Privacy Statements’ Recommender System (PSRS) based on Permission Methods of Android Applications
In recent years, much work has been done to automatically identify inconsistencies between Android applications and their corresponding privacy policies. These studies show that creating a privacy policy that matches with the application’s source code and maintains consistent throughout its lifecycle is not a trivial task. Inspired by the work of Jiang et al. and Lui et al., we propose a recommender system which translates permission functionalities of Android applications into a set of privacy statements which can then be inserted into privacy policies. Our approach leverages Neural Machine Translation to translate the source code into natural language privacy statements.
Collaborators:
-
Sai Peddinti, Senior Privacy Researcher, Google Inc., The USA
Towards a Heterogeneous IoT Privacy Architecture
Internet of Things (IoT) devices collects a massive amount of data from the users at a high rate than ever before. This increasing growth of the IoT poses a wide range of privacy and security threats to consumers. In a heterogeneous architecture with a wide range of IoT devices, identifying potential privacy risks of deploying a new IoT device is still an open research scope. It is also challenging to ensure that the privacy of individuals is protected within a heterogeneous network. In this research, we propose a privacy protection framework for the IoT called HIPA (Heterogeneous IoT Privacy Architecture), which holds two key objectives as follows: 1) Analyze the risks of a device prior to its installation, and 2) Prioritizes consumer's preferences. Our framework consists of five components. These components evaluate the consistencies and compatibility of a new device, identify the related privacy risks, update the risk level, and notify the user accordingly. Our initial analysis shows that our proposed framework can potentially help the user to analyze the risk and make the decision prior to the installation of any new IoT device.

Recent studies show that many Android applications either do not have a privacy policy in place or there are some inconsistencies between their application and the corresponding privacy policies. In this project, we develop a framework with its tool-support to identify the mismatches and inconsistencies between privacy policies and the APK documents of the Android applications and provide resolutions for them. We tackle the problem from both users and the developers point of view. Our approach exploits several machine learning algorithms such as convolutional neural network (CNN), topic modeling, KNN, SVM, etc.

With the rapid growth in technologies such as the Internet of Things (IoT) devices and mobile applications, the needs for protecting privacy of individuals and complying with the existing privacy-related regulations have become more emergent. Article 25 of the EU General Data Protection Directive (GDPR) asks companies to demonstrate their compliance with privacy regulations by design and by default. However, regulations are usually written in languages that are not familiar for software and requirements engineers. In this project, we develop an FOL-based Legal Goal-oriented Language (FLG) framework to help requirement and software engineer extract legal requirements from regulations and model them in a way that is familiar to them. For this project, we use first-order-logic, goal modeling approaches and natural language processing techniques.

User-focused Privacy
In this research, we evaluate security and privacy requirements, vulnerabilities and threats related to cloud environments and develop a tool-supported modeling framework to help developers correctly identify security and privacy requirements for their cloud systems and help them resolve vulnerabilities and threats. We also plan to evaluate security and privacy concerns of fog nodes which IoT devices communicate with.

Legal Document Text Analysis, Mining and Modeling
The primary aim of this research is to provide engineering solutions to mine and extract legal and privacy requirements from regulations, best practices and policy documents and then to implement tool-supported methodologies to identify and resolve ambiguities, conflicts and cross-references in privacy-related regulations and to model and analyze compliance between regulations and software, mobile and IoT applications.
Collaborators:
-
Llio Humphrey, University of Torino, Italy
-
Aaron K. Massey, University of Maryland Baltimore County, USA
Goal modeling languages capture and analyze high-level goals and their relationships with lower level goals and tasks. However, in such models the arguments for and against alternatives based on the stakeholders' opinions is usually left implicit. In the RationalGRL project, we develop a methodology to make the argumentation used in the goal modeling process explicit. We use formal argumentation techniques from AI to compute valid sets of arguments,,and we implement our framework in jUCMNav. In this way, RationalGRL allows traceability from elements of the goal model to their underlying arguments.
Collaborators:
-
Marc van Zee, Researcher, Google Inc., The Netherlands
-
Floris Bex, Assistant Professor, University of Utrecht, The Netherlands
Principle-based Goal-oriented Requirements Language (GRL)
Organizations use enterprise architecture as a method to represent a holistic view of the company and to steer its evolution and establishment of new businesses, aligning all aspects of the organization. Often, new programs are accepted and guided by architecture principles. However, architecture principles are usually represented in natural language, which makes them informal, hard to evaluate and complicates tracing them to the actual goals of the organization. In this project, we aim to meet the challenges posed by introducing architecture principles and to create a semi-formal framework that can support the tasks of formulating and enforcing principles when creating architecture design. The framework leverages the User Requirements Notation (URN) and its subparts, Goal-oriented Requirements Language (GRL) and Use Case Maps (UCM) notations and the concept of URN links and creates a new GRL profile, customized to enterprise architecture needs.
Collaborators:
-
Diana Marosin, PhD Student, Luxembourg Institute of Science and Technology, Luxembourg
-
Marc van Zee, Researcher, Google Inc., The Netherlands
