Theme & Goals
SUBMISSION DEADLINE: JULY 24TH, 2022
The last decades have put Privacy and Security (P&S) in the spotlight of information technology as data breaches and cyberattacks have spiked globally. Still, P&S are often afterthoughts in software development as their benefits are sometimes difficult to demonstrate and their costs hard to justify [6,8]. However, such technical debt is becoming hard to sustain as new legal frameworks, such as the EU General Data Protection Regulation (GDPR), demand companies to incorporate P&S features (e.g., transparency, anonymity, and informed consent) at the core of their products . Hence, there is an urgent call for tools and methods supporting the elicitation and deployment of P&S requirements in by-design approach.
P&S are multifaceted and complex research areas spanning across different knowledge domains (e.g., engineering, law, and psychology) [1,5]. Challenges in P&S cannot be solely addressed from a single discipline as they often involve human factors, technological artefacts, and regulatory/legal frameworks [3,9]. Particularly, the quest for P&S solutions requires in-deep knowledge and actionable information about its users/stakeholders, vulnerabilities/flaws, and potential attackers [4,5].
Mining Software Repositories (MSR) techniques can support this quest by providing means to understand the P&S dimensions of information systems, thus help shaping privacy- and security-friendly software. This workshop aims to explore the application of MSR at the different stages of P&S engineering [2,7].
Topics of Interest
For this, we invite MSR researchers and practitioners across multiple disciplines and knowledge backgrounds to submit contributions dealing with the following (or related) topics:
- MSR applications for security risk assessment
- MSR applications for privacy requirements engineering
- MSR applications for security vulnerabilities detection
- Engineering PETs through MSR methodologies
- Privacy-Enhancing Technologies through MSR
- MSR-based research for safety/security by design
- Privacy-friendly MSRs (including mixed-methods)
- MSR-based mixed-methods on P&S research
- Privacy requirements in MSR-based research
- Integrating MSRs into P&S research (empirical)
- Analysis of repositories to mine for P&S research
- Tools supporting MSR-based research for P&S
- Datasets used for MSR-based research for P&S
- MSR applications to P&S assurance
Any paper within the scope of the workshop will be considered. Additionally, this year we specially welcome submissions elaborating on MSR for the analysis and extraction of privacy and security anti-patterns–namely, solutions that demonstrate knowledge of poor development practices.
Workshop papers must follow the ESEC/FSE 2022 Format and Submission Guidelines. The workshop follows a double-blind peer review process, aligned with ESEC/FSE’s Double-Blind Review Process' policies. Papers submitted must not reveal the authors’ identities in any way, omitting the names from the submission and referring to self-citations in the third person. The only exception will be dataset and tools papers, which will employ an optional single-blind review process.
All submitted papers will be reviewed regarding technical quality, relevance, significance, and clarity by the program committee. All workshop papers should be submitted electronically in PDF format through the workshop website. Accepted papers will become part of the workshop proceedings.
The workshop welcomes the following types of submissions:
- Regular Papers: up to eight pages, including references. It must describe original contributions in research and/or practice. Although they can be work-in-progress, the authors must present a clear path forward. These will be given a 15-minute presentation during the workshop.
- Short Papers: up to four pages, including references. It welcomes position papers, experience reports, work-in-progress, new trends papers, industrial reports, datasets and tools. These will be given a 7-minutes presentation during the workshop.
The following are submission and workshop dates for all types of submissions:
|Paper Submission||July 24th, 2022|
|Main Track Author Notification||August 15th, 2022|
|Camera Ready||August 29th, 2022|
|Date of Workshop||November 18th, 2022|
The Organising Committee thanks the following generous individuals below:
|Muhammad Ikram||Macquarie University||@midkhan|
|Tosin Daniel Oyetoyan||Western Norway University|
|Vahideh Moghtadaiee||Shahid Beheshti University|
|Natalia Stakhanova||University of Saskatchewan||@nstakhanova|
|Kazi Zakia Sultana||Montclair State University|
|Diego Costa||Concordia University||@DiegoEliasCosta|
|Clemente Izurieta||Montana State University|
|Max Young||Mississippi State University|
|Mariana Peixoto||Federal University of Pernambuco|
|Jose del Alamo||Universidad Politécnica de Madrid|
|Gabriel Pedroza||CEA LIST|
|Triet Le||University of Adelaide, CREST||@lhmtriet|
|Maritta Heisal||University Duisburg-Essen|
|Nicola Zanone||Eindhoven University of Technology|
Times will be Singapore Time (GMT+8)
|10:00am||Session 1: Regular Papers|
|11:30am||Discussion: Regular Papers|
|1:30am||Session 2: Short Papers|
|2:30pm||Discussion: Short Papers|
|3:00pm||End of MSR2P&S||MSR2P&S Organisers|
Fringilla nisl. Donec accumsan interdum nisi, quis tincidunt felis sagittis eget. tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan eu faucibus. Integer ac pellentesque praesent tincidunt felis sagittis eget. tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan eu faucibus. Integer ac pellentesque praesent. Donec accumsan interdum nisi, quis tincidunt felis sagittis eget. tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan eu faucibus. Integer ac pellentesque praesent tincidunt felis sagittis eget. tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan eu faucibus. Integer ac pellentesque praesent.
Kathrin Bednar, Sarah Spiekermann, and Marc Langheinrich. “Engineering Privacy by Design: Are Engineers Ready to Live Up to the Challenge?” The Information Society. Vol 35, 3. (2019), 122–142. DOI: 10.1080/01972243.2019.1583296
Seyed Mohammad Ghaffarian and Hamid Reza Shahriari. “Software Vulnerability Analysis and Discovery Using Machine-Learning and Datamining Techniques: A survey”. ACM Computing Surveys (CSUR). Vol 50, 4. (2017), 1–36. DOI 10.1145/3092566
Seda Gürses and Jose M Del Alamo. “Privacy Engineering: Shaping An Emerging Field of Research and Practice”. IEEE Security & Privacy. Vol 14, 2 (2016), 40–46. DOI: 10.1109/MSP.2016.37
Phu X Mai, Arda Goknil, Lwin Khin Shar, Fabrizio Pastore, Lionel C Briand, and Shaban Shaame. “Modeling Security and privacy Requirements: A Use Case-driven Approach”. Information and Software Technology. Vol. 100 (2018), 165–182. DOI: 10.1016/j.infsof.2018.04.007.
Yod-Samuel Martin and Antonio Kung. “Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering”. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, pp108–111. DOI: 10.1109/EuroSPW.2018.00021.
Kalle Rindell, Karin Bernsmed, and Martin Gilje Jaatun. “Managing Security In Software: Or: How I Learned to Stop Worrying and Manage the Security Technical Debt”. In 14th International Conference on Availability, Reliability and Security. pp1–8. DOI: 10.1145/3339252.3340338.
Alireza Sadeghi, Naeem Esfahani, and Sam Malek. “Mining the Categorized Software Repositories to Improve the Analysis of Security Vulnerabilities”. In International Conference on Fundamental Approaches to Software Engineering. Springer, pp155–169. DOI: 10.1007/978-3-642-54804-8_11.
Miltiadis Siavvas, Dimitrios Tsoukalas, Marija Jankovic, Dionysios Kehagias, Alexander Chatzigeorgiou, Dimitrios Tzovaras, Nenad Anicic, and Erol Gelenbe. “An Empirical Evaluation of the Relationship Between Technical Debt and Software Security”. In 9th International Conference on Information Society and Technology (ICIST). Vol. 2019. DOI: 10.5281/zenodo.3374712.
Sven Türpe. “The Trouble with Security Requirements”. In IEEE 25th International Requirements Engineering Conference (RE). IEEE, pp122–133. DOI: 10.1109/RE.2017.13.