-------- Original-Nachricht -------- Betreff: [isworld] CFP Special issue of Requirements Engineering Journal on Security Datum: Mon, 11 Aug 2008 11:35:35 -0400 Von: Dubois eric.dubois@tudor.lu Antwort an: Dubois eric.dubois@tudor.lu An: AISWORLD Information Systems World Network isworld@lyris.isworld.org

CALL FOR PAPERS Requirements Engineering Journal Special Issue on Security Requirements Engineering

Software systems become more and more critical in every domain of the human society. Transportation, telecommunications, entertainment, health care, military, education and so on; the list is almost endless. These systems are used not only by major corporations and governments but also across networks of organizations and by individual users. Such wide use has resulted in these systems containing a large amount of critical information and processes which inevitably need to remain secure. Therefore, although it is important to ensure that software systems are developed according to the user needs, it is equally important to ensure that these systems are secure.

However, the common approach towards the inclusion of security within a software system is to identify security requirements after the definition of a system. This typically means that security enforcement mechanisms have to be fitted into a pre-existing design, leading to serious design challenges that usually translate into the emergence of computer systems afflicted with security vulnerabilities. Recent research has argued that from the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and requirements engineering. Security should be considered from the early stages of the development process and security requirements should be defined alongside with the system�s requirements specification. Taking security into account alongside the functional requirements helps to limit the cases of security/functional requirements conflict by avoiding them from the very beginning or by isolating them very early in the software system development process. Towards this direction, the requirements engineering community has initiated a number of formal relevant events, such as the Symposium on Requirements Engineering for Information Security (SREIS) series (with events on 2001, 2002, 2005 and 2008), and a guest editorial of the Requirements Engineering Journal on Requirements Engineering for Information Security .

The aim of this special issue is to continue this effort and to provide a forum for representing this fast developing area, by capturing the most recent and innovative lines of research related to security requirements engineering.

Submissions We solicit high-quality contributions that have not been previously published or currently submitted for journal or conference publication elsewhere. Authors should format their papers according to the instruction for the contributions to the Requirements Engineering Journal as described at ( http://www.springer.com/computer/programming/journal/766 ) and submit at ( http://www.editorialmanager.com/rej/default.asp ) where a special category of article has been created for this special issue. Relevant contributions include (but not limited to): � Theories and models relevant to security requirements engineering � Methodologies for elicitation and management of security requirements � Evaluation of different security requirements engineering approaches in industrial projects � Testing techniques of security requirements � Formal approaches for security requirements engineering � Experience reports � Tools and automated support � Compliance to standards � Relationship with related concepts such as safety, trust and reliability

Important Dates Submission Deadline: 29th October 2008 Notifications Due: 20th December 2008 Revisions Due: 10th January 2009 Final Recommendations: 10th February 2009 Camera-Ready Papers Due:25th February 2009 Publication: Early 2009 (April)

Guest Editors Eric Dubois, CRP Henri Tudor � Luxemburg � eric.dubois@tudor.lu Haralambos Mouratidis, University of East London � UK - H.Mouratidis@uel.ac.uk

The AISWorld LISTSERV is a service of the Association for Information Systems (http://www.aisnet.org). To unsubscribe, redirect, or change subscription options please go to http://lyris.isworld.org/. You are subscribed to AISworld as: neumann@wu-wien.ac.at. Each Sender assumes responsibility that his or her message conforms to the AISWorld LISTSERV policy and conditions of use available at http://lyris.isworld.org/isworldlist.htm.