GGrantIndex
← Search

CAREER: A Holistic Developer-Centered Approach to Enhance Privacy for Data-Driven Applications

$529,773FY2023CSENSF

University Of Maine, Orono ME

Investigators

Abstract

The number of privacy violations in the U.S. has increased dramatically, with many companies experiencing harmful and costly breaches. Such breaches negatively impact users and lead to financial and reputational costs for developers. Their adverse effects underscore the need for holistic privacy engineering solutions throughout the software development lifecycle. Recent privacy research has made progress in this regard, yet significant gaps remain, including insufficient implementation guidelines and ex-ante detection of privacy violations. This project addresses these gaps by investigating how novice and expert developers currently implement privacy rules, supporting the developers in detecting privacy behaviors, designing privacy-preserving solutions, and automating the implementation of privacy rules in code. This project will result in models and tools to enhance privacy for all types of software applications. Hence, the project will benefit society by (i) helping to protect the privacy of vulnerable groups, (ii) supporting the software industry and the U.S. economy, and (iii) expanding access to STEM and computer science education. This interdisciplinary project fundamentally advances knowledge in privacy and software engineering by investigating new theories, methods, and tools to describe software privacy behaviors prior to development and then ensure their effective implementation in code. Through three thrusts, the project will: (i) generate new scientific knowledge about the privacy awareness and expertise of developers and the challenges they face; (ii) reduce the effort of manually implementing privacy requirements in code via the development of novel privacy-related code generation models; (iii) minimize privacy violations through examining the current practices for writing privacy-related code and creating novel solutions to improve such practices; and (iv) strengthen communications between legal and technical experts by developing a shared infrastructure for defining and reasoning about privacy solutions from both technical and policy perspectives. This project is jointly funded by the Software and Hardware Foundations (SHF) program, the Secure and Trustworthy Cyberspace (SaTC), and the the Established Program to Stimulate Competitive Research (EPSCoR). This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →