Dr Shareeful Islam
Senior Lecturer, School of Architecture, Computing and Engineering (ACE).
Shareeful's research interests focus on software and systems engineering domain specifically requirements engineering, risk management, security, privacy and cloud computing. His long-term research goal is to effectively deploy risk management practice for software intensive systems and to develop secure software systems for large, open and dynamic environments. He is also interested to apply the research outputs of his work to different application domains such as cloud computing and to empirically evaluate the applicability of the outputs.
Goal-driven Software Development Risk Management Model (GSRM)
Risk management in software project is critical and contributes effectively to increase the likelihood of the project success. But risk management is not well applied in practice. There are several reasons for that such as visible development cost always get more attention in the project, risks are intangible by nature and address issues not only from present but also from the future, and project specific risks are less obvious and difficult to predicate, guideline is missing how to integrate risk management activities into the existing development process from early stage. There is a need for systematic and effective risk management practice from early stage of the development and aware the project manager about the impact of risk management practice.
GSRM contributes on this direction. GSRM used goal-driven approach to model and reason about the risks and explicitly integrated into requirements engineering phase. This work empirically evaluated the impact of risk management into software project using survey and case study research method and finally developed goal-risk taxonomy. A number of publications from this work are mentioned in the publication list.
Security Requirements Engineering Process (SecReq)
An important question that has been identified as crucial in order to integrate information security and requirements engineering is how to elicit and security requirement and trace the identified requirements throughout the development. Security requirement identification is a challenging task because during requirements elicitation, vague and undocumented demands and desires from multiple stakeholders must be detected and merged with more conscious and documented requirements. This task is inherently difficult due to the different backgrounds, tacit assumptions, and styles of communication among stakeholders.
Security requirements may be implicit, hidden, and spread out over different documents. There are standards and best practices, such as Common Criteria, ISO 27011:2005, available aimed at guiding developers in building secure systems. Nevertheless, identifying requirements with security implications requires security expertise and experience. Unfortunately, security experts are not always available. This collaborative work developed SecReq, a security requirements elicitation and tracing methodology using HeRa, Common Criteria and UMLsec. This work further extends focusing on organizational learning to facilitate the security requirements elicitation process.
Security and Privacy Requirements Engineering Method for Cloud Computing
Cloud computing is a paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, loss of privacy, data replication and regulatory violation that require adequate attention. The recent research interest in developing software engineering techniques to support systems based on the cloud, the literature fails to provide a systematic and structured approach that enables software engineers to identify security and privacy requirements and select a suitable service provider based on such requirements. This work develops a framework that
incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a service provider based on the satisfiability of the service provider to the relevant security and privacy requirements.
 UM Ismail, S Islam, M. Ouedraogo, E Weippl , A Framework for Security Transparency in Cloud Computing, Journal of Future Internet 8 (1), 2016
 R. Alavi, S. Islam, H. Mouratidis, An Information Security Risk-driven Investment Model for Analysing
Human Factors, Information and Computer Security , 24(2), Emerald
 S. Islam, M . Ouedraogo , C. Kalloniatis, H. Mouratidis, S. Gritzalis,
Assurance of Security and Privacy Requirements for Cloud Deployment Model, SI:security and privacy protection on cloud,
IEEE transaction on cloud computing, DOI: 10.1109/TCC.2015.2511719
 C. Kalloniatis , H. Mouratidis, M. Vassilis, S. Islam, S. Gritzalis, E. Kavaklif, Towards
the design of secure and privacy-oriented Information Systems in the Cloud:
Identifying the major concepts, Computer Standards & Interfaces, Vol 36, Issue 4, June 2014, Elsevier, (Impact factor 1.42).
 S. Islam, H. Mouratidis, E. Weippl, An Empirical Study on the Implementation and
Evaluation of a Goal-driven Software Development Risk Management Model, Journal of Information and Software Technology,
Vol 56, Issue 2, February, 2014, Elsevier, (Impact factor 1.522).
