Multi-Jurisdictional Compliance for Distributed Software Systems

Summary: Increasingly, information systems are distributed across the physical and logical borders of nations, states and provinces. We see this trend emerging in mobile, social and cloud-based computing. The challenge for business analysts and software designers is to determine which set of requriements govern their systems as software and data move across these borders. This project aims to understand the "dynamics" of this multi-jurisdictional ecosystem to help analysts and designers develop legally compliant systems. The outcome of this research is empirically valid methods and tools that have been evaluated in real-world data.

• $150,000, HPL IRP Award #CW267287 and HP Cloud & Security Lab, Oct 2011 - Sep 2013
• $175,000, DHS Award #2006-CS-001-000001, via the Institute for Information Infrastructure Protection I3P, Feb 2011 - Jul 2012

Improving the (Re-)Usability of Requirements Knowledge

Summary: Our prior research shows that software developers employ considerable domain knowledge when translating regulations, policies and standards into system requirements [Breaux & Baumer, 2011]. Furthermore, security best practices are often neglected when designing large-scale retail and financial systems, leading to software failures and regulatory violations [Breaux, Anton, Boucher, Dorfman, 2008]. This project aims to adapt theory from cognitive psychology to develop an experimental framework and theory for expressing, selecting and applying requirements patterns.

• $260,000, National Security Agency, Dec 2011 - Nov 2013

For more information, please see our research website.

Dave Gordon, Ph.D. Student in Engineering and Public Policy (EPP). Mr. Gordon is an NSF IGERT Fellow in the Center for Usable Privacy and Security (CUPS). His interests include information technology regulatory compliance, socio-technical systems, and technology in education.

Hanan Hibshi, Ph.D. Student in Computers, Organization and Society (COS). Ms. Hibshi is interested in usable security and privacy.

Ashwini Rao, Ph.D. Student in Software Enginering. Ms. Rao is interested in mobile security and privacy.

If you are a student currently enrolled at Carnegie Mellon University, make an appointment to drop by my office in 5103 Wean Hall. To join our research group, you must be a student at Carnegie Mellon University. There are many great programs to consider, for example:

• Software Engineering Ph.D. program
• Computers, Organization and Society Ph.D. program

The choice of which program to apply to depends on one's preferences with regard to your professional and intellectual interests, curriculum requirements, other student interests in the programs, etc.