Travis D. Breaux Carnegie Mellon University Travis D. Breaux
Associate Professor of Computer Science
Software and Societal Systems Department
School of Computer Science
4665 Forbes Avenue, Pittsburgh, PA 15213
Office:
Tel:
Fax:
E-mail:
S3D - TCS Hall 346
412-268-7334
412-268-3455

Links: Home | Research | Teaching | Publications | Biography | Vitae

Copyright Notice:

Papers published by the Institute of Electrical and Electronics Engineers, Inc. (IEEE) are Copyright © 2005-2013 by IEEE. Personal use of this material is permitted. However, permission to reprint/ republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

Papers published by the Association for Computing Machinery, Inc. (ACM) are Copyright © 2005-2013 by ACM. Permission to make digital/ hard copy of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage, the copyright notice, the title of publication and its date appear, and notice is given that copying is by permission of ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee.

Papers published by Springer are Copyright © 2005-2013 by Springer. Authors may self-archive the author's accepted manuscript of their articles on their own websites. Authors may also deposit this version of the article in any repository, provided it is only made publicly available 12 months after official publication or later. He/ she may not use the publisher's version (the final article), which is posted on SpringerLink and other Springer websites, for the purpose of self-archiving or deposit. Furthermore, the author may only post his/her version provided acknowledgement is given to the original source of publication and a link is inserted to the published article on Springer's website.


Publications Roadmap:

Theme: Contributing to Requirements Theory

  • Qualitative metrics for comparing requirements [C5, C10]
  • Formal method for modeling requirements in Description Logic [J6, J2, C13]
  • Framework for distributed requirements management [J3]
  • Balancing rights and obligations to improve requirements coverage [C3]
  • Enforceability vs. accountability in systems [W3]
  • Comparing requirements from multiple jurisdictions [J5, C10, W10, W9]
  • Assessing legal requirements coverage [C12]

Theme: Implementing Regulations in Practice

  • Gap analysis between regulations and product requirements [C5]
  • Patterns for refining regulations into product requirements [C15, C5]

Theme: Acquiring Legal Requirements from Laws

  • Security requirements from FTC enforcement actions [J4]
  • Data access requirements from the HIPAA Privacy Rule [J1]
  • Business process models from the HIPAA Privacy Rule [C7]
  • Abuse cases from criminal court proceedings [W6]
  • Tool support for acquiring requirements from laws [C11, C8, C6, C4, W5]
  • Formalizing regulations [C12, C3, W7] and policies [C13, C2, C1, W2, W1] as requirements
  • Crowdsourcing requirements extraction [C16]

Refereed Journal Publications:
[J12] Jaspreet Bhatia, Travis Breaux. "Empirical Measurement of Perceived Privacy Risk," Accepted To: ACM Transactions on Human Computer Interaction (TOCHI), 2018.
[J11] Hanan Hibshi, Travis Breaux, Maria Riaz and Laurie Williams. "A Grounded Analysis of Experts Decision-Making During Security Assessments" Journal of Cybersecurity, Oxford Press, 2(2): 147-163, 2016.
DOI ]
[J10] Joel R. Reidenberg, Jaspreet Bhatia, Travis D. Breaux, Thomas B. Norton. "Ambiguity in Privacy Policies and the Impact of Regulation," The Journal of Legal Studies, 45(S2): S163-S190, June 2016.
DOI ]
[J9] Hanan Hibshi, Travis D. Breaux, Maria Riaz, Laurie Williams. "A Grounded Analysis of Experts' Decision-Making During Security Assessments," Oxford Journal of Cybersecurity, 2(2): 147-163, 2016.
DOI ]
[J8] Jaspreet Bhatia, Travis D. Breaux, Florian Schaub. "Privacy Goal Mining through Hybridized Task Re-composition" ACM Transactions on Software Engineering Methodology, 25(3): Article 22, 2016.
DOI ]
[J7] Maria Riaz, Travis Breaux, Laurie Williams, "How Have We Evaluated Software Pattern Application? A Systematic Mapping Study of Research Design Practices", Information and Software Technology (IST) Journal, Vol. 65, Sep. 2015.
DOI ] [ PDF ]
[J6] Travis D. Breaux, Hanan Hibshi, Ashwini Rao. "Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements." Requirements Engineering Journal, 19(3): 281-307, 2014.
DOI ] [ BibTeX ]
[J5] David G. Gordon, Travis D. Breaux. "A Cross-Domain Empirical Study and Legal Evaluation of the Requirements Water Marking Method." Requirements Engineering Journal, 18(2): 147-173, June 2013.
DOI ] [ BibTeX ]
[J4] Travis D. Breaux, David L. Baumer. Legally “Reasonable” Security Requirements: A 10-year FTC Retrospective. Computers and Security, 30(4):178-193, 2011
DOI ] [ PDF ] [ BibTeX ]
[J3] Travis D. Breaux, Annie I. Antón, Eugene H. Spafford. A Distributed Requirements Management Framework for Compliance and Accountability. Computers and Security (COSE), 28(1-2): 8-17, 2009
DOI ] [ PDF ] [ BibTeX ]
[J2] Travis D. Breaux, Annie I. Antón, Jon Doyle. Semantic Parameterization: A Process for Modeling Domain Descriptions. ACM Transactions on Software Engineering Methodology (ACM TOSEM), 18(2): 5, November 2008
DOI ] [ PDF ] [ BibTeX ]
[J1] Travis D. Breaux, Annie I. Antón. Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering, Special Issue on Software Engineering for Secure Systems (IEEE TSE), 34(1):5-20, January/February 2008
DOI ] [ PDF ] [ BibTeX ]

