Home

Call For Papers

Important Dates

Committees

Accepted papers

Programme


SREIS 2001

SREIS 2002

SREIS 2005

Security and privacy requirements for new eCommerce and Internet applications exceed the traditional requirements for network security and traditional software systems. Security and privacy requirements are more complex and increasingly critical. In most applications, informally stated and implicit security requirements are as urging as functional ones, but they are rarely analysed and designed carefully from the beginning and they are often added to a system as an after-though, exposing the system to higher costs while endangering overall design integrity. Moreover, there are strict regulations in place within many countries that impose rules for the collection, handling and processing of sensitive information such as personal data of individuals (e.g., 95/46/EC Data Protection Directive, US Privacy Act, HIPAA, etc.). Therefore, organizations that handle personal data cannot escape the obligation to implement these regulations in their IT infrastructure. Unfortunately, it has always been difficulty to bridge the gap between legal language and computer language, more importantly when legal obligations have to be converted into requirements to be enforced by the IT infrastructure. Moreover, coping with the intricacies of the software certification and accreditation process requested by some big IT contractors (as the US Dept. of Defense) demands for special requirement engineering techniques. The symposium on requirements engineering for information security invites papers on a diversity of topics, particularly ones that point out new directions. Theoretical, experimental, and experience papers are all welcome.

The symposium is intended to provide researchers and practitioners from various disciplines with a highly interactive forum to discuss security and privacy-related requirements with a particular attention to a legal perspective. The symposium can be seen as the continuation of the SREIS (2001, 2002, 2005) series.

Who Should Attend?

SREIS provides researchers and practitioners from various disciplines with a highly interactive forum to discuss security and privacy-related requirements. Specifically, we encourage attendance from those in the fields of requirements engineering, software engineering, information systems, information and network security and trusted systems as well as those interested in approaches to analyzing, specifying, and testing requirements to increase the level of security provided to users interacting with pervasive commerce, research and government systems. The workshop will be open to all ARES conference attendees.

General Chairs

Annie Anton - North Carolina State University (US)
Fabio Massacci - University of Trento (IT)

Program Co-Chairs