The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.
ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.
ESPRE will be run as a one-day workshop (online). The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session.
ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.
A selection of best papers from the ESPRE workshop will be invited to submit extended versions for tentative publication in a Special Section of the journal of Software and Information Technology published by Elsevier.
Abstract: The number of privacy violations increased by about 70% in 2022, with 45% of companies experiencing such harmful and costly data breaches. These breaches can range from non-compliance with privacy regulations, and mismatches between the actual data practices and their privacy policies, to using malicious or unsuitable third-party libraries. Despite recent advances in privacy engineering research, developers still face several critical challenges in implementing privacy-preserving applications. Most research focuses on detecting violations and non-compliance after deployment rather than mitigating and resolving them prior to or during development.
In this keynote talk, I will first discuss our findings regarding analysts' and developers' degrees of privacy expertise, their challenges, and the tools and solutions they use for developing privacy-preserving applications. Next, I will provide a brief history of privacy engineering solutions that address some of these challenges and questions, as well as their strengths and shortcomings in achieving their objectives. I will then present an overview of the work my team and I conduct to address some of the current shortcomings and obstacles with a particular focus on detecting, classifying, and localizing privacy behaviors during applications' development. Finally, I will discuss key future research directions for the Emerging Security & Privacy Requirements Engineering community.
Sepideh Ghanavati is an assistant professor in computer science at the University of Maine and the director of the Privacy Engineering - Regulatory Compliance Lab (PERC_Lab). Her research is at the intersection of information privacy and security, software engineering, programming comprehension, and natural language processing. Together with her team, they leverage requirements engineering, deep learning, and privacy by design techniques to develop frameworks, methods, and tools to solve some of the problems software analysts, designers, and developers face when protecting users’ privacy, complying with existing laws and regulations, and mitigating and resolving privacy violations. She is a recipient of an NSF CAREER award in 2023 as well as a Google Faculty Research Award and Google's Privacy-related Faculty Award in 2018 and 2021, respectively.
She has more than 18 years of academic and industry experience in privacy, regulatory compliance, and requirements engineering and has published more than 60 peer-reviewed publications. She has been the co-organizer of the Privacy in Natural Language Processing Workshop (PrivateNLP) for the last four years and a reviewer, program committee member, and part of the organizing committee of several journals and conferences such as PoPETS, ICSE, FSE, RE, and TSE.
We received a total of 9 submissions (accepted 4 full papers, 2 short papers, from 6 countries, 5 universities and 2 industries).
Analysis of information security measures embedded in the GDPR, Jan Willemson. (Cybernetica, Estonia)
Towards a Basic Security Framework for SMEs – Results From an Investigation of Cybersecurity Challenges in Denmark, Camilla Nadja Fleron, Jonas Kofod Jørgensen, Oksana Kulyk and Elda Paja. (IT University of Copenhagen, Denmark)
See the schedule below for other details
Toward Data Protection by Design: Assessing the Current State of GDPR Disclosure in Web Applications, Abdel-Jaouad Aberkane, Seppe Vanden Broucke and Geert Poels. (Ghent University, Katholieke Universiteit Leuven, Belgium)
Evaluating Privacy Questions From Stack Overflow: Can ChatGPT Compete?, Zack Delile, Sean Radel, Joe Godinez, Garrett Engstrom, Theo Brucker, Kenzie Young and Sepideh Ghanavati. (University of Maine, USA)
Automated Identification of Security and Privacy Requirements from Software Engineering Contracts, Chirag Jain, Preethu Rose Anish and Smita Ghaisas. (TCS Research, India)
Eliciting a Security Architecture Requirements Baseline from Standards and Regulations, Quentin Rouland, Stojanche Gjorcheski and Jason Jaskolka. (Carleton University, Canada)
Write-up your research
Friday, July 7, 2023
For more information, see the RE23 website about how to register to attend the event
Due by 23:59:59 AoE, Thursday, July 14, 2023
Submission link to be supplied
Monday 4th September, 2023
Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.
Time permitting, we may run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events. This could also be discussed in the QnA and discussion session.
|09:00 - 09:10|
Workshop OpeningOpening Remarks - Prof. Seok-Won Lee, Workshop Co-Chair. (Ajou University, Korea)
|09:10 - 10:00|
Invited TalkPrivacy is not an Afterthought: Raising Awareness Towards Privacy-Driven Software Development - Dr. Sepideh Ghanavati (University of Maine, USA)
|10:00 - 10:30|
|10:30 - 11:00|
Coffee Break @Lichthof
|11:00 - 12:10|
|12:10 - 12:30|
QnA and Discussion
|12:30 - 14:00|
Lunch Break @Lichthof
|14:00 - 15:00|
|15:00 - 15:30|
Discussion and Wrap-up
|15:30 - 16:00|
Workshop Close, and Coffee Break @Lichthof
ESPRE is now celebrating it's 10th year. Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.
For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.