Refereed Conference Proceedings:
[C26] J. Bhatia, T.D. Breaux. Semantic Incompleteness in Privacy Policy Goals. (Distinguished Paper Award) 26th IEEE International Requirements Engineering Conference (RE'18), Banff, Canada, 2018.
PDF ]
[C25] X. Wang, X. Qin, M. Bokaei Hosseini, R. Slavin, T.D. Breaux, J. Niu. GUILeak: Tracing Privacy Policy Claims on User Input Data for Android Applications. 40th International Conference on Software Engineering (ICSE'18), Gothenberg, Sweden, 2018.
DOI ]
[C24] M. Bokaei Hosseini, T. D. Breaux, J. Niu. Inferring Ontology Fragments from Semantic Typing of Lexical Variants. 24th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ'18), Utrecht, Netherlands, 2018.
DOI ]
[C23] H. Hibshi, T. D. Breaux. Reinforcing Security Requirements with Multifactor Quality Measurement. 25th IEEE International Requirements Engineering Conference (RE'17), Lisbon, Portugal, pp. 144-153, 2017.
DOI ] [ PDF ]
[C22] M. C. Evans, J. Bhatia, S. Wadkar, T. D. Breaux. An Evaluation of Constituency-based Hyponymy Extraction from Privacy Policies, Accepted To: 25th IEEE International Requirements Engineering Conference (RE'17), Lisbon, Portugal, 2017.
PDF ]
[C21] H. Hibshi, T.D. Breaux, C. Wagner. Improving Security Requirements Adequacy: An Interval Type 2 Fuzzy Logic Security Assessment System, IEEE Symposium Series on Computational Intelligence (SSCI'16), Athens, Greece, pp. 1-8, 2016.
DOI ] [ PDF ]
[C20] J. Bhatia, T.D. Breaux, J.R. Reidenberg, T.B. Norton. A Theory of Vagueness and Privacy Risk Perception, (Nominated for Best Paper), 24th IEEE International Requirements Engineering Conference (RE'16), Beijing, China, 2016.
DOI ] [ PDF ]
[C19] R. Slavin, X. Wang, M.B. Hosseini, W. Hester, R. Krishnan, J. Bhatia, T.D. Breaux, J. Niu. Toward a Framework for Detecting Privacy Policy Violation in Android Application Code, 38th ACM/IEEE International Software Engineering Conference (ICSE'16), Austin, Texas, pp. 25-36, 2016.
DOI ] [ PDF ]
[C18] Hanan Hibshi, Travis D. Breaux, Stephen B. Broomell. Assessment of Risk Perception in Security Requirements Composition. IEEE 23rd International Requirements Engineering Conference (RE'15), pp. 146-155, 2015.
DOI ] [ PDF ] [ BibTeX ]
[C17] Travis D. Breaux, Daniel Smullen, Hanan Hibshi. Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications. IEEE 23rd International Requirements Engineering Conference (RE'15), Ottawa, Canada, pp. 166-175, Sep. 2015.
DOI ] [ PDF ] [ BibTeX ]
[C16] Travis D. Breaux, Florian Schaub. Scaling Requirements Extraction to the Crowd: Experiments on Privacy Policies. 22nd IEEE International Requirements Engineering Conference (RE'14), Karlskrona, Sweden, pp. 163-172, Aug. 2014.
DOI ] [ PDF ] [ BibTeX ]
[C15] Rocky Slavin, Jean-Michel Lehker, Jianwei Niu, Travis D. Breaux. Managing Security Requirements Patterns Using Feature Diagram Hierarchies. 22nd IEEE International Requirements Engineering Conference (RE'14), Karlskrona, Sweden, pp. 193-202, Aug. 2014.
DOI ] [ PDF ] [ BibTeX ]
[C14] David G. Gordon, Travis D. Breaux. The Role of Legal Expertise in Interpretation of Legal Requirements and Definitions. 22nd IEEE International Requirements Engineering Conference (RE'14), Karlskrona, Sweden, pp. 273-282, Aug. 2014.
DOI ] [ PDF ] [ BibTeX ]
[C13] Travis D. Breaux, Ashwini Rao. Formal Analysis of Privacy Requirements Specifications for Multi-Tier Applications, (Nominated for Best Paper) 21st IEEE International Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, pp. 14-23, Jul. 2013.
