Featured Publications

Talking about Security with Professional Developers

Tamara Lopez, Helen Sharp, Thein Tun, Arosha Bandara (School of Computing & Communications, The Open University) and Mark Levine (Department of Psychology, University of Exeter) and Bashar Nuseibeh (Lero – The Irish Software Research Centre, University of Limerick).

An Anatomy of Security Conversations in Stack Overflow

Abstract As software-intensive digital systems become an integral part of modern life, ensuring that these systems are developed to satisfy security and privacy requirements is an increasingly important societal concern. This paper examines how secure coding practice...

An Investigation of Security Conversations in Stack Overflow: Perceptions of Security and Community Involvement

Developers turn to Stack Overflow and other on-line sources to find solutions to security problems, but little is known about how they engage with and guide one another in these environments or the perceptions of software security this may encourage. This study joins...

Captchat: A Messaging Tool to Frustrate Ubiquitous Surveillance

Paul Dunphy, Johannes Schöning, James Nicholson, Patrick Olivier Abstract There is currently a widespread uncertainty regarding the ability of citizens to control privacy online in the face of ubiquitous surveillance. This is a huge and complex societal problem....

Do You Love Me? Psychological Characteristics of Romance Scam Victims

Abstract The online dating romance scam is an Advance Fee Fraud, typically conducted by international criminal groups via online dating sites and social networking sites. This type of mass-marketing fraud (MMF) is the most frequently reported type of MMF in most...

Hopefully We Are Mostly Secure: Views on Secure Code in Professional Practice

Abstract Security of software systems is of general concern, yet breaches caused by common vulnerabilities still occur. Software developers are routinely called upon to ”do more” to address this situation. However there has been little focus on the developers’ point...

Ransomware and Reputation

Abstract Ransomware is a particular form of cyber-attack in which a victim loses access to either his electronic device or files unless he pays a ransom to criminals. A criminal’s ability to make money from ransomware critically depends on victims believing that the...

Taking the Middle Path: Learning about Security Through Online Social Interaction

Abstract As software-intensive digital systems become an integral part of modern life, ensuring that these systems are developed to satisfy security and privacy requirements is an increasingly important societal concern. Integrating security into software development...

To pay or not: game theoretic models of ransomware

Abstract Ransomware is a type of malware that encrypts files and demands a ransom from victims. It can be viewed as a form of kidnapping in which the criminal takes control of the victim’s files with the objective of financial gain. In this article, we review and...

All Publications

Barriers to Usable Security? Three Organizational Case Studies

Deanna D. Caputo, Shari Lawrence Pfleeger and M. Angela Sasse Abstract Usable security assumes that when security functions are more usable, people are more likely to use them, leading to an improvement in overall security. Existing software design and engineering...

Captchat: A Messaging Tool to Frustrate Ubiquitous Surveillance

Paul Dunphy, Johannes Schöning, James Nicholson, Patrick Olivier Abstract There is currently a widespread uncertainty regarding the ability of citizens to control privacy online in the face of ubiquitous surveillance. This is a huge and complex societal problem....

Comparing Decision Support Approaches for Cyber Security Investment

Andrew Fielder, Emmanouil Panaousis, Pasquale Malacaria, Chris Hankin, Fabrizio Smeraldi Abstract When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security...

Cybersecurity Games and Investments: A Decision Support Approach

Emmanouil Panaousis, Andrew Fielder, Pasquale Malacaria, Chris Hankin, Fabrizio Smeraldi Abstract In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly interested in examining cases where the organization suffers from an...

Decision justifications for wireless network selection

Debora Jeske, Lynne Coventry and Pam Briggs Abstract A number of security risks are associated with the selection of wireless networks. We examined wireless network choices in a study involving 104 undergraduate social science students. One research goal was to...

Decision support approaches for cyber security investment

Andrew Fieldera, Emmanouil Panaousisb, Pasquale Malacariac, Chris Hankina, Fabrizio Smeraldi Abstract When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security...

ECSEPA Map

ECSEPA Map Welcome to the UK Cyber Security Policy Making Interactive Map (time-stamped 1st May, 2019), part of the research project 'Evaluating Cyber Security Evidence for Policy Advice (ECSEPA)'. Below you will find a description of the interactive map and...

Error Detection and Recovery in Software Development

Abstract Software rarely works as intended when it is first written. Software engineering research has long been concerned with assessing why software fails and who is to blame, or why a piece of software is flawed and how to prevent such faults in the future. Errors...

Examining Active Error in Software Development

Tamara Lopez, Marian Petre, Bashar Nuseibeh Abstract Software rarely works as intended while it is being written. Things go wrong in the midst of everyday practice, and developers are commonly understood to form theories and strategies for dealing with them. Errors in...