Powered by
Conference Publishing Consulting

2nd International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE 2015), August 25, 2015, Ottawa, ON, Canada

ESPRE 2015 – Proceedings

Contents - Abstracts - Authors
Title Page


Foreword


A Survey about User Requirements for Biometric Authentication on Smartphones
Nedaa Zirjawi, Zijad Kurtanović, and Walid Maalej
(University of Hamburg, Germany)
The increasing number of smartphone users stresses the need for an improved protection of users' personal data, such as health information, personal identifiers and financial data. One trend to address this need is the adoption of biometric authentication techniques such as fingerprint and iris recognition. We report on a study that examines user requirements and preferences for biometric authentication on smartphones with the focus on iris recognition. We surveyed users about their perception of different biometric authentication techniques in terms of trust, information security, and data privacy. Furthermore, we assessed tradeoffs that users are willing to accept for additional security. We also examined usability requirements for iris recognition and identified trends between different demographic groups. We discuss the findings and empathize the need for an improved, data-driven, understanding of the emerging requirements for such biometric mobile systems.

Inclusion of Security Requirements in SLA Lifecycle Management for Cloud Computing
Marco Antonio Torrez Rojas, Nelson Mimura Gonzalez, Fernando Sbampato, Fernando Redígolo, Tereza Cristina Melo de Brito Carvalho, Kim Koa Nguyen, and Mohamed Cheriet
(University of São Paulo, Brazil; École de Technologie Supérieure, Canada)
Service Level Agreement (SLA) is an essential tool for managing cloud computing services. The support of the security requirements through SLA is fundamental to achieve the full potential of the cloud computing paradigm. In this paper we present how security requirements are addressed in a cloud computing SLA. Furthermore, a unified SLA lifecycle for cloud computing services is proposed. The relationship between security requirements and the lifecycle proposed is analyzed. Through the analysis, the current cloud computing security requirements scenario for the SLA context is identified in addition to its research opportunities.

Patterns for Security and Privacy in Cloud Ecosystems
Eduardo B. Fernandez, Nobukazu Yoshioka, and Hironori Washizaki
(Florida Atlantic University, USA; National Institute of Informatics, Japan; Waseda University, Japan)
An ecosystem is the expansion of a software product line archi-tecture to include systems outside the product which interact with the product. We model here the architecture of a cloud-based ecosystem, showing security patterns for its main compo-nents. We discuss the value of this type of models.

Modelling Secure Cloud Systems Based on System Requirements
Shaun Shei, Luis Márquez Alcañiz, Haralambos Mouratidis, Aidan Delaney, David G. Rosado, and Eduardo Fernández-Medina
(University of Brighton, UK; Spanish National Authority for Marketsand Competition, Spain; University of Castile–La Mancha, Spain)
We enhance an existing security governance framework for migrating legacy systems to the cloud by holistically modelling the cloud infrastructure. To achieve this we demonstrate how components of the cloud infrastructure can be identified from existing security requirements models. We further extend the modelling language to capture cloud security requirements through a dual layered view of the cloud infrastructure, where the notions are supported through a running example.

Instantiating a Model for Structuring and Reusing Security Requirements Sources
Christian Schmitt and Peter Liggesmeyer
(Siemens, Germany; TU Kaiserslautern, Germany)
This paper presents a model for structuring and reusing security requirements sources. The model serves as blueprint for the development of an organization-specific repository which provides relevant security requirements sources such as security information and knowledge sources and relevant compliance obligations in a structured and reusable form. The resulting repository is intended to be used by development teams during the elicitation and analysis of security requirements with the goal to understand the security problem space, incorporate all relevant requirements sources and to avoid unnecessary effort for identifying, understanding and correlating applicable security requirements sources on a project-wise basis. We start with an overview and categorization of important security requirements sources, followed by the description of the generic model. To demonstrate the applicability and benefits of the model, the instantiation approach and details of the resulting repository of security requirements sources are presented.

proc time: 0.02