CSC News
Antón & Spafford Receive Collaborative NSF Award
Dr. Annie Antón, associate professor and Director of ThePrivacyPlace.Org and Dr. Eugene H. Spafford, Professor and Director of CERIAS at Purdue University, have been awarded $500,000 by the National Science Foundation's Science of Design program to fund their collaborative research project entitled, "Transparency and Legal Compliance in Software Systems."
Senior personnel on the grant include Dr. David Baumer (NCSU College of Management) and Dr. Ignacio Valdes (Chief Technology Officer, YourDoctorProgram.Com) of Houston, TX.
The award will run from August 1, 2007 - August 1, 2009.
Research Abstract - This project, involving collaboration between North Carolina State University and Purdue University, addresses the design of Healthcare information systems. Such systems are becoming ubiquitous and thus increasingly subject to attack, misuse and abuse. Specifications and designs of these systems often neglect security and privacy concerns. Moreover, regulations such as HIPAA (Health Insurance Portability and Accountability Act) as well as security and privacy policies are difficult for users to understand and complex for software engineers to use as guides when designing and implementing systems. This project defines mechanisms that are needed to help analysts disambiguate regulations so that they may be clearly specified as software requirements. In addition, regulations are increasingly requiring organizations to comply with the law and account for their actions. Individuals responsible for ensuring compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. Software controls are needed to provide assurances that business processes adhere to specific requirements, especially those derived from government regulations.
To address these challenges, the proposed work takes a holistic view of the design of transparent and legally compliant software systems. Key research questions that are addressed include:
Senior personnel on the grant include Dr. David Baumer (NCSU College of Management) and Dr. Ignacio Valdes (Chief Technology Officer, YourDoctorProgram.Com) of Houston, TX.
The award will run from August 1, 2007 - August 1, 2009.
Research Abstract - This project, involving collaboration between North Carolina State University and Purdue University, addresses the design of Healthcare information systems. Such systems are becoming ubiquitous and thus increasingly subject to attack, misuse and abuse. Specifications and designs of these systems often neglect security and privacy concerns. Moreover, regulations such as HIPAA (Health Insurance Portability and Accountability Act) as well as security and privacy policies are difficult for users to understand and complex for software engineers to use as guides when designing and implementing systems. This project defines mechanisms that are needed to help analysts disambiguate regulations so that they may be clearly specified as software requirements. In addition, regulations are increasingly requiring organizations to comply with the law and account for their actions. Individuals responsible for ensuring compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. Software controls are needed to provide assurances that business processes adhere to specific requirements, especially those derived from government regulations.
To address these challenges, the proposed work takes a holistic view of the design of transparent and legally compliant software systems. Key research questions that are addressed include:
- How should system requirements be specified so they may be realized in design and implementation to ensure legal and regulatory compliance?
- Given that software designs need to satisfy multiple stakeholders (organizations, law/policy makers, government agencies, public citizens, etc.) having contradictory, inconsistent and difficult to understand objectives, how can the design process of these systems be improved to lead to convergence and satisfaction of these requirements in a transparent and auditable fashion?
Return To News Homepage