@article{maxwell_anton_swire_riaz_mccraw_2012, title={A legal cross-references taxonomy for reasoning about compliance requirements}, volume={17}, ISSN={["1432-010X"]}, DOI={10.1007/s00766-012-0152-5}, number={2}, journal={REQUIREMENTS ENGINEERING}, author={Maxwell, Jeremy C. and Anton, Annie I. and Swire, Peter and Riaz, Maria and McCraw, Christopher M.}, year={2012}, month={Jun}, pages={99–115} } @inproceedings{maxwell_anton_swire_2011, title={A legal cross-references taxonomy for identifying conflicting software requirements}, DOI={10.1109/re.2011.6051647}, abstractNote={Companies must ensure their software complies with relevant laws and regulations to avoid the risk of costly penalties, lost reputation, and brand damage resulting from noncompliance. Laws and regulations contain internal cross-references to portions of the same legal text, as well as cross-references to external legal texts. These cross-references introduce ambiguities, exceptions, as well as other challenges to regulatory compliance. Requirements engineers need guidance as to how to address cross-references in order to comply with the requirements of the law. Herein, we analyze each external cross-reference within the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to determine whether a cross-reference either: introduces a conflicting requirement, a conflicting definition, and/or refines an existing requirement. Herein, we propose a legal cross-reference taxonomy to aid requirements engineers in classifying cross-references as they specify compliance requirements. Analyzing cross-references enables us to address conflicting requirements that may otherwise thwart legal compliance. We identify five sets of conflicting compliance requirements and recommend strategies for resolving these conflicts.}, booktitle={2011 19th ieee international requirements engineering conference (re)}, author={Maxwell, J. C. and Anton, A. I. and Swire, P.}, year={2011}, pages={197–206} } @inproceedings{massey_smith_otto_anton_2011, title={Assessing the accuracy of legal implementation readiness decisions}, DOI={10.1109/re.2011.6051661}, abstractNote={Software engineers regularly build systems that are required to comply with laws and regulations. To this end, software engineers must determine which requirements have met or exceeded their legal obligations and which requirements have not. Requirements that have met or exceeded their legal obligations are legally implementation ready, whereas requirements that have not met or exceeded their legal obligations need further refinement. Research is needed to better understand how to support software engineers in making these determinations. In this paper, we describe a case study in which we asked graduate-level software engineering students to assess whether a set of software requirements for an electronic health record system met or exceeded their corresponding legal obligations as expressed in regulations created pursuant to the U.S. Health Insurance Portability and Accountability Act (HIPAA). We compare the assessment made by graduate students with an assessment made by HIPAA compliance subject matter experts. Additionally, we contrast these results with those generated by a legal requirements triage algorithm. Our findings suggest that the average graduate-level software engineering student is ill-prepared to write legally compliant software with any confidence and that domain experts are an absolute necessity. Our findings also indicate the potential utility of legal requirements metrics in aiding software engineers as they make legal compliance decisions.}, booktitle={2011 19th ieee international requirements engineering conference (re)}, author={Massey, A. K. and Smith, B. and Otto, P. N. and Anton, A. I.}, year={2011}, pages={207–216} } @article{anton_breaux_gritzalis_mylopoulos_2011, title={Digital privacy: theory, policies and technologies}, volume={16}, ISSN={["1432-010X"]}, DOI={10.1007/s00766-011-0117-0}, abstractNote={1 Digital privacy: theory, policies and technologiesInformation and communication technologies (ICT) con-tinue to evolve at a remarkably high pace. As a result, moreindividuals use ICT at work and at home, carrying outroutine daily tasks such as on-line shopping, banking andsocial interaction. Unfortunately, increased use of ICT hasresulted in increased risk that individuals’ privacy rightswill be violated. These risks to privacy include violationsof user anonymity during sensitive transactions, unautho-rized disclosures of personal data, misuse of personal datafor unauthorized purposes, misrepresentation of personalcharacter and more.To comply with privacy laws, regulations and policies,we need to develop techniques for identifying, document-ing and testing privacy requirements that are feasible