Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems

Cecilia Loureiro-Koechlin; José-Rodrigo  Córdoba-Pachón; Charles Weir; Soteris Demetriou; Lynne Coventry

doi:10.1145/3549015.3554295

Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems

Cecilia Loureiro-Koechlin, José-Rodrigo Córdoba-Pachón, Charles Weir, Soteris Demetriou, Lynne Coventry

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

59 Downloads (Pure)

Abstract

Security and privacy issues are an ever-increasing problem for software systems. To address them, software developers must anticipate the problems that their developed systems may face, using a process we call ‘threat assessment’. Unfortunately, given the shortage of security experts, and the need to ‘think laterally’, threat assessment is very difficult for many development teams. One possibility is to use stories, known as ‘Design Fiction,’ to help developers visualize different contexts and future use for their software. But such stories are themselves difficult to write. A recent pilot project investigated using a broad-brush threat model and fiction samples derived from existing science fiction literature to help developers create threat assessments for Health Internet-of-Things devices. The preliminary results are encouraging, and open the possibility of developing a method to support developers in threat assessment in any domain.

Original language	English
Title of host publication	EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security
Publisher	Association for Computing Machinery (ACM)
Pages	79-84
Number of pages	6
DOIs	https://doi.org/10.1145/3549015.3554295
Publication status	Published - 5 Oct 2022

Access to Document

10.1145/3549015.3554295

Accepted ManuscriptAccepted author manuscript, 2.42 MB

1 Editorial

Special Issue Guest Editorial - "Digital Innovations after COVID-19: Emerging and Systemic Models or Complexities"
Córdoba-Pachón, J.-R., 1 Jan 2024, In: Systems.
Research output: Contribution to journal › Editorial › peer-review

Open Access

1 Finished

FiVu: Using Design Fiction to Identify Future Vulnerabilities in Bio-IOT
Córdoba-Pachón, J.-R. (PI)
Eng & Phys Sci Res Council EPSRC
15/11/21 → 31/03/23
Project: Research

1 Editor of research journal

Systems (Journal)
Córdoba-Pachón, J.-R. (Editor)
1 Jul 2023 → 31 Jan 2024
Activity: Publication peer-review and editorial work › Editor of research journal

Cite this

Loureiro-Koechlin, C., Córdoba-Pachón, J.-R., Weir, C., Demetriou, S., & Coventry, L. (2022). Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems. In EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security (pp. 79-84). Association for Computing Machinery (ACM). https://doi.org/10.1145/3549015.3554295

@inproceedings{5428d9399d63441287f6256b07d69c9a,

title = "Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems",

abstract = "Security and privacy issues are an ever-increasing problem for software systems. To address them, software developers must anticipate the problems that their developed systems may face, using a process we call {\textquoteleft}threat assessment{\textquoteright}. Unfortunately, given the shortage of security experts, and the need to {\textquoteleft}think laterally{\textquoteright}, threat assessment is very difficult for many development teams. One possibility is to use stories, known as {\textquoteleft}Design Fiction,{\textquoteright} to help developers visualize different contexts and future use for their software. But such stories are themselves difficult to write. A recent pilot project investigated using a broad-brush threat model and fiction samples derived from existing science fiction literature to help developers create threat assessments for Health Internet-of-Things devices. The preliminary results are encouraging, and open the possibility of developing a method to support developers in threat assessment in any domain.",

author = "Cecilia Loureiro-Koechlin and Jos{\'e}-Rodrigo C{\'o}rdoba-Pach{\'o}n and Charles Weir and Soteris Demetriou and Lynne Coventry",

year = "2022",

month = oct,

day = "5",

doi = "10.1145/3549015.3554295",

language = "English",

pages = "79--84",

booktitle = "EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

}

Loureiro-Koechlin, C, Córdoba-Pachón, J-R, Weir, C, Demetriou, S & Coventry, L 2022, Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems. in EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security. Association for Computing Machinery (ACM), pp. 79-84. https://doi.org/10.1145/3549015.3554295

Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems. / Loureiro-Koechlin, Cecilia; Córdoba-Pachón, José-Rodrigo ; Weir, Charles et al.
EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security. Association for Computing Machinery (ACM), 2022. p. 79-84.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Vision

T2 - Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems

AU - Loureiro-Koechlin, Cecilia

AU - Córdoba-Pachón, José-Rodrigo

AU - Weir, Charles

AU - Demetriou, Soteris

AU - Coventry, Lynne

PY - 2022/10/5

Y1 - 2022/10/5

N2 - Security and privacy issues are an ever-increasing problem for software systems. To address them, software developers must anticipate the problems that their developed systems may face, using a process we call ‘threat assessment’. Unfortunately, given the shortage of security experts, and the need to ‘think laterally’, threat assessment is very difficult for many development teams. One possibility is to use stories, known as ‘Design Fiction,’ to help developers visualize different contexts and future use for their software. But such stories are themselves difficult to write. A recent pilot project investigated using a broad-brush threat model and fiction samples derived from existing science fiction literature to help developers create threat assessments for Health Internet-of-Things devices. The preliminary results are encouraging, and open the possibility of developing a method to support developers in threat assessment in any domain.

AB - Security and privacy issues are an ever-increasing problem for software systems. To address them, software developers must anticipate the problems that their developed systems may face, using a process we call ‘threat assessment’. Unfortunately, given the shortage of security experts, and the need to ‘think laterally’, threat assessment is very difficult for many development teams. One possibility is to use stories, known as ‘Design Fiction,’ to help developers visualize different contexts and future use for their software. But such stories are themselves difficult to write. A recent pilot project investigated using a broad-brush threat model and fiction samples derived from existing science fiction literature to help developers create threat assessments for Health Internet-of-Things devices. The preliminary results are encouraging, and open the possibility of developing a method to support developers in threat assessment in any domain.

U2 - 10.1145/3549015.3554295

DO - 10.1145/3549015.3554295

M3 - Conference contribution

SP - 79

EP - 84

BT - EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security

PB - Association for Computing Machinery (ACM)

ER -

Loureiro-Koechlin C, Córdoba-Pachón JR, Weir C, Demetriou S, Coventry L. Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems. In EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable Security. Association for Computing Machinery (ACM). 2022. p. 79-84 Epub 2022 Sept 29. doi: 10.1145/3549015.3554295

Vision: Design Fiction for Cybersecurity: Using Science Fiction to Help Software Developers Anticipate Problems

Abstract

Access to Document

Research output

Special Issue Guest Editorial - "Digital Innovations after COVID-19: Emerging and Systemic Models or Complexities"

Projects

FiVu: Using Design Fiction to Identify Future Vulnerabilities in Bio-IOT

Activities

Systems (Journal)

Cite this