Search for courses or information

Dr Shareeful Islam

Senior Lecturer, School of Architecture, Computing and Engineering (ACE).

  • EB 1.104, Docklands Campus
    School of Architecture Computing and Engineering (ACE)
    University of East London
    4-6 University Way
    London
    E16 2RD
  • shareeful@uel.ac.uk +442082237273
    Shareeful's main research interests are in the field of risk management, security, privacy and cloud computing.


    Overview

    Shareeful's research interests focus on software and systems engineering domain specifically requirements engineering, risk management, security, privacy and cloud computing. His long-term research goal is to effectively deploy risk management practice for software intensive systems and to develop secure software systems for large, open and dynamic environments. He is also interested to apply the research outputs of his work to different application domains such as cloud computing and to empirically evaluate the applicability of the outputs.

    Goal-driven Software Development Risk Management Model (GSRM)
    Risk management in software project is critical and contributes effectively to increase the likelihood of the project success. But risk management is not well applied in practice. There are several reasons for that such as visible development cost always get more attention in the project, risks are intangible by nature and address issues not only from present but also from the future, and project specific risks are less obvious and difficult to predicate, guideline is missing how to integrate risk management activities into the existing development process from early stage. There is a need for systematic and effective risk management practice from early stage of the development and aware the project manager about the impact of risk management practice.
    GSRM contributes on this direction. GSRM used goal-driven approach to model and reason about the risks and explicitly integrated into requirements engineering phase. This work empirically evaluated the impact of risk management into software project using survey and case study research method and finally developed goal-risk taxonomy. A number of publications from this work are mentioned in the publication list.

    Security Requirements Engineering Process (SecReq)
    An important question that has been identified as crucial in order to integrate information security and requirements engineering is how to elicit and security requirement and trace the identified requirements throughout the development. Security requirement identification is a challenging task because during requirements elicitation, vague and undocumented demands and desires from multiple stakeholders must be detected and merged with more conscious and documented requirements. This task is inherently difficult due to the different backgrounds, tacit assumptions, and styles of communication among stakeholders.
    Security requirements may be implicit, hidden, and spread out over different documents. There are standards and best practices, such as Common Criteria, ISO 27011:2005, available aimed at guiding developers in building secure systems. Nevertheless, identifying requirements with security implications requires security expertise and experience. Unfortunately, security experts are not always available. This collaborative work developed SecReq, a security requirements elicitation and tracing methodology using HeRa, Common Criteria and UMLsec. This work further extends focusing on organizational learning to facilitate the security requirements elicitation process.

    Security and Privacy Requirements Engineering Method for Cloud Computing
    Cloud computing is a paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, loss of privacy, data replication and regulatory violation that require adequate attention. The recent research interest in developing software engineering techniques to support systems based on the cloud, the literature fails to provide a systematic and structured approach that enables software engineers to identify security and privacy requirements and select a suitable service provider based on such requirements. This work develops a framework that
    incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a service provider based on the satisfiability of the service provider to the relevant security and privacy requirements.




    Collaborators

    • test

    Research

    Journals

    [1]    UM Ismail, S Islam, M. Ouedraogo, E Weippl , A Framework for Security Transparency in Cloud Computing, Journal of Future Internet 8 (1), 2016

    [2]    R. Alavi, S. Islam, H. Mouratidis, An Information Security Risk-driven Investment Model for Analysing
    Human Factors, Information and Computer Security , 24(2), Emerald 

    [3]    S. Islam, M . Ouedraogo ,  C. Kalloniatis,  H. Mouratidis, S.  Gritzalis,
    Assurance of Security and Privacy Requirements for Cloud Deployment Model, SI:security and privacy protection on cloud,   
    IEEE transaction on cloud computing, DOI: 10.1109/TCC.2015.2511719

    [4]    C. Kalloniatis , H. Mouratidis, M. Vassilis,  S. Islam,  S. Gritzalis, E. Kavaklif,  Towards
    the design of secure and privacy-oriented Information Systems in the Cloud:
    Identifying the major concepts,  Computer Standards & Interfaces, Vol 36, Issue 4, June 2014, Elsevier, (Impact factor 1.42).

    [5]    S. Islam, H.  Mouratidis, E. Weippl,  An Empirical Study on the Implementation and

    Evaluation of a Goal-driven Software Development Risk Management Model, Journal of Information and Software Technology, 
    Vol 56, Issue 2,  February, 2014, Elsevier, (Impact factor 1.522).