andefficient to implement. Moreover, developers need toupdate their software processes to ensure that privacy is notan afterthought whereby privacy measures become an add-on or employed in an ad hoc or arbitrary fashion. Finally,organizations that manage personal information mustintegrate privacy-enabled technologies and processes intotheir business practices to comply with emerginglegislation.This special issue of the Springer’s RequirementsEngineering journal aims at providing researchers andprofessionals with insights into the state-of-the-art inDigital Privacy from the views of Theory, Policies andTechnologies.2 The content of this special issueThe papers presented in this special issue contribute to theaforementioned research directions. The four papers pre-sented in this special issue have been selected following athorough review process of 16 submissions that respondedto the Call for Papers which was distributed. Each of thepapers was reviewed by at least three reviewers, with arange from three to five reviewers, in two review stages.In their paper entitled ‘A privacy threat analysisframework: Supporting the elicitation and fulfillment ofprivacy requirements’, M. Deng, K. Wuyts, R. Scandariato,B. Preneel and W. Joosen provide a framework to modelprivacy threats in software-based systems, which includes asystematic methodology to model privacy-specific threats.The methodology instructs the analyst on what issuesshould be investigated and where in the model those issues}, number={1}, journal={REQUIREMENTS ENGINEERING}, author={Anton, Annie I. and Breaux, Travis D. and Gritzalis, Stefanos and Mylopoulos, John}, year={2011}, month={Mar}, pages={1–2} } @article{massey_otto_hayward_anton_2010, title={Evaluating existing security and privacy requirements for legal compliance}, volume={15}, ISSN={["1432-010X"]}, DOI={10.1007/s00766-009-0089-5}, number={1}, journal={REQUIREMENTS ENGINEERING}, author={Massey, Aaron K. and Otto, Paul N. and Hayward, Lauren J. and Anton, Annie I.}, year={2010}, month={Mar}, pages={119–137} } @article{anton_earp_young_2010, title={How internet users' privacy concerns have evolved since 2002}, volume={8}, ISSN={1540-7993}, url={http://dx.doi.org/10.1109/msp.2010.38}, DOI={10.1109/msp.2010.38}, abstractNote={Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and international respondents. They also mentioned that individuals have become more concerned about personalization in customized browsing experiences, monitored purchasing patterns, and targeted marketing and research.}, number={1}, journal={IEEE Security & Privacy Magazine}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Anton, A.I. and Earp, J.B. and Young, J.D.}, year={2010}, month={Jan}, pages={21–27} } @article{breaux_anton_spafford_2009, title={A distributed requirements management framework for legal compliance and accountability}, volume={28}, ISSN={["1872-6208"]}, DOI={10.1016/j.cose.2008.08.001}, abstractNote={Increasingly, new regulations are governing organizations and their information systems. Individuals responsible for ensuring legal compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. While software controls provide assurances that business processes adhere to specific requirements, such as those derived from government regulations, there is little support to manage these requirements and their relationships to various policies and regulations. We propose a requirements management framework that enables executives, business managers, software developers and auditors to distribute legal obligations across business units and/or personnel with different roles and technical capabilities. This framework improves accountability by integrating traceability throughout the policy and requirements lifecycle. We illustrate the framework within the context of a concrete healthcare scenario in which obligations incurred from the Health Insurance Portability and Accountability Act (HIPAA) are delegated and refined into software requirements. Additionally, we show how auditing mechanisms can be integrated into the framework and how auditors can certify that specific chains of delegation and refinement decisions comply with government regulations.}, number={1-2}, journal={COMPUTERS & SECURITY}, author={Breaux, Travis D. and Anton, Annie I. and Spafford, Eugene H.