CSC News

NC State students, faculty give privacy research updates at conference

Six North Carolina State University students were among presenters at the March 8-9, 2004, Spring Privacy Place Workshop, held at the Georgia Institute of Technology in Atlanta.

In the photo at the conference are, from the left, Qingfeng (Frank) He, Jack Frink, Dr. Annie Antón, Will Stufflebeam, Neha Jain and Carrie Gheen.

The conference was sponsored by The Privacy Place.org, a research group founded and directed by Dr. Annie I. Antón, associate professor of software engineering at NC State's Department of Computer Science. Its focus is to disseminate information in the form of research results and technical privacy developments to aid policy makers, software developers and the general public.

The interdisciplinary team includes faculty and students from NC State’s departments of computer science and business management as well as the Georgia Tech College of Computing, the Purdue University Computer Science Department and the University of Lugano, Switzerland, Communication Sciences department.

Four NC State undergraduates -- computer science majors Frick, Matt Vail and Jain, and a business management-information technology major Gheen -- presented a HIPPA privacy policy analysis case study. Jain also presented a report on work she is doing on a Privacy and Requirements Analysis Tool.

Additionally, Stufflebeam, computer science master’s student, presented a paper on which he is third author, “Contextualizing Privacy Policies.” The main author is Davide Bolchini at the University of Lugano. Qingfeng He, computer science doctoral candidate, presented his paper, “A Survey of Access Control Analysis in Requirements Engineering.”

Also, Antón presented a report on the "Requirements for Machine-Enforceable Policies and the jetBlue (Airways) Case," and Dr. Julie Earp, NCSU business management assistant professor, led a dynamic discussion on privacy economics.

Frink, a senior, says he found the conference to be a “fascinating and enlightening experience. Hearing other students and research professionals whom I admire discuss their work provided me with a lot of motivation to do more research work myself.

“I also learned a lot about what is going on in privacy research, and got a glimpse of corporate views in addition to academic views. I now feel that I have a better understanding of what is expected and needed in good research work, and how to approach that work so that it can have the most impact.”

Frink says he was drawn to software engineering because he enjoys “the feedback one gets from customers. I also enjoy getting a 'big picture' view of a product, something that software engineering provides. In addition, I have enjoyed learning more about computer security and exploring how to develop secure software.”

His current research involves analyzing health care privacy policies, before and after the launch of HIPAA, the Health Insurance Portability and Accountability Act of 1996. That law includs provisions designed to encourage electronic transactions within the healthcare industry and requires new safeguards to protect the security and confidentiality of health information.

Frink's interest in security and privacy issues drew him to the research, he says. “Through this research, I hope to bring attention to what the HIPAA legislation has thus far accomplished, and to get consumers more interested in and better informed about privacy issues.”

Jain, also a senior, has been working on this topic since last spring, when she took an undergraduate software engineering course at NC State. “The course entailed a semester-long project to develop a web-based Software Project Management System to facilitate the creation, management, tracking and maintenance of software development project artifacts.”

She worked on the project with a team of five other students. “Our efforts led us on a journey through the entire software lifecycle for one project. As project manager. I focused on requirements gathering, arbitrated problems as they arose, and coordinated, validated and supervised the work of my team members, helping them during every phase of the project as needed.”

Based on her accomplishments with that project, Antón invited her to join the research group as an undergraduate research assistant.

Currently, Jain’s primary research interest “lies in the social side of software engineering, primarily requirements engineering within the context of privacy and security policy. I am particularly interested in researching the privacy and security policies of different industries and in developing strategies that result in policies that will better facilitate the smooth operation of Internet sites,” she says.

Companies benefit from having well-written policies that are put into operation in their software systems, she says. “However, many companies still fail to articulate their privacy policies or comply with them. Moreover, companies often state that by simply visiting a website (even without reading the policy) you imply consent to their policies. Often, consumers do not truly understand the policy and are unable to discern if the website is keeping its word. This lack of transparency makes us vulnerable.”

Jain says she is “interested in developing tools to extract goal statements from privacy policies so that we can better analyze privacy policies and reason out how to operationalize those policies in the systems that they govern. To this end, I have already specified the requirements for this system in a Software Requirements Specification that has been published as an NCSU CSC Technical Report, and I am currently writing the design specification.”

The entire process is helping her “realize the architecture for a database to support this system so that I can begin my implementation this summer. This tool will support our research efforts at The Privacy Place.org.”

Like Frink, Jain says she appreciated the opportunity to participate in the recent conference. “This was the first computer science conference I had attended, and honestly I was quite nervous. I did not know what to expect. I was very pleased with the way it all went, though.”

She received useful feedback from the conference attendees for her project, as well as “a direction of where I would like to be in the coming years. It further helped me understand the value of research. It was really encouraging to see people with different foci of research in privacy come together in one room to share their viewpoints. It gave me an insight of whether my research answers questions most people are trying to get answers for.”

Gheen, who is focusing on information systems in her undergraduate business management program, said she found the conference to be “a great experience. I really enjoyed being surrounded by people who were so enthused with their research and the good it could bring to the community.”

She says she hopes the research she’s working on with her fellow students “will be of use to management, law makers and consumers, to be better informed on how information is being handled.”

About the other NC State student presenters

Qingfeng (Frank) He, a doctoral candidate, is focusing his research on software requirements engineering for security and privacy. He also is a member of ThePrivacyPlace, as well as the Cyber Defense Lab in the computer science department, and is moderator of the Requirements Engineering Students Newsletter.

William Stufflebeam is working toward a master’s and doctorate in computer science, and is focusing his research in the area of requirements engineering, a subdiscipline of software engineering. He is the senior developer for the research group’s web-based requirements analysis tool, called SMaRT (Scenario Management and Requirements Tool).

Jain and Gheen are funded by an NCSU Undergraduate Research Fellowship, and Stufflebeam, He, Neha, Earp and Anton are funded by the National Science Foundation.

- rzewnicki -