Travis D. Breaux Carnegie Mellon University Travis D. Breaux
Associate Professor of Computer Science
Institute for Software Research
School of Computer Science
5000 Forbes Avenue, Pittsburgh, PA 15213
5103 Wean Hall

Links: Home | Research | Teaching | Publications | Biography | Vitae

New Students

We are now accepting applications for a new Ph.D. student to join our research group. There are many great programs to consider, for example:

The choice of which program to apply to depends on one's preferences with regard to your professional and intellectual interests, curriculum requirements, other student interests in the programs, etc.

Current Students

Hanan Hibshi, Ph.D. Student in Societal Computing (SC). Ms. Hibshi is interested in usable security and privacy. Expected graduation: May 2018.

Jaspreet Bhatia, Ph.D. Student in Software Engineering. Ms. Bhatia is interested in applications of natural language processing and crowdsourcing to requirements engineering.

Sudarshan Wadkar, Ph.D. Student in Software Engineering. Mr. Wadkar is interested in applications of natural language processing to legal requirements engineering.

Morgan Evans, Ph.D. Student in Software Engineering. Ms. Evans is interested in natural language processing and natural language understanding.


Dr. Dave Gordon received the Ph.D. in Engineering and Public Policy for successfully defending his dissertation, entitled Without Borders: Addressing Legal Requirements in Multi-Jurisdictional IT Environments.

Funded Research Projects

Formal Analysis and Specification of Privacy and Security Requirements

Summary: As companies increasingly share sensitive, personal information, software developers need tools to design privacy-preserving and security systems. We proposed a formal language to express minimal privacy policies in Description Logic, which can be checked for compliance with the OECD collection and use limitation principles (Breaux, Smullen, Hibshi, 2015). This work was extended to check information flows in mobile applications for violations of privacy policies (Slavin et al., 2016). To help developers prioritize sensitive information when investing resources in privacy controls, we developed a new method to measure perceived privacy risk, and show how risk perception is affected by vagueness (Bhatia, Breaux, Reidenberg, Norton, 2016). Underpinning the challenge of formalizing privacy policy, however, is a substantial ontology challenge as different parties use different terms to describe data.

  • $693,716, NSF Frontier Award #1330596, National Science Foundation, Sep 2013 - Feb 2017
  • $139,811, National Security Agency, Mar 2016 - Feb 2017
  • $349,809, Office of Naval Research, Dec 2011 - May 2017

Empirical Security Assessments through Expert Judgements

Summary: Our prior research shows that software developers employ considerable domain knowledge when translating regulations, policies and standards into system requirements [Breaux & Baumer, 2011]. This project aims to adapt theory from cognitive psychology and judgement and decision making to develop an experimental framework and theory for expressing, selecting and applying requirements to improve security. This includes studies of analyst situational awareness (Hibshi, Breaux, Riaz, Williams, 2016). Recently, Hibshi developed a method to collect expert security judgements (Hibshi, Breaux, Broomell, 2015), which she has formalized using Interval Type 2 Fuzzy Logic (Hibshi, Breaux, Wagner, 2016).

  • $179,625, Engineering and Physical Sciences Research Council, Jan 2017 - Dec 2019
  • $120,000, Office of Naval Research, Feb 2017 - May 2018
  • $146,670, National Security Agency, Apr 2015 - Mar 2016
  • $260,000, National Security Agency, Dec 2011 - Nov 2013

Multi-Jurisdictional Compliance for Distributed Software Systems

Summary: Increasingly, information systems are distributed across the physical and logical borders of nations, states and provinces. We see this trend emerging in mobile, social and cloud-based computing. The challenge for business analysts and software designers is to determine which set of requriements govern their systems as software and data move across these borders. This project aims to understand the "dynamics" of this multi-jurisdictional ecosystem to help analysts and designers develop legally compliant systems. The outcome of this research is empirically valid methods and tools that have been evaluated in real-world data.

  • $600,000, NSF CAREER Award #1453139, National Science Foundation, Sep 2015 - Aug 2020
  • $150,000, HPL IRP Award #CW267287 and HP Cloud & Security Lab, Oct 2011 - Sep 2013
  • $175,000, DHS Award #2006-CS-001-000001, via the I3P, Feb 2011 - Jul 2012

For more information, please see our research website.