Shareeful Islam

Dr Shareeful Islam

Lecturer

Department of Engineering & Computing , School of Architecture Computing and Engineering (ACE)

Dr Shareeful Islam is a Senior Lecturer and PhD supervisor at UEL. His main research interests are in the field of risk management, security, privacy and cloud computing.

Areas Of Interest

Risk Management, Cloud Computing, Requirements Engineering 

On This Page

CURRENT RESEARCH

Shareeful's research interests focus on software and systems engineering domain specifically requirements engineering, risk management, security, privacy and cloud computing. His long-term research goal is to effectively deploy risk management practice for software intensive systems and to develop secure software systems for large, open and dynamic environments. He is also interested to apply the research outputs of his work to different application domains such as cloud computing and to empirically evaluate the applicability of the outputs.

Goal-driven Software Development Risk Management Model (GSRM):
Risk management in software project is critical and contributes effectively to increase the likelihood of the project success. But risk management is not well applied in practice. There are several reasons for that such as visible development cost always get more attention in the project, risks are intangible by nature and address issues not only from present but also from the future, and project specific risks are less obvious and difficult to predicate, guideline is missing how to integrate risk management activities into the existing development process from early stage. There is a need for systematic and effective risk management practice from early stage of the development and aware the project manager about the impact of risk management practice.
GSRM contributes on this direction. GSRM used goal-driven approach to model and reason about the risks and explicitly integrated into requirements engineering phase. This work empirically evaluated the impact of risk management into software project using survey and case study research method and finally developed goal-risk taxonomy. A number of publications from this work are mentioned in the publication list.

Security Requirements Engineering Process (SecReq):
An important question that has been identified as crucial in order to integrate information security and requirements engineering is how to elicit and security requirement and trace the identified requirements throughout the development. Security requirement identification is a challenging task because during requirements elicitation, vague and undocumented demands and desires from multiple stakeholders must be detected and merged with more conscious and documented requirements. This task is inherently difficult due to the different backgrounds, tacit assumptions, and styles of communication among stakeholders.
Security requirements may be implicit, hidden, and spread out over different documents. There are standards and best practices, such as Common Criteria, ISO 27011:2005, available aimed at guiding developers in building secure systems. Nevertheless, identifying requirements with security implications requires security expertise and experience. Unfortunately, security experts are not always available. This collaborative work developed SecReq, a security requirements elicitation and tracing methodology using HeRa, Common Criteria and UMLsec. This work further extends focusing on organizational learning to facilitate the security requirements elicitation process.

Security and Privacy Requirements Engineering Method for Cloud Computing:
Cloud computing is a paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, loss of privacy, data replication and regulatory violation that require adequate attention. The recent research interest in developing software engineering techniques to support systems based on the cloud, the literature fails to provide a systematic and structured approach that enables software engineers to identify security and privacy requirements and select a suitable service provider based on such requirements. This work develops a framework that
incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a service provider based on the satisfiability of the service provider to the relevant security and privacy requirements.

