Shamal Faily

Persona cases: a technique for grounding personas

Personas are a popular technique in User-Centered Design, however their validity can be called into question. While the techniques used to developed personas and their integration with other design activities provide some measure of validity, a personas legitimacy can be threatened by challenging its characteristics. This note presents Persona Cases: personas whose characteristics are both grounded in, and traceable to their originating source of empirical data. This approach builds on the premise that sense-making in qualitative data analysis is an argumentative activity, and aligns concepts associated with a Grounded Theory analysis with recent work on arguing the characteristics of personas. We illustrate this approach using a case study in the Critical Infrastructure Protection domain.

A meta-model for usable secure requirements engineering

There is a growing recognition of the need for secure software engineering approaches addressing both technical and human factors. Existing approaches to secure software engineering focus on the need for technical security to the detriment of usability. This paper presents the IRIS (Integrating Requirements and Information Security) meta-model, a conceptual model for usable secure requirements engineering. We describe a practical application of the meta-model through a case study in the Critical Infrastructure domain.

Here's Johnny: A Methodology for Developing Attacker Personas

The adversarial element is an intrinsic part of the design of secure systems, but our assumptions about attackers and threat is often limited or stereotypical. Although there has been previous work on applying User-Centered Design on Persona development to build personas for possible attackers, such work is only speculative and fails to build upon recent research. This paper presents an approach for developing Attacker Personas which is both grounded and validated by structured data about attackers. We describe a case study example where the personas were developed and used to support the development of a Context of Use description for the EU FP7 webinos project.

The webinos project

This poster paper describes the webinos project and presents the architecture and security features developed in webinos. It highlights the main objectives and concepts of the project and describes the architecture derived to achive the objectives.

Cross-Platform Access Control for Mobile Web Applications

Web browsers are a common platform for delivering cross-platform applications. However, they currently fail to provide consistent access control for security and privacy sensitive JavaScript APIs, such as geolocation and local storage. This problem is exacerbated by new HTML5 APIs and the increasing number of personal devices people own and use. In this paper we present the webinos platform which aims to provide a single, cross-device policy system for web applications on a wide range of web-enabled devices including TVs, smartphones, in-car systems and PCs. webinos solves the existing deficiencies in web authorisation by introducing the concept of a personal zone, the set of all devices and services owned by a particular user. All devices in this zone can synchronize their access control policies through interoperable middleware and can create flexible rules which may refer to an individual user, device or the entire zone. We provide details of the architecture and explain how our experience during design highlighted several conceptual challenges.

The secret lives of assumptions: developing and refining assumption personas for secure system design

Personas are useful for obtaining an empirically grounded understanding of a secure systems user population, its contexts of use, and possible vulnerabilities and threats endangering it. Often, however, personas need to be partly derived from assumptions; these may be embedded in a variety of different representations. Assumption Personas have been proposed as boundary objects for articulating assumptions about a user population, but no methods or tools currently exist for developing and refining these within the context of secure and usable design. This paper presents an approach for developing and refining assumption personas before and during the design of secure systems. We present a model for structuring the contribution of assumptions to assumption personas, together with a process for developing assumption personas founded on this model. We also present some preliminary results based on an application of this approach in a recent case study.

Online Reviews as First Class Artifacts in Mobile App Development

This paper introduces a framework for developing mobile apps. The framework relies heavily on app stores and, particularly, on online reviews from app users. The underlying idea is that app stores are proxies for users because they contain direct feedback from them. Such feedback includes feature requests and bug reports, which facilitate design and testing respectively. The framework is supported by MARA, a prototype system designed to automatically extract relevant information from online reviews.

Designing and aligning e-Science security culture with design

Purpose – The purpose of this paper is to identify the key cultural concepts effecting security in multi‐organisational systems and align these with design techniques and tools.Design/methodology/approach – A grounded theory model of security culture was derived from the related security culture literature and empirical data from an e‐Science project. Influencing concepts were derived from these and aligned with recent work on techniques and tools for usable secure systems design.Findings – Roles and responsibility, sub‐cultural norms and contexts, and different perceptions of requirements were found to be influencing concepts towards a culture of security. These concepts align with recent work on personas, environment models, and related tool support.Originality/value – This paper contributes a theoretically and empirically grounded model of security culture. This is also the first paper explicitly aligning key concepts of security culture to design techniques and tools.

Guidelines for integrating personas into software engineering tools

Personas have attracted the interest of many in the usability and software engineering communities. To date, however, there has been little work illustrating how personas can be integrated into software tools to support these engineering activities. This paper presents four guidelines that software engineering tools should incorporate to support the design and evolution of personas. These guidelines are grounded in our experiences modifying the open-source CAIRIS Requirements Management tool to support design and development activities for the EU FP7 webinos project.

Extending the web to support personal network services

Web browsers are able to access resources hosted anywhere in the world, yet content and features on personal devices remain largely inaccessible. Because of routing, addressing and security issues, web applications are unable to use local sensors, cameras and nearby network devices without resorting to proprietary extensions. Several projects have attempted to overcome these limitations yet none provide a full solution which embraces existing web concepts and scales across multiple devices. This paper describes an improved approach based on a combination of Web Intents for discovery, a custom local naming system and routing provided by the webinos framework. We show that it can be applied to existing services and that improves upon the state of the art in privacy, consistency and flexibility.