Applications and Secure Hardware (WASH'13). CEUR-WS.
  • Proceedings of the BCS HCI 2012 Workshop on Designing Interactive Secure Systems. BCS.
  • Faily, S., Živny, S., Fogelberg, C., Salamon, A. and Schäfer, M., 2008. Proceedings of the Oxford University Computing Laboratory Student Conference 2008. Oxford University Computing Laboratory.

Chapters

  • Atzeni, A., Faily, S. and Galloni, R., 2017. Usable Security: HCI-Sec Issues and Motivations. Encyclopedia of Information Science and Technology. IGI Global.
  • Faily, S., 2014. Evaluating the Implications of Attack and Security Patterns with Premortems. In: Blackwell, C. and Zhu, H., eds. Cyberpatterns: Unifying Design Patterns with Security and Attack Patterns. Springer.
  • Atzeni, A., Lyle, J. and Faily, S., 2014. Developing secure, unified multi-device and multi-domain platforms: A case study from the webinos project. Architectures and Protocols for Secure Information Technology. IGI Global, 310-333.
  • Faily, S., Lyle, J. and Parkin, S., 2012. Tool-support Premortems with Attack and Security Patterns. First International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack and Forensic Patterns. 10-11.

Conferences

  • Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2018. System of Systems Characterisation assisting Security Risk Assessment. In: IEEE 13th System of Systems Engineering Conference 19 June-22 April 2018 Paris, France. IEEE.
  • Iacob, C. and Faily, S., 2018. Redesigning an Undergraduate Software Engineering Course for a Large Cohort. In: Proceedings of 40th International Conference on Software Engineering 27 May-3 June 2018 Gothenburg, Sweden. ACM.
  • Beckers, K., Faily, S., Lee, S.W. and Mead, N., 2017. Welcome to the fourth international workshop on evolving security and privacy requirements engineering (ESPRE'17). xix.
  • Ki-Aries, D. and Faily, S., 2017. Persona-centred information security awareness. 663-674.
  • M'manga, A., Faily, S., McAlaney, J. and Williams, C., 2017. Folk Risk Analysis: Factors Influencing Security Analysts’ Interpretation of Risk. In: 3rd Workshop on Security Information Workers 12-14 July 2017 Santa Clara, USA. Usenix Association.
  • Henriksen-Bulmer, J. and Faily, S., 2017. Applying Contextual integrity to Open Data Publishing. In: 31st British HCI Group Annual Conference on People and Computers: Digital Make Believe 3-6 July 2017 Sunderland, UK. British Computer Society.
  • Iacob, C. and Faily, S., 2017. Using Extreme Characters to Teach Requirements Engineering. 107-111.
  • M'manga, A., Faily, S., McAlaney, J. and Williams, C., 2017. System Design Considerations for Risk Perception. 322-327.
  • Ki-Aries, D., Faily, S., Dogan, H. and Williams, C., 2017. Re-framing "The AMN": A case study eliciting and modelling a System of Systems using the Afghan Mission Network. 103-108.
  • Ki-Aries, D., Dogan, H., Faily, S., Whittington, P., Williams, C. and IEEE, 2017. From Requirements to Operation: Components for Risk Assessment in a Pervasive System of Systems. 83-89.
  • Faily, S., Iacob, C. and IEEE, 2017. Design as Code: Facilitating Collaboration between Usability and Security Engineers using CAIRIS. 76-82.
  • Iacob, C., Faily, S. and Harrison, R., 2016. MARAM: Tool support for mobile app review management.
  • Iacob, C. and Faily, S., 2016. Improving Human-Reviews Interaction: A Study of the Role, Use, and Place of Online Reviews. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Faily, S., Iacob, C. and Field, S., 2016. Ethical Hazards and Safeguards in Penetration Testing. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK. British Computer Society.
  • Faily, S., Lykou, G., Partridge, A., Gritzalis, D., Mylonas, A. and Katos, V., 2016. Human-Centered Specification Exemplars for Critical Infrastructure Environments. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Partridge, A. and Faily, S., 2016. The application of useless japanese inventions for requirements elicitation in information security. In: 30th British HCI Group Annual Conference on People and Computers: Fusion 11-15 July 2016 Bournemouth, UK.
  • Faily, S., Stergiopoulos, G., Katos, V. and Gritzalis, D., 2016. "Water, Water, Every Where": Nuances for a Water Industry Critical Infrastructure Specification Exemplar. 243-246.
