Visible to the public Biblio

Filters: Author is Ozgur Kafali  [Clear All Filters]
2016-10-04
Ozgur Kafali, Nirav Ajmeri, Munindar P. Singh.  2016.  Normative Requirements in Sociotechnical Systems. Proceedings of the 9th International Workshop on Requirements Engineering and Law (RELAW). :259-260.
Ozgur Kafali, Nirav Ajmeri, Munindar P. Singh.  2016.  Formal Understanding of Tradeoffs among Liveness and Safety Requirements. Proceedings of the 3rd International Workshop on Artificial Intelligence for Requirements Engineering (AIRE). :17-18.
2016-06-17
Ozgur Kafali, Nirav Ajmeri, Munindar P. Singh.  2016.  Revani: Revising and Verifying Normative Specifications for Privacy. IEEE Intelligent Systems.

Privacy remains a major challenge today partly because it brings together social and technical considerations. Yet, current software engineering focuses only on the technical aspects. In contrast, our approach, Revani, understands privacy from the standpoint of sociotechnical systems (STSs), with particular attention on the social elements of STSs. We specify STSs via a combination of technical mechanisms and social norms founded on accountability.

Revani provides a way to formally represent mechanisms and norms, and applies model checking to verify whether specified mechanisms and norms would satisfy the requirements of the stakeholders. Additionally, Revani provides a set of design patterns and a revision tool to update an STS specification as necessary. We demonstrate the working of Revani on a healthcare emergency use case pertaining to disasters.

Ozgur Kafali, Munindar P. Singh, Laurie Williams.  2016.  Nane: Identifying Misuse Cases Using Temporal Norm Enactments. 24th IEEE International Requirements Engineering Conference.

Recent data breaches in domains such as healthcare, where confidentiality of data is crucial, indicate that misuse cases often originate from user errors rather than vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources. However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant resources. Consequently, a requirements analyst cannot readily identify the vulnerabilities based on user interactions. We adopt social norms as a natural, formal means of characterizing user interactions wherein potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by systematically generating potential temporal enactments that violate formally stated social norms. We propose Nane: a formal framework for identifying misuse cases from norm enactments. We represent misuse cases formally, and propose a semiautomated process for identifying misuse cases based on norm enactments. We show that our process is sound and complete with respect to the stated norms. We discuss the expressiveness of our representation, and demonstrate how Nane enables monitoring of misuse cases via temporal reasoning.

2016-04-02
Ozgur Kafali, Munindar P. Singh, Laurie Williams.  2016.  Toward a Normative Approach for Forensicability: Extended Abstract. Proceedings of the International Symposium and Bootcamp on the Science of Security (HotSoS). :65-67.

Sociotechnical systems (STSs), where users interact with software components, support automated logging, i.e., what a user has performed in the system. However, most systems do not implement automated processes for inspecting the logs when a misuse happens. Deciding what needs to be logged is crucial as excessive amounts of logs might be overwhelming for human analysts to inspect. The goal of this research is to aid software practitioners to implement automated forensic logging by providing a systematic method of using attackers' malicious intentions to decide what needs to be logged. We propose Lokma: a normative framework to construct logging rules for forensic knowledge. We describe the general forensic process of Lokma, and discuss related directions.