DOI ] [ PDF ] [ BibTeX ]
[C12] David G. Gordon, Travis D. Breaux. Assessing Regulatory Change through Legal Requirements Coverage Modeling, 21st IEEE International Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, pp. 145-154, Jul. 2013.
DOI ] [ PDF ] [ BibTeX ]
[C11] Travis D. Breaux, David G. Gordon. Regulatory Requirements Traceability and Analysis Using Semi-Formal Specifications, 19th Working Conference on Requirements Engineering: Foundations for Software Quality (REFSQ'13), Essen, Germany, pp. 141-157, Apr. 2013.
DOI ] [ PDF ] [ BibTeX ]
[C10] David G. Gordon, Travis D. Breaux. Reconciling Multi-Jurisdictional Requirements: A Case Study in Requirements Water Marking, (Nominated for Best Paper) IEEE International Requirements Engineering Conference (RE'12), Chicago, Illinois, pp. 91-100, Sep. 2012.
DOI ] [ PDF ] [ BibTeX ]
[C9] Travis D. Breaux, Catherine B. Lotrionte. Towards a Privacy Management Framework for Distributed Cybersecurity in the New Data Ecology, In Proc. IEEE International Conference on Technologies for Homeland Security (HST'11), Waltham, Massachusetts, pp. 6-12, Nov. 2011.
DOI ] [ PDF ] [ BibTeX ]
[C8] Travis D. Breaux. Exercising Due Diligence in Legal Requirements Acquisition: A Tool-supported, Frame-based Approach. In Proc. IEEE 17th International Requirements Engineering Conference (RE'09), Atlanta, Georgia, pp. 225-230, Sep. 2009.
DOI ] [ PDF ] [ BibTeX ]
[C7] Travis D. Breaux, Calvin Powers. Early Studies in Acquiring Evidentiary, Reusable Business Process Models for Legal Compliance. 6th International Conference on Information Technology: New Generations (ITNG'09), Las Vegas, Nevada, pp. 272-266, Apr. 2009.
DOI ] [ PDF ] [ BibTeX ]
[C6] Nadzeya Kiyavitskaya, Nicola Zeni, Travis D. Breaux, Annie I. Antón, James R. Cordy, Luisa Mich, John Mylopoulos. Automating the Extraction of Rights and Obligations for Regulatory Compliance. In Proc. 27th International Conference on Conceptual Modelling (ER'08), Barcelona, Spain, pp. 154-168, Oct. 2008
DOI ] [ PDF ] [ BibTeX ]
[C5] Travis D. Breaux, Annie I. Antón, Kent Boucher, Merlin Dorfman. Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility. In Proc. IEEE 16th International Requirements Engineering Conference (RE'08), Barcelona, Spain, pp. 43-52, Sep. 2008
DOI ] [ PDF ] [ BibTeX ]
[C4] Nadzeya Kiyavitskaya, Nicola Zeni, Luisa Mich, Travis D. Breaux, Annie I. Antón, John Mylopoulos. Extracting Rights and Obligations from Regulations: Towards a Tool-Supported Process. In Proc. IEEE/ACM 22nd International Conference Automated Software Engineering (ASE'07), Atlanta, Georgia, pp. 429-432, Nov. 2007
DOI ] [ PDF ] [ BibTeX ]
[C3] Travis D. Breaux, Matthew W. Vail, Annie I. Antón. Towards Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. (Honorable Mention for 2016 IEEE RE Most Influential Paper Award) In Proc. IEEE 14th International Requirements Engineering Conference (RE'06), Minneapolis, Minnesota, pp. 49-58, Sep. 2006
DOI ] [ PDF ] [ BibTeX ]
[C2] Travis D. Breaux and Annie I. Antón. Analyzing Goal Semantics for Rights, Permissions and Obligations. In Proc. IEEE 13th International Requirements Engineering Conference (RE'05), Paris, France pp. 177-186, Aug. 2005
DOI ] [ PDF ] [ BibTeX ]
[C1] Travis D. Breaux and Joel Reed. Hierarchical Information Clustering Using Ontology Languages. In Proc. 38th Hawaii International Conference on System Sciences (HICSS-38), Waimea, Hawaii, pp. 111--112, Jan. 2005
DOI ] [ PDF ] [ BibTeX ]

