WHY ESPRE?

The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.

ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.

ESPRE will be run as a one-day workshop. The workshop format will consist of an invited talk, paper presentations and discussions, and a facilitated roadmap building session. This year, we have introduced a slightly longer page count. Full papers should now be 8 pages, plus 2 pages for references. Papers with borderline review outcomes may be considered for a short-paper publication, e.g. 6 pages, plus 1 page for references.

ESPRE is suited towards attendees with interests not only in Requirements Engineering, but also in security, privacy, user experience, software engineering, system of systems engineering, and other related areas.

A selection of best papers from the ESPRE workshop will be invited to submit extended versions for tentative publication in a Special Section of the Information and Software Technology (IST) journal.

TOPICS

These include, but are not limited to:

  • Security and Privacy requirements elicitation and analysis
  • Identification and management of all stakeholders (including attackers)
  • Modelling multilateral stakeholder perspectives on Security and Privacy
  • Scalability of Security RE approaches
  • Modelling of domain knowledge for Security and Privacy requirements
  • Ontologies for Security and Privacy RE
  • Security and Privacy RE processes
  • Evolution of Security and Privacy requirements
  • Consideration of legal compliance during RE
  • Use of RE to create Security and Privacy standard-compliant software
  • Modelling of Trust, Reputation, and Risk
  • Validation and verification of Security and Privacy requirements
  • Positive (and especially negative) lessons learned applying Security and RE in practice
  • AI for security and privacy
  • Security and privacy for AI
  • Energy-aware definition security and privacy requirements
  • Security and privacy enforcement using blockchain technologies
  • Security and privacy drawbacks of blockchain technologies
  • Security and privacy requirements for accessibility and inclusivity
  • User studies of security or privacy technology
  • Studies of administrators, software and requirements engineers and support for security and privacy
  • Large language models for privacy and security requirements
  • Privacy and security requirements of large language models

Don't forget, ESPRE24 will be again be held in-person. We'll add any on-going updates about the event for you here. See here for more details about the RE conference

UPDATE: The ESPRE workshop submission deadline has been extended. See below for the new date.

Keynote

Maya Anderson

Abstract: Maya Anderson is a software researcher, architect and engineer working at IBM Research in the Data Privacy and Security group. Data privacy and security are her passion, and with the advent of the AI era, she has been focusing on making AI more trustworthy in that regard. She has been researching privacy risks related to AI models, and, in particular, to Large Language Models. Before joining IBM Research, she worked in the industry as a senior software developer, team lead and scrum master at VMware and at SAP. Maya is the author of several papers and patents, and she has also contributed to Apache communities, such as Parquet, Arrow, Spark and numpy.

Keynote:Maya Anderson

Accepted Papers

Accepted Papers

Securing Electric Vehicle Charging Stations: A Critical Analysis of Authentication Vulnerabilities, Andreas Stichow and Patrick Rempel. (Harz University of Applied Sciences, Germany)

Patterns of Inquiry in a Community Forum for Legal Compliance with Privacy Law, Sarah Santos, Sara Haghighi, Sepideh Ghanavati, Travis Breaux and Thomas Norton. (Carnegie Mellon University, University of Maine, Fordham University School of Law, USA)

Toward Regulatory Compliance: A few-shot Learning Approach to Extract Processing Activities, Pragyan K C, Rambod Ghandiparsi, Sepideh Ghanavati, Rocky Slavin, Travis Breaux and Mitra Bokaei Hosseini. (University of Texas at San Antonio, University of Maine, Carnegie Mellon University, USA)

See the schedule below for other details




Important Dates

Submission Deadline (Extended)

Due by 23:59:59 AoE, Sunday, April 7 2024

Submissions to EasyChair

(8 Pages, plus 2 pages for references)

Author Notifications

From Monday, April 29, 2024

Conference Registration

For more information, see the RE24 website about how to register to attend the event

Camera-Ready Submission

Due by 23:59:59 AoE, Monday, May 6, 2024

Submission link to be supplied

ESPRE24 Workshop

Tuesday, June 25, 2024

Schedule - Tuesday, June 25, 2024

Throughout the day, the workshop organisers will note potential research challenges that form the basis of a roadmap for evolving security and privacy requirements engineering. Following the final session, we will close the workshop with a wrap-up session, in which these challenges and a potential roadmap for addressing them will be proposed.

