Requirements Engineering Laboratory @ CMU
Dr. Travis D. Breaux
Dr. Alessandro Acquisti
Dr. Thomas Alspaugh
Dr. Lorrie Cranor
Dr. David Baumer
Dr. David Gordon
Dr. Jianwei Niu
Dr. Rahul Telang
Dr. Joel Reidenberg
Dr. Norman Sadeh
Dr. Florian Schaub
Dr. Christian Wagner
Dr. Xiaoyin Wang
Dr. Laurie Williams
Jaspreet Bhatia
Hanan Hibshi
Mitra Bokaei Hosseini
Maria Riaz
Rocky Slavin
Sudarshan Wadkar

Select Publications

[23] Bhatia, J., Breaux, T. D., Schaub, F. Privacy Goal Mining through Hybridized Task Re-composition. Accept w/ Minor Revision: ACM Transactions on Software Engineering Methodology, 2016.
[22] R. Slavin, X. Wang, M.B. Hosseini, W. Hester, R. Krishnan, J. Bhatia, T.D. Breaux, J. Niu. Toward a Framework for Detecting Privacy Policy Violation in Android Application Code. To Appear: ACM/IEEE 38th International Software Engineering Conference (ICSE'16), Austin, Texas, 2016.
[21] Riaz, M., Breaux, T., Williams, L. How Have We Evaluated Software Pattern Application? A Systematic Mapping Study of Research Design Practices, Information and Software Technology (IST) Journal, Vol. 65, Sep. 2015
[20]Hibshi, H., Breaux, T.D., Broomell, S.B. Assessment of Risk Perception in Security Requirements Composition. IEEE 23rd International Requirements Engineering Conference, pp. 146-155, 2015.
[19]Breaux, T.D., Smullen, D., Hibshi, H. Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications. IEEE 23rd International Requirements Engineering Conference, pp. 166-175, 2015.
[18]Breaux, T.D., Hibshi, H., Rao, A. Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requirements Engineering Journal, 19(3): 281-307, 2014.
[17]Hibshi, H., Breaux, T.D., Riaz, M., Williams, L.Towards a framework to measure security expertise in requirements analysis. IEEE 1st Workshop on Evolving Security and Privacy Requirements Engineering pp. 13-18, 2014.
[16]Breaux, T.D., Schaub, F. Scaling requirements extraction to the crowd: Experiments with privacy policies. IEEE 22nd International Requirements Engineering Conference, pp. 163-172, 2014.
[15]Slavin, R., Lehker, J.M., Niu, J., Breaux, T.D. Managing security requirements patterns using feature diagram hierarchies. IEEE 22nd International Requirements Engineering Conference, pp. 193-202, 2014.
[14]Gordon, D.G., Breaux, T.D. The role of legal expertise in interpretation of legal requirements and definitions IEEE 22nd International Requirements Engineering Conference, pp. 273-282, 2014.
[13]Gordon, D.G., Breaux, T.D. A Cross-Domain Empirical Study and Legal Evaluation of the Requirements Water Marking Method Requirements Engineering Journal, 18(2): 147-173, 2013.
[12]Breaux, T.D., Rao, A. Formal Analysis of Privacy Requirements Specifications for Multi-Tier Applications (Nominated for Best Paper) 21st IEEE International Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, Jul. 2013.
[11]Gordon, D.G., Breaux, T.D. Assessing Regulatory Change through Legal Requirements Coverage Modeling Accepted To: 21st IEEE International Requirements Engineering Conference (RE'13), Rio de Janeiro, Brazil, Jul. 2013.
[10]Gordon, D.G., Breaux, T.D. Reconciling Multi-Jurisdictional Legal Requirements: A Case Study in Requirements Water Marking (Nominated for Best Paper) 20th IEEE International Conference on Requirements Engineering, Chicago, Illinois, Sep. 2012.
[9]Breaux, T.D., Hibshi, H., Rao, A., Lehkher, J.-M. Towards a Framework for Pattern Experimentation: Understanding empirical validity in requirements engineering patterns. 2nd IEEE Workshop on Requirements Engineering Patterns (RePa'12), Chicago, Illinois, Oct. 2012
[8]Breaux, T.D., Lotrionte, C.B. Towards a Privacy Management Framework for Distributed Cybersecurity in the New Data Ecology. In Proc. IEEE International Conference on Technologies for Homeland Security, Waltham, Massachusetts, Oct. 2011
[7]Breaux, T.D., Alspaugh, T.A. Governance and Accountability in the New Data Ecology: A Vision for Electronic Data Licenses. In Proc. 4th IEEE International Workshop on Requirements Engineering and Law (RELAW'11), Trento, Italy, Aug. 2011
[6]Breaux, T.D., Baumer, D.L. Legally "Reasonable" Security Requirements: A 10-year FTC Retrospective. Computers and Security, 30(4):178-193, 2011
[5]Breaux, T.D., Antón, A.I., Spafford, E.H. A Distributed Requirements Management Framework for Compliance and Accountability. Computers and Security (COSE), 28(1-2): 8-17, 2009
[4]Breaux, T.D., Antón, A.I. Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering, Special Issue on Software Engineering for Secure Systems (IEEE TSE), 34(1):5-20, January/February 2008
[3]Breaux, T.D., Antón, A.I., Doyle, J. Semantic Parameterization: A Process for Modeling Domain Descriptions. ACM Transactions on Software Engineering Methodology (ACM TOSEM), 18(2): 5, November 2008
[2]Breaux, T.D., Antón, A.I., Boucher, K., Dorfman, M. Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility. In Proc. IEEE 16th International Requirements Engineering Conference, Barcelona, Spain, pp. 43-52, Sep. 2008
[1]Breaux, T.D., Vail, M.W., Antón, A.I. Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In Proc. IEEE 14th International Requirements Engineering Conference, Minneapolis, Minnesota, pp. 49-58, Sep. 2006