Zobrazit v EDS

Çorba: crowdsourcing to obtain requirements from regulations and breaches.

Uloženo v:
Podrobná bibliografie
Název: Çorba: crowdsourcing to obtain requirements from regulations and breaches.
Autoři: Guo, Hui, Kafalı, Özgür, Jeukeng, Anne-Liz, Williams, Laurie, Singh, Munindar P.
Zdroj: Empirical Software Engineering; Jan2020, Vol. 25 Issue 1, p532-561, 30p
Témata: CROWDSOURCING, COMPUTER software development, SECURITIES analysts, HUMAN intelligence (Intelligence service), SOCIOTECHNICAL systems
Abstrakt: Context: Modern software systems are deployed in sociotechnical settings, combining social entities (humans and organizations) with technical entities (software and devices). In such settings, on top of technical controls that implement security features of software, regulations specify how users should behave in security-critical situations. No matter how carefully the software is designed and how well regulations are enforced, such systems are subject to breaches due to social (user misuse) and technical (vulnerabilities in software) factors. Breach reports, often legally mandated, describe what went wrong during a breach and how the breach was remedied. However, breach reports are not formally investigated in current practice, leading to valuable lessons being lost regarding past failures. Objective: Our research aim is to aid security analysts and software developers in obtaining a set of legal, security, and privacy requirements, by developing a crowdsourcing methodology to extract knowledge from regulations and breach reports. Method: We present Çorba, a methodology that leverages human intelligence via crowdsourcing, and extracts requirements from textual artifacts in the form of regulatory norms. We evaluate Çorba on the US healthcare regulations from the Health Insurance Portability and Accountability Act (HIPAA) and breach reports published by the US Department of Health and Human Services (HHS). Following this methodology, we have conducted a pilot and a final study on the Amazon Mechanical Turk crowdsourcing platform. Results: Çorba yields high quality responses from crowd workers, which we analyze to identify requirements for the purpose of complementing HIPAA regulations. We publish a curated dataset of the worker responses and identified requirements. Conclusions: The results show that the instructions and question formats presented to the crowd workers significantly affect the response quality regarding the identification of requirements. We have observed significant improvement from the pilot to the final study by revising the instructions and question formats. Other factors, such as worker types, breach types, or length of reports, do not have notable effect on the workers' performance. Moreover, we discuss other potential improvements such as breach report restructuring and text highlighting with automated methods. [ABSTRACT FROM AUTHOR]
Copyright of Empirical Software Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Databáze: Complementary Index
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://resolver.ebscohost.com/openurl?sid=EBSCO:edb&genre=article&issn=13823256&ISBN=&volume=25&issue=1&date=20200101&spage=532&pages=532-561&title=Empirical Software Engineering&atitle=%C3%87orba%3A%20crowdsourcing%20to%20obtain%20requirements%20from%20regulations%20and%20breaches.&aulast=Guo%2C%20Hui&id=DOI:10.1007/s10664-019-09753-2
    Name: Full Text Finder
    Category: fullText
    Text: Full Text Finder
    Icon: https://imageserver.ebscohost.com/branding/images/FTF.gif
    MouseOverText: Full Text Finder
  – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Guo%20H
    Name: ISI
    Category: fullText
    Text: Nájsť tento článok vo Web of Science
    Icon: https://imagesrvr.epnet.com/ls/20docs.gif
    MouseOverText: Nájsť tento článok vo Web of Science
Header DbId: edb
DbLabel: Complementary Index
An: 141432840
RelevancyScore: 886
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 885.81396484375
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Çorba: crowdsourcing to obtain requirements from regulations and breaches.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Guo%2C+Hui%22">Guo, Hui</searchLink><br /><searchLink fieldCode="AR" term="%22Kafalı%2C+Özgür%22">Kafalı, Özgür</searchLink><br /><searchLink fieldCode="AR" term="%22Jeukeng%2C+Anne-Liz%22">Jeukeng, Anne-Liz</searchLink><br /><searchLink fieldCode="AR" term="%22Williams%2C+Laurie%22">Williams, Laurie</searchLink><br /><searchLink fieldCode="AR" term="%22Singh%2C+Munindar+P%2E%22">Singh, Munindar P.</searchLink>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: Empirical Software Engineering; Jan2020, Vol. 25 Issue 1, p532-561, 30p
