Privacy Engineering - Regulatory Compliance Lab (PERC-Lab)

Privacy and Security Engineering Framework for Mobile and IoT Applications

Description: While IoT devices have many benefits for the individuals, they also pose many privacy and security concerns. IoT devices collect massive amount of data from the users at a high rate than even before. There should be not only methods to help protecting the personal data but also methods to inform the user about the collection, use and disclosure of their private data and provide them a choice to decide how to share their information. In this research, we analyze IoT devices, their challenges for security and privacy and try to find solutions for those challenges.

Privacy and Security Analysis and Modeling in Cloud Computing and Fog Computing

Description: In this research, we evaluate security and privacy requirements, vulnerabilities and threats related to cloud environments and develop a tool-supported modeling framework to help developers correctly identify security and privacy requirements for their cloud systems and help them resolve vulnerabilities and threats. We also plan to evaluate security and privacy concerns of fog nodes which IoT devices communicate with.

Privacy and Legal Documents Analysis, Mining and Modeling

Description: The primary aim of this research is to provide engineering solutions to mine and extract legal and privacy requirements from regulations, best practices and policy documents and then to implement tool-supported methodologies to identify and resolve ambiguities, conflicts and cross-references in privacy-related regulations and to model and analyze compliance between regulations and software, mobile and IoT applications.

User-Focused Privacy

Description: The main objective of this research is to develop methods and algorithms to improve privacy policies for the users. We apply supervised machine learning algorithms to shorten privacy policies by extracting user-sensitive information from policies. We, then, create short notices. In this work, we mainly focus on privacy policies of IoT applications due to their unique characteristics such as lack of a user interface.

RationalGRL

Description: Goal modeling languages capture and analyze high-level goals and their relationships with lower level goals and tasks. However, in such models the arguments for and against alternatives based on the stakeholders' opinions is usually left implicit. In the RationalGRL project, we develop a methodology to make the argumentation used in the goal modeling process explicit. We use formal argumentation techniques from AI to compute valid sets of arguments,and we implement our framework in jUCMNav. In this way, RationalGRL allows traceability from elements of the goal model to their underlying arguments.

Link: RationalGRL Website

Collaborators:
  • Marc van Zee, PhD Student, University of Luxembourg, Luxembourg
  • Diana Marosin, PhD Student, Luxembourg Institute of Science and Technology, Luxembourg
  • Floris Bex, Assistant Professor, University of Utrecht, The Netherlands

Principle-based GRL:

(A Semi-formal Framework for Managing Consistency between Enterprise Architecture Principles and Architecture Models)

Description: Organizations use enterprise architecture as a method to represent a holistic view of the company and to steer its evolution and establishment of new businesses, aligning all aspects of the organization. Often, new programs are accepted and guided by architecture principles. However, architecture principles are usually represented in natural language, which makes them informal, hard to evaluate and complicates tracing them to the actual goals of the organization. In this project, we aim to meet the challenges posed by introducing architecture principles and to create a semi-formal framework that can support the tasks of formulating and enforcing principles when creating architecture design. The framework leverages the User Requirements Notation (URN) and its subparts, Goal-oriented Requirements Language (GRL) and Use Case Maps (UCM) notations and the concept of URN links and creates a new GRL profile, customized to enterprise architecture needs.

Collaborators:
  • Diana Marosin, PhD Student, Luxembourg Institute of Science and Technology, Luxembourg
  • Marc van Zee, PhD Student, University of Luxembourg, Luxembourg