WHY ESPRE?

The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.

ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.

ESPRE will be run as a one-day workshop (online). The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session.

ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.

TOPICS

These include, but are not limited to:

  • Adaptation of security & privacy requirements
  • Elicitation and analysis techniques
  • Evolution of security & privacy requirements
  • Legal compliance in security & privacy RE
  • Leveraging Domain knowledge
  • Modelling trust and risk
  • Ontologies for security & privacy RE
  • Scalability of security RE approaches
  • Security & privacy RE and [Sec]DevOps
  • Security & privacy RE for design innovation
  • Security & privacy RE education
  • Security & privacy RE processes
  • Stakeholder & Attacker perspectives
  • Studies applying security & privacy RE
  • Validation & verification

UPDATE: RE Organisers have decided to hold RE’20 at its scheduled date as a hybrid conference (physically in Zurich for those who can travel, and with remote attendance for everybody else). ESPRE will be held online as a virtual conference. See here for more details

Keynote

Dr Shamal Faily
Title: The false peaks of security design, and how combining user-centeredness and RE can overcome them.

Abstract: The need to integrate security into the design of software has been written in the UK National Cyber Security Strategy. Unfortunately, the evidence suggests this outcome isn’t being met, nor is the skills pipeline helping to meet it; this may be representative of the situation faced in other countries too.

I will go through some of the ‘false peaks’ of security design that designers need to overcome when integrating security into software design, and talk about how taking a user-centred approach to security design can help overcome them. I will then provide an overview of the work our team at BU have been doing to address some of these challenges, where a common theme will be the role and value of Requirements Engineering. I will end by suggesting some directions for work by the Security & Privacy Requirements Engineering community to help overcome the ‘grand challenge’ of integrating security into software design.

Important Dates

NOW

Write-up your research

Submission Deadline

Due by 23:59:59 AoE, 22nd May 2020

Submissions to EasyChair

Author Notifications

After 22nd June 2020

Conference Registration

Plan your trip to the conference (see the map below) and register to attend the event

Camera-Ready Submission

Due by 23:59:59 AoE, 13th July 2020

Submission link to be supplied

ESPRE20 (Online) Workshop

We look forward to seeing you online on Monday 31st August 2020 for the ESPRE workshop

Research Challenges and Roadmap

Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.

Time permitting, we will run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events.

Schedule

10:30 - 10:40

Workshop Opening

10:40 - 12:00

Keynote

By: Dr Shamal Faily
Title: The false peaks of security design, and how combining user-centeredness and RE can overcome them.
12:00 - 13:00Break
13:00 - 14:00

Presentations

  • 11:00 - 11:30 > Requirement and Quality Models for Privacy Dashboards
    Denis Feth and Hartmut Schmitt
  • 11:30 - 12:00 > Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements
    Sara Sartoli, Sepideh Ghanavati and Akbar S. Namin
14:00 - 14:30

Wrap-up

Organising Committee

Previous Workshops

Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.

For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.


The sixth ESPRE workshop was held during RE 2019 in Jeju Island, South Korea. The workshop consisted of a keynote talk by Daehun Nyang, a technical programme of six paper presentations, and a closing talk and participant discussion led by Tiago Gasiba towards a roadmap for evolving security andprivacy requirements engineering. (Website)
The fifth ESPRE workshop was held during RE 2018 in Banff, Canada. The workshop consisted of a keynote talk by Yijun Yu, a technical programme of five paper presentations, a lightning talk session, and a closing talk by Lionel Briand. (Website)
The fourth ESPRE workshop was held during RE 2017 in Lisbon, Portugal. The workshop consisted of a keynote talk by Chris Williams, a technical programme of seven paper presentations, and a closing talk by Tiago Gasiba. (Website)
The third ESPRE workshop was held during RE 2016 in Beijing, China. The workshop consisted of a keynote talk by Lin Liu, a technical programme of six paper presentations, a lightening talk session, and an interactive demo session. (Website)
The second ESPRE workshop was held during RE 2015 in Ottawa, Canada. The workshop consisted of a keynote talk by Robert Biddle, a technical programme of five paper presentations, and a closing talk by Fabio Massacci. For the first time, the programme also included a lightening talk session containing a number of brief presentations from attendees on new and emerging results from our field. (Website)
The first ESPRE workshop was held during RE 2014 in Karlskrona, Sweden. The workshop consisted of a keynote talk by Angela Sasse, a technical programme of eight paper presentations, and a closing talk by Aljosa Pasic. Three selected papers of the workshop were extended for an ESPRE special issue of the International Journal of Secure Software Engineering, which was published in 2015. (Website)
Top