Number of co-authors:4
Number of publications with 3 favourite co-authors:Shamal Faily:3A. W. Roscoe:2Ronald Kainda:2
Ivan Flechais's 3 most productive colleagues in number of publications:M. Angela Sasse:8Shamal Faily:3A. W. Roscoe:3
A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away.
-- Antoine De Saint-Exupery
Read the fascinating history of Wearable Computing, told by its father, Steve Mann
Read Steve's chapter !
Our Latest Books
Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger
Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad
Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam
Publications by Ivan Flechais (bibliography)
Faily, Shamal and Flechais, Ivan (2011): Persona cases: a technique for grounding personas. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2267-2270.
Personas are a popular technique in User-Centered Design, however their validity can be called into question. While the techniques used to developed personas and their integration with other design activities provide some measure of validity, a persona's legitimacy can be threatened by challenging its characteristics. This note presents Persona Cases: personas whose characteristics are both grounded in, and traceable to their originating source of empirical data. This approach builds on the premise that sense-making in qualitative data analysis is an argumentative activity, and aligns concepts associated with a Grounded Theory analysis with recent work on arguing the characteristics of personas. We illustrate this approach using a case study in the Critical Infrastructure Protection domain.
© All rights reserved Faily and Flechais and/or their publisher
Kainda, Ronald, Flechais, Ivan and Roscoe, A. W. (2010): Two heads are better than one: security and usability of device associations in group scenarios. In: Proceedings of the 2010 Symposium on Usable Privacy and Security 2010. p. 5.
We analyse and evaluate the usability and security of the process of bootstrapping security among devices in group scenarios. While a lot of work has been done in single user scenarios, we are not aware of any that focusses on group situations. Unlike in single user scenarios, bootstrapping security in a group requires coordination, attention, and cooperation of all group members. In this paper, we provide an analysis of the security and usability of bootstrapping security in group scenarios and present the results of a usability study on these scenarios. We also highlight crucial factors necessary for designing for secure group interactions.
© All rights reserved Kainda et al. and/or their publisher
Faily, Shamal and Flechais, Ivan (2010): Barry is not the weakest link: eliciting secure system requirements with personas. In: Proceedings of the HCI10 Conference on People and Computers XXIV 2010. pp. 124-132.
Building secure and usable systems means specifying systems for the people using it and the tasks they carry out, rather than vice-versa. User-Centered design approaches encourage an early focus on users and their contexts of use, but these need to be integrated with approaches for engineering secure systems. This paper describes how personas can augment a process for eliciting and specifying requirements for secure and usable systems. Our results suggest that personas increase stakeholder empathy towards users represented by personas, and the empirical data used to build personas can also be used to obtain a better understanding of prospective attackers and their motivations.
© All rights reserved Faily and Flechais and/or BCS
Kainda, Ronald, Flechais, Ivan and Roscoe, A. W. (2009): Usability and security of out-of-band channels in secure device pairing protocols. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 11.
Initiating and bootstrapping secure, yet low-cost, ad-hoc transactions is an important challenge that needs to be overcome if the promise of mobile and pervasive computing is to be fulfilled. For example, mobile payment applications would benefit from the ability to pair devices securely without resorting to conventional mechanisms such as shared secrets, a Public Key Infrastructure (PKI), or trusted third parties. A number of methods have been proposed for doing this based on the use of a secondary out-of-band (OOB) channel that either authenticates information passed over the normal communication channel or otherwise establishes an authenticated shared secret which can be used for subsequent secure communication. A key element of the success of these methods is dependent on the performance and effectiveness of the OOB channel, which usually depends on people performing certain critical tasks correctly. In this paper, we present the results of a comparative usability study on methods that propose using humans to implement the OOB channel and argue that most of these proposals fail to take into account factors that may seriously harm the security and usability of a protocol. Our work builds on previous research in the usability of pairing methods and the accompanying recommendations for designing user interfaces that minimise human mistakes. Our findings show that the traditional methods of comparing and typing short strings into mobile devices are still preferable despite claims that new methods are more usable and secure, and that user interface design alone is not sufficient in mitigating human mistakes in OOB channels.
© All rights reserved Kainda et al. and/or ACM Press
Flechais, Ivan and Sasse, M. Angela (2009): Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science. In International Journal of Human-Computer Studies, 67 (4) pp. 281-296.
e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. On the one hand, the raison d'Ítre of the projects is to encourage members of their research communities to use the resources provided. On the other hand, the threats to these resources from online attacks require robust and effective security to mitigate the risks faced. This raises two issues: ensuring that (1) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues can seriously jeopardise the success of e-Science projects. The aim of this paper is to firstly provide a detailed understanding of how these challenges can present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based on four case studies of e-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems. For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science.
© All rights reserved Flechais and Sasse and/or Academic Press
Faily, Shamal and Flechais, Ivan (2009): Context-Sensitive Requirements and Risk Management with IRIS. In: RE 2009, 17th IEEE International Requirements Engineering Conference, Atlanta, Georgia, USA, August 31 - September 4, 2009 2009. pp. 379-380.
Show list on your website
Join the design elite and advance:
Changes to this page (author)03 Apr 2012: Modified31 Oct 2011: Modified
05 Jul 2011: Modified
18 Nov 2010: Modified
02 Nov 2010: Modified
08 Sep 2009: Added
Page maintainer: The Editorial Team