The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.
ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.
ESPRE will be run as a one-day workshop (online). The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session.
ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.
Abstract: The need to integrate security into the design of software has been written in the UK National Cyber Security Strategy. Unfortunately, the evidence suggests this outcome isn’t being met, nor is the skills pipeline helping to meet it; this may be representative of the situation faced in other countries too.
I will go through some of the ‘false peaks’ of security design that designers need to overcome when integrating security into software design, and talk about how taking a user-centred approach to security design can help overcome them. I will then provide an overview of the work our team at BU have been doing to address some of these challenges, where a common theme will be the role and value of Requirements Engineering. I will end by suggesting some directions for work by the Security & Privacy Requirements Engineering community to help overcome the ‘grand challenge’ of integrating security into software design.
Write-up your research
After 22nd June 2020
Plan your trip to the conference (see the map below) and register to attend the event
Due by 23:59:59 AoE, 13th July 2020
Submission link to be supplied
We look forward to seeing you online on Monday 31st August 2020 for the ESPRE workshop
Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.
Time permitting, we will run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events.
|10:30 - 10:40|
|10:40 - 12:00|
KeynoteBy: Dr Shamal Faily Title: The false peaks of security design, and how combining user-centeredness and RE can overcome them.
|12:00 - 13:00||Break|
|13:00 - 14:00|
|14:00 - 14:30|
Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.
For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.