Learn More
As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective privacy policies that document their information handling and usage practices. Most privacy policies are derived and specified in a somewhat ad-hoc manner, leading to policies that are of limited use to(More)
This report examines the actions of JetBlue Airways Corporation (JetBlue), which violated its privacy policy when it gave the travel records of five million customers to Torch Concepts, a private Department of Defense contractor. JetBlue's actions have prompted at least two lawsuits, including a claim by the Electronic Privacy Information Center with the(More)
In this short paper, we summarize an industrial project in which we developed and applied the Attribute Hierarchy-based Evaluation of Architectural Designs (AHEAD) method for selecting a software technology to form the basis for the next-generation architecture of a complex commercial software application. AHEAD leverages the Software Engineering(More)
JetBlue Airways (JetBlue) gave five million customers' travel records to a USA Department of Defense contractor. The authors' analysis reveals that JetBlue's privacy policy might pose additional significant threats to customer privacy and that the USA Department of Homeland Security anti-terrorism exercise has adversely affected personal privacy.
This paper addresses the use of goals to extract non-functional requirements from policy statements. Goals are important precursors to software requirements, but the process of abstracting them from security and policy policies has not been thoroughly researched. We present a summary of a goal-based approach for extracting standard security and privacy(More)
Access control is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) are security requirements that define how access is managed and the high-level rules of who, under what conditions, can access what information. Traditionally, access control policies are often specified after a system is designed(More)
Specifying correct and complete access control policies is essential to secure data and ensure privacy in information systems. Traditionally, policy specification has not been an explicit part of the software development process. This isolation of policy specification from software development often results in policies that are not in compliance with system(More)