  • Favale, M., McDonald, N., Faily, S. and Gatzidis, C., 2015. Human Aspects in Digital Rights Management: The Perspective of Content Developers​. In: Fourth International Workshop on Artificial Intelligence and IP Law 9 December-9 November 2015 Braga, Portugal.
  • Faily, S. and Jones, M., 2015. Embedding Professional Practice into the Cybersecurity Curriculum using Ethics. In: 1st UK Workshop on Cybersecurity Training & Education 11 June 2015 Liverpool.
  • McAlaney, J., Taylor, J. and Faily, S., 2015. The Social Psychology of Cybersecurity. In: 1st International Conference on Cyber Security for Sustainable Society 26-27 February 2015 Coventry. Working Papers of the SSN+.
  • Faily, S., Lyle, J., Fléchais, I. and Simpson, A., 2015. Usability and Security by Design: A Case Study in Research and Development. In: NDSS Workshop on Usable Security 8 February-8 January 2015 2015.
  • Ali, R., McAlaney, J., Faily, S., Phalp, K. and Katos, V., 2015. Mitigating Circumstances in Cybercrime: a Position Paper. 1973-1977.
  • McDonald, N., Faily, S., Favale, M. and Gatzidis, C., 2015. Digital rights management: The four perspectives of developers, distributors, users, and lawyers. 276-285.
  • Faily, S., McAlaney, J. and Iacob, C., 2015. Ethical dilemmas and dimensions in penetration testing. 233-242.
  • Vallindras, A., Faily, S. and ACM, 2015. The Mystery of Security Design. 316-317.
  • Faily, S. and Fléchais, I., 2014. Eliciting and Visualising Trust Expectations using Persona Trust Characteristics and Goal Models. In: 6th International Workshop on Social Software Engineering 17 November-17 August 2014 Hong Kong. ACM.
  • Faily, S., Lyle, J., Fléchais, I., Atzeni, A., Cameroni, C., Myrhaug, H., Göker, A. and Kleinfeld, R., 2014. Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework. In: 28th British HCI Group Annual Conference on People and Computers: Sand, sea and Sky 9-12 September 2014 Southport, UK. British Computer Society.
  • Faily, S., 2014. Engaging Stakeholders in Security Design: An Assumption-Driven Approach. In: International Symposium on Human Aspects on Information Security & Assurance (HAISA 2014) 8-10 July 2014 Plymouth University.
  • Faily, S., 2014. Ethical Hacking Assessment as a Vehicle for Undergraduate Cyber-Security Education. In: BCS 19th Annual INSPIRE Conference 15 April 2014 Southampton.
  • Iacob, C., Harrison, R. and Faily, S., 2013. Online Reviews as First Class Artifacts in Mobile App Development. In: Fifth International Conference on Mobile Computing, Applications and Services 7-8 November 2013 Paris, France. 47-53.
  • Su, T., Lyle, J., Atzeni, A., Faily, S., Virji, H., Ntanos, C. and Botsikas, C., 2013. Continuous Integration for Web-Based Software Infrastructures: Lessons Learned on the webinos Project. Springer.
  • Faily, S. and Lyle, J., 2013. Security Lessons Learned Building Concept Apps for webinos. In: BCS HCI 2013 Workshops: Human Aspects in Mobile App Engineering 9 September 2013 Brunel University, London.
  • Lyle, J., Faily, S. and Winandy,, M., 2013. The Workshop on Web Applications and Secure Hardware. In: Workshop on Web Applications and Secure Hardware (WASH’13), Co-located with the 6th International Conference on Trust and Trustworthy Computing (TRUST 2013) 20 June 2013 London. CEUR-WS.org.
  • Lyle, J., Nilsson, C., Isberg, A. and Faily, S., 2013. Extending the web to support personal network services. 711-716.
  • Faily, S., Coles-Kemp, L., Dunphy, P., Just, M., Akama, Y. and Luca, A.D., 2013. Designing Interactive Secure Systems: CHI 2013 Special Interest Group. ACM, 2469-2472.
  • Faily, S., Power, D., Armstrong, P. and Flechais, I., 2013. Formal Evaluation of Persona Trustworthiness with EUSTACE (Extended Abstract). 267-268.
  • Faily, S. and Lyle, J., 2013. Guidelines for Integrating Personas into Software Engineering Tools. 69-74.
  • Faily, S., 2013. Security Patterns Considered Harmful? 108-109.
  • Faily, S., Lyle, J., Flechais, I., Atzeni, A., Cameroni, C., Myrhaug, H., Goker, A. and Kleinfeld, R., 2013. Policies in Context: Factors Influencing the Elicitation and Categorisation of Context-Sensitive Security Policies.
  • Faily, S., 2012. Analysing Chindogu: Applying Defamiliarisation to Security Design.
  • Fuhrhop, C., Lyle, J. and Faily, S., 2012. The webinos project. ACM, 259-262.