    [6]    C. Kalloniatis, H. Mouratidis, S. Islam, Evaluating Cloud Deployment Scenarios Based on Security and Privacy
    Requirements, Requirements Engineering Journal (REJ), Springer-Verlag, Vol 18,
    Issue 4, November 2013, http://dx.doi.org /10.1007/s00766-013-0166-7 (impact factor 0.971).

    [7]    H. Mouratidis, S. Islam, C .Kalloniatis, S.  Gritzalis, A framework
    to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software, Vol 86, issue 9, 2013  Elsevier, (impact factor 1.117).

    [8]    M. Pavlidis, S. Islam, H.Mouratidis, P. Kearney, Modeling Trust Relationships for Developing Trustworthy
    Information Systems.  International Journal of  Information Systems Modelling and Design, 2013 .

    [9]    B. Aziz,  C. Blackwell, S. Islam,  A Framework for Digital Forensics and Investigations: The Goal-Driven Approach, International Journal of Digital
    Crime and Forensics (IJDCF), IGI Global publication, 2013).

    [10] R. Alavi,  S. Islam, H. Jahankhani, A. Al-Nemrat, Analysing Human Factors for an Effective Information Security Management
    System, International Journal of Secure Software Engineering (IJSSE), Special Issue on cyber security validation , Vol 4, No 1, 2013, pp 50-74, IGI Global
    publication.

    [11] A. Hudic , S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, Data Confidentiality using Fragmentation in Cloud Computing, International Journal of Pervasive Computing
    and Communications,  Emerald publisher,  vol 9, no 1, 2013

    [12] A.J. Stoica and  S. Islam, Integrative Educational Approach Oriented Towards Software and System 
    Development, International Journal of Engineering Pedagogy (iJEP), Vol 3, No 1, 2013.

    [13] H.  Mouratidis, C. Kalloniatis, S. Islam, M. Philippe Huget, and S. Gritzalis, Aligning Security and Privacy to Support the Development of Secure
    Information Systems, special issue  Security in Information Systems, Journal of Universal Computer Science (J.UCS) , vol. 18, no. 12, 2012 (impact factor 0.788) .

    [14] S. Islam, H. Mouratidis and C. Kalloniatis, A. Hudic, and L. Zechner, Model based Process to Support Security and Privacy Requirements Engineering, International
    Journal of Secure Software Engineering (IJSSE), Vol. 3, issue 3, September 2012, IGI Global publication. 

    [15] M. Pavlidis, H. Mouratidis, and S. Islam, Modelling Security Using Trust based Concepts,  International Journal of Secure Software
    Engineering (IJSSE), Special issue on security modelling,  Vol 3, Issue 2, 2012, IGI Global publication. 

    [16] K. Schneider, E. Knauss, S. H. Houmb, S. Islam, and J. Jürjens, Enhancing Security Requirements Engineering by Organisational Learning, Requirements Engineering Journal
    (REJ),  Vol 17, No 1, 35-36, March 2012,Special Issue on REFSQ 2011, Springer-Verlag. (impact factor 0.971)

    [17] S. Islam, H. Mouratidis and J. Jürjens, A Framework to Support Alignment of Secure Software Engineering with Legal Regulations, Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML), Vol 10, No 3, page 369-394,
    2011, Springer-Verlag. (impact factor  1.061)

    [18] S. Islam and S. H.  Houmb, Towards a Framework for Offshore Outsource Software Development Risk Management Model, Vol
    6, No 1 (2011), 38-47, Jan 2011, Journal of Software (JSW), Special Issue on ICCIT 09,  Academy Publisher, DOI:10.4304/jsw.6.1.38-47

    [19] S. H. Houmb, S. Islam, E. Knauss, J. Jürjens and K. Schneider, Eliciting Security Requirements and
    Tracing them to Design: An Integration of Common Criteria, Heuristics, and UML sec, Requirements Engineering Journal (REJ), Vol 15, No 1, 2010, PP 63-93.,March 2010, (impact factor 0.971)

    PhD Thesis

    [20]  S. Islam, Software Development Risk Management Model – a goal-driven
    approach,  PhD thesis, Chair of Software & Systems Engineering, Technische Universität München, 2011,  http://mediatum.ub.tum.de/node?id=1002328

    Book Chapter

    [21]  J. Jürjens, M. Ochoa, H. Schmidt, L. Marchal, S.H. Houmb, S. Islam: Modelling Secure Systems
    Evolution: Abstract and Concrete Change Specifications. Lecture Notes in Computer Science, 2011, Vol 6659, Formal Methods for Eternal Networked
    Software Systems, Pages 504-526, DOI: 10.1007/978-3-642-21455-4_15

    [22]  S. Islam, H.  Mouratidis, E. Weippl, A Goal-driven Risk Management Approach to Support Security and
    Privacy Analysis of Cloud-based  System, Book name: Security Engineering for Cloud Computing: Approaches and Tools, IGI
    Publication.