}, year={2009}, pages={8–17} } @article{maxwell_anton_2009, title={Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts}, ISBN={["978-0-7695-3761-0"]}, DOI={10.1109/re.2009.21}, abstractNote={Regulatory compliance is an important consideration for requirements engineering because recent regulations impose costly penalties for noncompliance. This paper details how developing production rule models can aid in acquiring software requirements from regulatory texts. Production rules enable requirements engineers to gain valuable domain knowledge of a particular legal text by providing the ability to receive precise answers to a specific query. In particular, a production rule model facilitates communication between requirements engineers and legal domain experts, supports and augments requirements elicitation, and resolves ambiguity. Prior work in this area has failed to detail a precise methodology for translating a legal text into production rules, and considered using production rule models for aiding requirements elicitation and validation. This paper introduces our Production Rule Modeling methodology, and demonstrates this methodology using examples from a production rule model for four sections of the U.S. Heath Insurance Portability and Accountability Act (HIPAA).}, journal={PROCEEDINGS OF THE 2009 17TH IEEE INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE}, author={Maxwell, Jeremy C. and Anton, Annie I.}, year={2009}, pages={101–110} } @article{he_anton_2009, title={Requirements-based Access Control Analysis and Policy Specification (ReCAPS)}, volume={51}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2008.11.005}, abstractNote={Access control (AC) is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) express rules concerning who can access what information, and under what conditions. ACP specification is not an explicit part of the software development process and is often isolated from requirements analysis activities, leaving systems vulnerable to security breaches because policies are specified without ensuring compliance with system requirements. In this paper, we present the Requirements-based Access Control Analysis and Policy Specification (ReCAPS) method for deriving and specifying ACPs, and discuss three validation efforts. The method integrates policy specification into the software development process, ensures consistency across software artifacts, and provides prescriptive guidance for how to specify ACPs. It also improves the quality of requirements specifications and system designs by clarifying ambiguities and resolving conflicts across these artifacts during the analysis, making a significant step towards ensuring that policies are enforced in a manner consistent with a system’s requirements specifications. To date, the method has been applied within the context of four operational systems. Additionally, we have conducted an empirical study to evaluate its usefulness and effectiveness. A software tool, the Security and Privacy Requirements Analysis Tool (SPRAT), was developed to support ReCAPS analysis activities.}, number={6}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={He, Qingfeng and Anton, Annie I.}, year={2009}, month={Jun}, pages={993–1009} } @article{breaux_anton_2008, title={Analyzing regulatory rules for privacy and security requirements}, volume={34}, ISSN={["1939-3520"]}, DOI={10.1109/TSE.2007.70746}, abstractNote={Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the US Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.}, number={1}, journal={IEEE TRANSACTIONS ON SOFTWARE ENGINEERING}, author={Breaux, Travis D. and Anton, Annie I.}, year={2008}, pages={5–20} } @article{alspaugh_anton_2008, title={Scenario support for effective requirements}, volume={50}, ISSN={["1873-6025"]}, DOI={10.1016/j.infsof.2006.12.003}, abstractNote={Scenarios are widely used as requirements, and the quality of requirements is an important factor in the efficiency and success of a development project. The informal nature of scenarios requires that analysts do much manual work with them, and much tedious and detailed effort is needed to make a collection of scenarios well-defined, relatively complete, minimal, and coherent. We discuss six aspects of scenarios having inherent structure on which automated support may be based, and the results of using such support. This automated support frees analysts to concentrate on tasks requiring human intelligence, resulting in higher-quality scenarios for better system requirements. Two studies validating the work are presented.}, number={3}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Alspaugh, Thomas A. and Anton, Annie I.