CALL FOR PAPERS

2nd Evolving Security & Privacy Requirements Engineering Workshop:
co-located with 23nd IEEE International Requirements Engineering Conference
Main Conference: http://re15.org
Workshop: http://espre2015.org

25 August - Ottawa Canada

* INTRODUCTION

When specifying a system, security and privacy needs to be addressed as early as possible. Unfortunately, many people find doing so difficult in the face of conflicting priorities. When these concerns are addressed, we discover how intrinsically difficult specifying security and privacy can be, and the blurred distinction between requirements and security and privacy concepts.

The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop will be a multi-disciplinary, one-day workshop that brings together practitioners and researchers interested in security and privacy requirements. ESPRE will probe the interfaces between Requirements Engineering and Security & Privacy, and take the first step in evolving security and privacy requirements engineering to meet a range of needs of stakeholders ranging from business analysts and security engineers, to technology entrepreneurs and privacy advocates.

* KEYNOTE SPEAKERS

Robert Biddle is Professor of Human-Computer Interaction at Carleton University in Ottawa, Canada. He is appointed both to the School of Computer Science and the Institute of Cognitive Science. He has won awards for teaching and research, and his research program involves active collaboration with a range of government and industry partners.

His current research is primarily in human factors in cyber-security and software design, especially creating and evaluating innovative designs for computer security software.

Steven Johnston is the Senior Security and Technology Advisor at the Office of the Privacy Commissioner of Canada, he is the most senior technical specialist within the Commission. He provides expert advice on general information technology, information technology security and national security/public safety issues to the Commissioners, senior management and staff at OPC.

Specific responsibilities include monitoring, assessing, analysing and reporting on the privacy implications of current and emerging technologies. This includes, among a myriad of other topics, biometrics, electronic health initiatives, Radio Frequency Identification (RFID), nanotechnology and ubiquitous computing. He also supports the legal, investigation and audit functions within the OPC by providing general technology and security advice and guidance.


* TOPICS

Topics addressed by ESPRE are those which will promote discussion about advancing Security & Privacy Requirements Engineering. These include, but are not excluded to:

* Security and privacy requirements elicitation and analysis
* Identification and management of all stakeholders (including attackers)
* Modelling multilateral stakeholder perspectives on security and privacy
* Scalability of security requirements engineering approaches
* Modelling of domain knowledge for security and privacy requirements
* Ontologies for security and privacy requirements engineering
* Security and privacy requirements engineering processes
* Evolution of security and privacy requirements
* Security requirements-based testing
* Consideration of legal compliance during security & privacy requirements engineering
* Use of requirements engineering to create security and privacy standard-compliant software
* Modelling of trust and risk
* Validation and verification of security and privacy requirements
* Teaching and training in security and privacy requirements engineering
* The role of security and privacy requirements engineering to support design innovation
* Positive (and especially negative) lessons learned applying security and requirements engineering in practice

* IMPORTANT DATES

* Submission deadline: June 16th, 2015 (extended)
* Decisions to authors: July 7th, 2015 (extended)
* Camera ready papers due: July 15th, 2015
* Workshop date: August 25th, 2015

* COMMITEES

Organising Committee

Kristian Beckers (Technical University Munich, Germany)
Shamal Faily (Bournemouth University, UK)
Seok-Won Lee (Ajou University, South Korea)
Nancy Mead (Carnegie Mellon University, USA)

Programme Committee

Raian Ali (Bournemouth University, UK)
Andrea Atzeni (Politecnico di Torino, Italy)
Dan Berry (University of Waterloo, Canada)
Travis Breaux (Carnegie Mellon University, USA)
Stephan Fa·bender (University of Duisburg-Essen, Germany)
Stefan Fenz (Vienna University of Technology, Austria)
Carmen Fernandez Gago (University of Malaga, Spain)
Eduardo FernÖndez-Medina Pat¢n (Universidad de Castilla-La Mancha, Spain)
Nalin Asanka Gamagedara Arachchilage (University of British Columbia, Canada)
Sepideh Ghanavati (CRP Henri Tudor, Luxembourg)
Martin Gilje Jaatun (SINTEF ICT, Norway)
Marit Hansen (Independent Centre for Privacy Protection Schleswig-Holstein, Germany)
Maritta Heisel (University of Duisburg-Essen, Germany)
Denis Hatebur (ITESYS, Germany)
Meiko Jensen (Syddansk Universitet, Denmark)
Christos Kalloniatis (University of the Aegean, Greece)
Anne Koziolek (Karlsruhe Institute of Technology, Germany)
Raimundas Matulevicius (University of Tartu, Estonia)
Haralambos Mouratidis (University of Brighton, UK)
Martin Ochoa (Technical University Munich, Germany)
Federica Paci (University of Trento, Italy)
Jaehong Park (University of Texas at San Antonio, USA)
Aljosa Pasic (ATOS, Spain)
Thomas Santen (Microsoft Research, Germany)
Riccardo Scandariato (KU Leuven, Belgium)
Holger Schmidt (TüV Informationstechnik GmbH, Germany)
Mohamed Shehab (University of North Carolina at Charlotte, USA)
Bjørnar Solhaug (SINTEF ICT, Norway)
Ketil Stølen (SINTEF ICT, Norway)
Sven Wenzel (Fraunhofer ISST, Germany)
Nicola Zannone (Eindhoven University of Technology, The Netherlands)
Mohammad Zulkernine (Queen’s University, Canada)