Social Constructionism provides a means to help understand and diagnose how humans experience security systems. We use Qualitative Research methods to systematically discover what it means to the participants to engage in socio-technical security systems. We are interested in using psychological theories to help diagnose and understand these experiences and how they may impact the security objectives; these insights may in turn help identify potential remedies. We are also developing rigorous models of this human experience that could be used as part of a formal analysis of the interoperation between human experience and system operation.
- Foley, S. N., & Rooney, V. M. (2018). A Grounded Theory approach to security policy elicitation. Information and Computer Security Journal, 26(4), 454–471. https://doi.org/10.1108/ICS-12-2017-0086 [link]
- Rooney, V. M., & Foley, S. N. (2018). What you can change and what you can’t: human experience in computer network defenses. In In proceedings Nordic Conference on Secure IT Systems. Springer LNCS 11252. Retrieved from http://simonfoley.org/pubs/nordsec2018.pdf [link]
- Rooney, V. M., & Foley, S. N. (2017). What users want: adapting qualitative research methods to security policy requirements elicitation. In Proceedings of the International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017. Retrieved from http://simonfoley.org/pubs/secpre2017.pdf [link]
- Pieczul, O., Foley, S. N., & Rooney, V. M. (2014). I’m OK, You’re OK, the System’s OK: Normative Security for Systems. In Proceedings of the 2014 workshop on New Security Paradigms Workshop, Victoria, BC, Canada, September 15-18, 2014 (pp. 95–104). https://doi.org/10.1145/2683467.2683476 [link]
- Foley, S. N., & Rooney, V. M. (2009). Qualitative Analysis for Trust Management. In Security Protocols XVII, 17th International Workshop, Cambridge, UK, April 1-3, 2009. Revised Selected Papers (pp. 298–307). https://doi.org/10.1007/978-3-642-36213-2_33 [link]