The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.
ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.
We will run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events. To book a slot, please email firstname.lastname@example.org with your name, affiliation, talk title, and brief abstract. Proposals will be accepted on a first come, first served basis until all available slots are filled. We will, however, try to free up space elsewhere on the day if we get more demand than we can satisfy.
The scope for talk topics is open, but the timings are not. Please keep your talk within the time limit. This will make your talk more focused, and keep the audience excited. If your proposal is accepted, you will be contacted with more details about timings and logistics on the day.
Dark matter and dark energy have not been observed directly. However, their very existence may be used to account for the implication of abnormal observations which cannot be explained otherwise using the equation of general relativity. Similarly, unknowns often distort our understanding in the evolution of security and privacy requirements. In an attempt to eliminate the phenomena, this talk will use examples to shed some light on where unknowns could exist and what implications they could have on our understanding of security and privacy requirements.
Dr. Yijun Yu is a Senior Lecturer in Computing at The Open University, UK. He is interested in developing automated, efficient and scalable software techniques and tools to better support human activities in software engineering. He has a vision to improve aviation security through cloud computing and blockchains by live streaming blackboxes, which was featured in interviews with BBC after the missing MH370 flight, and subsequently received a Microsoft Azure and Amazon AWS awards (2017). His research on Requirements-driven Self-Adaptation receives a 10 Year Most Influential Paper award (CASCON’16), 5 Best Paper awards and 3 Distinguished Paper awards at International Conferences (including RE’11). This talk is based on recent joint work with colleagues at The Open University, UK, inspired by his international collaborators from over 10 countries. His current research is funded by grants on Secure Adaptive and Usable Software Engineering (EPSRC Platform, 2018-2022), and Adaptive Security and Privacy (ERC Adv. Grant, 2012-2018). You can find out more about his work here and about his research team here.
To facilitate communication among stakeholders, software security and privacy (S&P) requirements are typically written in natural language and capture both positive requirements (i.e., what the system is supposed to do to ensure S&P) and negative requirements (i.e., undesirable behavior undermining S&P). An important question is how to test a system to ensure the conformance of a system with its S&P requirements and, further, how to do that in a systematic, automated, and effective way.
This talk will present Misuse Case Programming (MCP), an approach to automatically generate security test cases from misuse case specifications (i.e., use case specifications capturing the behavior of malicious users). MCP relies on natural language processing techniques to extract relevant concepts (e.g., inputs and activities) appearing in requirements specifications and generates executable test cases by matching the extracted concepts to a provided test driver API. MCP has been evaluated in an industrial case study, which provides initial evidence of the feasibility and benefits of the approach.
Lionel C. Briand is professor in software verification and validation at the SnT centre for Security, Reliability, and Trust, University of Luxembourg, where he is also the vice-director of the centre. He is currently running multiple collaborative research projects with companies in the automotive, satellite, financial, and legal domains. Lionel has held various engineering, academic, and leading positions in five other countries before that. He was one of the founders of the ICST conference (IEEE Int. Conf. on Software Testing, Verification, and Validation, a CORE A event) and its first general chair. He was also the EiC of Empirical Software Engineering (Springer) for a long time and led the journal to the top tier of the very best publication venues in software engineering.
Lionel was elevated to the grade of IEEE Fellow in 2010 for his work on the testing of object-oriented systems. He was granted the IEEE Computer Society Harlan Mills award and the IEEE Reliability Society engineer-of-the-year award for his work on model-based verification and testing, respectively in 2012 and 2013. He received an ERC Advanced grant in 2016 — on the topic of modelling and testing cyber-physical systems — which is the most prestigious individual research grant in the European Union. His research interests include: software testing and verification, model-driven software development, search-based software engineering, and empirical software engineering.
Workshop Opening (Seok-Won Lee)
|0930 - 1030|
Keynote talk: Dark Matter in Adaptive Security and Privacy Requirement (Yijun Yu)
|1030 - 1100||Coffee break|
|1100 - 1230|
Session: People and Systems (Chair: Raian Ali)
|1230 - 1400||Lunch|
|1400 - 1530|
Session: Privacy by Design and Lightning Talks (Chair: Seok-Won Lee)
|1530 - 1600||Coffee break|
|1600 - 1700|
Keynote talk: Modeling Security and Privacy Requirements to Enable Test Automation (Lionel Briand)
|1700 - 1730|
Wrap-up and Workshop Close (Seok-Won Lee)