Sepideh Ghanavati

University of Maine | UM · School of Computing and Information Science

Stack Overflow and other similar forums are used commonly by developers to seek answers for their software development as well as privacy-related concerns. Recently, ChatGPT has been used as an alternative to generate code or produce responses to developers' questions. In this paper, we aim to understand developers' privacy challenges by evaluating...

Mobile applications are required to give privacy notices to users when they collect or share personal information. Creating consistent and concise privacy notices can be a challenging task for developers. Previous work has attempted to help developers create privacy notices through a questionnaire or predefined templates. In this paper, we propose...

This tool demonstration presents a research toolkit for a language model of Java source code. The target audience includes researchers studying problems at the granularity level of subroutines, statements, or variables in Java. In contrast to many existing language models, we prioritize features for researchers including an open and easily-searchab...

We do not have any data. This is a systematic literature review where we selected relevant publications from several top venues and journals in computer science, privacy, security, and software engineering.

We do not have any data. This is a systematic literature review where we selected relevant publications from several top venues and journals in computer science, privacy, security, and software engineering.

Goal modelling aims to capture stakeholder and system goals, together with social, intentional, and structural relationships, in a way that supports trade-off analysis and decision making. Goal models and business process models provide complementary and synergetic views of a system, which lead to a more complete understanding of what exists and a...

The increase in the usage of the Internet of Things (IoT) raises privacy concerns for users. Depending on the types of information collected by IoT devices and shared with third-parties, users’ privacy concerns may vary. In this paper, we describe our detailed analysis of a two-fold user study with (1) 70 students from our institution and (2) 164 A...

This article seeks to address the problem of the ‘resource consumption bottleneck’ of creating legal semantic technologies manually. It describes a semantic role labeling based information extraction system to extract definitions and norms from legislation and represent them as structured norms in legal ontologies. The output is intended to help ma...

The increasing growth of the Internet of Things (IoT) escalates a broad range of privacy concerns, such as inconsistencies between an IoT application and its privacy policy, or inference of personally identifiable information (PII) of users without their knowledge. To address these challenges, we propose and develop a privacy protection framework c...

Mobile applications are required to give privacy notices to the users when they collect or share personal information. Creating consistent and concise privacy notices can be a challenging task for developers. Previous work has attempted to help developers create privacy notices through a questionnaire or predefined templates. In this paper, we prop...

Goal-oriented requirements modeling approaches aim to capture the intentions of the stakeholders involved in the development of an information system as goals and tasks. The process of constructing such goal models usually involves discussions between a requirements engineer and a group of stakeholders. Not all the arguments in such discussions can...

The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might also change. To ensure that compliance requirements are continuously met, there is a need for frameworks that not only suppo...

Due to the complex and ambiguous nature of privacy concerns, the transition from an abstract notion of privacy to practical aspects of privacy protection in systems development becomes challenging. Even the existing privacy engineering approaches, such as privacy by design (PbD), do not mitigate this problem successfully. In this paper, we propose...

The increasing growth of the Internet of Things (IoT) poses a wide range of privacy and security threats to consumers. Current research have addressed some of these challenges but recent privacy breaches in Home Assistant services show the gap between the current approaches and what is required. In this paper, we propose a privacy protection framew...

Context and motivation] Legal provisions create a distinct set of requirements for businesses to be compliant with. Capturing legal requirements and managing regulatory compliance is a challenging task in system development. [Question/problem] Part of this task involves modeling legal requirements, which is not trivial for requirements engineers as...

[Context and motivation] Legal provisions create a distinct set of requirements for businesses to be compliant with. Capturing legal requirements and managing regulatory compliance is a challenging task in system development. [Question/problem] Part of this task involves modeling legal requirements, which is not trivial for requirements engineers a...

In recent years, several goal modeling approaches have been used and extended to capture the complexity of legal requirements and help modeling them in notations familiar to the requirements engineers and analysts. Legal-GRL, which is an extension of the Goal-oriented Requirements Language (GRL) is used for modeling and analyzing legal requirements...

