Formal analysis of privacy requirements specifications for multi-tier applications

Breaux, Travis D.; Rao, Ashwini K.

doi:10.1109/re.2013.6636701

Cited by 29 publications

(14 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been some recent papers on extracting privacy requirements from privacy regulations and laws [9,10]. These could be part of the privacy framework as well and help in reducing the impact due to cultural differences for privacy.…”

Section: Related Workmentioning

confidence: 99%

Us and them: a study of privacy requirements across north america, asia, and europe

Sheth

Kaiser

Maalej

2014

Proceedings of the 36th International Conference on Software Engineering

View full text Add to dashboard Cite

Data privacy when using online systems like Facebook and Amazon has become an increasingly popular topic in the last few years. However, only a little is known about how users and developers perceive privacy and which concrete measures would mitigate their privacy concerns. To investigate privacy requirements, we conducted an online survey with closed and open questions and collected 408 valid responses. Our results show that users often reduce privacy to security,

show abstract

Section: Related Workmentioning

confidence: 99%

Us and them: a study of privacy requirements across north america, asia, and europe

Sheth

Kaiser

Maalej

2014

Proceedings of the 36th International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

“…AppSent * a sentence in app's privacy policy whose main verb ∈ V P * Res AppP P * resources that the app will * according to an app's privacy policy Res AppP P * resources that app will not * according to an app's privacy policy LibSent * a sentence in lib's privacy policy whose main verb ∈ V P * Res LibP P * resources to the lib will * according to the lib's privacy policy Table I lists the symbols related to privacy policy. We summarize four types of main verbs, which are commonly used in privacy policies, as suggested by [27], [28], including:…”

Section: Main Verbs Sentences and Resourcesmentioning

confidence: 99%

PPChecker: Towards Accessing the Trustworthiness of Android Apps’ Privacy Policies

Wang

Chen

et al. 2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Recent years have witnessed a sharp increase of malicious apps that steal users' personal information. To address users' concerns about privacy risks and to comply with data protection laws, more and more apps are supplied with privacy policies written in natural language to help users understand an app's privacy practices. However, little is known whether these privacy policies are trustworthy or not. Questionable privacy policies may be prepared by careless app developers or someone with malicious intention. In this paper, we carry out a systematic study on privacy policy by proposing a novel approach to automatically identify five kinds of problems in privacy policy. After tackling several challenging issues, we implement the approach in a system, named PPChecker, and evaluate it with real apps and their privacy policies. The experimental results show that PPChecker can effectively identify questionable privacy policies with high precision. Applying PPChecker to 2,500 popular apps, we find that 1,850 apps (i.e., 74.0%) have at least one kind of problems. This study sheds light on the research of improving and regulating apps' privacy policies.

show abstract

“…Maxwell and Antón [40] formalized legal texts of the Health Insurance Portability and Accountability Act as production rule models to support regulatory compliance analysis. Breaux et al performed extensive research on formalizing legal text for supporting compliance verification of software requirements with regulations in order to establish traceability between requirements and regulations [6,8,7].…”

Section: Related Workmentioning

confidence: 99%

Mind the gap: assessing the conformance of software traceability to relevant guidelines

Rempel

Mäder

Kuschke

et al. 2014

Proceedings of the 36th International Conference on Software Engineering

View full text Add to dashboard Cite

Many guidelines for safety-critical industries such as aeronautics, medical devices, and railway communications, specify that traceability must be used to demonstrate that a rigorous process has been followed and to provide evidence that the system is safe for use. In practice, there is a gap between what is prescribed by guidelines and what is implemented in practice, making it difficult for organizations and certifiers to fully evaluate the safety of the software system. In this paper we present an approach, which parses a guideline to extract a Traceability Model depicting software artifact types and their prescribed traces. It then analyzes the traceability data within a project to identify areas of traceability failure. Missing traceability paths, redundant and/or inconsistent data, and other problems are highlighted. We used our approach to evaluate the traceability of seven safetycritical software systems and found that none of the evaluated projects contained traceability that fully conformed to its relevant guidelines.

show abstract

Formal analysis of privacy requirements specifications for multi-tier applications

Cited by 29 publications

References 16 publications

Us and them: a study of privacy requirements across north america, asia, and europe

Us and them: a study of privacy requirements across north america, asia, and europe

PPChecker: Towards Accessing the Trustworthiness of Android Apps’ Privacy Policies

Mind the gap: assessing the conformance of software traceability to relevant guidelines

Contact Info

Product

Resources

About