Home > Research > Publications & Outputs > Inferring semantic mapping between policies and...
View graph of relations

Inferring semantic mapping between policies and code: the clue is in the language

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Publication date29/03/2016
Host publicationEngineering Secure Software and Systems : 8th International Symposium, ESSoS 2016, London, United Kingdom, April 6-8, 2016. Proceedings.
EditorsJuan Caballero, Eric Bodden, Elias Athanasopoulos
Number of pages18
ISBN (Electronic)9783319308067
ISBN (Print)9783319308050
<mark>Original language</mark>English

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743


A common misstep in the development of security and privacy solutions is the failure to keep the demands resulting from high-level policies in line with the actual implementation that is supposed to operationalize those policies. This is especially problematic in the domain of social networks, where software typically predates policies and then evolves alongside its user base and any changes in policies that arise from their interactions with (and the demands that they place on) the system. Our contribution targets this specific problem, drawing together the assurances actually presented to users in the form of policies and the large codebases with which developers work. We demonstrate that a mapping between policies and code can be inferred from the semantics of the natural language. These semantics manifest not only in the policy statements but also coding conventions. Our technique, implemented in a tool (CASTOR), can infer semantic mappings with F1 accuracy of 70 % and 78 % for two social networks, Diaspora and Friendica respectively – as compared with a ground truth mapping established through manual examination of the policies and code.