Requirements Engineering Laboratory @ CMU
Director:
Dr. Travis D. Breaux
 
Collaborators:
Dr. Alessandro Acquisti
Dr. Thomas Alspaugh
Dr. Lorrie Cranor
Dr. David Baumer
Dr. David Gordon
Dr. Jianwei Niu
Dr. Rahul Telang
Dr. Joel Reidenberg
Dr. Norman Sadeh
Dr. Florian Schaub
Dr. Christian Wagner
Dr. Xiaoyin Wang
Dr. Laurie Williams
 
Associates:
Jaspreet Bhatia
Hanan Hibshi
Mitra Bokaei Hosseini
Rocky Slavin

The Requirements Engineering Laboratory is dedicated to the study of computational methods, tools and techniques for capturing, modeling and analyzing software requirements to improve trust and assurance in the software systems. Our research combines formal and experimental methods to study both the limits of design specification in characterizing problems and solutions, as well as the limits of human comprehension in the application of tools to solve real world problems. Following is a list of our current projects:

Natural Language Models of Privacy Requirements

Privacy policy authors, regulators and users express their desires and needs using natural language in the form of policies and scenarios. Policy authors intentionally use ambiguous and vague language to write flexible policies that support evolving system designs, whereas users struggle to understand the range of acceptable interpretations in vague policies, and thus incorrectly estimate their privacy risks while using web- and mobile-based apps. Moreover, the number of data types covered by privacy requirements is well into the thousands, raising ontological challenges to automating privacy requirements analysis. This research aims to build formal models language models to more effectively estimate privacy risk and generate questions to elicit user requirements.

Relevant Publications: [HSB+20] [BEB19] [BB18] [BBR+16]

Composable and Usable Security and Privacy Requirements

Mobile and cloud-based computing have transformed how users interact with data and computation at unprecedented scale, including social and crowd-based computing. This project explores new specification languages to enable developers to express their privacy and security design intent and to check that this intent is preserved across multi-party services and component-based software. Tools that we are developing can be used to check data sharing specifications for undesirable ambiguities, inconsistencies and conflicts with privacy and security requriements. As a result, developers will be able to transparently consider design trade-offs by comparing third-party services and be able to more effectively design systems to preserve privacy across complex, multi-party data supply chains.

Relevant Publications: [BSH15] [BHR13] [BR13]

Visit the Eddy project site: https://gaius.isri.cmu.edu:4433/eddy/


Handling Risk in Privacy and Security Requirements Analysis

Critical and commercial IT infrastructure is subject to security and privacy risks that developers must address through rigorous requirements analysis. While large repositories of security and privacy requirements (i.e., best practice) exist and are publicly available, developers generally fail to implement these requirements in practice. Based on our research, we believe this failure is due to the challenges of perceiving and comprehending risk cues, and then transitioning to reason about potential threats and attacks. This project aims to study how developers and analysts perceive privacy and security risk and how they mitigate these risks by capturing and encoding the analyst reasoning processes using a combination of qualitative and quantitative research methods.

Relevant Publications: [HBS15] [BB19]


Harmonizing Multi-Jurisdictional Privacy and Security Policy.

Products and services are increasingly designed for consumption across multiple jurisdictions, and in some cases these services require sharing information across national and provincial boundaries. This subjects data to the different governmental privacy and security laws, which may conflict or require reconciliation. This project aims to enable software developers to reason about multi-jurisdictional trade-offs in cloud computing requirements, where data is stored and distributed across multi-national and provincial boundaries and users enjoy the privacy protections of their host nations, provinces and municipalities. Our current work includes techniques for comparing requirements across jurisdictions and identifying a high and low water mark to assess various levels of care in legal compliance.

Relevant Publications: [GB14] [GB13a] [GB13b] [GB12]