  • Lyle, J., Monteleone, S., Faily, S., Patti, D. and Ricciato, F., 2012. Cross-platform access control for mobile web applications. 37-44.
  • Lyle, J., Faily, S., Flechais, I., Paul, A., Goker, A., Myrhaug, H., Desruelle, H. and Martin, A., 2012. On the design and development of webinos: a distributed mobile application middleware. 140-147.
  • Lyle, J., Paverd, A., King-Lacroix, J., Atzeni, A., Virji, H., Flechais, I. and Faily, S., 2012. Personal PKI for the smart device era.
  • Faily, S., Lyle, J. and Parkin, S., 2012. Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems. In: BCS HCI 2012 Workshops: Designing Interactive Secure Systems 12-14 September 2012 Birmingham, UK. 5:1-5:4.
  • Faily, S. and Flechais, I., 2012. Software for Interactive Secure Systems Design: Lessons Learned Developing and Applying CAIRIS. In: BCS HCI 2012 Workshops: Designing Interactive Secure Systems 12-14 September 2012 Birmingham, UK. 3:1-3:4.
  • Faily, S., Lyle, J., Paul, A., Atzeni, A., Blomme, D., Desruelle, H. and Bangalore, K., 2012. Requirements Sensemaking using Concept Maps. Springer, 217-232.
  • Faily, S., Lyle, J., Namiluko, C., Atzeni, A. and Cameroni, C., 2012. Model-driven architectural risk analysis using architectural and contextualised attack patterns. ACM, 3:1-3:6.
  • Gionis, G., Desruelle, H., Blomme, D., Lyle, J., Faily, S. and Bassbouss, L., 2011. “Do we know each other or is it just our Devices?”: A Federated Context Model for Describing Social Activity Across Devices.
  • Faily, S. and Flechais, I., 2011. Persona Cases: A Technique for grounding Personas. Vancouver, BC, Canada: ACM, 2267-2270.
  • Faily, S., 2011. Two Requirements for Usable and Secure Software Engineering. In: 1st Software and Usable Security Aligned for Good Engineering (SAUSAGE) Workshop 5-6 April 2011 National Institute of Standards and Technology Gaithersburg, MD USA.
  • Faily, S., 2011. Security goes to ground: on the applicability of Security Entrepreneurship to Grassroot Activism. In: CHI Workshop on HCI, Politics and the City: Engaging with Urban Grassroots Movements for Reflection and Action 7-12 May 2011 Vancouver, BC, Canada.
  • Faily, S. and Flechais, I., 2011. Eliciting Usable Security Requirements with Misusability Cases. IEEE Computer Society, 339-340.
  • Faily, S., 2011. Bridging User-Centered Design and Requirements Engineering with GRL and Persona Cases. In: CEUR iStar 2011 5th International i* Workshop 28-29 August 2011 Trento, Italy. 114-119.
  • Faily, S. and Flechais, I., 2011. User-Centered Information Security Policy Development in a Post-Stuxnet World. IEEE Computer Society, 716-721.
  • Atzeni, A.S., Cameroni, C., Faily, S., Lyle, J. and Flechais, I., 2011. Here's Johnny: A Methodology for Developing Attacker Personas. IEEE, 722-727.
  • Faily, S. and Flechais, I., 2010. A Meta-Model for Usable Secure Requirements Engineering. 29-35.
  • Faily, S. and Flechais, I., 2010. Analysing and Visualising Security and Usability in IRIS.
  • Faily, S. and Flechais, I., 2010. Improving Secure Systems Design with Security Culture.
  • Faily, S. and Flechais, I., 2010. A Model of Security Culture for e-Science. University of Plymouth, 154-164.
  • Faily, S. and Flechais, I., 2010. To boldly go where invention isn’t secure: applying Security Entrepreneurship to secure systems design. New York, NY, USA: ACM, 73-84.
  • Faily, S. and Flechais, I., 2010. The Secret Lives of Assumptions: Developing and Refining Assumption Personas for Secure System Design. Springer, 111-118.
  • Flechais, I. and Faily, S., 2010. Security and Usability: Searching for the philosopher’s stone.
  • Faily, S. and Flechais, I., 2010. Security through Usability: a user-centered approach for balanced security policy requirements.
  • Faily, S. and Flechais, I., 2010. Barry is not the weakest link: eliciting secure system requirements with personas. ACM, 124-132.
  • Faily, S. and Flechais, I., 2009. Context-Sensitive Requirements and Risk Management with IRIS.
  • Faily, S., 2008. Towards Requirements Engineering Practice for Professional End User Developers: A Case Study. IEEE, 38-44.
  • Faily, S. and Flechais, I., 2008. Making the invisible visible: a theory of security culture for secure and usable grids.
  • Faily, S., 2007. Living with Flight Dynamics : Proposals and Possible Pitfalls for Harmonising Flight Dynamics Systems with EGOS.

Theses

Software

Others

PhD Students

  • Duncan Ki-Aries. Risk Assessment for Complex Systems of Systems
  • Andrew M'Manga. Designing Systems for Risk-based Decision Making and Assurance
  • Jane Henriksen-Bulmer. A Framework for Public Bodies for Managing the Secure and Appropriate Release of Open Source Data

Profile of Teaching PG

  • Security by Design (Level M)

Profile of Teaching UG

  • Security by Design (Level H)
  • Ethical Hacking and Countermeasures (Level I)

Invited Lectures

  • HCI-Security: An Overview. Cranfield University. April 2014.
  • Bringing Security, Usability, and Software Engineering together with Personas. Oxford Brookes University. 2013.

Grants

  • Data Protection Impact Assessment of StreetScene (Bournemouth University, 13 Feb 2018). In Progress
  • HuaHana:a productivity platform for usable and secure software design (Innovate UK, 01 Feb 2018). Completed
  • Commercialisation of CAIRIS (DCMS / SETsquared, 27 Jan 2017). Completed
  • Risk Assessment for Complex Systems of Systems (Defence Science and Technology Laboratory, 01 Sep 2016). In Progress
  • Bournemouth-Athens Network in Critical Infrastructure Security (BANCIS) (BU Fusion Investment Fund, 01 Sep 2016). Completed
  • Designing Systems for Risk-Based Decision Making and Assurance (Defence Science and Technology Laboratory, 09 Dec 2015). In Progress
  • Bournemouth University Computer Human Interaction (BUCHI) (BU Fusion Investment Fund, 01 Mar 2015). Completed
  • Making sense of DRM in game development (Madrigal) (Bournemouth University - Fusion Investment Fund, 01 Feb 2015). Completed
  • Bournemouth European Network In Cyber Security (BENICS) (BU Fusion Investment Fund, 01 Mar 2014). Completed
  • Evaluating the Usability, Security, and Trustworthiness of Ad-hoc Collaborative Environments (EUSTACE) (EPSRC, 30 May 2012). Completed

External Responsibilities

  • European Intelligence and Security Informatics Conference (EISIC) 2015, Programme Committee (2015-)
  • 1st International Workshop on Evolving Security & Privacy Requirements Engineering, Organising Co-Chair (2014-), http://espre2014.org/
  • IEEE Joint Intelligence and Security Informatics Conference (JISIC), Programme Committee (2014-)
  • 6th International Conference on Trust & Trustworthy Computing, Publicity Co-Chair (2013-)
  • Designing Interactive Secure Systems SIG at ACM Conference on Human Factors in Computer System, Organiser (2013-)
  • Workshop on Web Applications and Secure Hardware (Co-located with Trust 2013), Workshop Co-Chair (2013-)
  • Human Aspects in Mobile App Engineering: Workshop at British HCI 2013, Workshop Co-Chair (2013-)
  • European Intelligence and Security Informatics Conference, Programme Committee (2013-)
  • Second International Workshop on Cyberpatterns: Unifying Design Patterns with Security, Attack, and Forensic Patterns, Programme Committee (2013-)
  • International Conference on Trust & Trustworthy Computing (Socio-economics Strand, Programme Committee (2013-)
  • Designing Interactive Secure Systems: Workshop at British HCI 2012, Workshop Co-Chair (2012-)
  • BCS Conference on Human-Computer Interaction, Reviewer (2011-2014)
  • ACM SIGCHI Symposium on Engineering Interactive Computing Systems, Reviewer (2011-2012)
  • ACM Conference on Human Factors in Computer Systems, Reviewer (2010-2016)
  • Computers & Security (Elsevier), Reviewer
  • International Journal of Secure Software Engineering (IGI Global), Reviewer
  • Behaviour & Information Technology (Taylor & Francis), Reviewer
  • Pervasive and Mobile Computing (Elsevier), Reviewer
  • Journal of Systems and Software (Elsevier), Reviewer

Internal Responsibilities

  • Co-ordinator, BU Cyber Security Research Group

Conference Presentations

  • First International Conference on Cyber Security for Sustainable Society 2015, The Social Psychology of Cybersecurity, 26 Feb 2015, Coventry

Qualifications

  • PG Cert in Education Practice (Bournemouth University, 2015)
  • Postgraduate Certificate in Software Engineering (University of Oxford, 2008)
  • BSc (Hons) in Business Computing Systems (City University, 1998)
  • DPhil in Computer Science (University of Oxford, 2011)

Memberships

  • ACM, Member,
  • Association for Computing Machinery, Member,
  • British Computer Society, Member,
  • Higher Education Academy, Fellow,
The data on this page was last updated at 04:04 on April 21, 2018.