Carnegie Mellon University Website Home Page


Dr. Travis Breaux

Assistant Professor

Travis D. Breaux is an Assistant Professor of Computer Science, appointed in the Institute for Software Research of the School of Computer Science at Carnegie Mellon University. Dr. Breaux's research program searches for new methods and tools for developing correct software specifications and ensuring that software systems conform to those specifications in a transparent, reliable and trustworthy manner. This includes demonstrating compliance with U.S. and international accessibility, privacy and security laws, policies and standards. Dr. Breaux is the Director of the Requirements Engineering Laboratory at Carnegie Mellon University. Dr. Breaux has several publications in ACM and IEEE-sponsored journals and conference proceedings. Dr. Breaux is a member of the ACM SIGSOFT, IEEE Computer Society and USACM Public Policy Committee.

Prior to coming to the Carnegie Mellon University, Dr. Breaux received the Doctorate of Philosophy in Computer Science from North Carolina State University (NCSU) in 2009. Dr. Breaux also holds Baccalaureate degrees in Computer and Information Science from the University of Oregon and in Anthropology from the University of Houston. He has conducted research at the Institute for Defense Analyses, the IBM Thomas J. Watson Research Laboratory, the Oak Ridge National Laboratory and the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University. In 2000, Dr. Breaux served as a volunteer in the United States Peace Corps in Mongolia, before transitioning from anthropology to computer science.

Dr. Breaux traces his passion for exploring socio-technical systems back to teachings he received in culture cosmology and philosophy by Dr. Susan Rasmussen and Dr. Quetzil Casteñeda at the University of Houston. Dr. Breaux was first introduced to the field of Requirements Engineering by his undergraduate adviser, Dr. Stephen Fickas, at the University of Oregon whose influence includes requirements monitoring, requirements negotiation and ephemeral requirements. Under the guidance of Dr. Annie Antón, Dr. Breaux has extended his interests to include the societal impact of system requirements on privacy and security in their "ground-breaking" work to acquire software requirements from policies and U.S. federal and state regulations.

Courses Offered

17-652 Methods: Deciding What to Design

Research Projects

Formal Analysis and Specification of Privacy and Security Requirements

Summary: As companies increasingly share sensitive, personal information, software developers need tools to design privacy-preserving and security systems. This includes emerging social networking, e-commerce and location-based services that collect and combine information in new, unprecedented ways. We are developing formal methods that can be used to reason about conflicting requirements within and among privacy and security policies in a complex data supply chain where responsibility for the data is distributed across multiple actors. Technical challenges in this research area include the ability to ask and answer relevant questions about privacy and security in ways that scale with specifications of large systems. The ability to support ambiguity and uncertainty in these specifications enables analysis and consideration of system design alternatives.

Multi-Jurisdictional Compliance for Distributed Software Systems

Summary: Increasingly, information systems are distributed across the physical and logical borders of nations, states and provinces. We see this trend emerging in mobile, social and cloud-based computing. The challenge for business analysts and software designers is to determine which set of requriements govern their systems as software and data move across these borders. This project aims to understand the "dynamics" of this multi-jurisdictional ecosystem to help analysts and designers develop legally compliant systems. The outcome of this research is empirically valid methods and tools that have been evaluated in real-world data.

Improving the (Re-)Usability of Requirements Knowledge

Summary: Our prior research shows that software developers employ considerable domain knowledge when translating regulations, policies and standards into system requirements [Breaux & Baumer, 2011]. Furthermore, security best practices are often neglected when designing large-scale retail and financial systems, leading to software failures and regulatory violations [Breaux, Anton, Boucher, Dorfman, 2008]. This project aims to adapt theory from cognitive psychology to develop an experimental framework and theory for expressing, selecting and applying requirements patterns.


Click here for a full list of Dr. Breaux's publications