The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop will be a multi-disciplinary, one-day workshop that brings together practitioners and researchers interested in security and privacy requirements. ESPRE will probe the interfaces between Requirements Engineering and Security & Privacy, and take the first step in evolving security and privacy requirements engineering to meet a range of needs of stakeholders ranging from business analysts and security engineers, to technology entrepreneurs and privacy advocates.

Type of event: Conference

Type of audience: Professional, Company, University, Researcher Institute, Public Administration, etc.

Data of event: 25th of August 2015

Location: co-located with the 23rd IEEE International Requirements Engineering Conference – Ottawa, Canada


09:15: Introduction and welcome – Kristian Beckers

09:30: Keynote – Robert Biddle (Title: Frontiers of Usable Security: New Challenges and New Models) – Session Chair: Kristian Beckers

10:30: Coffee

11:00: Paper Session 1: Security Requirements – Session Chair: Seok-Won Lee

A Survey about User Requirements for Biometric Authentication on Smartphones (slides)

Inclusion of Security Requirements in SLA Lifecycle Management for Cloud Computing (slides)

Instantiating a Model for Structuring and Reusing Security Requirements Sources

12:00: Discussion on Human Computer Interaction and Security Requirements Engineering – Session Chair: Robert Biddle

12:30: Lunch

14:00: Paper Session 2: Modelling Cloud Security – Session Chair: Kristian Beckers

Patterns for security and privacy in cloud ecosystems

Modelling Secure Cloud Systems Based on System Requirements

14:40: Lightning Talks

Paolo Giorgini: STS-Tool: Security Requirements Engineering for Socio-Technical Systems

Tong Li: A Holistic Security Attack Analysis Framework

Nedaa Zirjawi: Iris recognition in smartphone

Mahmood Hosseini: Transparency, the requirement of the 21st century

Nancy Mead: MORE tool demo

Shamal Faily: Designing security through personas

David Callele: Multi-factor authentication for unmotivated users

Kristian Beckers: Pattern and Security Requirements – Engineering-Based Establishment of Security Standards

15:30: Coffee

16:00: Invited Talk – Fabio Massacci – (Title: The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals) – Session Chair: Nancy Mead

17:00: Collaboration Session

17:30: Closing remarks