The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop is a multi-disciplinary, one-day workshop. It brings together practitioners and researchers interested in security and privacy requirements.
ESPRE probes the interfaces between Requirements Engineering and Security & Privacy, and aims to evolve security and privacy requirements engineering to meet the needs of stakeholders; these range from business analysts and security engineers, to technology entrepreneurs and privacy advocates.
We invite research and position papers that address any of the workshop topics.
Please use the IEEE trans template for submissions.
Further Instructions are also on the RE 2017 site
Papers have no more than 6 pages of content. An additional page is allowed for references only. Papers should be submitted electronically in PDF format to EasyChair.
Accepted papers will be published in the workshop proceedings, and made available via IEEE Xplore.
We will run a ‘Lightning talks’ session of 2-minute talks after lunch. Such talks might share early results, on-going work, annoyances, practical lessons learned, or even plugs for upcoming events. To book a slot, please email firstname.lastname@example.org with your name, affiliation, talk title, and brief abstract. Proposals will be accepted on a first come, first served basis until all available slots are filled. We will, however, try to free up space elsewhere on the day if we get more demand than we can satisfy.
The scope for talk topics is open, but the timings are not. Please keep your talk within the time limit. This will make your talk more focused, and keep the audience excited. Please email any slides (no more than 2) in PDF format to email@example.com by 5pm CET on Sunday, September 3rd 2017.
Greater agility of our infrastructure systems will be a key enabler to address the increasingly volatile, uncertain, complex and ambiguous environment that is characteristic of future operations. In this context, agility is the ability for a system to provide a timely response in relation to changes in the mission, threat or environment. Increasingly systems will operate autonomously to reduce human cognitive demands and to respond faster than a human operator could. In order to achieve this, three high level system capabilities are required:
Underpinning the ability to deliver this capability is the need to assure the operation of the system, but due to the agile nature, a static design time assurance process is no longer sufficient. Instead both design time and real time assurance is required.
The talk will describe in more detail the architectures and design principles of agile systems, with an emphasis on information systems. It will give exemplars in relation system security and how the architecture supports risk based analysis. Initial concepts in run-time assurance for secure agile systems will also be described.
Dr Williams graduated from the University of Oxford with a First in Engineering Science, and subsequently gained his PhD from Bristol University on the topic of chaotic waveforms for communications. Alongside periods in industry (Research Manager for Fujitsu) and academia (Research Fellow at Bristol University) much of his career has been in Government defence research (Dstl and predecessors). Areas of expertise include novel waveforms, communications signal processing, dynamic spectrum access, risk based decision making, agile systems and requirements engineering.
SIEMENS Corporate Technology (CT) is the central research and development unit of the company. CT invents new methods and technologies and has introduced the product solution and security (PSS) organization to raise the bar on security awareness and to ensure that security is considered in all phases of the product life-cycle.
In this talk, we show how Siemens CT recommends to conduct Security Requirements Engineering within the PSS life-cycle, which involves multiple security analysis activities, as well as the involvement of key stakeholders. We also illustrate CT best security practices for our complex work environment, in particular for products with long lifespans. We also discuss security requirements w.r.t. applying modern and state-of-the art security techniques to an already established work environment over decades.
Over the last three years Tiago Gasiba has been working for Siemens AG, Munich, as a Security Consultant and Researcher. During this time he has applied for more than ten patents in the field of IT and OT Security. His main areas of interest include Secure Software and Web Application Development, Coaching and Security Training. In his role as a Security Researcher he is constantly looking at ways to improve the Security Requirements handling within Siemens own processes and in better ways to assist its business units. In particular on accompanying the process from the Requirements specification, through the implementation and reaching until the Requirements Testing phase. Tiago has gathered experience in several different fields, which aid in this systematic approach to product security. He has previously worked as an Incident Handler for Siemens CERT and Security Architect for Java Card Operating System at NXP. Furthermore he has also worked as an Embedded Software Developer, System Designer at Ericsson Modem and Telecom Researcher for Siemens Mobile, where he helped and worked in 3GPP standardization topics, where he also holds some patents. In 2002 he earned his Engineering Degree in Telecommunications, Electronics and Computers from the Oporto University in Portugal and in 2004 he his Master of Science in Communications Engineering from the Technical University of Munich in Germany.
|0930 - 1030|
Keynote talk: Chris Williams (Chair: Shamal Faily)
|1030 - 1100||Coffee break|
|1100 - 1230|
Session: Human Centered Design and Engineering (Chair: Nancy Mead)
|1230 - 1400||Lunch|
|1400 - 1530|
Session: Privacy (Chair: Seok-Won Lee)
|1530 - 1600||Coffee break|
|1600 - 1630|
Session: Awareness (Chair: Kristian Beckers)
|1630 - 1730|
Invited talk: Tiago Gasiba (Chair: Kristian Beckers)