Other Projects - April 2017

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Laurie Williams, Munindar Singh
Researchers: Ozgur Kafali, Sarah Elder, Hui Guo

HARD PROBLEM(S) ADDRESSED

• Policy-Governed Secure Collaboration - This project addresses how to specify and analyze norms (standards of correct collaborative behavior) and policies (ways of achieving different collaborative behaviors) to understand their relation to security breaches.
• Security Metrics and Models - The project is to develop and analyze metrics that quantify how well security policies account for real breaches, and identify the gaps in between.

PUBLICATIONS
Report papers written as a result of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

ACCOMPLISHMENT HIGHLIGHTS

• As a continuation of our Semaver project, we are designing an Amazon Mechanical Turk (mTurk) study to extend our understanding of security policies and breaches. Our aims with this study are to understand (i) which parts of policies are easier to formalize with norms; (ii) whether crowdsourcing is an effective way of gathering norms for both policy and breach descriptions; and (iii) how much automation is needed to make the crowd tasks more manageable.
• We investigated the challenges in precisely and completing expressing requirements for secure software development through an understanding of regulations and other natural language artifacts relevant to a software system. We began a systematic literature review of natural language techniques for understanding requirements and regulations.