The massive growth of the Internet of Things (IoT) as a network of interconnected entities [18], brings up new challenges in terms of privacy and security requirements to the traditional software engineering domain [4]. To protect the individuals' privacy, the FTC's Fair Information Practice Principles (FIPPs) [6] proposes to companies to give noti...

We suggest a systematic approach for integrating privacy protection into the entire lifecycle of privacy engineering (i.e. requirements, design and implementation, verification). This approach is introduced as a Privacy Paradigm (PriPa) which entails a theory of privacy accompanied with practical methods and techniques of privacy protection. PriPa...

In recent years, several goal modeling approaches have been used and extended to capture the complexity of legal requirements and help modeling them in notations familiar to the requirements engineers and analysts. Legal-GRL, which is an extension of the Goal-oriented Requirements Language (GRL), is used for modeling and analyzing legal requirement...

Lawyers and policy makers regularly and intentionally use ambiguous language in laws, regulations, and other legal texts. Although ambiguity has important policy benefits, such as interpretive resilience in an ever-changing world, it frustrates engineers and businesses seeking to build software systems that are demonstratively compliant with legal...

Requirements engineers need to have a comprehensive requirements modeling framework for modeling legal requirements, particularly for privacy-related regulations, which are required for IT systems. The nature of law demands a special approach for dealing with the complexity of regulations. In this paper, we integrate different approaches for modeli...

This chapter introduces an overview on the formulation of architecture principles, guidelines for a semiformal definition, and rules for modelling the architecture principles. As such, we aim to provide answers to the challenges as discussed in Chap. 14 In doing so, we give insights on analysis and impact evaluation of aforementioned architecture p...

This chapter introduces an overview on the formulation of architecture principles, guidelines for a semi-formal definition and rules for modelling the architecture principles. We give insights on analysis and impact evaluation of aforementioned principles on the design of architecture models and on the implementation of enterprise architecture.

Goal modeling languages, such as i* and the Goal-oriented Requirements Language (GRL), capture and analyze high-level goals and their relationships with lower level goals and tasks. However, in such models, the rationalization behind these goals and tasks and the selection of alternatives are usually left implicit. To better integrate goal models a...

Changes to the EU-US agreements on transatlantic data transmission are accepted. With the updates leading to an adequacy decision for the Privacy Shield, the European Commission further advances US adherence to the General Data Protection Regulation. The regulation comes with increasing territorial scope for the processing of personal data of perso...

Enterprise Architecture (EA) principles are normally written in natural language which makes them informal, hard to evaluate and complicates tracing them to the actual goals of the organization. In this paper, we present a set of requirements for improving the clarity of definitions and develop a framework to formalize EA principles with a semi-for...

Implementation and formalisation, alongside with creation, adoption and usage of Enterprise Architecture (EA) principles are hot topics of the current years of EA research. However, the EA community, both academic and professional, misses a consensus on the definitions and use of principles. Furthermore, not much research is done in the direction o...

Regulatory definitions establish the scope and boundary for legal statements and provide software designers with means to assess the coverage of their designs under the law. However, the number of phrases that serve to define this boundary in a legal statement are usually large and often a simple legal statement contains or is affected by up to 10...

Nowadays, enterprises are very complex systems, often comprised of a large number of business processes run by actors working together to achieve business objectives. Ensuring compliance with applicable laws is mandatory to avoid heavy penalties or even business failure. To this purpose, an increasingly important challenge consists of finding and r...

With an increase in regulations, it is challenging for organizations to identify relevant regulations and ensure that their business processes comply with legal provisions. Multiple regulations cover the same domain and can interact with, complement or contradict each other. To overcome these challenges, a systematic approach is required. This pape...

Most systems and business processes in organizations need to comply with more than one law or regulation. Different regulations can partially overlap (e.g., one can be more detailed than the other) or even conflict with each other. In addition, one regulation can permit an action whereas the same action in another regulation might be mandatory or f...

Many jurisdictions devote a significant portion of their legislation to powers. This reality is yet to be reflected in Requirements Engineering (RE) where more familiar deontic notions have prevailed for years. We explore different kinds of power and crucial factors to be considered for modeling them.