Refereed Symposia and Workshop Proceedings:
[W18] Jaspreet Bhatia, Travis D. Breaux. A Data Purpose Case Study of Privacy Policies. 25th IEEE International Requirements Engineering Conference, RE:Next! Track, Lisbon, Portugal, 2017.
PDF ]
[W17] Mitra Bokaei Hosseini, Sudarshan Wadkar, Travis D. Breaux, Jianwei Niu. Lexical Similarity of Information Type Hypernyms, Meronyms and Synonyms in Privacy Policies. AAAI Fall Symposium on Privacy and Language Technologies (PLT), Arlington, Virginia, Nov. 2016.
PDF ] [ BibTeX ]
[W16] Jaspreet Bhatia, Travis D. Breaux, Liora Friedberg, Hanan Hibshi, Daniel Smullen. Privacy Risk in Cybersecurity Data Sharing. ACM 3rd International Workshop on Information Sharing and Collaborative Security (WISCS), Vienna, Austria, Oct. 2016.
PDF ] [ BibTeX ]
[W15] Jaspreet Bhatia, Morgan Evans, Sudarshan Wadkar, Travis D. Breaux "Automated Extraction of Regulated Information Types using Hyponymy Relations" IEEE 3rd International Workshop on Artificial Intelligence for Requirements Engineering (AIRE), Beijing, China, Aug. 2016.
PDF ] [ BibTeX ]
[W14] Jaspreet Bhatia, Travis D. Breaux "Towards an Information Type Lexicon for Privacy Policies" IEEE 8th International Workshop on Requirements Engineering and Law (RELAW), Ottawa, Canada, pp. 19-24, Aug. 2015.
PDF ] [ BibTeX ]
[W13] Sepideh Ghanavati, Travis D. Breaux. "Comparing and Analyzing Definitions in Multijurisdictions" IEEE 8th International Workshop on Requirements Engineering and Law (RELAW), Ottawa, Canada, pp. 47-56, Aug. 2015.
PDF ] [ BibTeX ]
[W12] Hanan Hibshi, Travis D. Breaux, Maria Riaz, Laurie Williams. Towards a Framework to Measure Security Expertise in Requirements Analysis. IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE), Karlskrona, Sweden, Aug. 2014.
PDF ] [ BibTeX ]
[W11] Travis D. Breaux, Hanan Hibshi, Ashwini Rao, Jean-Michel Lehker. Towards a Framework for Pattern Experimentation: Understanding empirical validity in requirements engineering patterns. 2nd IEEE Workshop on Requirements Engineering Patterns (RePa'12), Chicago, Illinois, Sep. 2012.
BibTeX ]
[W10] David G. Gordon, Travis D. Breaux. Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape. 3rd ACM Cloud Computing Security Workshop (CCSW'11), Chicago, Illinois, Oct. 2011.
DOI ] [ PDF ] [ BibTeX ]
[W9] David G. Gordon, Travis D. Breaux. Comparing Requirements from Multiple Jurisdictions. 4th IEEE International Workshop on Requirements Engineering and Law (RELAW'11), Trento, Italy, Aug. 2011.
DOI ] [ PDF ] [ BibTeX ]
