Rocky Slavin, Ph.D.

Assistant Professor of Practice
Department of Computer Science
University of Texas at San Antonio

research

Research Interests

Mobile Privacy

Mobile applications frequently access sensitive personal information to meet user or business requirements. Because such information is sensitive in general, regulators increasingly require mobileapp developers to publish privacy policies that describe what information is collected. Furthermore, regulators have fined companies when these policies are inconsistent with the actual data practices of mobile apps. As a means to assist developers, auditors, and end-users, I have created a framework and suite of tools to help bridge the semantic gap between natural language privacy policies and application code.

Security Requirements Patterns

Secure software depends upon the ability of software developers to respond to security risks early in the software development process. Despite a wealth of security requirements, often called security controls, there is a shortfall in the adoption and implementation of these requirements. This shortfall is due to the extensive expertise and higher level cognitive skillsets required to comprehend, decompose and reassemble security requirements concepts in the context of an emerging system design. To address this shortfall, we propose to develop two empirical methods: (1) a method to derive security requirements patterns from requirements catalogues using expert knowledge; and (2) a method to empirically evaluate these patterns for their "usability" by novice software developers against a set of common problem descriptions, including the developer's ability to formulate problems, select and instantiate patterns. The study results will yield a framework for discovering and evaluating security requirements patterns and new scientific knowledge about the limitations of pattern-based approaches when applied by novice software developers. This project has been funded by National Security Agency grant "Improving the Usability of Security Requirements by Software Developers through Empirical Studies and Analysis", UTSA award amount $200,000, February 2012 - September 2014, UTSA PI, Jianwei Niu, PIs, Travis Breaux (CMU) and Laurie Williams (NCSU).

Title on hover

Description on hover

tags
teaching

Teaching

Resources and Tutorials

Course materials are available on Blackboard

Fall 2017
  1. CS3773 - Software Engineering
  2. CS3423- Systems Programming

Summer 2017
  1. CS3773 - Software Engineering

Spring 2017
  1. CS3773 - Software Engineering
Title on hover

Description on hover

tags
publications
Journal Publications

  1. Hui Shen, Ram Krishnan, Rocky Slavin, and Jianwei Niu. Sequence Diagram Aided Security Policy Specification, IEEE Transactions on Dependable and Secure Computing, 2014. (pdf)

Refereed Conference and Workshop Publications

  1. Rocky Slavin, Xiaoyin Wang, Mitra Hosseini, William Hester, Ram Krishnan, Jaspreet Bhatia, Travis D. Breaux, and Jianwei Niu. Toward a Framework for Detecting Privacy Policy Violation in Android Application Code, 38th ACM/IEEE International Conference on Software Engineering, 2016, Austin, Texas. (pdf)
  2. Rocky Slavin, Xiaoyin Wang, Mitra Hosseini, William Hester, Ram Krishnan, Jaspreet Bhatia, Travis D. Breaux, and Jianwei Niu. PVDetector: A Detector of Privacy Policy Violations for Android Apps, Proceedings of International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2016, Austin, Texas. (pdf)
  3. Rocky Slavin, Jean-Michel Lehker, Jianwei Niu, and Travis D. Breaux. Managing Security Requirements Patterns using Feature Diagram Hierarchies, 22nd IEEE International Requirements Engineering Conference, 2014, Karlskrona, Sweden. (pdf)
  4. Jean-Michel Lehker, Rocky Slavin, and Jianwei Niu. Integration of Security Pattern Selection Practices with Pattern Storage, Symposium and Bootcamp on the Science of Security (HotSoS), 2014, Raleigh. (pdf)
  5. Rocky Slavin, Hui Shen, and Jianwei Niu. Characteristics and Boundaries of Security Requirements Patterns, Second International Workshop on Requirements Patterns (RePa), 2012, Chicago. (pdf)
Technical Reports

  1. Rocky Slavin, Xiaoyin Wang, Mitra Bokaei Hosseini, Jianwei Niu, Jaspreet Bhatia, and Travis D. Breaux. PoliDroid-AS: A Privacy Policy Alignment Plugin for Android Studio. Technical Report CSTR-2017-002, University of Texas at San Antonio Department of Computer Science, 2017. (pdf)
  2. Hanan Hibshi, Rocky Slavin, Jianwei Niu, and Travis D. Breaux. Rethinking Security Requirements in RE Research. Technical Report CSTR-2014-005, University of Texas at San Antonio Department of Computer Science, 2014. (pdf)
  3. Hui Shen, Ram Krishnan, Rocky Slavin, and Jianwei Niu. Sequence Diagram Aided Security Policy Specification. Technical Report CSTR-2017-001, University of Texas at San Antonio Department of Computer Science, 2014. (pdf)
Dissertation

  1. Rocky Slavin. Applying Semantic Analysis for the Alignment of Natural Language Privacy Policies with Application Code. Ph.D. Dissertation, University of Texas at San Antonio, Aug. 2017. (pdf)
Articles

  1. Rocky Slavin. Does your Android App Collect More than it Promises to?, IEEE Software Blog, 2016, http://blog.ieeesoftware.org/2016/05/does-your-android-app-collect-more-than.html.
vitae
Education
2017
PhD, Computer Science
University of Texas at San Antonio

Advisor: Jianwei Niu

2012
Bachelor of Science, Computer Science
University of Texas at San Antonio

Security Concentration

interests

When I'm not working on my research I'm having fun with my wife and daughter and working on my astrophotography.