    [23] S. Islam, Anca. J.  Stoica, Software Risk Management Modeling Using Goal-Driven Approach from Early Requirements Engineering, Book name: Risk Assessment and Management, Academy publish.

    Conferences/Workshops Proceedings

    [24] R. Alavi, S. Islam,  Agile Changes of Security Landscape: A Human Factors and Security Investment View,   10th
    International Symposium on Human Aspects of Information Security & Assurance,2016

    [25] U. M. Ismail, S. Islam and H.  Mouratidis, Cloud Security Audit for
    Migration and Continuous Monitoring , The 5th IEEE International Symposium on Trust and Security in Cloud Computing (TS-Cloud), Finland, 2015

    [26] A. Abdul  Rahman; S.  Islam, Sustainability
    Forecast for Cloud Migration, 9th IEEE Symposium on the Maintenance and
    Evolution of Service-Oriented Systems and Cloud-Based Environments (MESOCA
    2015), Germany

    [27] U. M. Ismail, S. Islam and
    H.  Mouratidis, A Framework for Cloud
    Security Audit, 10th International Conference on Global Security, Safety &
    Sustainability, Springer CCIS,UK,2015

    [28] R. Alavi, S. Islam, H. Mouratidis, Managing Social Engineering Attacks- Considering Human Factors and
    Security Investment, 16th International Conference on Human Aspect in Information Security (HAISA), 2015, Springer.

    [29] A. Abdul Rahman, S. Islam, A.AI-Nemrat  Measuring sustainability for an effective Information System audit from public organization
    perspective, In proceeding of 9th IEEE International Conference on Research Challenges in IS (RCIS2015), Greece

    [30] S. Islam, E. Weippl, K. Krombholz,  A Decision Framework Model for Migration into Cloud:Business,  Application, Security and Privacy
    Perspectives, Proceeding on 16th International Conference on Information Integration and Web-based Applications &
    Services(iiWAS 2014) 

    [31] R. Alavi, S. Islam, H. Mouratidis, A Conceptual Framework to Analyse Human Factors of Information
    Security Management System (ISMS) in organizations, 16th International Conference on Human-Computer Interaction, Greece, 2014, Springer.

    [32] C. Blackwell , S. Islam, and B. Aziz, Implementation of digital forensics investigations using a goal-driven
    approach for a questioned contract. The 9th  Annual IFIP WG 11.9 International Conference on Digital Forensics,
    Springer, 28 - 30 January, 2013, Orlando, US

    [33] M. Pavlidis, H. Mouratidis, C. Kalloniatis, S. Islam, S. Gritzalis, Trustworthy Selection of Cloud Providers
    based on Security and Privacy Requirements: Justifying Trust Assumptions, In proceeding of the 10th International Conference on Trust, Privacy
    & Security in Digital Business (TrustBus 2013), vol 8058, Springer.

    [34] A. Stoica and  S. Islam,  Teaching Information Security Courses in Regular and Distance Learning Program, In
    proceeding of the  4th IEEE Global Engineering Education Conference (IEEE EDUCON 2013), Berlin, Germany.

    [35]  A. J.  Stoica, S. Islam, Concurrent View Modeling for Software Risk Management at Early
    Development Stage, The IADIS international conference on Theory and Practice in
    Modern Computing (TPMC 2012)

    [36] A. J.  Stoica , S. Islam,  Educational Methods for Software and Systems
    Development, IEEE  International Conference Interactive Collaborative Learning ( ICL2012), Villach, Austria.

    [37]  M. Pavlidis, H. Mouratidis and S. Islam, P. Kearney, Dealing with Trust and Control  A Meta-Model for Trustworthy Information Systems Development, In proceeding of the Sixth IEEE
    International Conference on Research Challenges in Information Science, 2012, Spain. (Best paper award)

    [38] F. Z. Jorshari, H. Mouratidis and S. Islam , Extracting Security Requirements from   Relevant Laws and Regulations, In proceeding
    of the Sixth IEEE International Conference on Research Challenges in Information Science, 2012, Spain.