PUBLICATIONS

Journals

  • UM Ismail, S Islam, M. Ouedraogo, E Weippl , A Framework for Security Transparency in Cloud Computing, Journal of Future Internet 8 (1), 2016
  • R. Alavi, S. Islam, H. Mouratidis, An Information Security Risk-driven Investment Model for Analysing. Human Factors, Information and Computer Security , 24(2), Emerald 
  • S. Islam, M . Ouedraogo ,  C. Kalloniatis,  H. Mouratidis, S.  Gritzalis,. Assurance of Security and Privacy Requirements for Cloud Deployment Model, SI:security and privacy protection on cloud,  IEEE transaction on cloud computing, DOI: 10.1109/TCC.2015.2511719
  • C. Kalloniatis , H. Mouratidis, M. Vassilis,  S. Islam,  S. Gritzalis, E. Kavaklif,  Towards, the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts,  Computer Standards & Interfaces, Vol 36, Issue 4, June 2014, Elsevier, (Impact factor 1.42).
  • S. Islam, H.  Mouratidis, E. Weippl,  An Empirical Study on the Implementation and Evaluation of a Goal-driven Software Development Risk Management Model, Journal of Information and Software Technology,  Vol 56, Issue 2,  February, 2014, Elsevier, (Impact factor 1.522).
  • C. Kalloniatis, H. Mouratidis, S. Islam, Evaluating Cloud Deployment Scenarios Based on Security and Privacy Requirements, Requirements Engineering Journal (REJ), Springer-Verlag, Vol 18, Issue 4, November 2013, http://dx.doi.org /10.1007/s00766-013-0166-7 (impact factor 0.971).
  • H. Mouratidis, S. Islam, C .Kalloniatis, S.  Gritzalis, A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software, Vol 86, issue 9, 2013  Elsevier, (impact factor 1.117).
  • M. Pavlidis, S. Islam, H.Mouratidis, P. Kearney, Modeling Trust Relationships for Developing Trustworthy Information Systems.  International Journal of  Information Systems Modelling and Design, 2013 .
  • B. Aziz,  C. Blackwell, S. Islam,  A Framework for Digital Forensics and Investigations: The Goal-Driven Approach, International Journal of Digital Crime and Forensics (IJDCF), IGI Global publication, 2013).
  • R. Alavi,  S. Islam, H. Jahankhani, A. Al-Nemrat, Analysing Human Factors for an Effective Information Security Management System, International Journal of Secure Software Engineering (IJSSE), Special Issue on cyber security validation , Vol 4, No 1, 2013, pp 50-74, IGI Global publication.
  • A. Hudic , S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, Data Confidentiality using Fragmentation in Cloud Computing, International Journal of Pervasive Computing and Communications,  Emerald publisher,  vol 9, no 1, 2013
  • A.J. Stoica and  S. Islam, Integrative Educational Approach Oriented Towards Software and System  Development, International Journal of Engineering Pedagogy (iJEP), Vol 3, No 1, 2013.
  • H.  Mouratidis, C. Kalloniatis, S. Islam, M. Philippe Huget, and S. Gritzalis, Aligning Security and Privacy to Support the Development of Secure Information Systems, special issue  Security in Information Systems, Journal of Universal Computer Science (J.UCS) , vol. 18, no. 12, 2012 (impact factor 0.788) .
  • S. Islam, H. Mouratidis and C. Kalloniatis, A. Hudic, and L. Zechner, Model based Process to Support Security and Privacy Requirements Engineering, International Journal of Secure Software Engineering (IJSSE), Vol. 3, issue 3, September 2012, IGI Global publication. 
  • M. Pavlidis, H. Mouratidis, and S. Islam, Modelling Security Using Trust based Concepts,  International Journal of Secure Software Engineering (IJSSE), Special issue on security modelling,  Vol 3, Issue 2, 2012, IGI Global publication. 
  • K. Schneider, E. Knauss, S. H. Houmb, S. Islam, and J. Jürjens, Enhancing Security Requirements Engineering by Organisational Learning, Requirements Engineering Journal (REJ),  Vol 17, No 1, 35-36, March 2012,Special Issue on REFSQ 2011, Springer-Verlag. (impact factor 0.971)
  • S. Islam, H. Mouratidis and J. Jürjens, A Framework to Support Alignment of Secure Software Engineering with Legal Regulations, Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML), Vol 10, No 3, page 369-394, 2011, Springer-Verlag. (impact factor  1.061)
  • S. Islam and S. H.  Houmb, Towards a Framework for Offshore Outsource Software Development Risk Management Model, Vol 6, No 1 (2011), 38-47, Jan 2011, Journal of Software (JSW), Special Issue on ICCIT 09,  Academy Publisher, DOI:10.4304/jsw.6.1.38-47
  • S. H. Houmb, S. Islam, E. Knauss, J. Jürjens and K. Schneider, Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UML sec, Requirements Engineering Journal (REJ), Vol 15, No 1, 2010, PP 63-93.,March 2010, (impact factor 0.971)

PhD Thesis

  • S. Islam, Software Development Risk Management Model - a goal-driven approach,  PhD thesis, Chair of Software & Systems Engineering, Technische Universität München, 2011,  http://mediatum.ub.tum.de/node?id=1002328

