Annie I. Anton's Publications

Copyright Notice

_{Papers published by the Association for Computing Machinery (ACM) are Copyright © by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or permissions@acm.org.}_{Papers published by the Institute of Electrical and Electronics Engineers, Inc. (IEEE) are Copyright © by IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.}_{Papers published in the Requirements Engineering Journal, are Copyright © by Springer-Verlag.}BOOK CHAPTERS

The Balance of Privacy and Security,
Eugene H. Spafford and Annie I. Antón. Controversies in Science and Technology, Vol II, ed, by Daniel Lee Kleinman, Karen A. Cloud-Hansen, Christina Matta, and Jo Handelsman, pub. MaryAnn Liebert, Inc, NYC, NY, pp. 152-16, 2008

Strategies for Developing Policies and Requirements for Secure E-Commerce Systems, [PDF]
Annie I. Antón and Julia B. Earp. Recent Advances in E-Commerce Security and Privacy, ed. by A.K. Ghosh, Kluwer Academic Publishers, pp. 29-46, 2001.

JOURNAL PAPERS

A Distributed Requirements Management Framework for Legal Compliance and Accountability.
Travis D. Breaux, Annie I. Antón and Eugene H. Spafford. Submitted To: Computers & Security, Elsevier, 18 July 2007.

Semantic Parameterization: A Process for Modeling Domain Descriptions.
Travis .D. Breaux, Annie I. Antón and Jon Doyle. To Appear: ACM Transactions on Software Engineering and Methodology, April 2009.

The Contrast Between End User Perception and Comprehension of Healthcare Website Privacy Policies,
Matthew W. Vail, Julia B. Earp, and Annie I. Antón. To Appear: IEEE Transactions on Engineering Management, 2008/9.

Scenario Support for Effective Requirements,
Thomas Alspaugh and Annie I. Antón. Information and Software Technology, 50(3), pp. 198-220, February 2008.

Analyzing Regulatory Rules for Privacy and Security Requirements.
Travis .D. Breaux and Annie I. