Skip to main content
SpringerLink
Log in

Disambiguating Requirements Through Syntax-Driven Semantic Analysis of Information Types

  • Conference paper
  • First Online:
Book cover Requirements Engineering: Foundation for Software Quality (REFSQ 2020)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12045))

Abstract

[Context and motivation] Several state laws and app markets, such as Google Play, require the disclosure of app data practices to users. These data practices constitute critical privacy requirements statements, since they underpin the app’s functionality while describing how various personal information types are collected, used, and with whom they are shared. [Question/Problem] When such statements contain abstract terminology referring to information types (e.g., “we collect your device information”), the statements can become ambiguous and thus reduce shared understanding among app developers, policy writers and users. [Principle Ideas/Results] To overcome this obstacle, we propose a syntax-driven method to infer semantic relations from a given information type. We use the inferred relations from a set of information types (i.e. lexicon) to populate a partial ontology. The ontology is a knowledge graph that can be used to guide requirements authors in the selection of the most appropriate information type terms. [Contributions] Our method employs a shallow typology to categorize individual words in an information type, which are then used to discharge production rules in a context-free grammar (CFG). The CFG is augmented with semantic attachments that are used to generate the semantic relations. This method is evaluated on 1,853 unique information types from 30 privacy policies to yield 0.99 precision and 0.91 recall when compared to human interpretation of the same information types.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.ea.com/legal/privacy-policy.

  2. 2.

    http://galadriel.cs.utsa.edu/~rslavin/ontology-grammar/.

  3. 3.

    http://gaius.isri.cmu.edu/dataset/plat17/study-platform-lexicon-typedPhrases-reduced.csv.

  4. 4.

    http://gaius.isri.cmu.edu/dataset/plat17/preferences.csv.

References

  1. Anton, A.I., Earp, J.B.: A requirements taxonomy for reducing web site privacy vulnerabilities. Requir. Eng. 9(3), 169–185 (2004)

    Article  Google Scholar 

  2. Bach, E.: An extension of classical transformational grammar (1976)

    Google Scholar 

  3. Bhatia, J., Breaux, T.D.: Towards an information type lexicon for privacy policies. In: RELAW, pp. 19–24. IEEE (2015)

    Google Scholar 

  4. Bhatia, J., Breaux, T.D., Schaub, F.: Mining privacy goals from privacy policies using hybridized task recomposition. TOSEM 25(3), 22 (2016)

    Article  Google Scholar 

  5. Boyd, S., Zowghi, D., Gervasi, V.: Optimal-constraint lexicons for requirements specifications. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 203–217. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73031-6_15

    Chapter  Google Scholar 

  6. Breaux, T.D., Antón, A.I., Spafford, E.H.: A distributed requirements management framework for legal compliance and accountability. Comput. Secur. 28(1–2), 8–17 (2009)

    Article  Google Scholar 

  7. Breaux, T.D., Baumer, D.L.: Legally “reasonable” security requirements: a 10-year FTC retrospective. Comput. Secur. 30(4), 178–193 (2011)

    Article  Google Scholar 

  8. Breaux, T.D., Hibshi, H., Rao, A.: Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requir. Eng. 19(3), 281–307 (2013). https://doi.org/10.1007/s00766-013-0190-7

    Article  Google Scholar 

  9. Breitman, K.K., do Prado Leite, J.C.S.: Ontology as a requirements engineering product. In: Proceedings. In: 11th IEEE International Requirements Engineering Conference, pp. 309–319. IEEE (2003)

    Google Scholar 

  10. Corbin, J., Strauss, A.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications (2014)

    Google Scholar 

  11. De Saussure, F., Harris, R.: Course in General Linguistics. (Open Court Classics). Open Court, Chicago and La Salle (1998)

    Google Scholar 

  12. Evans, M.C., Bhatia, J., Wadkar, S., Breaux, T.D.: An evaluation of constituency-based hyponymy extraction from privacy policies. In: RE, pp. 312–321. IEEE (2017)

    Google Scholar 

  13. Fensel, D., McGuiness, D., Schulten, E., Ng, W.K., Lim, G.P., Yan, G.: Ontologies and electronic commerce. IEEE Intell. Syst. 16(1), 8–14 (2001)

    Article  Google Scholar 

  14. Fleiss, J.L.: Measuring nominal scale agreement among many raters. Psychol. Bull. 76(5), 378 (1971)

    Article  Google Scholar 

  15. Frege, G.: Über begriff und gegenstand (1892)

    Google Scholar 

  16. FTC: FTC’s \(\$\)5 billion Facebook settlement: record-breaking and history-making (2019)

    Google Scholar 

  17. Gervasi, V., Zowghi, D.: On the role of ambiguity in RE. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 248–254. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14192-8_22

