WHY ESPRE?

The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.

ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.

ESPRE will be run as a one-day workshop (online). The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session.

ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.

A selection of best papers from the ESPRE workshop will be invited to submit extended versions for tentative publication in a Special Section of the journal of Software and Information Technology published by Elsevier.

TOPICS

These include, but are not limited to:

  • Security and Privacy requirements elicitation and analysis
  • Identification and management of all stakeholders (including attackers)
  • Modelling multilateral stakeholder perspectives on Security and Privacy
  • Scalability of Security RE approaches
  • Modelling of domain knowledge for Security and Privacy requirements
  • Ontologies for Security and Privacy RE
  • Security and Privacy RE processes
  • Evolution of Security and Privacy requirements
  • Consideration of legal compliance during RE
  • Use of RE to create Security and Privacy standard-compliant software
  • Modelling of Trust, Reputation, and Risk
  • Validation and verification of Security and Privacy requirements
  • Positive (and especially negative) lessons learned applying Security and RE in practice
  • AI for Security
  • Green Cybersecurity
  • Blockchain for Cybersecurity
  • Accessibility and Inclusivity in Cybersecurity
ESPRE2023

Download the ESPRE 2023 Call for Papers

Don't forget, ESPRE23 will be again be held in-person. We'll add any on-going updates about the event for you here. See here for more details about the RE conference

UPDATE: The ESPRE workshop submission deadline has been extended by one week. See below for the new date.

UPDATE: The ESPRE workshop schedule has been updated slightly. See below for the updated schedule and room details.

Keynote 1

Dr. Sepideh Ghanavati
Title: Privacy is not an Afterthought: Raising Awareness Towards Privacy-Driven Software Development

Abstract: The number of privacy violations increased by about 70% in 2022, with 45% of companies experiencing such harmful and costly data breaches. These breaches can range from non-compliance with privacy regulations, and mismatches between the actual data practices and their privacy policies, to using malicious or unsuitable third-party libraries. Despite recent advances in privacy engineering research, developers still face several critical challenges in implementing privacy-preserving applications. Most research focuses on detecting violations and non-compliance after deployment rather than mitigating and resolving them prior to or during development.

In this keynote talk, I will first discuss our findings regarding analysts' and developers' degrees of privacy expertise, their challenges, and the tools and solutions they use for developing privacy-preserving applications. Next, I will provide a brief history of privacy engineering solutions that address some of these challenges and questions, as well as their strengths and shortcomings in achieving their objectives. I will then present an overview of the work my team and I conduct to address some of the current shortcomings and obstacles with a particular focus on detecting, classifying, and localizing privacy behaviors during applications' development. Finally, I will discuss key future research directions for the Emerging Security & Privacy Requirements Engineering community.

Sepideh Ghanavati is an assistant professor in computer science at the University of Maine and the director of the Privacy Engineering - Regulatory Compliance Lab (PERC_Lab). Her research is at the intersection of information privacy and security, software engineering, programming comprehension, and natural language processing. Together with her team, they leverage requirements engineering, deep learning, and privacy by design techniques to develop frameworks, methods, and tools to solve some of the problems software analysts, designers, and developers face when protecting users’ privacy, complying with existing laws and regulations, and mitigating and resolving privacy violations. She is a recipient of an NSF CAREER award in 2023 as well as a Google Faculty Research Award and Google's Privacy-related Faculty Award in 2018 and 2021, respectively.

She has more than 18 years of academic and industry experience in privacy, regulatory compliance, and requirements engineering and has published more than 60 peer-reviewed publications. She has been the co-organizer of the Privacy in Natural Language Processing Workshop (PrivateNLP) for the last four years and a reviewer, program committee member, and part of the organizing committee of several journals and conferences such as PoPETS, ICSE, FSE, RE, and TSE.

Accepted Papers

We received a total of 9 submissions (accepted 4 full papers, 2 short papers, from 6 countries, 5 universities and 2 industries).


Short Papers (20 minutes, including Q's & A's)

Analysis of information security measures embedded in the GDPR, Jan Willemson. (Cybernetica, Estonia)

Towards a Basic Security Framework for SMEs – Results From an Investigation of Cybersecurity Challenges in Denmark, Camilla Nadja Fleron, Jonas Kofod Jørgensen, Oksana Kulyk and Elda Paja. (IT University of Copenhagen, Denmark)

See the schedule below for other details




Full Papers (30 minutes, including Q's & A's)

Toward Data Protection by Design: Assessing the Current State of GDPR Disclosure in Web Applications, Abdel-Jaouad Aberkane, Seppe Vanden Broucke and Geert Poels. (Ghent University, Katholieke Universiteit Leuven, Belgium)

Evaluating Privacy Questions From Stack Overflow: Can ChatGPT Compete?, Zack Delile, Sean Radel, Joe Godinez, Garrett Engstrom, Theo Brucker, Kenzie Young and Sepideh Ghanavati. (University of Maine, USA)

Automated Identification of Security and Privacy Requirements from Software Engineering Contracts, Chirag Jain, Preethu Rose Anish and Smita Ghaisas. (TCS Research, India)

Eliciting a Security Architecture Requirements Baseline from Standards and Regulations, Quentin Rouland, Stojanche Gjorcheski and Jason Jaskolka. (Carleton University, Canada)

Important Dates

NOW

Write-up your research

Submission Deadline

Due by 23:59:59 AoE, Thursday, June 16th, 2023

Submissions to EasyChair

Author Notifications

Friday, July 7, 2023

Conference Registration

For more information, see the RE23 website about how to register to attend the event

Camera-Ready Submission

Due by 23:59:59 AoE, Thursday, July 14, 2023

Submission link to be supplied

ESPRE23 Workshop

Monday 4th September, 2023

Research Challenges and Roadmap

Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.