[W8] Travis D. Breaux, Thomas A. Alspaugh. Governance and Accountability in the New Data Ecology: A Vision for Electronic Data Licenses. 4th IEEE International Workshop on Requirements Engineering and Law (RELAW'11), Trento, Italy, Aug. 2011.
DOI ] [ PDF ] [ BibTeX ]
[W7] Travis D. Breaux. A Method to Acquire Compliance Monitors from Regulations. 3rd IEEE International Workshop on Requirements Engineering and Law (RELAW'10), Sydney, Australia, pp. 17-26, Sep. 2010.
DOI ] [ PDF ] [ BibTeX ]
[W6] Travis D. Breaux, Jonathan D. Lewis, Paul N. H. Otto, Annie I. Antón. Identifying Legal Vulnerabilities and Critical Requirements Using Criminal Court Proceedings. 24th ACM/SIGAPP Symposium on Applied Computing (ACM SAC'09), Honolulu, Hawaii, pp. 355-359, Aug. 2008.
DOI ] [ PDF ] [ BibTeX ]
[W5] Travis D. Breaux, Annie I. Antón. A Systematic Method for Acquiring Regulatory Requirements: A Frame-Based Approach. In Proc. 6th International Workshop on Requirements for High Assurance Systems (RHAS-6), Delhi, India, Sep. 2007
PDF ] [ BibTeX ]
[W4] Travis D. Breaux. Compliance Engineering: Aligning Software Requirements with Policies and Regulations. Doctoral Symposium at the ACM/SIGSOFT 14th Symp. on Foundations of Software Engineering (FSE-14), Portland, Oregon, Nov. 2006
BibTeX ]
[W3] Travis D. Breaux, Annie I. Antón, Clare-Marie Karat and John Karat. Enforceability vs. Accountability in Electronic Policies. In Proc. IEEE 7th International Workshop on Policies for Distributed Systems and Networks (POLICY'06), London, Ontario, pp. 227-230, Jun. 2006
DOI ] [ PDF ] [ BibTeX ]
[W2] Travis D. Breaux and Annie I. Antón. Mining Rule Semantics to Understand Legislative Compliance. In Proc. ACM Workshop on Privacy in the Electronic Society (WPES'05), Alexandria, Virginia, pp. 51-54, Nov. 2005
DOI ] [ PDF ] [ BibTeX ]
[W1] Travis D. Breaux and Annie I. Antón. Deriving Semantic Models from Privacy Policy Goals. In Proc. IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY'05), Stockholm, Sweden, pp. 67-76, Jun. 2005
DOI ] [ PDF ] [ BibTeX ]
Dissertation, Thesis and Technical Reports:
[T3] Travis D. Breaux. Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems. Ph.D. Thesis, North Carolina State University, Apr. 2009
HTML ] [ PDF ] [ BibTeX ]
[T2] Travis D. Breaux. Policy-Parametric Software. Computer Science Technical Report TR-2004-30, North Carolina State University, Nov. 2004
PDF ] [ BibTeX ]
[T1] Travis D. Breaux. BABEL: The Semantic Web in Open Systems. Undergraduate Honors Thesis, Adviser: Dr. Stephen Fickas, University of Oregon, Dec. 2003
BibTeX ]