 C. Kalloniatis, H. Mouratidis, S. Islam, Evaluating Cloud Deployment Scenarios Based on Security and Privacy
Requirements, Requirements Engineering Journal (REJ), Springer-Verlag, Vol 18,
Issue 4, November 2013, http://dx.doi.org /10.1007/s00766-013-0166-7 (impact factor 0.971).
 H. Mouratidis, S. Islam, C .Kalloniatis, S. Gritzalis, A framework
to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software, Vol 86, issue 9, 2013 Elsevier, (impact factor 1.117).
 M. Pavlidis, S. Islam, H.Mouratidis, P. Kearney, Modeling Trust Relationships for Developing Trustworthy
Information Systems. International Journal of Information Systems Modelling and Design, 2013 .
 B. Aziz, C. Blackwell, S. Islam, A Framework for Digital Forensics and Investigations: The Goal-Driven Approach, International Journal of Digital
Crime and Forensics (IJDCF), IGI Global publication, 2013).
 R. Alavi, S. Islam, H. Jahankhani, A. Al-Nemrat, Analysing Human Factors for an Effective Information Security Management
System, International Journal of Secure Software Engineering (IJSSE), Special Issue on cyber security validation , Vol 4, No 1, 2013, pp 50-74, IGI Global
 A. Hudic , S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, Data Confidentiality using Fragmentation in Cloud Computing, International Journal of Pervasive Computing
and Communications, Emerald publisher, vol 9, no 1, 2013
 A.J. Stoica and S. Islam, Integrative Educational Approach Oriented Towards Software and System
Development, International Journal of Engineering Pedagogy (iJEP), Vol 3, No 1, 2013.
 H. Mouratidis, C. Kalloniatis, S. Islam, M. Philippe Huget, and S. Gritzalis, Aligning Security and Privacy to Support the Development of Secure
Information Systems, special issue Security in Information Systems, Journal of Universal Computer Science (J.UCS) , vol. 18, no. 12, 2012 (impact factor 0.788) .
 S. Islam, H. Mouratidis and C. Kalloniatis, A. Hudic, and L. Zechner, Model based Process to Support Security and Privacy Requirements Engineering, International
Journal of Secure Software Engineering (IJSSE), Vol. 3, issue 3, September 2012, IGI Global publication.
 M. Pavlidis, H. Mouratidis, and S. Islam, Modelling Security Using Trust based Concepts, International Journal of Secure Software
Engineering (IJSSE), Special issue on security modelling, Vol 3, Issue 2, 2012, IGI Global publication.
 K. Schneider, E. Knauss, S. H. Houmb, S. Islam, and J. Jürjens, Enhancing Security Requirements Engineering by Organisational Learning, Requirements Engineering Journal
(REJ), Vol 17, No 1, 35-36, March 2012,Special Issue on REFSQ 2011, Springer-Verlag. (impact factor 0.971)
 S. Islam, H. Mouratidis and J. Jürjens, A Framework to Support Alignment of Secure Software Engineering with Legal Regulations, Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML), Vol 10, No 3, page 369-394,
2011, Springer-Verlag. (impact factor 1.061)
 S. Islam and S. H. Houmb, Towards a Framework for Offshore Outsource Software Development Risk Management Model, Vol
6, No 1 (2011), 38-47, Jan 2011, Journal of Software (JSW), Special Issue on ICCIT 09, Academy Publisher, DOI:10.4304/jsw.6.1.38-47
 S. H. Houmb, S. Islam, E. Knauss, J. Jürjens and K. Schneider, Eliciting Security Requirements and
Tracing them to Design: An Integration of Common Criteria, Heuristics, and UML sec, Requirements Engineering Journal (REJ), Vol 15, No 1, 2010, PP 63-93.,March 2010, (impact factor 0.971)
 S. Islam, Software Development Risk Management Model – a goal-driven
approach, PhD thesis, Chair of Software & Systems Engineering, Technische Universität München, 2011, http://mediatum.ub.tum.de/node?id=1002328
 J. Jürjens, M. Ochoa, H. Schmidt, L. Marchal, S.H. Houmb, S. Islam: Modelling Secure Systems
Evolution: Abstract and Concrete Change Specifications. Lecture Notes in Computer Science, 2011, Vol 6659, Formal Methods for Eternal Networked
Software Systems, Pages 504-526, DOI: 10.1007/978-3-642-21455-4_15
 S. Islam, H. Mouratidis, E. Weippl, A Goal-driven Risk Management Approach to Support Security and
Privacy Analysis of Cloud-based System, Book name: Security Engineering for Cloud Computing: Approaches and Tools, IGI
 S. Islam, Anca. J. Stoica, Software Risk Management Modeling Using Goal-Driven Approach from Early Requirements Engineering, Book name: Risk Assessment and Management, Academy publish.
