Commitment analysis to operationalize software requirements from privacy policies

Online privacy policies describe organizations’ privacy practices for collecting, storing, using, and protecting consumers’ personal information. Users need to understand these policies in order to know how their personal information is being collected, stored, used, and protected. Organizations need to ensure that the commitments they express in their privacy policies reflect their actual business practices, especially in the United States where the Federal Trade Commission regulates fair business practices. Requirements engineers need to understand the privacy policies to know the privacy practices with which the software must comply and to ensure that the commitments expressed in these privacy policies are incorporated into the software requirements. In this paper, we present a methodology for obtaining requirements from privacy policies based on our theory of commitments, privileges, and rights, which was developed through a grounded theory approach. This methodology was developed from a case study in which we derived software requirements from seventeen healthcare privacy policies. We found that legal-based approaches do not provide sufficient coverage of privacy requirements because privacy policies focus primarily on procedural practices rather than legal practices.     

Factors mediating disclosure in social network sites

In this paper, we explore how privacy settings and privacy policy consumption (reading the privacy policy) affect the relationship between privacy attitudes and disclosure behaviors. We present results from a survey completed by 122 users of Facebook regarding their information disclosure practices and their attitudes about privacy. Based on our data, we develop and evaluate a model for understanding factors that affect how privacy attitudes influence disclosure and discuss implications for social network sites. Our analysis shows that the relationship between privacy attitudes and certain types of disclosures (those furthering contact) are controlled by privacy policy consumption and privacy behaviors. This provides evidence that social network sites could help mitigate concerns about disclosure by providing transparent privacy policies and privacy controls.     

A formal role-based access control model for security policies in multi-domain mobile networks

Mobile users present challenges for security in multi-domain mobile networks. The actions of mobile users moving across security domains need to be specified and checked against domain and inter-domain policies. We propose a new formal security policy model for multi-domain mobile networks, called FPM-RBAC, Formal Policy Model for Mobility with Role Based Access Control. FPM-RBAC supports the specification of mobility and location constraints, role hierarchy mapping, inter-domain services, inter-domain access rights and separation of duty. Associated with FPM-RBAC, we also present a formal security policy constraint specification language for domain and inter-domain security policies. Formal policy constraint specifications are based on ambient logic and predicate logic. We also use ambient calculus to specify the current state of a mobile network and actions within security policies for evaluation of access requests according to security policies. A novel aspect of the proposed policy model is the support for formal and automated analysis of security policies related to mobility within multiple security domains.     

Application of a Methodology for the Development and Validation of Reliable Process Control Software

This paper discusses the necessity of a good methodology for the development of reliable software, especialy with respect to the final software validation and testing activities. A formal specification development and validation methodology is proposed. This methodology has been applied to the development and validation of a pilot software, incorporating typical features of critical software for nuclear power plant safety protection. The main features of the approach indude the use of a formal specification language and the independent development of two sets of specifications. Analyses on the specifications consists of three-parts: validation against the functional requirements consistency and integrity of the specifications, and dual specification comparison based on a high-level symbolic execution technique. Dual design, implementation, and testing are performed. Automated tools to facilitate the validation and testing activities are developed to support the methodology. These includes the symbolic executor and test data generator/dual program monitor system. The experiences of applying the methodology to the pilot software are discussed, and the impact on the quality of the software is assessed.     

面向云计算隐私保护的5A问责制建模

针对云计算数据安全的核心问题——隐私安全的保护问题,提出了一种面向云计算隐私保护的5A问责机制。并基于该5A问责机制,对服务提供方的隐私安全策略、租户的隐私需求、云隐私暴露条件和安全场景等进行了精确定义和形式化描述与建模。主要以描述逻辑为基础,重点研究面向语义的云隐私需求描述方法,并对云隐私需求和服务提供方的隐私策略一致性等问题进行检测,避免冲突。在界定并形式化描述云隐私暴露条件和云安全场景的基础上,采用Protégé本体建模工具对云租户的隐私需求和云服务提供方的隐私策略、隐私暴露条件和安全场景等进行建模并检验,验证了形式化建模及其描述的一致性和完整性,为后续5A问责制机制的实现奠定了基础。     

A systematic methodology for privacy impact assessments: a design science approach

For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company’s reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve ‘privacy-by-design’, which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.     

