The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.
ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.
ESPRE will be run as a one-day workshop (online). The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session.
ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.
Abstract: Throughout decades of innovation, privacy and security have continued to be critical attributes in software and system design. This remains true in enterprise networks, today, and has arisen in emerging Internet of Things (IoT) and machine learning applications. Business analysts and system designers have continuously needed to tailor privacy and security requirements to meet the threats to specific systems. Risk, or the likelihood of an adverse consequence, is a key driver for prioritizing investment in mitigating privacy and security threats. In this keynote talk, we will review a brief history of risk estimation, its strengths and its shortcomings, consider how risk differs between privacy and security, discuss novel quantitative approaches to measuring privacy and security risk. At the end, we will examine an important obstacle to automating privacy and security assessment, which is structured and enumerable domain knowledge.
Dr. Breaux is the Director of the CMU Requirements Engineering Lab, where his research program investigates how to specify and design software to comply with policy and law in a trustworthy, reliable manner. His work historically concerned the empirical extraction of legal requirements from policies and law, and has recently studied how to use formal specifications to reason about privacy policy compliance, how to measure and reason over ambiguous and vague policies, and how security and privacy experts and novices estimate the risk of system designs.
Previous keynote talks have been delivered by Angela Sasse (2014), Robert Biddle (2015), Lin Liu (2016), Chris Williams (2017), Yijun Yu (2018), Daehun Nyang (2019), and Shamal Faily (2020).
Abstract: We live in a modern age in which we are very proud of saying "we are digital". Business go digital, governments go digital, lifes go digital, relations go digital...As time advances more and more elements are found, sometimes only, in the digital world, and although it has incredible benefits (both for citizens, companies, and governments) it also has a dark side few people know or talk about. Cybercrimes, cyberwarfare...data is the new gold and there are people that know perfectly how to get it, no matter how hard you or any company try to protect them. Actually, are we protected? where is our data? do we care about it?
In this presentation we will talk about the digital world and the cyberthreats they bring, about their impact in the day to day life and, also, try to show people how unprotected we are...
Mr. José Francisco Ruiz is a senior cybersecurity consultant and technical project manager at Atos. He obtained his bachelor degree and Master Thesis degree in Computer Engineering from the University of Malaga in 2008 and 2012 respectively and is currently finishing his PhD focused on cybersecurity engineering. He has been working in European research projects from more than twelve years in different organizations across Europe. He has lead cybersecurity research activities and act as technical project management in many different projects, among others in FP6 Serenity (security and dependability for AmI), FP7 SecFutur (security engineering for systems of systems), Coco Cloud (security in the cloud), and several H2020 projects. He has been technical project coordinator of the H2020 VisiOn project (security and privacy for public administrations) and is project coordinator of the H2020 project FISHY (cybersecurity for supply chain). Previously he was project coordinator of the H2020 project SMESEC (cybersecurity for SMEs). Additionally, he led the research and creation of a cybersecurity agenda for collaboration of Europe and Japan in the H2020 EUNITY project. His interests include cybersecurity engineering, cybersecurity in the cloud, data protection, and distributed systems. He has also several publications in national and international conferences, journals and books and has served in organization committees and as reviewer in different conferences and workshops. Finally, he is a member of the “Expert Community” of Atos in the cybersecurity domain, and the scientific and innovation committee of ECSO together with being co-chair of the “cybersecurity for verticals” sub-working group.
Write-up your research
Friday, July 23, 2021
For more information, see the RE21 website about how to register to attend the event
Due by 23:59:59 AoE, Thursday, August 12, 2021
Submission link to be supplied
Tuesday, September 21, 8.00am-1.00pm EDT (2.00pm-7.00pm CEST)
Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.
08:00 - 08:15 | Workshop Opening (14:00 CEST) |
08:15 - 9:00 | Keynote 1What Are We Afraid Of? Quantifying Risk in Privacy and SecurityDr Travis Breaux, Carnegie Mellon University, USA |
09:00 - 11:00 | Presentations
|
11:00 - 11:45 | Keynote 2How secure are we in the digital era? Does anyone truly know?Jose Francisco Ruiz, Technical project manager and Cybersecurity expert, Atos, Spain |
11:45 - 12:30 | Presentations
|
12:30 - 13:00 | Discussion and Wrap-up |
13:00 | Workshop Close |
Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.
For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.