 R. Alavi, S. Islam, Agile Changes of Security Landscape: A Human Factors and Security Investment View, 10th
International Symposium on Human Aspects of Information Security & Assurance,2016
 U. M. Ismail, S. Islam and H. Mouratidis, Cloud Security Audit for
Migration and Continuous Monitoring , The 5th IEEE International Symposium on Trust and Security in Cloud Computing (TS-Cloud), Finland, 2015
 A. Abdul Rahman; S. Islam, Sustainability
Forecast for Cloud Migration, 9th IEEE Symposium on the Maintenance and
Evolution of Service-Oriented Systems and Cloud-Based Environments (MESOCA
 U. M. Ismail, S. Islam and
H. Mouratidis, A Framework for Cloud
Security Audit, 10th International Conference on Global Security, Safety &
Sustainability, Springer CCIS,UK,2015
 R. Alavi, S. Islam, H. Mouratidis, Managing Social Engineering Attacks- Considering Human Factors and
Security Investment, 16th International Conference on Human Aspect in Information Security (HAISA), 2015, Springer.
 A. Abdul Rahman, S. Islam, A.AI-Nemrat Measuring sustainability for an effective Information System audit from public organization
perspective, In proceeding of 9th IEEE International Conference on Research Challenges in IS (RCIS2015), Greece
 S. Islam, E. Weippl, K. Krombholz, A Decision Framework Model for Migration into Cloud:Business, Application, Security and Privacy
Perspectives, Proceeding on 16th International Conference on Information Integration and Web-based Applications &
 R. Alavi, S. Islam, H. Mouratidis, A Conceptual Framework to Analyse Human Factors of Information
Security Management System (ISMS) in organizations, 16th International Conference on Human-Computer Interaction, Greece, 2014, Springer.
 C. Blackwell , S. Islam, and B. Aziz, Implementation of digital forensics investigations using a goal-driven
approach for a questioned contract. The 9th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Springer, 28 - 30 January, 2013, Orlando, US
 M. Pavlidis, H. Mouratidis, C. Kalloniatis, S. Islam, S. Gritzalis, Trustworthy Selection of Cloud Providers
based on Security and Privacy Requirements: Justifying Trust Assumptions, In proceeding of the 10th International Conference on Trust, Privacy
& Security in Digital Business (TrustBus 2013), vol 8058, Springer.
 A. Stoica and S. Islam, Teaching Information Security Courses in Regular and Distance Learning Program, In
proceeding of the 4th IEEE Global Engineering Education Conference (IEEE EDUCON 2013), Berlin, Germany.
 A. J. Stoica, S. Islam, Concurrent View Modeling for Software Risk Management at Early
Development Stage, The IADIS international conference on Theory and Practice in
Modern Computing (TPMC 2012)
 A. J. Stoica , S. Islam, Educational Methods for Software and Systems
Development, IEEE International Conference Interactive Collaborative Learning ( ICL2012), Villach, Austria.
 M. Pavlidis, H. Mouratidis and S. Islam, P. Kearney, Dealing with Trust and Control A Meta-Model for Trustworthy Information Systems Development, In proceeding of the Sixth IEEE
International Conference on Research Challenges in Information Science, 2012, Spain. (Best paper award)
 F. Z. Jorshari, H. Mouratidis and S. Islam , Extracting Security Requirements from Relevant Laws and Regulations, In proceeding
of the Sixth IEEE International Conference on Research Challenges in Information Science, 2012, Spain.
