Photo of Hanan Hibshi

Hanan Hibshi

Office: INI Building- INI 123
Phone: 412-268-4922
Email: hhibshi [at] cmu [dot] edu


For most recent list of my publications, you can refer to my Google Scholar Page .



Refereed Journal Publications
[-] A Grounded Analysis of Experts' Decision-Making during Security Assessments
H. Hibshi, T.D.  Breaux, M. Riaz, and L. Williams. Journal of Cybersecurity. October 2016.
[ bibtex | DOI | pdf ]
[-] Eddy, a Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements
T.D. Breaux, H. Hibshi, A. Rao. Requirements Engineering, pages 1-27, 2014.
[ bibtex | DOI | pdf ]
   
Refereed Conference Proceedings
[-] Reinforcing Security Requirements with Multifactor Quality Measurement
H. Hibshi and T.D. Breaux. 25th IEEE International Requirements Engineering Conference (RE'17), September 2017.
[ bibtex | DOI | pdf ]
[-] Improving Security Requirements Adequacy: An Interval Type 2 Fuzzy Logic Security Assessment System
H. Hibshi, T.D. Breaux, and C. Wagner. 2016 IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2016), December 2016.
[ bibtex | DOI | pdf ]
[-] Assessment of Risk Perception in Security Requirements Composition
H. Hibshi, T.D. Breaux, and S.B. Broomell. 23rd IEEE International Requirements Engineering Conference (RE'15), August 2015.
[ bibtex | DOI | pdf ] [ data ]
[-] Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications
T.D. Breaux, D. Smullen, and H. Hibshi. 23rd IEEE International Requirements Engineering Conference (RE'15), August 2015.
[ bibtex | DOI | pdf ]
[-] Less is More: Investigating the Role of Examples in Security Studies Using Analogical Transfer
A. Rao, H. Hibshi, T.D. Breaux, J. Lehker, and J. Nui. 1st ACM Symposium and Bootcamp on the Science of Security (HOTSOS'14), April 2014.
[ bibtex | DOI | pdf ]
[-] Usability of Forensics Tools: A User Study.
H. Hibshi, T. Vidas, and L.F. Cranor. In 6th International Conference onIT Security Incident Management and IT Forensics (IMF), May 2011.
[ bibtex | DOI | pdf ]
   
Refereed Workshop Proceedings
[-] Privacy Risk in Cybersecurity Data Sharing
J. Bhatia, T.D. Breaux, L. Friedberg, H. Hibshi , and D. Smullen. 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016), October 2016.
[ bibtex | DOI | pdf ]
[-] Towards a Framework to Measure Security Expertise in Requirements Analysis
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. In 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE'14), August 2014.
[ bibtex | DOI | pdf ]
[-] Towards a Framework for Pattern Experimentation: Understanding Empirical Validity in Requirements Engineering Patterns
T.D. Breaux, H. Hibshi, A. Rao, and J. Lehker. In IEEE 2nd International Workshop on Requirements Patterns (RePa), September 2012.
[ bibtex | DOI | pdf ]
   
Thesis and Technical Reports
[-] Composite Security Requirements in the Presence of Uncertainty
H. Hibshi. Doctoral Thesis, Advisor: Dr. Travis D. Breaux, School of Computer Science, Carnegie Mellon University, May 2018. [ pdf ]
[-] Evaluation of Linguistic Labels Used in Applications
H. Hibshi, and T.D. Breaux. March 2016. [ Technical Report ]
[-] Discovering Decision-Making Patterns for Security Novices and Experts
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. March 2015. [ Technical Report ]

Tutorials

[-] Effective User Survey Design and Data Analysis
RE'16, September 2016. [ link to RE16 page  |  Tutorial Details ]
[-] Systematic Analysis of Qualitative Data in Security
Symposium and Bootcamp on the Science of Security (HotSoS), April 2016.
[-] Introduction to Grounded Theory, Measurement and Applications
Co-presenter. RE'15, August 2015. [ link to RE15 page ]
Invited Talks

[-] Decision Support for Cybersecurity Risk Assessment
Intelligence Community Academic Research Symposium. Washington, D.C., September 2017.
[-] Decision Support for Cybersecurity Risk Assessment
Michigan Technological University. Houghton, MI, April 2017.
[-] Risk Assessment Using Security Requirements Adequacy
C3E Workshop: Computational Cybersecurity in Composable Environments Atlanta, GA, October 2016.
[-] Assessment of Risk Perception in Security Requirements Composition
The CyLab Distinguished Seminar Series, Pittsburgh, PA, October 2015. [ link ]
[-] Assessment of Security Risk Perception in Composable Systems
The Science of Security Lablet Meeting, Raleigh, NC, January 2015.