Book Chapter

  • J. Jürjens, M. Ochoa, H. Schmidt, L. Marchal, S.H. Houmb, S. Islam: Modelling Secure Systems Evolution: Abstract and Concrete Change Specifications. Lecture Notes in Computer Science, 2011, Vol 6659, Formal Methods for Eternal Networked Software Systems, Pages 504-526, DOI: 10.1007/978-3-642-21455-4_15
  • S. Islam, H.  Mouratidis, E. Weippl, A Goal-driven Risk Management Approach to Support Security and Privacy Analysis of Cloud-based  System, Book name: Security Engineering for Cloud Computing: Approaches and Tools, IGI Publication.
  • S. Islam, Anca. J.  Stoica, Software Risk Management Modeling Using Goal-Driven Approach from Early Requirements Engineering, Book name: Risk Assessment and Management, Academy publish.

Conferences/Workshops Proceedings

  • R. Alavi, S. Islam,  Agile Changes of Security Landscape: A Human Factors and Security Investment View,  10th International Symposium on Human Aspects of Information Security & Assurance,2016
  • U. M. Ismail, S. Islam and H.  Mouratidis, Cloud Security Audit for Migration and Continuous Monitoring , The 5th IEEE International Symposium on Trust and Security in Cloud Computing (TS-Cloud), Finland, 2015
  • A. Abdul  Rahman; S.  Islam, Sustainability Forecast for Cloud Migration, 9th IEEE Symposium on the Maintenance and Evolution of Service-Oriented Systems and Cloud-Based Environments (MESOCA 2015), Germany
  • U. M. Ismail, S. Islam and H.  Mouratidis, A Framework for Cloud Security Audit, 10th International Conference on Global Security, Safety & Sustainability, Springer CCIS,UK,2015
  • R. Alavi, S. Islam, H. Mouratidis, Managing Social Engineering Attacks- Considering Human Factors and Security Investment, 16th International Conference on Human Aspect in Information Security (HAISA), 2015, Springer.
  • A. Abdul Rahman, S. Islam, A.AI-Nemrat  Measuring sustainability for an effective Information System audit from public organization perspective, In proceeding of 9th IEEE International Conference on Research Challenges in IS (RCIS2015), Greece
  • S. Islam, E. Weippl, K. Krombholz,  A Decision Framework Model for Migration into Cloud:Business, Application, Security and Privacy Perspectives, Proceeding on 16th International Conference on Information Integration and Web-based Applications & Services (iiWAS 2014) 
  • R. Alavi, S. Islam, H. Mouratidis, A Conceptual Framework to Analyse Human Factors of Information Security Management System (ISMS) in organizations, 16th International Conference on Human-Computer Interaction, Greece, 2014, Springer
  • C. Blackwell , S. Islam, and B. Aziz, Implementation of digital forensics investigations using a goal-driven approach for a questioned contract. The 9th  Annual IFIP WG 11.9 International Conference on Digital Forensics, Springer, 28 - 30 January, 2013, Orlando, US
  • M. Pavlidis, H. Mouratidis, C. Kalloniatis, S. Islam, S. Gritzalis, Trustworthy Selection of Cloud Providers based on Security and Privacy Requirements: Justifying Trust Assumptions, In proceeding of the 10th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2013), vol 8058, Springer
  • A. Stoica and  S. Islam,  Teaching Information Security Courses in Regular and Distance Learning Program, In proceeding of the  4th IEEE Global Engineering Education Conference (IEEE EDUCON 2013), Berlin, Germany
  • A. J.  Stoica, S. Islam, Concurrent View Modeling for Software Risk Management at Early Development Stage, The IADIS international conference on Theory and Practice in Modern Computing (TPMC 2012)
  • A. J.  Stoica , S. Islam,  Educational Methods for Software and Systems Development, IEEE  International Conference Interactive Collaborative Learning ( ICL2012), Villach, Austria