 M. Pavlidis, S. Islam , H. Mouratidis, A CASE Tool to Support Automated Modelling and Analysis of Security
Requirements, Based on Secure Tropos, CAISE '11 Forum, Lecture Notes in Business Information
Processing, 2012, Volume 107, Part 1, 95-109, Springer, 2012
 F. Z. Jorshari , M. Pavlidis, H. Mouratidis, S. Islam, and David Preston, A Meta-model for Legal Compliance and Trustworthiness of Information
Systems, Proceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE
2012) (in conjunction with CAiSE 2012), June 2012, Gdansk, Poland, Springer Lecture Notes in Business Information Processing (LNBIP).
 E. Knauss, S. Houmb, K. Schneider, S. Islam and J. Jürjens, Supporting
Requirements Engineers in Recognising Security Issues. In Proc. of 17th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2011), Essen, 28-30
Mar. 2011. Springer-Verlag, 2011. Essen, Germany. (Runner up to the best paper award in REFSQ2011)
 S. Islam, P, Falcarin, Measuring Security Requirements for Software Security, 10th IEEE
International Conference on Cybernetic Intelligent Systems(CIS) 2011, IEEE Xplore, 70-75, London , UK
 P. Falcarin, A. Vetrò, J. Yu, S. Islam, A Recommender System for Telecom Users: Experimental Evaluation of Recommendation Algorithms, 10th IEEE International Conference on Cybernetic Intelligent System (CIS) 2011, IEEE Xplore London, UK
 S. Islam, H. Mouratidis and S. Wagner, Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations, In Proc. of 16th
International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ '10), Springer-Verlag, 2010. Essen, Germany.
 S. Islam and S. H. Houmb, Integrating Risk Management Activities into Requirements Engineering, In Proc. of the 4th IEEE International
Conference on Research Challenges in IS (RCIS2010), Nice, France.
 S. Islam, S. H. Houmb, D. Mendez-Fernandez and Md. M. A. Joarder, Offshore-Outsourced Software Development Risk Management Model, In Proc. of the 12th IEEE International
Conference on Computer and Information Technology (ICCIT 2009), Dhaka, Bangladesh.
 S. Islam, Software Development Risk Management Model - a Goal-Driven Approach, Doctoral Symposium, In
Proc. of the 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/
FSE), 2009, The Netherlands.
 S. Islam, M. A. Joarder and S. H. Houmb, Goals and Risk Factors for Offshore Outsourced Software Development from Vendors Viewpoint, In Proc. of
the 4th IEEE International Conference on Global Software Engineering, IEEE Computer Society, 2009, Limerick, Ireland.
 S. Wagner, D.M. Fernandez, S. Islam and K. Lochmann, A Security Requirements Approach for Web Systems, In: Proc. Workshop Quality Assessment in
Web (QAW 2009), CEUR, 2009 San Sebastian, Spain.
 S. Islam and J. Jürjens, Incorporating Security Requirements from Legal Regulations into UMLsec model, Modeling Security Workshop (MODSEC08), In
Association with MODELS '08, Toulouse, France.
 S. Islam and W. Dong, Human Factors in Software Security RiskManagement, In: Proc. of the 1st International Workshop on Leadership and
Management in Software Architecture (LMSA.08), ACM Press, 2008, Leipzig,Germany.
 S. Islam and W. Dong, Security Requirements Addressing Security Risks for Improving Software Quality, In: Workshop-Band Software-Qualitätsmodellierung
und bewertung (SQMB '08), Technical Report TUM-I0811, Technische UniversitätMünchen, April, Germany.
 A. Hudic, L. Zechner, S. Islam,
C. Krieg and E. R. Weippl, S. Winkler, R. Hable Towards a Unified Penetration Testing Taxonomy, Poster, Proceeding of the 4th IEEE International Conference
on Information Privacy, Security, Risk and Trust (PASSAT2012),The Netherlands.
 T. Peters and S. Islam, CISMS: A Framework To Support Organisation Compliance With Information Security Management System Standard For Small
Medium Enterprise, British Conference of Undergraduate Research 2013 (BCUR13), Plymouth University, www.bcur.org.
