Formal analysis of privacy requirements specifications for multi-tier applications

2013 21st IEEE International Requirements Engineering Conference, RE 2013 - Proceedings

Volumn , Issue , 2013, Pages 14-23

  Breaux, Travis D ^a   Rao, Ashwini ^a  

^a Institute for Software Research Carnegie Mellon University ^*  (United States)

Author keywords

Description logic; Formal analysis; Privacy requirements; Standardization

Indexed keywords

CHAINS; DATA DESCRIPTION; FORMAL LANGUAGES; INDUSTRY; LOCATION BASED SERVICES; MARKETING; REQUIREMENTS ENGINEERING; SOCIAL NETWORKING (ONLINE); STANDARDIZATION; SUPPLY CHAINS;

DESCRIPTION LOGIC; EXPLORATORY CASE STUDIES; FORMAL ANALYSIS; FORMAL REPRESENTATIONS; MULTI-STAKEHOLDER; MULTI-TIER APPLICATIONS; MULTIPLE STAKEHOLDERS; PRIVACY REQUIREMENTS;

DATA PRIVACY;

EID: 84891049573     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/RE.2013.6636701     Document Type: Conference Paper

References (25)

1. A.I. Antón, J.B. Earp, Q. He, W. Stufflebeam, D. Bolchini, C. Jensen, "Financial privacy policies and the need for standardization," IEEE Sec. & Priv., 2(2):36-45, 2004
2. A.I. Antón, J.B. Earp, "A requirements taxonomy for reducing web site privacy vulnerabilities," Req'ts Engr. J., 9(3):169-185, 2004
3. G. Aucher, G. Boella, L. van der Torre. "Privacy policies with modal logic: A dynamic turn," LNCS 6181: 196-213, 2010
4. F. Baader, D. Calvenese, D. McGuiness (eds.), The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, 2003
5. A. Barth, A. Datta, J.C. Mitchell, H. Nissenbaum, "Privacy and Contextual Integrity: Framework and Applications," IEEE Symp. on Sec. & Priv., 2006, pp. 184-198
6. T.D. Breaux, A.I. Antón, "Analyzing Goal Semantics for Rights, Permissions, and Obligations." IEEE Req'ts. Engr. Conf., Paris, France, pp. 177-186, 2005
7. T.D. Breaux, A.I Antón. "Analyzing regulatory rules for privacy and security requirements." IEEE Trans. Soft. Engr., Special Issue on Soft. Engr. for Secure Sys., 34(1):5-20, 2008
8. T.D. Breaux, A.I. Antón, J. Doyle, "Semantic parameterization: A conceptual modeling process for domain descriptions." ACM Trans. Soft. Engr. Method., 18(2): Article 5, 2009
9. T.D. Breaux, D.L. Baumer, "Legally 'Reasonable' Security Requirements: A 10-year FTC Retrospective." Computers & Security, 30(4):178-193. 2011
10. L. Cranor et al., "Platform for Privacy Preferences (P3P) Specification," W3C Working Group Note, 2006
11. C.B. Farrell. "FTC Charges Deceptive Privacy Practices in Google's Rollout of Its Buzz Social Network," U.S. Federal Trade Comission News Release, March 30, 2011
12. C. Hanson, T. Berners-Lee, L. Kagal, G.J. Sussman, D. Weitzner, "Datapurpose algebra: Modeling data usage policies." 8th IEEE Work. Pol. Dist. Sys. & Nets., 2007, pp. 173-177
13. J.F. Horty. "Deontic logic as founded in non-monotonic logic." Annals of Math. & Art. Intel., 9: 69-91, 1993
14. M. Kahmer, M. Gilliot, G. Muller, "Automating Privacy Compliance with ExPDT." 10th IEEE Conf. E-Com. Tech., pp. 87-94, 2008
15. P.G. Leon, L.F. Cranor, A.M. McDonald, R. McGuire, "Token attempt: The misrepresentation of website privacy policies through the misuse of p3p compact policy tokens," 9th Workshop on Priv. Elec. Soc., pp. 93- 104, 2010
16. Lin, H. T., Sirin, E. (2008). Pellint- A Performance Lint Tool for Pellet. International Workshop on OWL: Experiences and Directions (OWLED 2008).
17. C. Lutz, F. Wolter, M. Zakharyashev, "Temporal description logics: A survey." 15th IEEE Int'l Symp. Temp. Rep. & Reas., pp. 3-14, 2008
18. M.J. May, Privacy APIs: Formal Models for Analyzing Legal and Privacy Requirements, Ph.D. Thesis, U. of Pennsylvania, 2008
19. C. Powers, M. Schunter, "Enterprise Policy Authorization Language," Version 1.2, W3C Member Submission, Nov. 2003
20. E. Steel, G.A. Fowler. "Facebook in privacy breach." Wall Street Journal, October 17, 2010
21. Sweeney, Latanya. "k-Anonymity: A model for protecting privacy." Int'l J. of Uncertainty, Fuzziness and Knowledge-Based Sys., 10(5): 557-570, 2002
22. A. Uszok, J.M. Bradshaw, J. Lott, M. Breedy, L. Bunch. "New Developments in Ontology-Based Policy Management: Increasing the Practicality and Comprehensiveness of KAoS." IEEE Work. on Pol. Dist. Sys. & Nets., pp. 145-152, 2008
23. F. Wan, M.P. Singh. "Formalizing and achieving multiparty agreements via commitments." Auto. Agents & Multi-Agent Sys., pp. 770-777, 2005
24. R.K. Yin. Case study research, 4th ed. In Applied Social Research Methods Series, v.5. Sage Publications, 2009
25. J. Young. "Commitment analysis to operationalize software requirements from privacy policies." Req'ts Engr. J., 16:33-46, 2011