Privacy Engineering - Regulatory Compliance Lab (PERC Lab)

Privacy and Security Analysis of Internet of Things (IoT) Devices

Description: While IoT devices have many benefits for the individuals, they also pose many privacy and security concerns. IoT devices collect massive amount of data from the users at a high rate than even before. There should be not only methods to help protecting the personal data but also methods to inform the user about the collection, use and disclosure of their private data and provide them a choice to decide how to share their information. In this research, we analyze IoT devices, their challenges for security and privacy and try to find solutions for those challenges.

Privacy and Security Requirements Analysis and Modeling in Cloud Applications

Description: In this project, we aim to analyze and model cloud applications with requirements engineering approaches, provide solutions and recommendations for implementing privacy and security requirements for cloud applications, develop tool-supported algorithms to analyze the security risks and vulnerabilities of the cloud applications and automatically propose solutiosn for them.

Multi-jurisdictional Privacy Compliance

Description: To ensure protecting the privacy and confidentiality of the data, governments introduce many new privacy-related regulations across multiple jurisdictions. The trend towards service-oriented computing provides new opportunities for reuse, as software designers and engineers can leverage existing services to meet their own needs. This also means that the services need to ensure compliance with multiple regulations across several jurisdictions and they need to adapt very quickly to the regulations of the new market. Not having proper mechanisms and procedures to protect the privacy of the users can cause harm to both users and the companies and it affects the trust between the end-user and the company.

Privacy by Design Strategies and Tactics

Description: In this project, we aim to develop methods to incoporate privacy requirements into the design of software system.


Description: Goal modeling languages capture and analyze high-level goals and their relationships with lower level goals and tasks. However, in such models the arguments for and against alternatives based on the stakeholders' opinions is usually left implicit. In the RationalGRL project, we develop a methodology to make the argumentation used in the goal modeling process explicit. We use formal argumentation techniques from AI to compute valid sets of arguments,and we implement our framework in jUCMNav. In this way, RationalGRL allows traceability from elements of the goal model to their underlying arguments.

  • Marc van Zee, PhD Student, University of Luxembourg, Luxembourg
  • Diana Marosin, PhD Student, Luxembourg Institute of Science and Technology, Luxembourg
  • Floris Bex, Assistant Professor, University of Utrecht, The Netherlands

Principle-based GRL:

(A Semi-formal Framework for Managing Consistency between Enterprise Architecture Principles and Architecture Models)

Description: Organizations use enterprise architecture as a method to represent a holistic view of the company and to steer its evolution and establishment of new businesses, aligning all aspects of the organization. Often, new programs are accepted and guided by architecture principles. However, architecture principles are usually represented in natural language, which makes them informal, hard to evaluate and complicates tracing them to the actual goals of the organization. In this project, we aim to meet the challenges posed by introducing architecture principles and to create a semi-formal framework that can support the tasks of formulating and enforcing principles when creating architecture design. The framework leverages the User Requirements Notation (URN) and its subparts, Goal-oriented Requirements Language (GRL) and Use Case Maps (UCM) notations and the concept of URN links and creates a new GRL profile, customized to enterprise architecture needs.

  • Diana Marosin, PhD Student, Luxembourg Institute of Science and Technology, Luxembourg
  • Marc van Zee, PhD Student, University of Luxembourg, Luxembourg