Detecting repurposing and over-collection in multi-party privacy requirements specifications

2015 IEEE 23rd International Requirements Engineering Conference, RE 2015 - Proceedings

Volumn , Issue , 2015, Pages 166-175

  Breaux, Travis D ^a   Smullen, Daniel ^a   Hibshi, Hanan ^a,b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b KING ABDULAZIZ UNIVERSITY   (Saudi Arabia)

Author keywords

Data flow analysis; privacy principles; requirements validation

Indexed keywords

DATA DESCRIPTION; DATA FLOW ANALYSIS; DATA TRANSFER; DIGITAL STORAGE; INFORMATION SERVICES; MARKETING; REQUIREMENTS ENGINEERING; SERVICE ORIENTED ARCHITECTURE (SOA); SPECIFICATIONS; WEB SERVICES;

AUTOMATION REASONINGS; DATA FLOW REQUIREMENTS; EMPIRICAL CASE STUDIES; END-USER APPLICATIONS; INTERNATIONAL STANDARDS; PRIVACY PRINCIPLE; REQUIREMENTS SPECIFICATIONS; REQUIREMENTS VALIDATION;

DATA PRIVACY;

EID: 84962431723     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/RE.2015.7320419     Document Type: Conference Paper

References (26)

1. G. Aucher, G. Boella, L. van der Torre. "Privacy policies with modal logic: a dynamic turn," Lect. Notes. Comp. Sci. 6181: 196-213, 2010.
2. A.I. Antón, J.B. Earp, "A requirements taxonomy for reducing web site privacy vulnerabilities," Req'ts Engr. J., 9(3):169-185, 2004.
3. F. Baader, D. Calvenese, D. McGuiness (eds.), The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, 2003.
4. A. Barth, A. Datta, J.C. Mitchell, H. Nissenbaum, "Privacy and contextual integrity: framework and applications," IEEE Symp. on Sec. & Priv., 2006, pp. 184-198.
5. T.D. Breaux, A.I. Anton. "Analyzing regulatory rules for privacy and security requirements," IEEE Trans. Soft. Engr., 34(1): 5-20, 2008.
6. T.D. Breaux, A.I. Antón, J. Doyle, "Semantic parameterization: a conceptual modeling process for domain descriptions." ACM Trans. Soft. Engr. Method., 18(2): Article 5, 2009.
7. T.D. Breaux, D.L. Baumer, "Legally 'Reasonable' Security Requirements: A 10-year FTC Retrospective." Computers & Security, 30(4):178-193. 2011.
8. T.D. Breaux, H. Hibshi, A. Rao. "Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements," Req'ts Engr. J., 19(3): 281-307, 2014.
9. nd Int'l Req'ts Engr. Conf. (RE'14), pp. 163-172, 2014.
10. st Int'l Req'ts Engr. Conf., pp. 14-23, Jul. 2013.
11. nd ed. Sage Publications, 2003.
12. th IEEE Work. Pol. Dist. Sys. & Nets., 2007, pp. 173-177.
13. J.F. Horty. "Deontic logic as founded in non-monotonic logic." Annals of Math. & Art. Intel., 9: 69-91, 1993.
14. th Conf. E-Com. Tech., pp. 87-94, 2008
15. th Int'l Req'ts Engr. Conf., pp. 151-161, 2003.
16. M.J. May, Privacy APIs: Formal Models for Analyzing Legal and Privacy Requirements, Ph.D. Thesis, U. of Pennsylvania, 2008.
17. th Int'l Conf. Soft. Engr., pp. 632-641, 2013.
18. th Int'l Conf. Soft. Engr. Frml. Mthd. pp. 117-126, 2008.
19. J. Saldaña, The Coding Manual for Qualitative Researchers, Sage Pubs. 2012.
20. S. Spiekermann, L.F. Cranor. "Engineering Privacy," IEEE Trans. Soft. Engr., 35(1): 67-92, 2008.
21. th Int'l Req'ts Engr. Conf., pp. 131-140, 2012.
22. A. Uszok, J.M. Bradshaw, J. Lott, M. Breedy, L. Bunch. "New developments in ontology-based policy management: increasing the practicality and comprehensiveness of KAoS." IEEE Work. on Pol. Dist. Sys. & Nets., pp. 145-152, 2008.
23. F. Wan, M.P. Singh. "Formalizing and achieving multiparty agreements via commitments." Auto. Agents & Multi-Agent Sys., pp. 770-777, 2005.
24. th Int'l W'shp on Req'ts Engr. & Law, pp. 25-34, 2014.
25. th ed. Sage Pubs. 2008.
26. J. Young. "Commitment analysis to operationalize software requirements from privacy policies." Req'ts Engr. J., 16:33-46, 2011