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22CROWDSOURCING%22">CROWDSOURCING</searchLink><br /><searchLink fieldCode="DE" term="%22COMPUTER+software+development%22">COMPUTER software development</searchLink><br /><searchLink fieldCode="DE" term="%22SECURITIES+analysts%22">SECURITIES analysts</searchLink><br /><searchLink fieldCode="DE" term="%22HUMAN+intelligence+%28Intelligence+service%29%22">HUMAN intelligence (Intelligence service)</searchLink><br /><searchLink fieldCode="DE" term="%22SOCIOTECHNICAL+systems%22">SOCIOTECHNICAL systems</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Context: Modern software systems are deployed in sociotechnical settings, combining social entities (humans and organizations) with technical entities (software and devices). In such settings, on top of technical controls that implement security features of software, regulations specify how users should behave in security-critical situations. No matter how carefully the software is designed and how well regulations are enforced, such systems are subject to breaches due to social (user misuse) and technical (vulnerabilities in software) factors. Breach reports, often legally mandated, describe what went wrong during a breach and how the breach was remedied. However, breach reports are not formally investigated in current practice, leading to valuable lessons being lost regarding past failures. Objective: Our research aim is to aid security analysts and software developers in obtaining a set of legal, security, and privacy requirements, by developing a crowdsourcing methodology to extract knowledge from regulations and breach reports. Method: We present Çorba, a methodology that leverages human intelligence via crowdsourcing, and extracts requirements from textual artifacts in the form of regulatory norms. We evaluate Çorba on the US healthcare regulations from the Health Insurance Portability and Accountability Act (HIPAA) and breach reports published by the US Department of Health and Human Services (HHS). Following this methodology, we have conducted a pilot and a final study on the Amazon Mechanical Turk crowdsourcing platform. Results: Çorba yields high quality responses from crowd workers, which we analyze to identify requirements for the purpose of complementing HIPAA regulations. We publish a curated dataset of the worker responses and identified requirements. Conclusions: The results show that the instructions and question formats presented to the crowd workers significantly affect the response quality regarding the identification of requirements. We have observed significant improvement from the pilot to the final study by revising the instructions and question formats. Other factors, such as worker types, breach types, or length of reports, do not have notable effect on the workers' performance. Moreover, we discuss other potential improvements such as breach report restructuring and text highlighting with automated methods. [ABSTRACT FROM AUTHOR]
– Name: Abstract
  Label:
  Group: Ab
  Data: <i>Copyright of Empirical Software Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edb&AN=141432840
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s10664-019-09753-2
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 30
        StartPage: 532
    Subjects:
      – SubjectFull: CROWDSOURCING
        Type: general
      – SubjectFull: COMPUTER software development
        Type: general
      – SubjectFull: SECURITIES analysts
        Type: general
      – SubjectFull: HUMAN intelligence (Intelligence service)
        Type: general
      – SubjectFull: SOCIOTECHNICAL systems
        Type: general
    Titles:
      – TitleFull: Çorba: crowdsourcing to obtain requirements from regulations and breaches.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Guo, Hui
      – PersonEntity:
          Name:
            NameFull: Kafalı, Özgür
      – PersonEntity:
          Name:
            NameFull: Jeukeng, Anne-Liz
      – PersonEntity:
          Name:
            NameFull: Williams, Laurie
      – PersonEntity:
          Name:
            NameFull: Singh, Munindar P.
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Text: Jan2020
              Type: published
              Y: 2020
          Identifiers:
            – Type: issn-print
              Value: 13823256
          Numbering:
            – Type: volume
              Value: 25
            – Type: issue
              Value: 1
          Titles:
            – TitleFull: Empirical Software Engineering
              Type: main
ResultId 1