ESORICS 2018

2nd International Workshop on SECurity and Privacy Requirements Engineering
SECPRE 2018

In conjunction with ESORICS 2018

6-7 September, 2018

Scope

Software engineering is an essential aspect for obtaining a systematic, disciplined and quantifiable approach to the development, operation, and maintenance of software and services. Incorporating security and privacy during the engineering process is of vital importance for assuring the development of reliable, correct, robust and trustful systems as well as adaptive, usable and evolving software services that satisfy users’ requirements.

For many years software engineers were focused in the development of new software thus considering security and privacy mainly during the development stage as an ad-hoc process rather than an integrated one initiated in the system design stage. However, the data protection regulations, the complexity of modern environments such as IoT, IoE, Cloud Computing, Big Data, Cyber Physical Systems etc. and the increased level of users’ awareness in IT have forced software engineers to identify security and privacy as fundamental design aspects leading to the implementation of more trusted software systems and services. Researchers have addressed the necessity and importance of implementing design methods for security and privacy requirements elicitation, modeling and implementation the last decades. Today Security by Design (SbD) and Privacy by Design (PbD) are established research areas that focus on these directions. 

Topics

Methods, tools and techniques for the elicitation, analysis and modeling of security and privacy requirements
Security and Privacy testing methods and tools
Adaptive Security and Privacy related methods and tools
Methods and tools for designing usable secure and privacy-aware systems
Methods and tools for the coordination of legal requirements along with Security and Privacy requirements
Security and Privacy requirements verification
Integration of functional, security and privacy requirements
Security and Privacy by design issues
SbD and PbD legal and regulatory issues

Committees

General Chairs

Prof. Annie Antón

Georgia Institute of Technology
USA

Prof. Stefanos Gritzalis

University of the Aegean
Greece

Program Committee Chairs

Prof. John Mylopoulos

University of Toronto
Canada

Assoc. Prof. Christos Kalloniatis

University of the Aegean
Greece

Technical Program Committee


Frederic Cuppens, Telecom Bretange, France
Sabrina De Capitani di Vimercati, Università degli Studi di Milano, Italy
Theo Dimitrakos, University of Kent, UK
Eric Dubois, Luxembourg Institute of Science & Technology, Luxembourg
Carmen Fernandez-Gago, University of Malaga, Spain
Eduardo Fernandez-Medina, University of Castilla-La Mancha, Spain
Mohamad Gharib, University of Florence, Italy
Paolo Giorgini, University of Trento, Italy
Maritta Heisel, Univeristy of Duisburg-Essen, Germany
Jan Juerjens, University of Koblenz-Landau, Germany
Costas Lambrinoudakis, University of Piraeus, Greece
Tong Li, Beijing University of Technology, China
Fabio Martinelli , National Research Council - C.N.R., Italy
Haralambos Mouratidis, University of Brighton, UK
Aaron Massey, University of Maryland, USA
Michalis Pavlidis, University of Brighton, UK
David Garcia Rosado, University of Castilla-La Manca, Spain
Mattia Salnitri, University of Trento, Italy
Pierangela Samarati, Università degli Studi di Milano, Italy
Jessica Staddon, North Carolina State University, USA
Nicola Zannone, Eindhoven University of Technology, The Netherlands

Paper Submission

Submission Guidelines

Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference/workshop with proceedings. The workshop proceedings will be published by Springer in the Lecture Notes in Computer Science (LNCS) series (joint post proceedings).

All submissions should follow the LNCS template from the time they are submitted. Submitted papers can be either full papers or short papers. Full papers should be at most 20 pages while short papers should be at most 8 pages including the bibliography in both cases. All submissions must be written in English. Submissions are to be made to the Submission web site. Only pdf files will be accepted.

Submissions not meeting these guidelines risk rejection without consideration of their merits. Authors of accepted papers must guarantee that their papers will be presented at the conference.

