CSC News

August 01, 2007

Antón & Spafford Receive Collaborative NSF Award

Dr. Annie Antón, associate professor and Director of ThePrivacyPlace.Org and Dr. Eugene H. Spafford, Professor and Director of CERIAS at Purdue University, have been awarded $500,000 by the National Science Foundation's Science of Design program to fund their collaborative research project entitled, "Transparency and Legal Compliance in Software Systems."

Senior personnel on the grant include Dr. David Baumer (NCSU College of Management) and Dr. Ignacio Valdes (Chief Technology Officer, YourDoctorProgram.Com) of Houston, TX.

The award will run from August 1, 2007 - August 1, 2009.

Research Abstract -
This project, involving collaboration between North Carolina State University and Purdue University, addresses the design of Healthcare information systems. Such systems are becoming ubiquitous and thus increasingly subject to attack, misuse and abuse. Specifications and designs of these systems often neglect security and privacy concerns. Moreover, regulations such as HIPAA (Health Insurance Portability and Accountability Act) as well as security and privacy policies are difficult for users to understand and complex for software engineers to use as guides when designing and implementing systems. This project defines mechanisms that are needed to help analysts disambiguate regulations so that they may be clearly specified as software requirements. In addition, regulations are increasingly requiring organizations to comply with the law and account for their actions. Individuals responsible for ensuring compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. Software controls are needed to provide assurances that business processes adhere to specific requirements, especially those derived from government regulations.

To address these challenges, the proposed work takes a holistic view of the design of transparent and legally compliant software systems. Key research questions that are addressed include:
  • How should system requirements be specified so they may be realized in design and implementation to ensure legal and regulatory compliance?
  • Given that software designs need to satisfy multiple stakeholders (organizations, law/policy makers, government agencies, public citizens, etc.) having contradictory, inconsistent and difficult to understand objectives, how can the design process of these systems be improved to lead to convergence and satisfaction of these requirements in a transparent and auditable fashion?
This project articulates a requirements management framework that enables executives, business managers, software developers and auditors to distribute legal obligations across business units and/or personnel with different roles and technical capabilities. This framework improves accountability by integrating traceability throughout the policy and requirements lifecycle. The broader impacts of this project are expected to be far reaching as law and regulations govern the collection, use, transfer and removal of information from software systems in many spheres of society.

Return To News Homepage