Qingfeng He

Financial privacy policies and the need for standardization

The authors analyze 40 online privacy policy documents from nine financial institutions to examine their clarity and readability. Their findings show that compliance with the existing legislation and standards is, at best, questionable.

Specifying privacy policies with P3P and EPAL: lessons learned

As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective privacy policies that document their information handling and usage practices. Most privacy policies are derived and specified in a somewhat ad-hoc manner, leading to policies that are of limited use to the consumers they are intended to serve. To make privacy policies more readable and enforceable, two privacy policy specification languages have emerged, P3P and EPAL. This paper discusses a case study in which the authors systematically formalized two real and complex, healthcare website privacy statements, and measured the results against well-known requirements engineering criteria.

Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

Access control (AC) is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) express rules concerning who can access what information, and under what conditions. ACP specification is not an explicit part of the software development process and is often isolated from requirements analysis activities, leaving systems vulnerable to security breaches because policies are specified without ensuring compliance with system requirements. In this paper, we present the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving and specifying ACPs, and discuss three validation efforts. The method integrates policy specification into the software development process, ensures consistency across software artifacts, and provides prescriptive guidance for how to specify ACPs. It also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts during the analysis, making a significant step towards ensuring that policies are enforced in a manner consistent with a systems requirements specifications. To date, the method has been applied within the context of four operational systems. Additionally, we have conducted an empirical study to evaluate its usefulness and effectiveness. A software tool, the Security and Privacy Requirements Analysis Tool (SPRAT), was developed to support ReCAPS analysis activities.

Transnational Information Sharing, Event Notification, Rule Enforcement and Process Coordination

Solutions to global problems such as disease detection and control, terrorism, immigration and border control, and illicit drug trafficking require sharing and coordinating information and collaboration among government agencies within a country and across national boundaries. This paper presents an approach to achieve information sharing, event notification, enforcement of policies, constraints, regulations, security and privacy rules, and process coordination. The proposed system, designed in collaboration with stakeholders and end users in two Latin American countries, achieves the desired capabilities by integrating a distributed query processor (DQP) that provides form-based and conversational user interfaces, a language translation system, an event server for event filtering and notification, and an event-trigger-rule server. The Web-services infrastructure is used to achieve the interoperation of these heterogeneous component systems. A prototype of the integrated transnational information system is described.

Ensuring compliance between policies, requirements and software design: a case study

Specifying correct and complete access control policies is essential to secure data and ensure privacy in information systems. Traditionally, policy specification has not been an explicit part of the software development process. This isolation of policy specification from software development often results in policies that are not in compliance with system requirements and/or organizational security and privacy policies, leaving the system vulnerable to data breaches. This paper presents the results and lessons learned from a case study that employs the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method to specify access control policies for a Web-based event registration system. The ReCAPS method aids software and security engineers in specifying access control policies derived from requirements specifications and other available sources. Our case study revealed that the ReCAPS method helps identify inconsistencies across various software artifacts, such as requirements specification, database design, and organizational security and privacy policies. Had these problems not been identified and resolved, they would have crippled later phases of software development, resulted in missing or incomplete system functionality, and compromised the systems security and privacy. This case study reinforces, validates, and extends our previous recommendations that access control policy specification should be an integral part of the software development process for information systems to achieve information assurance and improve the quality of the information system

I Need It Now: Improving Website Usability by Contextualizing Privacy Policies

Internet privacy policies are complex and difficult to use. In the eyes of end-users, website policies appear to be monolithic blocks of poorly structured texts that are difficult to parse when attempting to retrieve specific information. In an increasingly privacy-aware society, end-users must be able to easily access privacy policies while navigating a website’s pages and readily understand the relevant parts of the policy. We propose a structured methodology to improve web design and increase user’s privacy awareness. This systematic approach allows policy makers to effectively and efficiently reshape their current policies by structuring policies according to the subject that is relevant to specific user interaction contexts, making them more user-centered and user-friendly. The methodology is built upon prior work in privacy policy analysis and navigation context design.