I-ABM: combining institutional frameworks and agent-based modelling for the design of enforcement policies

Computer science advocates institutional frameworks as an effective tool for modelling policies and reasoning about their interplay. In practice, the rules or policies, of which the institutional framework consists, are often specified using a formal language, which allows for the full verification and validation of the framework (e.g. the consistency of policies) and the interplay between the policies and actors (e.g. violations). However, when modelling large-scale realistic systems, with numerous decision-making entities, scalability and complexity issues arise making it possible only to verify certain portions of the problem without reducing the scale. In the social sciences, agent-based modelling is a popular tool for analysing how entities interact within a system and react to the system properties. Agent-based modelling allows the specification of complex decision-making entities and experimentation with large numbers of different parameter sets for these entities in order to explore their effects on overall system performance. In this paper we describe how to achieve the best of both worlds, namely verification of a formal specification combined with the testing of large-scale systems with numerous different actor configurations. Hence, we offer an approach that allows for reasoning about policies, policy making and their consequences on a more comprehensive level than has been possible to date. We present the institutional agent-based model methodology to combine institutional frameworks with agent-based simulations). We furthermore present J-InstAL, a prototypical implementation of this methodology using the InstAL institutional framework whose specifications can be translated into a computational model under the answer set semantics, and an agent-based simulation based on the jason tool. Using a simplified contract enforcement example, we demonstrate the functionalities of this prototype and show how it can help to assess an appropriate fine level in case of contract violations.     

Understanding privacy policies

Their is growing recognition that users of web-based systems want to understand, if not control, what customer’s data is stored by whom, for what purpose, for what duration, and with whom it is shared. We inform current language-based privacy efforts with an empirical study of P3P—the W3C domain-specific language for privacy policies. We use methods of software language engineering to study usage profiles, correctness of policies, metrics, cloning, and language extensions. The study supports the conclusion that P3P’s approach to policy validation is too weak to ensure correct use of the language. The study also discovers common, dominating policies, which may suggest a simpler approach to web privacy. Further, the study investigates a range of metrics for policies in an attempt to discover particularly interesting or complex policies. Finally, the study also attempts to discover symptoms of the need for extending the P3P language, but the found results are not conclusive here.     

Trace specifications: methodology and models

The authors summarize the trace specification language and present the trace specification methodology: a set of heuristics designed to make the reading and writing of complex specifications manageable. Also described is a technique for constructing formal, executable models from specifications written using the methodology. These models are useful as proof of specification consistency and as executable prototypes. Fully worked examples of the methodology and the model building techniques are included     

Extreme programming, it's worth a look

Extreme programming (XP) has been making waves among application developers for good reason. Its 12 core processes emphasize the small and simple, which translates to fast, efficient code generation. XP is deliberately lightweight, dispensing with lengthy use-case specifications, requirements definitions, and extensive documentation. As such, it is not, nor was it designed to be, a full life cycle methodology. But neither is it hacking, as some of its critics maintain. Rather, it is a collection of highly disciplined practices that companies can either formally introduce into their existing process or use to supplement individual processes for project management, change management, requirements planning, and testing     

Understanding the gap between software process practices and actual practice in very small companies

This paper reports on a grounded theory to study into software developers’ use of software development processes in actual practice in the specific context of very small companies. This study was conducted in three very small software product companies located in Ecuador. The data collection was based on semi-structured qualitative interviews with software project managers, focus group with software developers and was supplemented by the literature and document studies. We interviewed two types of participants (managers and developers), so as to ensure that we elicited a holistic perspective of how they approached the software development process in actual practice. The goal was to study what practices are actually used and their opinion and attitude toward the potential adopting of an international standard (ISO/IEC 29110) specifically designed for very small companies. With the collected data, we performed an analysis utilizing grounded theory coding techniques, as this methodology promotes the focus on uncovering the real concerns of the participants. This study highlighted three areas of concern: customer, software product and development tasks coordination and tracking. The findings in this study give an insight toward the work products as they relate to software development process practices in very small companies and the important factors that must be considered to assist project success.     

