The regular use of social networking websites and applications encompasses the collection and retention of personal and very often sensitive information about users. This information needs to remain private and each social network owns a privacy policy that describes in-depth how users' information is managed and disclosed. Problems arise when the development of new systems and applications includes an integration with social networks. The lack of clear understanding and a precise mechanism to enforce the statements described in privacy policies can compromise the development and adaptation of these statements.
The main goal of the project RSLingo4Privacy is to improve privacy by providing companies a set of languages and tools to align their policies with their practices, namely by introducing a privacy requirements specification into the regular software development process that allow to align multi-party expectations across multi-tier applications. To that end, and in the context of recent results from the RSLingo approach and our privacy policy analysis, we intend to research techniques that allow users to specify privacy-specific linguistics patterns to allow automatic extraction of the relevant information from privacy policies into an equivalent intermediate (RSL-IL) format, and map or transform these specifications into equivalent Eddy specifications that, with proper tools allow checking conflicts between these privacy policies and user preferences and the developers’ privacy specifications. Moreover, the relevance of this research will be demonstrated through the analysis of real world privacy policies, namely those posted by the most popular web sites, such as Facebook, Linkedin, Twitter, Dropbox, IMDB or Zynga.
Download the ready-to-use Eclipse IDE version of RSLingo4Privacy Studio through the following link: https://goo.gl/ImyHFG
[FS2012] D. Ferreira, A. R. Silva, "RSLingo: An Information Extraction Approach toward Formal Requirements Specifications", Second IEEE International Workshop on Model-Driven Requirements Engineering (MoDRE 2012), IEEE Computer Society, 2012.
[FS2013] D. Ferreira, A. R. Silva, "RSL-IL: An Interlingua for Formally Documenting Requirements”, Third IEEE International Workshop on Model-Driven Requirements Engineering (MoDRE 2013), IEEE Computer Society, 2013.
[FS2013a] D. Ferreira, A. R. Silva, "RSL-PL: A Linguistic Pattern Language for Documenting Software Requirements", Third International Workshop on Requirements Patterns (RePa 2013), IEEE Computer Society, 2013.
[CS2015] J. Caramujo, A. R. Silva, "Analyzing Privacy Policies based on a Privacy-Aware Profile: the Facebook and LinkedIn case studies", in Proceedings of IEEE CBI'2015, IEEE Computer Society, 2015.
[AR2016] A. R. Silva et al., "Improving the Specification and Analysis of Privacy Policies: The RSLingo4Privacy Approach", in Proceedings of the 8th ICEIS conference, SCITEPRESS, 336-347, 2016.
[BB2011] T. D. Breaux, D. L. Baumer, "Legally 'Reasonable' Security Requirements: A 10-year FTC Retrospective", Computers & Security, 30(4):178-193, 2011.
[BA2008] T. D. Breaux, A. I. Antón, "Analyzing regulatory rules for privacy and security requirements", IEEE Trans. Soft. Eng., Special Issue on Soft. Engr. for Secure Sys., 34(1):5-20, 2008.
[BR2013] T. D. Breaux, A. Rao, "Formal Analysis of Privacy Requirements Specifications for Multi-Tier Applications", IEEE 21st International Requirements Engineering Conference (RE), 2013.
[BHR2014] T. D. Breaux, H. Hibshi, A. Rao, "Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements", Requirements Engineering Journal, Springer, 2014.
© 2016-2017 André Ribeiro and Prof. Alberto Silva (Supervisor) – Instituto Superior Técnico, University of Lisbon, and INESC-ID. All rights reserved.