Copyright © Sepideh Ghanavati - 2019

  • GitHub-Mark-120px-plus
  • Twitter Basic Black

Privacy Statements’ Recommender System (PSRS) based on Permission Methods of Android Applications

In recent years, much work has been done to automatically identify inconsistencies between Android applications and their corresponding privacy policies. These studies show that creating a privacy policy that matches with the application’s source code and maintains consistent throughout its lifecycle is not a trivial task. Inspired by the work of Jiang et al. and Lui et al., we propose a recommender system which translates permission functionalities of Android applications into a set of privacy statements which can then be inserted into privacy policies. Our approach leverages Neural Machine Translation to translate the source code into natural language privacy statements. 

Recent studies show that many Android applications either do not have a privacy policy in place or there are some inconsistencies between their application and the corresponding privacy policies. In this project, we develop a framework with its tool-support to identify the mismatches and inconsistencies between privacy policies and the APK documents of the Android and IoT applications and provide resolutions for them. We tackle the problem from both users and the developers point of view. Our approach exploits several machine learning algorithms such as convolutional neural network (CNN), topic modeling, KNN, SVM, etc. 

With the rapid growth in technologies such as the Internet of Things (IoT) devices and mobile applications, the needs for protecting privacy of individuals and complying with the existing privacy-related regulations have become more emergent. Article 25 of the EU General Data Protection Directive (GDPR) asks companies to demonstrate their compliance with privacy regulations by design and by default. However, regulations are usually written in languages that are not familiar for software and requirements engineers. In this project, we develop an FOL-based Legal Goal-oriented Language (FLG) framework to help requirement and software engineer extract legal requirements from regulations and model them in a way that is familiar to them. For this project, we use first-order-logic, goal modeling approaches and natural language processing techniques. 

Privacy and Security Engineering for Cloud and IoT Applications

While IoT devices have many benefits for the individuals, they also pose many privacy and security concerns. IoT devices collect massive amount of data from the users at a high rate than even before. In a hyper-connected infrastructure with a wide range of IoT devices, the aggregation of the collected data can pose more harm to the privacy of the individuals. In this research, we develop techniques to analyze privacy compliance of these devices in aggregation against their own privacy policies and privacy-related regulations. We also evaluate security and privacy requirements, vulnerabilities and threats related to cloud environments and develop a tool-supported modeling framework to help developers correctly identify security and privacy requirements for their cloud systems and help them resolve vulnerabilities and threats.

User-focused Privacy

In this research, we evaluate security and privacy requirements, vulnerabilities and threats related to cloud environments and develop a tool-supported modeling framework to help developers correctly identify security and privacy requirements for their cloud systems and help them resolve vulnerabilities and threats. We also plan to evaluate security and privacy concerns of fog nodes which IoT devices communicate with.

Legal Document Text Analysis, Mining and Modeling

The primary aim of this research is to provide engineering solutions to mine and extract legal and privacy requirements from regulations, best practices and policy documents and then to implement tool-supported methodologies to identify and resolve ambiguities, conflicts and cross-references in privacy-related regulations and to model and analyze compliance between regulations and software, mobile and IoT applications.

Goal modeling languages capture and analyze high-level goals and their relationships with lower level goals and tasks. However, in such models the arguments for and against alternatives based on the stakeholders' opinions is usually left implicit. In the RationalGRL project, we develop a methodology to make the argumentation used in the goal modeling process explicit. We use formal argumentation techniques from AI to compute valid sets of arguments,,and we implement our framework in jUCMNav. In this way, RationalGRL allows traceability from elements of the goal model to their underlying arguments.

Collaborators:

  • Marc van Zee, PhD Student, University of Luxembourg, Luxembourg

  • Floris Bex, Assistant Professor, University of Utrecht, The Netherlands

Principle-based Goal-oriented Requirements Language (GRL)

(A Semi-formal Framework for Managing Consistency between Enterprise Architecture Principles and Architecture Models)


Organizations use enterprise architecture as a method to represent a holistic view of the company and to steer its evolution and establishment of new businesses, aligning all aspects of the organization. Often, new programs are accepted and guided by architecture principles. However, architecture principles are usually represented in natural language, which makes them informal, hard to evaluate and complicates tracing them to the actual goals of the organization. In this project, we aim to meet the challenges posed by introducing architecture principles and to create a semi-formal framework that can support the tasks of formulating and enforcing principles when creating architecture design. The framework leverages the User Requirements Notation (URN) and its subparts, Goal-oriented Requirements Language (GRL) and Use Case Maps (UCM) notations and the concept of URN links and creates a new GRL profile, customized to enterprise architecture needs.

Collaborators:

  • Diana Marosin, PhD Student, Luxembourg Institute of Science and Technology, Luxembourg

  • Marc van Zee, PhD Student, University of Luxembourg, Luxembourg