Text size
  • Small
  • Medium
  • Large
  • Standard
  • Blue text on blue
  • High contrast (Yellow text on black)
  • Blue text on beige

    Secure System? Challenge Accepted: Finding and Resolving Security Failures Using Security Premortems

    HCI2012 - People & Computers XXVI

    Proceedings of HCI 2012
    The 26th BCS Conference on Human Computer Interaction

    Birmingham, UK, 12 - 14 September 2012


    Shamal Faily, Simon Parkin & John Lyle


    Risk-driven approaches are dominant in secure systems design; these aim to elicit and treat vulnerabilities and the threats exploiting them. Such approaches, however, are so focused on driving risks out of system design, they fail to recognise the usefulness of failure as a vehicle for security innovation. To explore the role of failure as a design tool, we present the security premortem: a participative design technique where participants assume that a system has been exploited, and plausible reasons are given for explaining why. We describe this approach and illustrate how software tools can be used to support it.


    PDF filePDF Version of this Paper (321kb)