The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.
ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.
ESPRE will be run as a one-day workshop (online). The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session.
ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.
Abstract: Studies show that physical contact, like a handshake or hug, can promote trust between people. Technology, on the other hand, is rather cold by nature, and the same could also our engineering process quickly become. Still, people are increasingly depending on technology in their lives, and security or privacy breaches could have life-changing consequences.
People are essential to both the design, development and use of technology. If we are able to take human factors into account at all stages, including in our privacy and security work, could we become better at building solutions which people can really trust, rely upon – and maybe even love?
Erlend Andreas Gjære is a specialist in security and people, with a focus on security awareness, training and culture, risk, behavior and user experience. He received his MSc degree in Informatics from the Norwegian University of Science and Technology (NTNU) in Norway, and then worked six years as a research scientist, before transitioning to industry work as a consultant and security manager. He is now co-founder and CEO of the award-winning security software company Secure Practice.
Abstract: Critical infrastructure is a key area in cybersecurity. In the U.S., it was front and center in 1997 with the report from the President’s Commission on Critical Infrastructure Protection (PCCIP), and now affects countries worldwide. Critical Infrastructure Protection must address all types of cybersecurity threats - insider threat, ransomware, Supply Chain Risk Management issues, and so on. Unsurprisingly, in the past 25 years, the risks and incidents have increased rather than decreased and appear in the news daily.
As an important component of critical infrastructure protection, secure supply chain risk management must be integrated into development projects. Development projects do not always include methods to ensure that code in third party products has not been compromised during the sourcing process. We discuss the threats and actual attacks, mitigation methods, recent research, and the linkages to security requirements engineering.
Nancy Mead is a Fellow of the Software Engineering Institute and Adjunct Professor of Software Engineering at Carnegie Mellon University. Her research areas are security requirements engineering, supply chain risk management, and software assurance curricula. The Nancy Mead Award for Excellence in Software Engineering Education & Training is named for her.
She has more than 150 publications and invited presentations. Her awards and honors include Life Fellow of the IEEE, Distinguished Member of the ACM, IEEE TCSE Distinguished Educator, IEEE TCSE Executive Board, Parnas Fellow at Lero the Irish Software Research Center, IEEE Distinguished Visitor Program. She has a BA, MS, and PhD in mathematics from NYU.
Write-up your research
(Extended) Due by 23:59:59 AoE, Thursday, May 26th, 2022
Submissions to EasyChair
Friday, June 17, 2022
For more information, see the RE22 website about how to register to attend the event
Due by 23:59:59 AoE, Thursday, July 7, 2022
Submission link to be supplied
Tuesday, August 16, 2022
Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.
Time permitting, we may run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events.
19:00 - 19:10 | Workshop Opening |
19:10 - 20:10 | Keynote 1Erlend Andreas Gjære - The need for a human touch in security and privacy engineering |
20:10 - 20:20 | Break |
20:20 - 21:20 | Presentations
|
21:20 - 21:40 | Break |
21:40 - 22:40 | Keynote 2Nancy R. Mead - Critical Infrastructure Protection and Supply Chain Risk Management |
22:40 - 22:50 | Break |
22:50 - 23:40 | Presentations
|
23:40 - 00:00 | Discussion and Wrap-up |
00:00 | Workshop Close |
Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.
For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.