 M. Pavlidis, S. Islam , SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos, pg 89-96, Proceedings
of the CAiSE Forum 2011,CEUR-WS, vol 734, London, UK
 S. Islam, H. Mouratidis, M. Kang, Using Secure Tropos to develop a pre-employment screening system, iStar Showcase, Exploring the Goals of your Systems and
Businesses, Practical experiences with i* modelling, June 2011, City University London,UK.
 M. Broy, A. Fleischmann, S. Islam, L. Kof, C. Leuxner, K. Lochmann, D. Mendez-Fernandez, B. Penzenstadler, W.
Sitou and S. Winter, Towards an Integrated Approach to Requirement Engineering, Technical Report, TUM-I0935, Technische Universität München, December 2009,
 S. Houmb, S. Islam, J. Jurjens, M. Ochoa, M.l Hafner, F. Innerhofer-Oberperfler, M.A Weitlaner, B. Fontan, E. Felix, F. Paci,
F. Dadeau, B. Chetali, Security Modelling Notation For Evolving Systems, Deliverable 4.1, Secure Change project.
S. Wagner and S. Islam, Modellierungvon Software-Security mit aktivitätenbasierten Qualitätsmodellen, in:
Tagungsband 2. Workshop zur Softwarequalitätsmodellierung und -bewertung (SQMB'09), Technical Report TUM-I0917, Technische Universität München, 2009,Kaiserslautern, Germany.
S. Islam, Anca. J. Stoica, Software Risk Management Modeling Using Goal-Driven Approach from Early Requirements Engineering, Book name : Risk Assessment and Management, Academy publish.
A. J. Stoica, S. Islam, Concurrent View Modeling for Software Risk Management at Early Development Stage, The IADIS international conference on Theory and Practice in Modern Computing (TPMC 2012)
M. Pavlidis, S. Islam , SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos, pg 89-96, Proceedings of the CAiSE Forum 2011,CEUR-WS,vol 734, London, UK
A.Hudic , S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, Data Confidentiality using Fragmentation in Cloud Computing, International Journal of Pervasive Computing and Communications,Emerald publisher,vol 9, no 1, 2013
- UEL research development fund, UEL early career research acceleration award, UEL sabbatical award
- ERCIM Alain Bensoussan Fellowship Programme for Post Doc, EU, 2011, I did not accept the fellowship due to the UEL permanent academic position
- Research grant for Doctoral Candidates and Young Academics and Scientists, German Academic Exchange Service (DAAD).
- ACM SIGSOFT CAPS travel grant award 2009
- DAAD - STIBET Teaching Assistantship SS 2010 and WS 2010
Project Management (Level 6)
Information security and risks assessment (Level 6)
Software development (Level 4)
Advanced information system design (Level 6), Application workshop (Level 3), Information system audit and assurance (Level 6)
Information security management system for regular and distance learning (Level 6 and MSc)
Software engineering, Secure software systems engineering (MSc)
Computer and Network security (MIT)
Software quality management, Requirements engineering (MSc)
Object oriented programming, System analysis and design (PGDIT)
Data base management system (Level 2,PGDIT)
Computer fundamental (Level 1)
- Michalis Pavlidis, (A Methodology for the Development of Trustworthy Systems that Enables the Assessment of Trust) funded project from EPSRC/British Telecom,
- Reza M. ALAVI (Human and Organisational Elements of Information Security Management in British Financial Institutions: a socio-technical approach)
§Alifah Aida Lope Abdul Rahman (Sustainable audit for information system) funded by Ministry of audit, Malaysia
- Md Abdul Majed Pramanik (Forensic in Cloud computing)
- Halima Ibrahim Kure (Hybrid Risk management model ), funded by Tertiary education trust fund (Tetfund), Nigeria
- Umar Mukhtar Ismail (Transparency and audit in Cloud Computing)
- Raj Pusp (Cloud based E-governance )
- Mumina Uddin (Access control model for financial sector)
- Abel Yeboah Ofori (A framework to mitigate cyber crime)