The influence of the informal social learning environment on information privacy policy compliance efficacy and intention

Throughout the world, sensitive personal information is now protected by regulatory requirements that have translated into significant new compliance oversight responsibilities for IT managers who have a legal mandate to ensure that individual employees are adequately prepared and motivated to observe policies and procedures designed to ensure compliance. This research project investigates the antecedents of information privacy policy compliance efficacy by individuals. Using Health Insurance Portability and Accountability Act compliance within the healthcare industry as a practical proxy for general organizational privacy policy compliance, the results of this survey of 234 healthcare professionals indicate that certain social conditions within the organizational setting (referred to as external cues and comprising situational support, verbal persuasion, and vicarious experience) contribute to an informal learning process. This process is distinct from the formal compliance training procedures and is shown to influence employee perceptions of efficacy to engage in compliance activities, which contributes to behavioural intention to comply with information privacy policies. Implications for managers and researchers are discussed.     

Friend or not to friend: Coworker Facebook friend requests as an application of communication privacy management theory

Given that Facebook.com is a social networking tool used by a diverse audience, this study employs Communication Privacy Management (CPM) theory as a framework to investigate how working professionals respond to co-worker Facebook friend requests. Overall, 312 individuals with full-time jobs and Facebook accounts completed an online survey. Results confirmed that most working professionals accepted co-worker Facebook friend requests. However, request decisions varied in conjunction with organizational privacy orientation, current Facebook privacy management practices, and co-worker communication satisfaction. Results confirm that working professionals’ Facebook linkage choices with other co-workers are best understood when embedded within a framework which provides a more complete understanding of the functioning of their privacy rules. Future research examining working professionals’ social media privacy management practices when individual privacy norms contradict organizational privacy norms is discussed.     

An XML-based Quality of Service Enabling Language for the Web

In this paper, we introduce an XML-based hierarchical QoS markup language, called HQML, to enhance distributed multimedia applications on the World Wide Web (WWW) with quality of service (QoS) capability. The design ofHQML is based on two observations: (1) the absence of a systematic QoS specification language, that can be used by distributed multimedia applications on the WWW to utilize the state-of-the-art QoS management technology and (2) the power and popularity of XML to deliver richly structured contents over the Web. HQML allows distributed multimedia applications to specify all kinds of application-specific QoS policies and requirements. During runtime, the HQML Executor translates the HQML file into desired data structures and cooperates with the QoS proxies that assist applications in end-to-end QoS negotiation, setup and enforcement. In order to make QoS services tailored toward user preferences and meet the challenges of uncertainty in the distributed heterogeneous environments, the design of HQML is featured as interactive andflexible . In order to allow application developers to create HQML specifications correctly and easily, we have designed and developed a unified visual QoS programming environment, called QoSTalk. In QoSTalk, we adopt a grammatical approach to perform consistency check on the visual QoS specifications and generate HQML files automatically. Finally, we introduce the distributed QoS compiler, which performs the automatic mappings between application- and resource-level QoS parameters to relieve the application developer of the burden of dealing with low-level QoS specifications.     

User-centric social context information management: an ontology-based approach and platform

Social context information has been used with encouraging results in developing socially aware applications in different domains. However, users’ social context information is distributed over the Web and managed by many different proprietary applications, which is a challenge for application developers as they must collect information from different sources and wade through a lot of irrelevant information to obtain the social context information of interest. On the other hand, it is extremely hard for information owners to control how their information should be exposed to different users and applications. Combining the social context information from the diverse sources, incorporating richer semantics and preserving information owners’ privacy could greatly assist the developers and as well as the information owners. In this paper, we introduce a social context information management system (SCIMS). It includes the ability to acquire raw social data from multiple sources; an ontology-based model for classifying, inferring and storing social context information, in particular, social relationships and status; an ontology-based policy model and language for owners to control access to their information; a query interface for accessing and utilizing social context information. We evaluate the performance of SCIMS using real data from Facebook, LinkedIn, Twitter, and Google Calendar and demonstrate its applicability through a socially aware phone call application.     

Privacy and security constraints for code contributions

In collaborative software development, developers submit their contributions to repositories that are used to integrate code from various collaborators. To avoid privacy and security issues, code contributions are often reviewed before integration. Although careful manual code review can detect such issues, it might be time-consuming, expensive, and error-prone. Automatic analysis tools can also detect privacy and security issues, but they often demand significant developer effort, or are domain specific, considering fixed framework specific vulnerability sources and sinks. To reduce these problems, in this paper we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. We implement a tool that automatically checks Salvum policies for systems of different technical domains. We also investigate whether Salvum can find policy violations for a number of open-source projects. We find evidence that Salvum helps to detect violations even for well-supported and highly active projects. Moreover, our tool helps to find 80 violations in benchmark projects.