Abstract
[Context and motivation] Several state laws and app markets, such as Google Play, require the disclosure of app data practices to users. These data practices constitute critical privacy requirements statements, since they underpin the app’s functionality while describing how various personal information types are collected, used, and with whom they are shared. [Question/Problem] When such statements contain abstract terminology referring to information types (e.g., “we collect your device information”), the statements can become ambiguous and thus reduce shared understanding among app developers, policy writers and users. [Principle Ideas/Results] To overcome this obstacle, we propose a syntax-driven method to infer semantic relations from a given information type. We use the inferred relations from a set of information types (i.e. lexicon) to populate a partial ontology. The ontology is a knowledge graph that can be used to guide requirements authors in the selection of the most appropriate information type terms. [Contributions] Our method employs a shallow typology to categorize individual words in an information type, which are then used to discharge production rules in a context-free grammar (CFG). The CFG is augmented with semantic attachments that are used to generate the semantic relations. This method is evaluated on 1,853 unique information types from 30 privacy policies to yield 0.99 precision and 0.91 recall when compared to human interpretation of the same information types.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anton, A.I., Earp, J.B.: A requirements taxonomy for reducing web site privacy vulnerabilities. Requir. Eng. 9(3), 169–185 (2004)
Bach, E.: An extension of classical transformational grammar (1976)
Bhatia, J., Breaux, T.D.: Towards an information type lexicon for privacy policies. In: RELAW, pp. 19–24. IEEE (2015)
Bhatia, J., Breaux, T.D., Schaub, F.: Mining privacy goals from privacy policies using hybridized task recomposition. TOSEM 25(3), 22 (2016)
Boyd, S., Zowghi, D., Gervasi, V.: Optimal-constraint lexicons for requirements specifications. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 203–217. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73031-6_15
Breaux, T.D., Antón, A.I., Spafford, E.H.: A distributed requirements management framework for legal compliance and accountability. Comput. Secur. 28(1–2), 8–17 (2009)
Breaux, T.D., Baumer, D.L.: Legally “reasonable” security requirements: a 10-year FTC retrospective. Comput. Secur. 30(4), 178–193 (2011)
Breaux, T.D., Hibshi, H., Rao, A.: Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requir. Eng. 19(3), 281–307 (2013). https://doi.org/10.1007/s00766-013-0190-7
Breitman, K.K., do Prado Leite, J.C.S.: Ontology as a requirements engineering product. In: Proceedings. In: 11th IEEE International Requirements Engineering Conference, pp. 309–319. IEEE (2003)
Corbin, J., Strauss, A.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications (2014)
De Saussure, F., Harris, R.: Course in General Linguistics. (Open Court Classics). Open Court, Chicago and La Salle (1998)
Evans, M.C., Bhatia, J., Wadkar, S., Breaux, T.D.: An evaluation of constituency-based hyponymy extraction from privacy policies. In: RE, pp. 312–321. IEEE (2017)
Fensel, D., McGuiness, D., Schulten, E., Ng, W.K., Lim, G.P., Yan, G.: Ontologies and electronic commerce. IEEE Intell. Syst. 16(1), 8–14 (2001)
Fleiss, J.L.: Measuring nominal scale agreement among many raters. Psychol. Bull. 76(5), 378 (1971)
Frege, G.: Über begriff und gegenstand (1892)
FTC: FTC’s \(\$\)5 billion Facebook settlement: record-breaking and history-making (2019)
Gervasi, V., Zowghi, D.: On the role of ambiguity in RE. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 248–254. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14192-8_22
Harris, K.D.: Privacy on the go: recommendations for the mobile ecosystem (2013)
Henk, B.: The lambda calculus: its syntax and semantics. Stud. Logic Found. Math. (1984)
Hookway, C.: Peirce-Arg Philosophers. Routledge, Abingdon (2010)
Bokaei Hosseini, M., Breaux, T.D., Niu, J.: Inferring ontology fragments from semantic role typing of lexical variants. In: Kamsties, E., Horkoff, J., Dalpiaz, F. (eds.) REFSQ 2018. LNCS, vol. 10753, pp. 39–56. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77243-1_3
Hosseini, M.B., Wadkar, S., Breaux, T.D., Niu, J.: Lexical similarity of information type hypernyms, meronyms and synonyms in privacy policies. In: AAAI Fall Symposium (2016)
Janssen, T.M., Partee, B.H.: Compositionality. In: Handbook of Logic and Language, pp. 417–473. Elsevier (1997)
Jurafsky, D., Martin, J.H.: Speech and Language Processing, vol. 3. Pearson, London (2014)
Massey, A.K., Rutledge, R.L., Antón, A.I., Swire, P.P.: Identifying and classifying ambiguity for regulatory requirements. In: RE, pp. 83–92. IEEE (2014)
Miller, G.A.: WordNet: a lexical database for english. Commun. ACM 38(11), 39–41 (1995)
Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018)
Petronella, G.: Analyzing privacy of android applications (2014)
Reidenberg, J.R., Bhatia, J., Breaux, T.D., Norton, T.B.: Ambiguity in privacy policies and the impact of regulation. J. Leg. Stud. 45(S2), S163–S190 (2016)
Saldaña, J.: The Coding Manual for Qualitative Researchers. Sage, Thousand Oaks (2015)
Slavin, R., et al.: Toward a framework for detecting privacy policy violations in android application code. In: ICSE (2016)
Wang, X., Qin, X., Hosseini, M.B., Slavin, R., Breaux, T.D., Niu, J.: GUILeak: identifying privacy practices on GUI-based data (2018)
Zimmeck, S., et al.: Automated analysis of privacy requirements for mobile apps. In: NDSS (2017)
Acknowledgment
This research was supported by NSF #1736209 and #1748109.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bokaei Hosseini, M., Slavin, R., Breaux, T., Wang, X., Niu, J. (2020). Disambiguating Requirements Through Syntax-Driven Semantic Analysis of Information Types. In: Madhavji, N., Pasquale, L., Ferrari, A., Gnesi, S. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2020. Lecture Notes in Computer Science(), vol 12045. Springer, Cham. https://doi.org/10.1007/978-3-030-44429-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-44429-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44428-0
Online ISBN: 978-3-030-44429-7
eBook Packages: Computer ScienceComputer Science (R0)