}, year={2008}, month={Feb}, pages={198–220} } @article{breaux_anton_doyle_2008, title={Semantic Parameterization: A Process for Modeling Domain Descriptions}, volume={18}, ISSN={["1557-7392"]}, url={http://www.scopus.com/inward/record.url?eid=2-s2.0-56149121201&partnerID=MN8TOARS}, DOI={10.1145/1416563.1416565}, abstractNote={ Software engineers must systematically account for the broad scope of environmental behavior, including nonfunctional requirements, intended to coordinate the actions of stakeholders and software systems. The Inquiry Cycle Model (ICM) provides engineers with a strategy to acquire and refine these requirements by having domain experts answer six questions: who, what, where, when, how, and why. Goal-based requirements engineering has led to the formalization of requirements to answer the ICM questions about when , how , and why goals are achieved, maintained, or avoided. In this article, we present a systematic process called Semantic Parameterization for expressing natural language domain descriptions of goals as specifications in description logic. The formalization of goals in description logic allows engineers to automate inquiries using who , what , and where questions, completing the formalization of the ICM questions. The contributions of this approach include new theory to conceptually compare and disambiguate goal specifications that enables querying goals and organizing goals into specialization hierarchies. The artifacts in the process include a dictionary that aligns the domain lexicon with unique concepts, distinguishing between synonyms and polysemes, and several natural language patterns that aid engineers in mapping common domain descriptions to formal specifications. Semantic Parameterization has been empirically validated in three case studies on policy and regulatory descriptions that govern information systems in the finance and health-care domains. }, number={2}, journal={ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY}, publisher={Association for Computing Machinery (ACM)}, author={Breaux, Travis D. and Anton, Annie I. and Doyle, Jon}, year={2008}, month={Nov} } @article{anton_bertino_li_yu_2007, title={A roadmap for COMPREHENSIVE online privacy policy management}, volume={50}, ISSN={["1557-7317"]}, DOI={10.1145/1272516.1272522}, abstractNote={A framework supporting the privacy policy life cycle helps guide the kind of research to consider before sound privacy answers may be realized.}, number={7}, journal={COMMUNICATIONS OF THE ACM}, author={Anton, Annie I. and Bertino, Elisa and Li, Ninghui and Yu, Ting}, year={2007}, month={Jul}, pages={109–116} } @article{anton_earp_vail_jain_gheen_frink_2007, title={HIPAA's effect on web site privacy policies}, volume={5}, ISSN={["1540-7993"]}, DOI={10.1109/MSP.2007.7}, abstractNote={Healthcare institutions typically post their privacy practices online as privacy policy documents. We conducted a longitudinal study that examines the effects of HIPAA's enactment on a collection of privacy policy documents for a fixed set of organizations over a four-year period. We present our analysis of 24 healthcare privacy policy documents from nine healthcare Web sites, analyzed using goal mining, a content-analysis method that supports extraction of useful information about institutions' privacy practices from documents. We compare our results to our pre-HIPAA study of these same institutions' online privacy practices and evaluate their evolution in the presence of privacy laws}, number={1}, journal={IEEE SECURITY & PRIVACY}, author={Anton, Annie I. and Earp, Julia B. and Vail, Matthew W. and Jain, Neha and Gheen, Carrie M. and Frink, Jack M.}, year={2007}, pages={45–52} } @article{otto_anton_baumer_2007, title={The ChoicePoint dilemma - How data brokers should handle the privacy of personal information}, volume={5}, ISSN={["1558-4046"]}, DOI={10.1109/MSP.2007.126}, abstractNote={Before 2005, data broker ChoicePoint suffered fraudulent access to its databases that exposed thousands of customers' personal information. We examine Choice-Point's data breach, explore what went wrong from the perspective of consumers, executives, policy, and IT systems, and offer recommendations for the future.}, number={5}, journal={IEEE SECURITY & PRIVACY}, author={Otto, Paul N. and Anton, Annie I. and Baumer, David L.}, year={2007}, pages={15–23} } @article{li_yu_anton_2006, title={A semantics based approach to privacy languages}, volume={21}, number={5}, journal={Computer Systems Science and Engineering}, author={Li, N. and Yu, T. and Anton, A.}, year={2006}, pages={339–352} } @article{earp_anton_aiman-smith_stufflebeam_2005, title={Examining Internet privacy policies within the context of user privacy values}, volume={52}, ISSN={["1558-0040"]}, DOI={10.1109/tem.2005.844927}, abstractNote={Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection goals (which express desired protection of consumer privacy rights) and vulnerabilities (which potentially threaten consumer privacy) with consumer privacy values. For this study, we looked at privacy policies from nearly 50 websites and surveyed over 1000 Internet users. We examined Internet users' major expectations about website privacy and revealed a notable discrepancy between what privacy policies are currently stating and what users deem most significant. Our findings suggest several implications to privacy managers and software project managers. Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacy-aware website development efforts.}, number={2}, journal={IEEE TRANSACTIONS ON ENGINEERING MANAGEMENT}, author={Earp, JB and Anton, AI and Aiman-Smith, L and Stufflebeam, WH}, year={2005}, month={May}, pages={227–237} } @article{anton_earp_2004, title={A requirements taxonomy for reducing Web site privacy vulnerabilities}, volume={9}, ISSN={["1432-010X"]}, DOI={10.1007/s00766-003-0183-z}, number={3}, journal={REQUIREMENTS ENGINEERING}, author={Anton, AI and Earp, JB}, year={2004}, month={Aug}, pages={169–185} } @article{anton_earp_he_stufflebeam_bolchini_jensen_2004, title={Financial privacy policies and the need for standardization}, volume={2}, ISSN={["1558-4046"]}, DOI={10.1109/MSECP.2004.1281243}, abstractNote={The authors analyze 40 online privacy policy documents from nine financial institutions to examine their clarity and readability. Their findings show that compliance with the existing legislation and standards is, at best, questionable.}, number={2}, journal={IEEE SECURITY & PRIVACY}, author={Anton, AI and Earp, JB and He, QF and Stufflebeam, W and Bolchini, D and Jensen, C}, year={2004}, pages={36–45} } @article{anton_he_baumer_2004, title={Inside JetBlue's privacy policy violations}, volume={2}, number={6}, journal={IEEE Security & Privacy}, author={Anton, A. I. and He, Q. F. and Baumer, D. L.}, year={2004}, pages={18-} } @article{hope_mcgraw_anton_2004, title={Misuse and abuse cases: Getting past the positive}, volume={2}, ISSN={["1558-4046"]}, DOI={10.1109/MSP.2004.17}, abstractNote={Software development is all about making software do something: when software vendors sell their products, they talk about what the products do to make customers' lives easier, such as encapsulating business processes or something similarly positive. Following this trend, most systems for designing software also tend to describe positive features. The authors provide a nonacademic introduction to the software security best practice of misuse and abuse cases, showing you how to put the basic science to work.}, number={3}, journal={IEEE SECURITY & PRIVACY}, author={Hope, P and McGraw, G and Anton, AI}, year={2004}, pages={90–92} } @article{anton_potts_2003, title={Functional paleontology: The evolution of user-visible system services}, volume={29}, ISSN={["1939-3520"]}, DOI={10.1109/TSE.2003.1178053}, abstractNote={It has long been accepted that requirements analysis should precede architectural design and implementation, but in software evolution and reverse engineering this concern with black-box analysis of function has necessarily been de-emphasized in favor of code-based analysis and designer-oriented interpretation. In this paper, we redress this balance by describing "functional paleontology," an approach to analyzing the evolution of user-visible features or services independent of architecture and design intent. We classify the benefits and burdens of interpersonal communication services into core and peripheral categories and investigate the telephony services available to domestic subscribers over a 50-year period. We report that services were introduced in discrete bursts, each of which emphasized different benefits and burdens. We discuss the general patterns of functional evolution that this "fossil record" illustrates and conclude by discussing their implications for forward engineering of software products.}, number={2}, journal={IEEE TRANSACTIONS ON SOFTWARE ENGINEERING}, author={Anton, AI and Potts, C}, year={2003}, month={Feb}, pages={151–166} } @article{anton_earp_carter_2003, title={Precluding incongruous behavior by aligning software requirements with security and privacy policies}, volume={45}, ISSN={["1873-6025"]}, DOI={10.1016/S0950-5849(03)00095-8}, abstractNote={Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.}, number={14}, journal={INFORMATION AND SOFTWARE TECHNOLOGY}, author={Anton, AI and Earp, JB and Carter, RA}, year={2003}, month={Nov}, pages={967–977} } @article{anton_2003, title={Successful software projects need requirements planning}, volume={20}, ISSN={["0740-7459"]}, DOI={10.1109/MS.2003.1196319}, abstractNote={A project will likely fail without a plan. We must understand a problem before we can express the requirements for a correct Solution. Otherwise, we will develop software that fails to provide customer satisfaction. Expressing a set of complete, consistent, and correct requirements is conceptually complex, but essential in our quest to develop high-quality, useful software. Although small projects can succeed without formal requirements engineering, any project of considerable size and complexity requires it.}, number={3}, journal={IEEE SOFTWARE}, author={Anton, AI}, year={2003}, pages={44-+} }