Why ESPRE? unsplash-logoMeriç Dağlı


The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.

ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.



These include, but are not limited to:
  • Adaptation of security & privacy requirements
  • Elicitation and analysis techniques
  • Evolution of security & privacy requirements
  • Legal compliance in security & privacy RE
  • Leveraging Domain knowledge
  • Modelling trust and risk
  • Ontologies for security & privacy RE
  • Scalability of security RE approaches
  • Security & privacy RE and [Sec]DevOps
  • Security & privacy RE for design innovation
  • Security & privacy RE education
  • Security & privacy RE processes
  • Stakeholder & Attacker perspectives
  • Studies applying security & privacy RE
  • Validation & verification

Research Challenges - Roadmap

Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering.

Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.


Important Dates

  • Submission Deadline: (EXTENDED TO) July 12th, 2019
  • Notifications: (BETWEEN) July 25th - August 1st, 2019
  • Camera-ready papers due: (EXTENDED TO) August 14th, 2019
  • Pre-submissions to EasyChair by: 23:59:59 AoE
  • Workshop date: September 23rd, 2019


Keynote: Prof. Daehun Nyang

Prof. Daehun Nyang

Source Code Authorship Identification with Deep Learning

In this talk, we are going to talk about source code authorship identification method. Successful software authorship de-anonymization has both software forensics applications and privacy implications. However, the process requires an efficient extraction of authorship attributes. The extraction of such attributes is very challenging, due to various software code formats from executable binaries with different toolchain provenance to source code with different programming languages. Moreover, the quality of attributes is bounded by the availability of software samples to a certain number of samples per author and a specific size for software samples.

To this end, in this talk, we propose a deep Learning-based approach for software authorship attribution, that facilitates large-scale, format-independent, language-oblivious, and obfuscation-resilient software authorship identification. This proposed approach incorporates the process of learning deep authorship attribution using a recurrent neural network, and ensemble random forest classifier for scalability to de-anonymize programmers. Results by comprehensive experiments will be given.


DaeHun Nyang received a B.Eng. degree in electronic engineering from Korea Advanced Institute of Science and Technology, M.S. and Ph.D. degrees in computer science from Yonsei University, Korea in 1994, 1996, and 2000 respectively. He has been a senior member of the engineering staff at Electronics and Telecommunications Research Institute, Korea, from 2000 to 2003. Since 2003, he has been a full professor at Computer Information Engineering Department of Inha University, Korea where he is also the founding director of the Information Security Research Laboratory. He is a member of the board of directors and an editorial board of ETRI Journal and also Korean Institute of Information Security and Cryptology. Prof. Nyang's research interests include cryptography, network security, traffic measurement, privacy, usable security, biometrics and deep learning-based security.


Previous Workshops


Provisional Programme


Workshop Opening (Duncan Ki-Aries)

09:15 - 10:30

Keynote: Prof. Daehun Nyang

Talk Title: Source Code Authorship Identification with Deep Learning
10:30 - 11:00Coffee break
11:00 - 12:30

Session One

  • 11:00 - 11:30 > Ontology-Driven Security Requirements Recommendation for APT Attack
    Sangeeta Dey, Minju Kim, and Seok-Won Lee
  • 11:30 - 12:00 > A System for Seamlessly Supporting from Security Requirements Analysis to Security Design using a Software Security Knowledge Base
    Atsuo Hazeyama, Hikaru Miyahara, Takafumi Tanaka, Hironori Washizaki, Haruhiko Kaiya, Takao Okubo, and Nobukazu Yoshioka
  • 12:00 - 12:30 > A Critical Perspective of Secure Coding Guidelines to Fulfill Industry Policies
    Tiago Espinha Gasiba and Ulrike Lechner
12:30 - 14:00Lunch
14:00 - 15:30

Session Two

  • 14:00 - 14:30 > Continuous Requirements: An Example Using GDPR
    Ze Shi Li, Colin Werner, and Neil Ernst
  • 14:30 - 15:00 > Towards Automated Logging for Forensic-Ready Software Systems
    Fanny Rivera Ortiz and Liliana Pasquale
15:30 - 16:00 Coffee break
16:00 - 16:30

Session Three

  • 16:00 - 16:30 > When Interactive Graphic Storytelling Fails
    James Barela, Tiago Gasiba, Santiago Suppan, Marc Berges, and Kristian Beckers
16:30 - 17:30

Wrap-up: A roadmap for evolving security and privacy requirements engineering


Workshop Close