1st International Workshop on SECurity and Privacy Requirements Engineering

SECPRE 2017

Scope

Software engineering is an essential aspect for obtaining a systematic, disciplined and quantifiable approach to the development, operation, and maintenance of software and services. Incorporating security and privacy during the engineering process is of vital importance for assuring the development of reliable, correct, robust and trustful systems as well as adaptive, usable and evolving software services that satisfy users’ requirements.

For many years software engineers were focused in the development of new software thus considering security and privacy mainly during the development stage as an ad-hoc process rather than an integrated one initiated in the system design stage. However, the data protection regulations, the complexity of modern environments such as IoT, IoE, Cloud Computing, Big Data, Cyber Physical Systems etc. and the increased level of users’ awareness in IT have forced software engineers to identify security and privacy as fundamental design aspects leading to the implementation of more trusted software systems and services. Researchers have addressed the necessity and importance of implementing design methods for security and privacy requirements elicitation, modeling and implementation the last decades. Today Security by Design (SbD) and Privacy by Design (PbD) are established research areas that focus on these directions. 

Committees

General Chairs

Program Committee Chairs

Technical Program Committee

Travis Breaux, Carnegie Mellon University, USA
Frederic Cuppens, Telecom Bretange, France
Sabrina De Capitani di Vimercati, Università degli Studi di Milano, Italy
Theo Dimitrakos, University of Kent, UK
Mohamad Gharib, University of Florence, Italy
Paolo Giorgini, University of Trento, Italy
Maritta Heisel, Univeristy of Duisburg-Essen, Germany
Jan Juerjens, University of Koblenz-Landau, Germany
Costas Lambrinoudakis, University of Piraeus, Greece
Tong Li, Beijing University of Technology, China
Javier Lopez, University of Malaga, Spain
Fabio Martinelli , National Research Council - C.N.R., Italy
Aaron Massey, University of Maryland, USA
Haralambos Mouratidis, University of Brighton, UK
Liliana Pasquale, University College Dublin, Ireland
Michalis Pavlidis, University of Brighton, UK
David Garcia Rosado, University of Castilla-La Manca, Spain
Mattia Salnitri, University of Trento, Italy
Pierangela Samarati, Università degli Studi di Milano, Italy
Nicola Zannone, Eindhoven University of Technology, The Netherlands

Paper Submission

Submission Guidelines

Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference/workshop with proceedings. The workshop proceedings will be published by Springer in the Lecture Notes in Computer Science (LNCS) series (joint post proceedings).

All submissions should follow the LNCS template from the time they are submitted. Submitted papers can be either full papers or short papers. Full papers should be at most 20 pages while short papers should be at most 8 pages including the bibliography in both cases. All submissions must be written in English. Submissions are to be made to the Submission web site. Only pdf files will be accepted.

Submissions not meeting these guidelines risk rejection without consideration of their merits. Authors of accepted papers must guarantee that their papers will be presented at the conference.

Extended versions of high quality accepted papers will be given fast track opportunity to be published in Information and Computer Security journal.

Important Dates

List of Accepted Papers

1. What users want: adapting qualitative research methods to security requirements elicitation, by Vivien Rooney and Simon Foley
2. A UML Profile for Privacy-Aware Data Lifecycle Models, by Majed Alshammari and Andrew Simpson
3. Evaluation of a Security and Privacy Requirements Methodology using the Physics of Notation, by Vasiliki Diamantopoulou, Michalis Pavlidis and Haralambos Mouratidis
4. An Anti-Pattern for Misuse Cases, by Mohammad Torabi Dashti and Sasa Radomirovic
5. Decision-Making in Security Requirements Engineering with Constrained Goal Models, by Nikolaos Argyropoulos, Konstantinos Angelopoulos, Haralambos Mouratidis and Andrew Fish


The proceedings of the SECPRE workshop can be downloaded from: http://www.springer.com/gp/book/9783319728162

Program

Thursday, September 14, 2017
Room: Møterom Kantine

09:00-10:30 Session 1: Designing a security assurance framework under V2I connectivity use cases: The SAFERtec approach and vision (Presentations)
10:30-11:00 Coffee Break
11:00-12:30 Session 2: Designing a security assurance framework under V2I connectivity use cases: The SAFERtec approach and vision (Discussion)
12:30-14:00 Lunch

Friday, September 15, 2017
Room: Hovedsal

14:00-15:30 Session 3: Security and Privacy Requirements Assurance and Evaluation

14:00-14:30: Keynote: Dr. Prokopios Drogkaris, Officer in Network and Information Security, European Union Agency for Network & Information Security (ENISA). Technology's role in General Data Protection Regulation (presentation)
14:30-15:00: Majed Alshammari and Andrew Simpson. A UML Profile for Privacy-Aware Data Lifecycle Models (presentation)
15:00-15:30: Vasiliki Diamantopoulou, Michalis Pavlidis and Haralambos Mouratidis. Evaluation of a Security and Privacy Requirements Methodology using the Physics of Notation (presentation)

15:30-16:00 Coffee Break

16:00-17:30 Session 4: Security Requirements Elicitation and Modelling

16:00-16:30: Vivien Rooney and Simon Foley. What users want: adapting qualitative research methods to security requirements elicitation (presentation)
16:30-17:00: Mohammad Torabi Dashti and Sasa Radomirovic. An Anti-Pattern for Misuse Cases (presentation)
17:00-17:30: Nikolaos Argyropoulos, Konstantinos Angelopoulos, Haralambos Mouratidis and Andrew Fish. Decision-Making in Security Requirements Engineering with Constrained Goal Models (presentation)