Photo of Hanan Hibshi

Hanan Hibshi

Office: Wean Hall - WEH 4125
Phone: 412-268-4885
Email: hhibshi [at] cmu [dot] edu

Publications


[13] Reinforcing Security Requirements with Multifactor Quality Measurement
H. Hibshi and T.D. Breaux. Accepted to the 25th IEEE International Requirements Engineering Conference (RE'17). To appear September 2017. [pdf ]
[12] Improving Security Requirements Adequacy: An Interval Type 2 Fuzzy Logic Security Assessment System
H. Hibshi, T.D. Breaux, and C. Wagner. 2016 IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2016). December 2016. [ bibtex | DOI | pdf ]
[11] Privacy Risk in Cybersecurity Data Sharing
J. Bhatia, T.D. Breaux, L. Friedberg, H. Hibshi , and D.  Smullen. 3rd Workshop on Information Sharing and Collaborative Security (WISCS 2016). October 2016. [ bibtex | DOI | pdf ]
[10] A Grounded Analysis of Experts' Decision-Making during Security Assessments
H. Hibshi, T.D.  Breaux, M. Riaz, and L. Williams. Journal of Cybersecurity. October 2016. [ bibtex | DOI | pdf ]
[9] Evaluation of Linguistic Labels Used in Applications
H. Hibshi, and T.D. Breaux. March 2016. [Technical Report ]
[8] Assessment of Risk Perception in Security Requirements Composition
H. Hibshi, T.D. Breaux, and S.B. Broomell. 23rd IEEE International Requirements Engineering Conference (RE'15). August 2015. [ bibtex | DOI | pdf ] [data ]
[7] Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications
T.D.  Breaux, D.  Smullen, and H. Hibshi. 23rd IEEE International Requirements Engineering Conference (RE'15). August 2015. [ bibtex | DOI | pdf ]
[6] Discovering Decision-Making Patterns for Security Novices and Experts
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. March 2015s. [Technical Report ]
[5] Towards a Framework to Measure Security Expertise in Requirements Analysis
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. In 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE'14), August 2014. [ bibtex | DOI |  pdf ]
[4] Less is More: Investigating the Role of Examples in Security Studies Using Analogical Transfer
A. Rao, H. Hibshi, T.D. Breaux, J. Lehker, and J. Nui. 1st ACM Symposium and Bootcamp on the Science of Security (HOTSOS'14) , April 2014. [ bibtex | DOI |  pdf ]
[3] Eddy, a Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements
T.D. Breaux, H. Hibshi, A. Rao. Requirements Engineering, pages 1-27, 2014. [ bibtex | DOI |  pdf ]
[2] Towards a Framework for Pattern Experimentation: Understanding Empirical Validity in Requirements Engineering Patterns
T.D. Breaux, H. Hibshi, A. Rao, and J. Lehker. In IEEE Second International Workshop on Requirements Patterns (RePa) , pages 41-47, 2012. [ bibtex | DOI |  pdf ]
[1] Usability of Forensics Tools: A User Study.
H. Hibshi, T. Vidas, and L.F. Cranor. In Sixth International Conference onIT Security Incident Management and IT Forensics (IMF) , pages 81-91, 2011. [ bibtex | DOI |  pdf ]

Tutorials


[3] Effective User Survey Design and Data Analysis.
RE'16, September 2016. [ link to RE16 Page  |  Tutorial Details ]
[2] Systematic Analysis of Qualitative Data in Security.
Symposium and Bootcamp on the Science of Security (HotSoS), April 2016.
[1] Introduction to Grounded Theory, Measurement and Applications. Co-presenter.
RE'15, August 2015. [ link ]

Talks


[4] Decision Support for Cybersecurity Risk Assessment
Invited Talk: Michigan Technological University. Houghton, MI, April 2017.
[3] Risk Assessment Using Security Requirements Adequacy
C3E Workshop: Computational Cybersecurity in Compromised Environments Atlanta, GA, October 2016.
[2] Assessment of Risk Perception in Security Requirements Composition.
The CyLab Distinguished Seminar Series, Pittsburgh, PA, October 2015. [ link ]
[1] Assessment of Security Risk Perception in Composable Systems.
The Science of Security Lablet Meeting, Raleigh, NC, January 2015.

Posters


[P1] Defining the Expert: Using Situation Awareness to Identify Security Experts.
H. Hibshi, T.D. Breaux, M. Riaz, and L. Williams. In the Science of Security Lablet Meeting, July 2014. [ pdf ]