    [39]  M. Pavlidis, S. Islam , H. Mouratidis, A CASE Tool to Support Automated Modelling and Analysis of Security
    Requirements, Based on Secure Tropos, CAISE '11 Forum, Lecture Notes in Business Information
    Processing, 2012, Volume 107, Part 1, 95-109, Springer, 2012

    [40] F. Z. Jorshari , M. Pavlidis, H. Mouratidis, S. Islam, and David Preston, A Meta-model for Legal Compliance and Trustworthiness of Information
    Systems,  Proceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE
    2012)  (in conjunction with CAiSE 2012),  June 2012, Gdansk, Poland, Springer Lecture Notes in Business Information Processing (LNBIP).

    [41]  E. Knauss, S. Houmb, K. Schneider, S. Islam and J. Jürjens, Supporting
    Requirements Engineers in Recognising Security Issues. In Proc. of  17th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2011), Essen, 28-30
    Mar. 2011. Springer-Verlag, 2011. Essen, Germany. (Runner up to the best paper award in REFSQ2011)

    [42]  S. Islam, P, Falcarin,  Measuring Security Requirements for Software Security, 10th IEEE
    International Conference on Cybernetic Intelligent Systems(CIS) 2011, IEEE Xplore, 70-75, London , UK 

    [43]  P. Falcarin, A. Vetrò, J. Yu, S. Islam, A Recommender System for Telecom Users: Experimental Evaluation of Recommendation Algorithms, 10th IEEE International Conference on Cybernetic Intelligent System (CIS) 2011, IEEE Xplore London, UK

    [44] S. Islam, H. Mouratidis and S. Wagner, Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations, In Proc. of 16th
    International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ '10), Springer-Verlag, 2010. Essen, Germany.

    [45]  S. Islam and S. H. Houmb, Integrating Risk Management Activities into Requirements Engineering, In Proc. of the 4th IEEE International
    Conference on Research Challenges in IS (RCIS2010), Nice, France.

    [46]  S. Islam, S. H. Houmb, D. Mendez-Fernandez and Md. M. A. Joarder, Offshore-Outsourced Software Development Risk Management Model, In Proc. of the 12th IEEE International
    Conference on Computer and Information Technology (ICCIT 2009), Dhaka, Bangladesh.

    [47]  S. Islam, Software Development Risk Management Model - a Goal-Driven Approach,  Doctoral Symposium, In
    Proc. of the 7th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/
    FSE), 2009, The Netherlands.

    [48]  S. Islam, M. A. Joarder and S. H. Houmb, Goals and Risk Factors for Offshore Outsourced Software Development from Vendors Viewpoint, In Proc. of
    the 4th IEEE International Conference on Global Software Engineering, IEEE Computer Society, 2009, Limerick, Ireland.

    [49]  S. Wagner, D.M. Fernandez, S. Islam and K. Lochmann, A Security Requirements Approach for Web Systems, In: Proc. Workshop Quality Assessment in
    Web (QAW 2009), CEUR, 2009 San Sebastian, Spain.

    [50]  S. Islam and J. Jürjens, Incorporating Security Requirements from Legal Regulations into UMLsec model, Modeling Security Workshop (MODSEC08), In
    Association with MODELS '08, Toulouse, France.

    [51]  S. Islam and W. Dong, Human Factors in Software Security RiskManagement, In: Proc. of the 1st International Workshop on Leadership and
    Management in Software Architecture (LMSA.08), ACM Press, 2008, Leipzig,Germany.

    [52] S. Islam and W. Dong, Security Requirements Addressing Security Risks for Improving Software Quality, In: Workshop-Band Software-Qualitätsmodellierung
    und bewertung (SQMB '08), Technical Report TUM-I0811, Technische UniversitätMünchen, April, Germany.

    Tool demo/Posters

    [53] A. Hudic, L. Zechner, S. Islam,
    C. Krieg and E. R. Weippl, S. Winkler, R. Hable Towards a Unified Penetration Testing Taxonomy, Poster, Proceeding of the 4th IEEE International Conference
    on Information Privacy, Security, Risk and Trust (PASSAT2012),The Netherlands.

    [54] T. Peters and S. Islam,  CISMS: A Framework To Support Organisation Compliance With Information Security Management System Standard For Small
    Medium Enterprise, British Conference of Undergraduate Research 2013 (BCUR13), Plymouth University, www.bcur.org.