    Chapter  Google Scholar 

  18. Harris, K.D.: Privacy on the go: recommendations for the mobile ecosystem (2013)

    Google Scholar 

  19. Henk, B.: The lambda calculus: its syntax and semantics. Stud. Logic Found. Math. (1984)

    Google Scholar 

  20. Hookway, C.: Peirce-Arg Philosophers. Routledge, Abingdon (2010)

    Book  Google Scholar 

  21. Bokaei Hosseini, M., Breaux, T.D., Niu, J.: Inferring ontology fragments from semantic role typing of lexical variants. In: Kamsties, E., Horkoff, J., Dalpiaz, F. (eds.) REFSQ 2018. LNCS, vol. 10753, pp. 39–56. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-77243-1_3

    Chapter  Google Scholar 

  22. Hosseini, M.B., Wadkar, S., Breaux, T.D., Niu, J.: Lexical similarity of information type hypernyms, meronyms and synonyms in privacy policies. In: AAAI Fall Symposium (2016)

    Google Scholar 

  23. Janssen, T.M., Partee, B.H.: Compositionality. In: Handbook of Logic and Language, pp. 417–473. Elsevier (1997)

    Google Scholar 

  24. Jurafsky, D., Martin, J.H.: Speech and Language Processing, vol. 3. Pearson, London (2014)

    Google Scholar 

  25. Massey, A.K., Rutledge, R.L., Antón, A.I., Swire, P.P.: Identifying and classifying ambiguity for regulatory requirements. In: RE, pp. 83–92. IEEE (2014)

    Google Scholar 

  26. Miller, G.A.: WordNet: a lexical database for english. Commun. ACM 38(11), 39–41 (1995)

    Article  Google Scholar 

  27. Oltramari, A., et al.: PrivOnto: a semantic framework for the analysis of privacy policies. Semant. Web 9(2), 185–203 (2018)

    Article  Google Scholar 

  28. Petronella, G.: Analyzing privacy of android applications (2014)

    Google Scholar 

  29. Reidenberg, J.R., Bhatia, J., Breaux, T.D., Norton, T.B.: Ambiguity in privacy policies and the impact of regulation. J. Leg. Stud. 45(S2), S163–S190 (2016)

    Article  Google Scholar 

  30. Saldaña, J.: The Coding Manual for Qualitative Researchers. Sage, Thousand Oaks (2015)

    Google Scholar 

  31. Slavin, R., et al.: Toward a framework for detecting privacy policy violations in android application code. In: ICSE (2016)

    Google Scholar 

  32. Wang, X., Qin, X., Hosseini, M.B., Slavin, R., Breaux, T.D., Niu, J.: GUILeak: identifying privacy practices on GUI-based data (2018)

    Google Scholar 

  33. Zimmeck, S., et al.: Automated analysis of privacy requirements for mobile apps. In: NDSS (2017)

    Google Scholar 

Download references

Acknowledgment

This research was supported by NSF #1736209 and #1748109.

Author information

Authors and Affiliations

  1. St. Mary’s University, San Antonio, TX, USA

    Mitra Bokaei Hosseini

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Rocky Slavin, Xiaoyin Wang & Jianwei Niu

  3. Carnegie Mellon University, Pittsburgh, PA, USA

    Travis Breaux

Authors
  1. Mitra Bokaei Hosseini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rocky Slavin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Travis Breaux
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaoyin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jianwei Niu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mitra Bokaei Hosseini .

Editor information

Editors and Affiliations

  1. Computer Science, Middlesex College, Western University, London, ON, Canada

    Nazim Madhavji

  2. School of Computer Science, University College Dublin, Dublin, Ireland

    Liliana Pasquale

  3. Area della Ricerca CNR di Pisa, Istituto di Scienza e Tecnologie dell'Informazione “Alessandro Faedo”, Pisa, Italy

    Alessio Ferrari

  4. Area della Ricerca CNR di Pisa, Istituto di Scienza e Tecnologie dell'Informazione “Alessandro Faedo”, Pisa, Italy

    Stefania Gnesi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bokaei Hosseini, M., Slavin, R., Breaux, T., Wang, X., Niu, J. (2020). Disambiguating Requirements Through Syntax-Driven Semantic Analysis of Information Types. In: Madhavji, N., Pasquale, L., Ferrari, A., Gnesi, S. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2020. Lecture Notes in Computer Science(), vol 12045. Springer, Cham. https://doi.org/10.1007/978-3-030-44429-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-44429-7_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-44428-0

  • Online ISBN: 978-3-030-44429-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation