SREIS 2008
Symposium on Requirements Engineering for Information Security
Workshop co-located with ARES 2008

Barcelona, Spain, March 4th-7th, 2008


Home

Call For Papers

Important Dates

Committees

Accepted papers

Programme


SREIS 2001

SREIS 2002

SREIS 2005

Call For Papers

Symposium on Requirements Engineering for Information Security (SREIS 2008)

Barcelona , Spain, March 4th-7th, 2008

Co-located with 3rd International Conference on Availability, Reliability and Security (ARES 2008).

Call For Papers in pdf file
Call For Papers in text file

WORKSHOP OVERVIEW

Security and privacy requirements for new eCommerce and Internet applications exceed the traditional requirements for network security and traditional software systems. Security and privacy requirements are more complex and increasingly critical. In most applications, informally stated and implicit security requirements are as urging as functional ones, but they are rarely analysed and designed carefully from the beginning and they are often added to a system as an after-though, exposing the system to higher costs while endangering overall design integrity. Moreover, there are strict regulations in place within many countries that impose rules for the collection, handling and processing of sensitive information such as personal data of individuals (e.g., 95/46/EC Data Protection Directive, US Privacy Act, HIPAA, etc.). Therefore, organizations that handle personal data cannot escape the obligation to implement these regulations in their IT infrastructure. Unfortunately, it has always been difficulty to bridge the gap between legal language and computer language, more importantly when legal obligations have to be converted into requirements to be enforced by the IT infrastructure. Moreover, coping with the intricacies of the software certification and accreditation process requested by some big IT contractors (as the US Dept. of Defense) demands for special requirement engineering techniques. The symposium on requirements engineering for information security invites papers on a diversity of topics, particularly ones that point out new directions. Theoretical, experimental, and experience papers are all welcome.

The symposium is intended to provide researchers and practitioners from various disciplines with a highly interactive forum to discuss security and privacy-related requirements with a particular attention to a legal perspective. The symposium can be seen as the continuation of the SREIS (2001, 2002, 2005) series.


SUBMISSION TOPICS:
Papers related, but not limited, to the following topics are invited:

  • solutions to known RE problems as applied to security and privacy
  • RE for confidentiality, integrity, and availability
  • industrial problem statements
  • generalizations from individual industrial experiences
  • RE for trusted Commercial Off-The-Shelf (COTS) systems
  • empirical studies of industrial RE practice for security and privacy
  • capture and expression of informal and ad hoc requirements
  • managing conflicting requirements of operational effectiveness and security
  • methods for the specification and analysis of security requirements
  • methods for ensuring compliance between requirements and policies
  • legal research on the conversion of data protection duties into requirements to be enforced by an IT infrastructure
  • best practice for bridging the methodological gap between legal and technical perspectives on privacy and data protection


IMPORTANT DATES:

Submission deadline: December 1, 2007

Authors Notification: December 15, 2007

Authors Registration: December 20, 2007

Final Manuscript: January 2, 2008

Workshop dates: March 4-7, 2008


PAPER SUBMISSION:

Authors are invited to submit research and application papers following the IEEE Computer Society Proceedings Manuscripts style: two columns, single-spaced, including figures and references, using 10 fonts, and number each page. Please consult the IEEE CS Author Guidelines at the following web page:

http://www.ieee.org/portal/pages/pubs/transactions/stylesheets.html

Submission papers are classified into 2 categorizes (1) full paper (8 pages) and (2) short paper (4 pages) representing original, previously unpublished work. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, and clarity of exposition.

The papers should be submitted electronically via ARES 2008 website (http://www.ares-conference.eu/conf/).

Submission of a paper implies that should the paper be accepted, at least one of the authors will register for the ARES conference and present the paper in the workshop. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance.


PUBLICATION:
All accepted papers will be published as ISBN proceedings published by the IEEE Computer Society.


GENERAL CHAIRS:

Annie Anton - North Carolina State University (US)
Fabio Massacci - University of Trento (IT)


PROGRAM CO-CHAIRS:

Mattia Monga - University of Milan (IT)
Nicola Zannone - University of Toronto (CA)


PROGRAM COMMITTEE:

The program committee is still being selected, but current members include:

Yudistira Asnar - University of Trento (IT)
Travis D. Breaux - North Carolina State University (US)
Bart De Win - Katholieke Universiteit Leuven (BE)
Eduardo B. Fernandez - Florida Atlantic University (US)
Eduardo Fernández-Medina Patón - Universidad de Castilla-La Mancha (ES)
Jan Jürjens - The Open University (UK)
Seok-Won Lee - University of North Carolina (US)
Tobias Mahler - Norwegian Research Center for Computers and Law (NO)
Antonio Maña - University of Malaga (ES)
Fabio Martinelli - CNR (IT)
Haralambos Mouratidis - University of East London (UK)
Alexander Pretschner - ETH Zurich (CH)
Carsten Rudolph - Fraunhofer Institute SIT (DE)
George Spanoudakis - City University (UK)
Duminda Wijesekera - George Mason University (US)
Eric Yu - University of Toronto (CA)