Extended versions of high quality accepted papers will be given fast track opportunity to be published in Information and Computer Security journal.

Important Dates

Submission deadline

June 22, 2018 July 10, 2018
(11:59 p.m.American Samoa time UTC-11)

Notification to authors

July 20, 2018 July 27, 2018

Camera-ready versions

August 16, 2018 August 31, 2018

List of Accepted Papers


1. Sealed Computation: Abstract Requirements for Mechanisms to Support Trustworthy Cloud Computing, by Lamya Abdullah, Felix Freiling, Juan Quintero and Zinaida Benenson
2. Understanding challenges to adoption of the Protection Poker software security game, by Inger Anne Tøndel, Martin Gilje Jaatun, Daniela Cruzes and Tosin Daniel Oyetoyan
3. An experimental evaluation of bow-tie analysis for cybersecurity requirements, by Per Håkon Meland, Karin Bernsmed, Christian Frøystad, Jingyue Li and Guttorm Sindre
4. Towards Run-Time Monitoring of Data Handling Violations, by Jassim Happa, Nick Moffat, Michael Goldsmith and Saddie Creese
5. A General scheme for CTI Representation in Privacy-Preserving Data Analysis, by Fabio Martinelli, Oleksii Osliak and Andrea Saracin


Program

Joint with CyberICPS 2018 Workshop
Thursday, September 6, 2018

13:45-15:45 Session 1: Cyber-Physical Systems Security
  • Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning, by Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam and Xavier Bellekens
  • Cyber-attacks against the autonomous ship, by Georgios Kavallieratos, Sokratis Katsikas and Vasileios Gkioulos
  • EPIC: An Electric Power Testbed for Research and Training in Cyber Physical Systems Security, by Sridhar Adepu, Nandha Kumar Kandasamy and Aditya Mathur
  • Sealed Computation: Abstract Requirements for Mechanisms to Support Trustworthy Cloud Computing, by Lamya Abdullah, Felix Freiling, Juan Quintero and Zinaida Benenson
15:45-16:00 Coffee Break

16:00-18:00 Session 2: Security and Privacy Issues in Architectures and Systems
  • Understanding challenges to adoption of the Protection Poker software security game, by Inger Anne Tøndel, Martin Gilje Jaatun, Daniela Cruzes and Tosin Daniel Oyetoyan
  • A Hardware Based Solution for Freshness of Secure Onboard Communication in Vehicles, by Sigrid Guergens and Daniel Zelle
  • Enhancing Usage Control for Performance: An Architecture for Systems of Systems, by Vasileios Gkioulos, Athanasios Rizos, Christina Michailidou and Paolo Mori
  • A General scheme for CTI Representation in Privacy-Preserving Data Analysis, by Fabio Martinelli, Oleksii Osliak and Andrea Saracin

Friday, September 7, 2018

09:00-10:00 Session 1: Machine Learning Based Solutions
  • An experimental evaluation of bow-tie analysis for cybersecurity requirements, by Per Håkon Meland, Karin Bernsmed, Christian Frøystad, Jingyue Li and Guttorm Sindre
  • Comparative study of machine learning methods for in-vehicle intrusion detection, by Ivo Berger, Roland Rieke, Maxim Kolomeets, Andrey Chechulin and Igor Kotenko
10:00–11:00 Keynote Speaker

11:00–11:30 Coffee Break

11:30-13:00 Session 2: Data Oriented Security and Privacy Solutions
  • SDN-enabled virtual data diode, by Miguel Borges de Freitas, Luis Rosa, Tiago Cruz and Paulo Simões
  • Towards Run-Time Monitoring of Data Handling Violations, by Jassim Happa, Nick Moffat, Michael Goldsmith and Saddie Creese
  • Realistic Data Generation for Anomaly Detection in Industrial Settings using Simulations, by Peter Schneider and Alexander Giehl

Contact us

For further inquiries, please contact the program committee chairs at:

secpre2018 [at] easychair [dot] org