SHF:Small:Privacy Impact and Risk Assessment at Design-Time

SHF:Small：设计时的隐私影响和风险评估

• 批准号: 2007298
• 负责人: Travis Breaux
• 金额: $ 49.82万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2007298&HistoricalAwards=false
• 关键词: SHF; Small; Privacy; Impact; Risk

Verifying that web and mobile applications will protect user privacy requires knowledge about what kinds of data and data practices are sensitive to users. Privacy impact assessments are standardized procedures that companies and government agencies use to identify what personal information is collected, used, and for what purpose, and shared with whom, as well as, what steps are taken to protect that information. Conducting privacy impact assessments on applications is time consuming, because evaluators often have limited knowledge of the software’s behavior, and the assessments are often done after the software has been constructed, which is costly. Because developers are under pressure to continuously release new application versions, they have little time for extensive documentation about their data practices. Today, the status quo in documenting privacy is the privacy policy, which regulators increasingly check for data practice misrepresentations during the application’s lifetime. This project seeks to develop methods and tools to automatically and quickly conduct privacy impact assessments from software artifacts, called user stories, that are easier for developers to produce. Based on a risk assessment informed by which data practices are most sensitive to users, developers can prioritize where best to introduce privacy controls that users want. Furthermore, by conducting risk assessments from user stories, regulators and developers would have greater assurance that assessments accurately reflect current app behavior. Finally, these assessments save developer time, because a change to a user story could trigger an automatic re-assessment that alerts the developer to changes in privacy risk. This research is transformative because it allows software developers to respond to changes in privacy risk during design time, when important safeguards can be introduced, as opposed to waiting for lengthier impact assessments that are harder to integrate after the software has been constructed.The project investigates the symbolic and statistical relationships between agile requirements, privacy risk and privacy policies. The research explores strategies for scoring user stories for privacy risk and prioritizing which stories are most important to user privacy comprehension. The components of the solution will be investigated as follows: (1) corpora of user stories and privacy policies expressed in natural language will be acquired and annotated using coding theory; (2) semantic frames and an ontology expressed in Description Logic will be extracted from the corpora using entity and relation extraction; and (3) the risk scores will be collected using privacy risk surveys that measure how users perceive privacy risk under different scenarios derived from user stories and mitigations. A key obstacle to effectively scoring risk is the inherent presence of ambiguity and vagueness in natural language. The semantic frames and ontology will be used to encode and resolve ambiguity and vagueness in the scenarios. Furthermore, the survey results will be used to model changes in risk due to selected mitigations, thus, developers will be able to explore the local design space around a specific user story and available mitigation choices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

要证明Web和移动的应用程序将保护用户隐私，需要了解哪些类型的数据和数据做法对用户敏感。隐私影响评估是公司和政府机构用于确定收集、使用哪些个人信息、用于何种目的、与谁共享以及采取何种措施保护这些信息的标准化程序。对应用程序进行隐私影响评估非常耗时，因为评估人员通常对软件的行为了解有限，并且评估通常在软件构建之后进行，这是昂贵的。由于开发人员面临着不断发布新应用程序版本的压力，他们几乎没有时间编写有关其数据实践的大量文档。如今，记录隐私的现状是隐私政策，监管机构在应用程序的生命周期中越来越多地检查数据实践的错误陈述。该项目旨在开发方法和工具，以自动快速地从软件工件（称为用户故事）中进行隐私影响评估，这些软件工件更容易开发人员制作。根据风险评估，哪些数据实践对用户最敏感，开发人员可以优先考虑在哪里最好地引入用户想要的隐私控制。此外，通过对用户故事进行风险评估，监管机构和开发人员将更有把握确保评估准确反映当前的应用行为。最后，这些评估节省了开发人员的时间，因为用户故事的更改可能会触发自动重新评估，提醒开发人员隐私风险的变化。这项研究是变革性的，因为它允许软件开发人员在设计时对隐私风险的变化做出响应，当重要的保护措施可以引入时，而不是等待更复杂的影响评估，这些评估在软件构建后更难集成。该项目调查了敏捷需求，隐私风险和隐私政策之间的符号和统计关系。该研究探讨了对用户故事的隐私风险进行评分的策略，并优先考虑哪些故事对用户隐私理解最重要。该解决方案的主要内容包括：（1）获取以自然语言表达的用户故事和隐私策略语料库，并利用编码理论进行标注;（2）利用实体和关系抽取技术从语料库中抽取语义框架和以描述逻辑表示的本体;及（3）将使用隐私风险调查收集风险评分，该调查衡量用户如何在从用户故事和缓解措施得出的不同情景下感知隐私风险。有效地对风险进行评分的一个关键障碍是自然语言中固有的模糊性和不确定性。语义框架和本体将用于编码和解决方案中的歧义和歧义。此外，调查结果将用于模拟风险变化，由于选定的缓解措施，因此，开发人员将能够探索当地的设计空间，围绕一个特定的用户故事和可用的缓解选择。这个奖项反映了NSF的法定使命，并已被认为是值得支持的评估使用基金会的智力价值和更广泛的影响审查标准。