Time permitting, we may run a ‘Lightning talks’ session of 2-minute talks during the workshop. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events. This could also be discussed in the QnA and discussion session.

Schedule

Workshop Room - @g325

09:00 - 09:10

Workshop Opening

Opening Remarks - Prof. Seok-Won Lee, Workshop Co-Chair. (Ajou University, Korea)
09:10 - 10:00

Invited Talk

Privacy is not an Afterthought: Raising Awareness Towards Privacy-Driven Software Development - Dr. Sepideh Ghanavati (University of Maine, USA)
10:00 - 10:30

Presentation

  • 10:00 - 10:30 (Full Paper) > Toward Data Protection by Design: Assessing the Current State of GDPR Disclosure in Web Applications, Abdel-Jaouad Aberkane, Seppe Vanden Broucke and Geert Poels. (Ghent University, Katholieke Universiteit Leuven, Belgium)
10:30 - 11:00

Coffee Break @Lichthof

11:00 - 12:10

Presentations

  • 11:00 - 11:20 (Short Paper) > Analysis of information security measures embedded in the GDPR, Jan Willemson. (Cybernetica, Estonia)
  • 11:20 - 11:50 (Full Paper) > Evaluating Privacy Questions From Stack Overflow: Can ChatGPT Compete? Sean Radel, Joe Godinez, Garrett Engstrom, Theo Brucker, Kenzie Young and Sepideh Ghanavati. (University of Maine, USA)
  • 11:50 - 12:10 (Short Paper) > Towards a Basic Security Framework for SMEs – Results From an Investigation of Cybersecurity Challenges in Denmark, Camilla Nadja Fleron, Jonas Kofod Jørgensen, Oksana Kulyk and Elda Paja. (IT University of Copenhagen, Denmark)
12:10 - 12:30

QnA and Discussion

12:30 - 14:00

Lunch Break @Lichthof

14:00 - 15:00

Presentations

  • 14:00 - 14:30 (Full Paper) > Automated Identification of Security and Privacy Requirements from Software Engineering Contracts Chirag Jain, Preethu Rose Anish and Smita Ghaisas. (TCS Research, India)
  • 14:30 - 15:00 (Full Paper) > Eliciting a Security Architecture Requirements Baseline from Standards and Regulations Quentin Rouland, Stojanche Gjorcheski and Jason Jaskolka. (Carleton University, Canada)
15:00 - 15:30

Discussion and Wrap-up

15:30 - 16:00

Workshop Close, and Coffee Break @Lichthof

Programme Committee

Organising Committee

Duncan Ki-Aries

Bournemouth University,
UK
Portfolio Image Institutional Logo

Seok-Won Lee

Ajou University,
South Korea
Portfolio Image Institutional Logo

Mattia Salnitri

Politecnico di Milano,
Italy
Portfolio Image Institutional Logo

Previous Workshops

ESPRE is now celebrating it's 10th year. Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.

For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.


The ninth ESPRE workshop was held as a one-day online workshop during RE 2022. The workshop consisted of keynote talks by Erlend Andreas Gjære and Nancy R. Mead, and technical programme of presentations, followed by a closing talk towards a roadmap for evolving security and privacy requirements engineering. (Website)
The eighth ESPRE workshop was held as a half-day online workshop during RE 2021. The workshop consisted of a keynote talk by Travis Breaux and José Francisco Ruiz, and technical programme of presentations, followed by a closing talk towards a roadmap for evolving security and privacy requirements engineering. (Website)
The seventh ESPRE workshop was held as a half-day workshop during RE 2020, and became the first online ESPRE workshop. The workshop consisted of a keynote talk by Shamal Faily, a reduced technical programme of presentations, and a closing talk and participant discussion led by Duncan Ki-Aries towards a roadmap for evolving security and privacy requirements engineering. (Website)
The sixth ESPRE workshop was held during RE 2019 in Jeju Island, South Korea. The workshop consisted of a keynote talk by Daehun Nyang, a technical programme of six paper presentations, and a closing talk and participant discussion led by Tiago Gasiba towards a roadmap for evolving security andprivacy requirements engineering. (Website)
The fifth ESPRE workshop was held during RE 2018 in Banff, Canada. The workshop consisted of a keynote talk by Yijun Yu, a technical programme of five paper presentations, a lightning talk session, and a closing talk by Lionel Briand. (Website)
The fourth ESPRE workshop was held during RE 2017 in Lisbon, Portugal. The workshop consisted of a keynote talk by Chris Williams, a technical programme of seven paper presentations, and a closing talk by Tiago Gasiba. (Website)
The third ESPRE workshop was held during RE 2016 in Beijing, China. The workshop consisted of a keynote talk by Lin Liu, a technical programme of six paper presentations, a lightening talk session, and an interactive demo session.
The second ESPRE workshop was held during RE 2015 in Ottawa, Canada. The workshop consisted of a keynote talk by Robert Biddle, a technical programme of five paper presentations, and a closing talk by Fabio Massacci. For the first time, the programme also included a lightening talk session containing a number of brief presentations from attendees on new and emerging results from our field. (Website)
The first ESPRE workshop was held during RE 2014 in Karlskrona, Sweden. The workshop consisted of a keynote talk by Angela Sasse, a technical programme of eight paper presentations, and a closing talk by Aljosa Pasic. Three selected papers of the workshop were extended for an ESPRE special issue of the International Journal of Secure Software Engineering, which was published in 2015. (Website)
Top