Recent studies show that many Android applications either do not have a privacy policy in place or there are some inconsistencies between their application and the corresponding privacy policies.
In this project, we evaluate and extract privacy requirements and privacy practices of Android applications based on their privacy policies, and then we develop a tool-supported framework to identify the mismatches and inconsistencies between privacy policies and privacy practices of the Android applications and provide resolutions for them. We tackle the problem from both users' and the developers' points of view. Our approach exploits several machine learning algorithms such as convolutional neural networks (CNN), topic modeling, KNN, SVM, etc.
With the rapid growth in technologies such as the Internet of Things (IoT) devices and mobile applications, the need for protecting the privacy of individuals and complying with the existing privacy-related regulations has become more emergent. Article 25 of the EU General Data Protection Regulation (GDPR) asks companies to demonstrate their compliance with privacy regulations by design and by default. However, regulations are usually written in languages that are not familiar to software and requirements engineers.
The primary aim of this research is to provide engineering solutions to mine and extract legal and privacy requirements from regulations, best practices, and policy documents and then to implement tool-supported methodologies to identify and resolve ambiguities, conflicts, and cross-references in privacy-related regulations and to model and analyze compliance between regulations and software, mobile and IoT applications.
As part of this project, we develop an FOL-based Legal Goal-oriented Language (FLG) framework to help requirements and software engineers extract legal requirements from regulations and model them in a way that is familiar to them. For this project, we use first-order logic, goal modeling approaches and natural language processing techniques. In addition, we extended Use Case Maps to intergrate and reason about legal ambiguities existed in GDPR.
Organizations use enterprise architecture as a method to represent a holistic view of the company and to steer its evolution and establishment of new businesses, aligning all aspects of the organization. Often, new programs are accepted and guided by architecture principles. However, architecture principles are usually represented in natural language, which makes them informal, hard to evaluate, and complicates tracing them to the actual goals of the organization.
In this project, we aim to meet the challenges posed by introducing architecture principles and to create a semi-formal framework that can support the tasks of formulating and enforcing principles when creating architecture design. The framework leverages the User Requirements Notation (URN) and its subparts, Goal-oriented Requirements Language (GRL) and Use Case Maps (UCM) notations and the concept of URN links and creates a new GRL profile, customized to enterprise architecture needs.
Goal modeling languages capture and analyze high-level goals and their relationships with lower-level goals and tasks. However, in such models, the arguments for and against alternatives based on the stakeholders' opinions are usually left implicit.
To support capturing stakeholder discussions, we develop a methodology to make the argumentation used in the goal modeling process explicit. We use formal argumentation techniques from AI to compute valid sets of arguments, and we implement our framework in jUCMNav. In this way, RationalGRL allows traceability from elements of the goal model to their underlying arguments.