13:45 - 14:05

Workshop Opening

Opening Remarks - Dr. Mattia Salnitri, Workshop Co-Chair. (Politecnico di Milano, Italy)
14:05 - 15:05

Invited Talk

Maya Anderson (IBM Research)
15:15 - 15:45

Coffee Break

15:45 - 17:00

Presentations

  • 15:45 - 16:10 > Securing Electric Vehicle Charging Stations: A Critical Analysis of Authentication Vulnerabilities, Andreas Stichow and Patrick Rempel. (Harz University of Applied Sciences, Germany)
  • 16:10 - 16:35 > Toward Regulatory Compliance: A few-shot Learning Approach to Extract Processing Activities, Pragyan K C, Rambod Ghandiparsi, Sepideh Ghanavati, Rocky Slavin, Travis Breaux and Mitra Bokaei Hosseini. (University of Texas at San Antonio, University of Maine, Carnegie Mellon University, USA)
  • 16:35 - 17:00 > Patterns of Inquiry in a Community Forum for Legal Compliance with Privacy Law, Sarah Santos, Sara Haghighi, Sepideh Ghanavati, Travis Breaux and Thomas Norton. (Carnegie Mellon University, University of Maine, Fordham University School of Law, USA)
17:00 - 17:20

Discussion and Wrap-up

17:20 - 17:30

Workshop Close

Previous Workshops

ESPRE is now celebrating it's 11th year. Although the ESPRE workshop has been co-located with RE since 2014, it builds on the success of earlier workshops in security requirements engineering and secure software engineering.

For example, the Security and Privacy Requirements Engineering (SPREE) Workshop in 2011, the International Workshop for Software Engineering for Secure Systems (SESS) series, and the Requirements for High Assurance Systems (RHAS) workshop series.

During 2020-2022, workshop and conference sessions were mostly held online, then in 2024 we retunred to in-person sessions in Hannover, Germany.


The tenth ESPRE workshop was held as a one-day in-person workshop during RE 2023. The workshop consisted of keynote talk by Dr. Sepideh Ghanavati, and a technical programme of presentations, followed by a closing talk towards addressing future challenges and considerations towards evolving security and privacy requirements engineering. (Website)
The ninth ESPRE workshop was held as a one-day online workshop during RE 2022. The workshop consisted of keynote talks by Erlend Andreas Gjære and Nancy R. Mead, and technical programme of presentations, followed by a closing talk towards a roadmap for evolving security and privacy requirements engineering. (Website)
The eighth ESPRE workshop was held as a half-day online workshop during RE 2021. The workshop consisted of a keynote talk by Travis Breaux and José Francisco Ruiz, and technical programme of presentations, followed by a closing talk towards a roadmap for evolving security and privacy requirements engineering. (Website)
The seventh ESPRE workshop was held as a half-day workshop during RE 2020, and became the first online ESPRE workshop. The workshop consisted of a keynote talk by Shamal Faily, a reduced technical programme of presentations, and a closing talk and participant discussion led by Duncan Ki-Aries towards a roadmap for evolving security and privacy requirements engineering. (Website)
The sixth ESPRE workshop was held during RE 2019 in Jeju Island, South Korea. The workshop consisted of a keynote talk by Daehun Nyang, a technical programme of six paper presentations, and a closing talk and participant discussion led by Tiago Gasiba towards a roadmap for evolving security andprivacy requirements engineering. (Website)
The fifth ESPRE workshop was held during RE 2018 in Banff, Canada. The workshop consisted of a keynote talk by Yijun Yu, a technical programme of five paper presentations, a lightning talk session, and a closing talk by Lionel Briand. (Website)
The fourth ESPRE workshop was held during RE 2017 in Lisbon, Portugal. The workshop consisted of a keynote talk by Chris Williams, a technical programme of seven paper presentations, and a closing talk by Tiago Gasiba. (Website)
The third ESPRE workshop was held during RE 2016 in Beijing, China. The workshop consisted of a keynote talk by Lin Liu, a technical programme of six paper presentations, a lightening talk session, and an interactive demo session.
The second ESPRE workshop was held during RE 2015 in Ottawa, Canada. The workshop consisted of a keynote talk by Robert Biddle, a technical programme of five paper presentations, and a closing talk by Fabio Massacci. For the first time, the programme also included a lightening talk session containing a number of brief presentations from attendees on new and emerging results from our field. (Website)
The first ESPRE workshop was held during RE 2014 in Karlskrona, Sweden. The workshop consisted of a keynote talk by Angela Sasse, a technical programme of eight paper presentations, and a closing talk by Aljosa Pasic. Three selected papers of the workshop were extended for an ESPRE special issue of the International Journal of Secure Software Engineering, which was published in 2015. (Website)
Top