    [55] M. Pavlidis, S. Islam , SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos, pg 89-96, Proceedings
    of the CAiSE Forum 2011,CEUR-WS, vol 734, London, UK

    [56] S. Islam, H. Mouratidis, M. Kang, Using Secure Tropos to develop a pre-employment screening system, iStar Showcase, Exploring the Goals of your Systems and
    Businesses, Practical experiences with i* modelling, June 2011, City University London,UK.

    Technical reports

    [57] M. Broy, A. Fleischmann, S. Islam, L. Kof, C. Leuxner, K. Lochmann, D. Mendez-Fernandez, B. Penzenstadler, W.
    Sitou and S. Winter, Towards an Integrated Approach to Requirement Engineering, Technical Report, TUM-I0935, Technische Universität München, December 2009,
    Germany.

    [58]   S. Houmb, S. Islam, J. Jurjens, M. Ochoa, M.l Hafner, F. Innerhofer-Oberperfler, M.A Weitlaner, B. Fontan, E. Felix, F. Paci,
    F. Dadeau, B. Chetali, Security Modelling Notation For Evolving Systems, Deliverable 4.1, Secure Change project.

    S. Wagner and S. Islam, Modellierungvon Software-Security mit aktivitätenbasierten Qualitätsmodellen, in:
    Tagungsband 2. Workshop zur Softwarequalitätsmodellierung und -bewertung (SQMB'09), Technical Report TUM-I0917, Technische Universität München, 2009,Kaiserslautern, Germany.
     

     



    S. Islam, Anca. J. Stoica, Software Risk Management Modeling Using Goal-Driven Approach from Early Requirements Engineering, Book name : Risk Assessment and Management, Academy publish.

    A. J. Stoica, S. Islam, Concurrent View Modeling for Software Risk Management at Early Development Stage, The IADIS international conference on Theory and Practice in Modern Computing (TPMC 2012)

    M. Pavlidis, S. Islam , SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos, pg 89-96, Proceedings of the CAiSE Forum 2011,CEUR-WS,vol 734, London, UK

    A.Hudic , S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, Data Confidentiality using Fragmentation in Cloud Computing, International Journal of Pervasive Computing and Communications,Emerald publisher,vol 9, no 1, 2013

    Publications

    • UEL research development fund, UEL early career research acceleration award, UEL sabbatical award
    • ERCIM Alain Bensoussan Fellowship Programme for Post Doc, EU, 2011,  I did not accept the fellowship due to the UEL permanent academic position
    • Research grant for Doctoral Candidates and Young Academics and Scientists, German Academic Exchange Service (DAAD). 
    • ACM SIGSOFT CAPS travel grant award 2009
    • DAAD - STIBET Teaching Assistantship SS 2010 and WS 2010

    Funding


    Risk Management 
    Cloud Computing 
    Requirements Engineering 


    Interests

    Modules
    Project Management (Level 6)
    Information security and risks assessment (Level 6) 
    Software development (Level 4)
    Advanced information system design (Level 6), Application workshop (Level 3), Information system audit and assurance (Level 6)
    Information security management system for regular and distance learning (Level 6 and MSc)
    Software engineering, Secure software systems engineering (MSc)

    Past

    Computer and Network security (MIT)
    Software quality management, Requirements engineering (MSc)
    Object oriented programming, System analysis and design (PGDIT)
    Data base management system (Level 2,PGDIT)
    Computer fundamental (Level 1)

    PhD Supervision 
    Completed

    • Michalis Pavlidis, (A Methodology for the Development of Trustworthy Systems that Enables the Assessment of Trust) funded project from EPSRC/British Telecom, 
    • Reza M. ALAVI (Human and Organisational Elements of Information Security Management in British Financial Institutions: a socio-technical approach)

    §Alifah Aida Lope Abdul Rahman (Sustainable audit for information system) funded by Ministry of audit, Malaysia


    Under Supervision 
    • Md Abdul Majed Pramanik (Forensic in Cloud computing)
    • Halima Ibrahim Kure (Hybrid Risk management model ), funded by Tertiary education trust fund (Tetfund), Nigeria
    • Umar Mukhtar Ismail (Transparency and audit in Cloud Computing)
    • Raj Pusp (Cloud based E-governance  )
    • Mumina Uddin (Access control model for financial sector)
    • Abel Yeboah Ofori (A framework to mitigate cyber crime) 






    Teaching