  • M. Pavlidis, H. Mouratidis and S. Islam, P. Kearney, Dealing with Trust and Control  A Meta-Model for Trustworthy Information Systems Development, In proceeding of the Sixth IEEE International Conference on Research Challenges in Information Science, 2012, Spain. (Best paper award)
  • F. Z. Jorshari, H. Mouratidis and S. Islam , Extracting Security Requirements from   Relevant Laws and Regulations, In proceeding of the Sixth IEEE International Conference on Research Challenges in Information Science, 2012, Spain
  • M. Pavlidis, S. Islam , H. Mouratidis, A CASE Tool to Support Automated Modelling and Analysis of Security Requirements, Based on Secure Tropos, CAISE '11 Forum, Lecture Notes in Business Information Processing, 2012, Volume 107, Part 1, 95-109, Springer, 2012
  • F. Z. Jorshari , M. Pavlidis, H. Mouratidis, S. Islam, and David Preston, A Meta-model for Legal Compliance and Trustworthiness of Information Systems,  Proceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE 2012)  (in conjunction with CAiSE 2012),  June 2012, Gdansk, Poland, Springer Lecture Notes in Business Information Processing (LNBIP)
  • E. Knauss, S. Houmb, K. Schneider, S. Islam and J. Jürjens, Supporting Requirements Engineers in Recognising Security Issues. In Proc. of  17th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2011), Essen, 28-30 Mar. 2011. Springer-Verlag, 2011. Essen, Germany. (Runner up to the best paper award in REFSQ2011)
  • S. Islam, P, Falcarin,  Measuring Security Requirements for Software Security, 10th IEEE International Conference on Cybernetic Intelligent Systems(CIS) 2011, IEEE Xplore, 70-75, London , UK 
  • P. Falcarin, A. Vetrò, J. Yu, S. Islam, A Recommender System for Telecom Users: Experimental Evaluation of Recommendation Algorithms, 10th IEEE International Conference on Cybernetic Intelligent System (CIS) 2011, IEEE Xplore London, UK
  • S. Islam, H. Mouratidis and S. Wagner, Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations, In Proc. of 16th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ '10), Springer-Verlag, 2010. Essen, Germany
  • S. Islam and S. H. Houmb, Integrating Risk Management Activities into Requirements Engineering, In Proc. of the 4th IEEE International Conference on Research Challenges in IS (RCIS2010), Nice, France
  • S. Islam, S. H. Houmb, D. Mendez-Fernandez and Md. M. A. Joarder, Offshore-Outsourced Software Development Risk Management Model, In Proc. of the 12th IEEE International Conference on Computer and Information Technology (ICCIT 2009), Dhaka, Bangladesh
  • S. Islam, Software Development Risk Management Model - a Goal-Driven Approach,  Doctoral Symposium, In Proc. of the 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2009, The Netherlands
  • S. Islam, M. A. Joarder and S. H. Houmb, Goals and Risk Factors for Offshore Outsourced Software Development from Vendors Viewpoint, In Proc. of the 4th IEEE International Conference on Global Software Engineering, IEEE Computer Society, 2009, Limerick, Ireland
  • S. Wagner, D.M. Fernandez, S. Islam and K. Lochmann, A Security Requirements Approach for Web Systems, In: Proc. Workshop Quality Assessment in Web (QAW 2009), CEUR, 2009 San Sebastian, Spain
  • S. Islam and J. Jürjens, Incorporating Security Requirements from Legal Regulations into UMLsec model, Modeling Security Workshop (MODSEC08), In Association with MODELS '08, Toulouse, France
  • S. Islam and W. Dong, Human Factors in Software Security RiskManagement, In: Proc. of the 1st International Workshop on Leadership and Management in Software Architecture (LMSA.08), ACM Press, 2008, Leipzig,Germany
  • S. Islam and W. Dong, Security Requirements Addressing Security Risks for Improving Software Quality, In: Workshop-Band Software-Qualitätsmodellierung und bewertung (SQMB '08), Technical Report TUM-I0811, Technische UniversitätMünchen, April, Germany

Tool demo/Posters

  • A. Hudic, L. Zechner, S. Islam, C. Krieg and E. R. Weippl, S. Winkler, R. Hable Towards a Unified Penetration Testing Taxonomy, Poster, Proceeding of the 4th IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT2012),The Netherlands.
  • T. Peters and S. Islam,  CISMS: A Framework To Support Organisation Compliance With Information Security Management System Standard For Small Medium Enterprise, British Conference of Undergraduate Research 2013 (BCUR13), Plymouth University, www.bcur.org
  • M. Pavlidis, S. Islam , SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos, pg 89-96, Proceedings of the CAiSE Forum 2011,CEUR-WS, vol 734, London, UK
  • S. Islam, H. Mouratidis, M. Kang, Using Secure Tropos to develop a pre-employment screening system, iStar Showcase, Exploring the Goals of your Systems and Businesses, Practical experiences with i* modelling, June 2011, City University London, UK

Technical reports

  • M. Broy, A. Fleischmann, S. Islam, L. Kof, C. Leuxner, K. Lochmann, D. Mendez-Fernandez, B. Penzenstadler, W. Sitou and S. Winter, Towards an Integrated Approach to Requirement Engineering, Technical Report, TUM-I0935, Technische Universität München, December 2009, Germany
  • S. Houmb, S. Islam, J. Jurjens, M. Ochoa, M.l Hafner, F. Innerhofer-Oberperfler, M.A Weitlaner, B. Fontan, E. Felix, F. Paci, F. Dadeau, B. Chetali, Security Modelling Notation For Evolving Systems, Deliverable 4.1, Secure Change project
  • S. Wagner and S. Islam, Modellierungvon Software-Security mit aktivitätenbasierten Qualitätsmodellen, in: Tagungsband 2. Workshop zur Softwarequalitätsmodellierung und -bewertung (SQMB'09), Technical Report TUM-I0917, Technische Universität München, 2009,Kaiserslautern, Germany
  • S. Islam, Anca. J. Stoica, Software Risk Management Modeling Using Goal-Driven Approach from Early Requirements Engineering, Book name : Risk Assessment and Management, Academy publish
  • A. J. Stoica, S. Islam, Concurrent View Modeling for Software Risk Management at Early Development Stage, The IADIS international conference on Theory and Practice in Modern Computing (TPMC 2012)
  • M. Pavlidis, S. Islam , SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos, pg 89-96, Proceedings of the CAiSE Forum 2011,CEUR-WS,vol 734, London, UK
  • A.Hudic , S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, Data Confidentiality using Fragmentation in Cloud Computing, International Journal of Pervasive Computing and Communications,Emerald publisher,vol 9, no 1, 2013

MODULES

  • Project Management (Level 6) Information security and risks assessment (Level 6) 
  • Software development (Level 4)
  • Advanced information system design (Level 6), Application workshop (Level 3), Information system audit and assurance (Level 6)
  • Information security management system for regular and distance learning (Level 6 and MSc)
  • Software engineering, Secure software systems engineering (MSc)

Past:

  • Computer and Network security (MIT)
  • Software quality management, Requirements engineering (MSc)
  • Object oriented programming, System analysis and design (PGDIT)
  • Data base management system (Level 2,PGDIT)
  • Computer fundamental (Level 1)

PhD Supervision Completed:

  • Michalis Pavlidis, (A Methodology for the Development of Trustworthy Systems that Enables the Assessment of Trust) funded project from EPSRC/British Telecom, 
  • Reza M. ALAVI (Human and Organisational Elements of Information Security Management in British Financial Institutions: a socio-technical approach)
  • Alifah Aida Lope Abdul Rahman (Sustainable audit for information system) funded by Ministry of audit, Malaysia

Under Supervision:

  • Md Abdul Majed Pramanik (Forensic in Cloud computing)
  • Halima Ibrahim Kure (Hybrid Risk management model ), funded by Tertiary education trust fund (Tetfund), Nigeria
  • Umar Mukhtar Ismail (Transparency and audit in Cloud Computing)
  • Raj Pusp (Cloud based E-governance  )
  • Mumina Uddin (Access control model for financial sector)
  • Abel Yeboah Ofori (A framework to mitigate cyber crime)