PhD Candidate

University of Texas at San Antonio

research

Current Projects

Mobile Privacy

Mobile applications frequently access sensitive personal information to meet user or business requirements. Because such information is sensitive in general, regulators increasingly require mobileapp developers to publish privacy policies that describe what information is collected. Furthermore, regulators have fined companies when these policies are inconsistent with the actual data practices of mobile apps. As a means to assist developers, auditors, and end-users, I have created a framework and suite of tools to help bridge the semantic gap between natural language privacy policies and application code.

Security Requirements Patterns

Secure software depends upon the ability of software developers to respond to security risks early in the software development process. Despite a wealth of security requirements, often called security controls, there is a shortfall in the adoption and implementation of these requirements. This shortfall is due to the extensive expertise and higher level cognitive skillsets required to comprehend, decompose and reassemble security requirements concepts in the context of an emerging system design. To address this shortfall, we propose to develop two empirical methods: (1) a method to derive security requirements patterns from requirements catalogues using expert knowledge; and (2) a method to empirically evaluate these patterns for their "usability" by novice software developers against a set of common problem descriptions, including the developer's ability to formulate problems, select and instantiate patterns. The study results will yield a framework for discovering and evaluating security requirements patterns and new scientific knowledge about the limitations of pattern-based approaches when applied by novice software developers. This project has been funded by National Security Agency grant "Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis", UTSA award amount $200,000, February 2012 - September 2014, UTSA PI, Jianwei Niu, PIs, Travis Breaux (CMU) and Laurie Williams (NCSU).

Title on hover

Description on hover

tags
teaching

Teaching

Spring 2017
  1. CS3773 - Software Engineering
Title on hover

Description on hover

tags
publications
Journal Publications

  1. Hui Shen, Ram Krishnan, Rocky Slavin, and Jianwei Niu. "Sequence Diagram Aided Security Policy Specification", IEEE Transactions on Dependable and Secure Computing, 2014. (pdf)

Refereed Conference and Workshop Publications

  1. Rocky Slavin, Xiaoyin Wang, Mitra Hosseini, William Hester, Ram Krishnan, Jaspreet Bhatia, Travis D. Breaux, and Jianwei Niu. "Toward a Framework for Detecting Privacy Policy Violation in Android Application Code", 38th ACM/IEEE International Conference on Software Engineering, 2016, Austin, Texas. (pdf)
  2. Rocky Slavin, Xiaoyin Wang, Mitra Hosseini, William Hester, Ram Krishnan, Jaspreet Bhatia, Travis D. Breaux, and Jianwei Niu. "PVDetector: A Detector of Privacy Policy Violations for Android Apps", Proceedings of International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2016, Austin, Texas. (pdf)
  3. Rocky Slavin, Jean-Michel Lehker, Jianwei Niu, and Travis D. Breaux. "Managing Security Requirements Patterns using Feature Diagram Hierarchies", 22nd IEEE International Requirements Engineering Conference, 2014, Karlskrona, Sweden. (pdf)
  4. Jean-Michel Lehker, Rocky Slavin, and Jianwei Niu. "Integration of Security Pattern Selection Practices with Pattern Storage", Symposium and Bootcamp on the Science of Security (HotSoS), 2014, Raleigh. (pdf)
  5. Rocky Slavin, Hui Shen, and Jianwei Niu. "Characteristics and Boundaries of Security Requirements Patterns", Second International Workshop on Requirements Patterns (RePa), 2012, Chicago. (pdf)
Online Articles

  1. Rocky Slavin. "Does your Android App Collect More than it Promises to?", IEEE Software Blog, 2016, http://blog.ieeesoftware.org/2016/05/does-your-android-app-collect-more-than.html.
vitae
Education
2012 - Present
PhD Candidate, Computer Science
University of Texas at San Antonio

Advisor: Jianwei Niu

2012
Bachelor of Science, Computer Science
University of Texas at San Antonio

Security Concentration

Research Experience
2015 - Present
Mobile Application Privacy
Collaboration: Carnegie Mellon University, University of Texas at San Antonio, University of Texas at Dallas

Conducted research to bridge gap between natural language privacy policies and Android application code.

2012 - Present
Security Requirements Patterns
Collaboration: Carnegie Mellon University, North Carolina State University, University of Texas at San Antonio

Conducted research to improve the usability of security requirements patterns through empirical studies and analysis.

Teaching Experience
Fall 2012
Teaching Assistant - Data Analysis and Visualization using MATLAB
University of Texas at San Antonio, Department of Computer Science
Fall 2009
Teaching Assistant - Introduction to Computer Programming II
University of Texas at San Antonio, Department of Computer Science
Industry Experience
2010 - 2012
Program Specialist/Web Developer
University of Texas at San Antonio, Center for Research and Training in the Sciences
2009 - 2010
Systems Administrator Assistant/Web Developer
University of Texas at San Antonio, Computational Biologiy Initiative
interests

When I'm not working on my research I'm having fun with my wife and daughter and working on my astrophotography.