unsplash-logoMeriç Dağlı


The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.

ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.



These include, but do not exclude:

  • Adaptation of security & privacy requirements
  • Elicitation and analysis techniques
  • Evolution of security & privacy requirements
  • Legal compliance in security & privacy RE
  • Leveraging Domain knowledge
  • Modelling trust and risk
  • Ontologies for security & privacy RE
  • Scalability of security RE approaches
  • Security & privacy RE and [Sec]DevOps
  • Security & privacy RE for design innovation
  • Security & privacy RE education
  • Security & privacy RE processes
  • Stakeholder & Attacker perspectives
  • Studies applying security & privacy RE
  • Validation & verification
  • Next


    We will run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events. To book a slot, please email sfaily@bournemouth.ac.uk with your name, affiliation, talk title, and brief abstract. Proposals will be accepted on a first come, first served basis until all available slots are filled. We will, however, try to free up space elsewhere on the day if we get more demand than we can satisfy.

    The scope for talk topics is open, but the timings are not. Please keep your talk within the time limit. This will make your talk more focused, and keep the audience excited. If your proposal is accepted, you will be contacted with more details about timings and logistics on the day.


    Important Dates

    • Submission Deadline: June 12th, 2018June 18th, 2018 (Extension)
    • Notifications: July 6th, 2018
    • Camera-ready papers due: July 17th, 2018
    • Workshop date: 20th August 2018

    Yijun Yu (Open University)

    Dr. Yijun Yu is a Senior Lecturer in Computing at The Open University, UK. He is interested in developing automated, efficient and scalable software techniques and tools to better support human activities in software engineering. He has a vision to improve aviation security through cloud computing and blockchains by live streaming blackboxes, which was featured in interviews with BBC after the missing MH370 flight, and subsequently received a Microsoft Azure and Amazon AWS awards (2017). His research on Requirements-driven Self-Adaptation receives a 10 Year Most Influential Paper award (CASCON’16), 5 Best Paper awards and 3 Distinguished Paper awards at International Conferences (including RE’11). This talk is based on recent joint work with colleagues at The Open University, UK, inspired by his international collaborators from over 10 countries. His current research is funded by grants on Secure Adaptive and Usable Software Engineering (EPSRC Platform, 2018-2022), and Adaptive Security and Privacy (ERC Adv. Grant, 2012-2018). You can find out more about his work here and about his research team here.

    Lionel Briand (University of Luxembourg)

    Lionel C. Briand is professor in software verification and validation at the SnT centre for Security, Reliability, and Trust, University of Luxembourg, where he is also the vice-director of the centre. He is currently running multiple collaborative research projects with companies in the automotive, satellite, financial, and legal domains. Lionel has held various engineering, academic, and leading research positions in five other countries before that.

    Lionel was elevated to the grade of IEEE Fellow in 2010 for his work on the testing of object-oriented systems. He was granted the IEEE Computer Society Harlan Mills award and the IEEE Reliability Society engineer-of-the-year award for his work on model-based verification and testing, respectively in 2012 and 2013. He received an ERC Advanced grant in 2016 — on the topic of modelling and testing cyber-physical systems — which is the most prestigious individual research grant in the European Union. His research interests include: software testing and verification, model-driven software development, search-based software engineering, and empirical software engineering.


    Previous Workshops




    Workshop Opening

    0930 - 1030

    Keynote talk: Yijun Yu

    1030 - 1100Coffee break
    1100 - 1230

    Session: People and Systems

    • Towards the Design of Usable Privacy by Design Methodologies
      Argyri Pattakou, Aikaterini-Georgia Mavroeidi, Christos Kalloniatis, Vasiliki Diamantopoulou and Stefanos Gritzalis (University of the Aegean, Greece)
    • The Importance of Empathy for Analyzing Privacy Requirements
      Meira Levy (Shenkar - Engineering. Design. Art, Israel) and Irit Hadar (University of Haifa, Israel)
    • Assessing System of Systems Security Risk and Requirements with OASoSIS
      Duncan Ki-Aries, Shamal Faily, Huseyin Dogan (Bournemouth University, UK) and Christopher Williams (Defence Science & Technology Laboratory, UK)
    1230 - 1400Lunch
    1400 - 1530

    Session: Privacy by Design and Lightning Talks

    • Tool-supporting Data Protection Impact Assessments with CAIRIS
      Joshua Coles, Shamal Faily and Duncan Ki-Aries (Bournemouth University, UK)
    • Privacy Consistency Analyzer for Android Applications
      Sayan Maitra, Bohyun Suh and Sepideh Ghanavati (Texas Tech University, USA)
    • Lightning Talks
    1530 - 1600Coffee break
    1600 - 1700

    Keynote talk: Lionel Briand

    1700 - 1730

    Wrap-up and Workshop Close