Business processes, goals, and tasks of individuals in an En-terprise must constantly be aligned with several regulations, standards, policies and EA principles imposed internally by organizations or exter-nally by governments. Due to the complexity of these documents and their constant changes, it is not possible for organizations and individu-als...

Every year, governments introduce new or revised regulations that are imposing new types of requirements on software development. Analyzing and modeling these legal requirements is time consuming, challenging and cumbersome for software and requirements engineers. Having regulation models can help understand regulations and converge toward better c...

Business process compliance with regulations has been a topic of many research areas in Computer Science such as Requirements Engineering (RE), Artificial Intelligence (AI), Logic and Natural Language Processing (NLP). This work aims to provide a systematic way of establishing and managing compliance to assist decision-making and reporting. Despite...

In recent years, the number of regulations an organization needs to comply with has been increasing, and organizations have to ensure that their business processes are aligned with these regulations. However, because of the complexity and intended vagueness of regulations in general, it is not possible to treat them the same way as other types of r...

In recent years, intentional models have been adapted to capture and analyze compliance needs and requirements. Furthermore, intentional models have been used to identify the impact of regulations on organizational goals by helping to elicit different alternatives about the business operations supported by compliant business processes and services....

Legal compliance has been an active topic in Software Engineering and Information Systems for many years. However, business analysts and others recently started exploiting Requirements Engineering techniques, and in particular goal-oriented approaches, to model and reason about legal documents in system design and business process management. Many...

Compliance with laws and regulations of business processes and software systems is becoming a crucial issue for organizations and calls for suitable methods to deal with it. In contrast to business processes and organizational requirements, regulations are very abstract and hence it is important to refine them until they are at a level of abstracti...

In this article, we introduce the application of rigorous analysis procedures to goal models to provide several benefits beyond the initial act of modeling. Such analysis can allow modelers to assess the satisfaction of goals, facilitate evaluation of high-level design alternatives, help analysts decide on the high-level requirements and design of...

This paper introduces a problem of law compliance that arises during the requirements engineering (RE) phase of software sys-tems. High-level law prescriptions often have a pervasive impact on busi-ness processes, the system they have to support, and consequently on the functionalities of the system itself. However, it is not easy to verify that bu...

Goal-oriented requirements engineering uses modelling to improve domain understanding and requirements quality. Regulations and laws impose additional context and constraints on goals and can limit the satisfaction of stakeholder needs. Organisations and software developers need modelling tools to assess the degree to which business strategies are...

A number of recent initiatives in both academia and industry have sought to achieve improvements in e-businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes....

In recent years, many governmental regulations have been introduced to protect the privacy of personal information. As a result, organizations must take a systematic approach to ensure that their business processes comply with these regulations. In the past, we introduced a requirements framework that mapped regulations documents and goals to goal...

In November 2008, the User Requirements Notation (URN) was approved as a standard by the International Telecommunication Union (ITU-T). jUCMNav is the most comprehensive tool available to date that supports the definition, analysis, transformation, and management of URN requirements engineering models. URN is the first standardized framework unifyi...

Modern goal-oriented requirements engineering frameworks use modeling as a means of better understanding a domain, leading to an overall improvement in the quality of the requirements. Regulations and laws impose additional context and constraints on software goals and can limit the satisfaction of stakeholder needs. Organizations and software deve...

Validation should be done in the context of understanding how a business process is intended to contribute to the business strategies of an organization. Validation can take place along a variety of dimensions including legal compliance, financial cost, customer value, and service quality. A business process modeling tool cannot anticipate all the...

Compliance of an organization's business processes with legislation is difficult to assess, and even more so as laws and processes evolve. Using seven criteria, we evaluate five different approaches for documenting and managing such compliance that involve models and/or legal documents, with or without tool support for traceability. It is argued th...

A number of recent initiatives in both academia and industry have sought to achieve improvements in e- businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes...

Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control acce...

Compliance with privacy legislation is a primary concern for health care institutions that are building information systems support for their business processes. This paper describes a requirements management framework that enables health information custodians (HIC) to document and track compliance with privacy legislation. A metamodel is defined...