This research project will develop a methodology for ensuring that information systems comply with privacy policies. Information systems that handle personal information must adhere to legal regulations, corporate privacy policies, and contractual agreements designed to protect personal privacy in many sectors, including medical, governmental, and financial. The immediate focus of the project will be on the needs of the medical industry. As medical practice transitions to electronic medical records held in information systems, there is an acute need of a capability to verify that these systems comply with applicable privacy policies. The project will provide such a capability by creating a software development framework that uses novel techniques to provide assurance that software developed using the framework complies with formally-specified privacy policies that identify circumstances under which information can be shared and circumstances in which such sharing incurs certain future obligations. The framework will include policy analysis tools, a programming language, program analysis tools, and a runtime environment. These components will be able to be used in concert to produce distributed information systems and formally verify that the resulting systems handle personal information according to applicable policies.
This project has been funded by National Science Foundation grant CNS-0964710, “TC: Medium: Privacy and Declassification Policy Enforcement Framework”, total award amount $1,162,668, September 2011 – June 2015, PI, Jianwei Niu, Co-PI, Jeffery von Ronne. (July 2010 – August 2011, PI, William H. Winsborough, Co-PI, Jianwei Niu and Jeffery von Ronne.)
Security Requirement Pattern
Secure software depends upon the ability of software developers to respond to security risks early in the software development process. Despite a wealth of security requirements, often called security controls, there is a shortfall in the adoption and implementation of these requirements. This shortfall is due to the extensive expertise and higher level cognitive skillsets required to comprehend, decompose and reassemble security requirements concepts in the context of an emerging system design. To address this shortfall, we propose to develop two empirical methods: (1) a method to derive security requirements patterns from requirements catalogues using expert knowledge; and (2) a method to empirically evaluate these patterns for their “usability” by novice software developers against a set of common problem descriptions, including the developer’s ability to formulate problems, select and instantiate patterns. The study results will yield a framework for discovering and evaluating security requirements patterns and new scientific knowledge about the limitations of pattern-based approaches when applied by novice software developers.
This project has been funded by National Security Agency grant “Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis”, UTSA award amount $200,000, February 2012 – September 2014, UTSA PI, Jianwei Niu, PIs, Travis Breaux (CMU) and Laurie Williams (NCSU).
Information Sharing Policy Design and Enforcement
The central objective of this project is to design a formal group-oriented access control environment (GoAce) to protect the confidentiality of resources, yet to facilitate the efficient and rigorous management of shared information. The need to share information while confining what an authorized recipient can do with that information is one of the oldest and most challenging problems in Access Control. Because of the dynamic nature of scenarios in which secure information sharing is desirable, authorization systems need to minimize the administrative efforts required both to establish information-sharing infrastructure, and to modify the users who have access and the information to which they have access. This project has contributed to the development of a group-centric secure information sharing (g-SIS) system. Authorization in g-SIS policy is defined by bringing users and information objects together in a group to facilitate agile sharing. Information can be brought in from external sources and new information can be created within the group by group members. The project also introduced stale safety in the design of enforcement mechanisms. Addiontionally, the small finite policy and enforcement specifications concerning one user and one object of one group—called small models—is verified to satisfy the security objectives, and policy specifications together with stale safeties, respectively, by using model checking. Then the verification results of the small models can be generalized to large policy and enforcement specifications, comprising an unbounded number of users and data, by using manu proofs.
This project has been supported by the University of Texas at San Antonio, Tenure-Track Research Award Competition (TRAC), “Formal Analysis of Secure Information Sharing”, November 2008 – August 2009, total award amount $22,000. PI, Jianwei Niu.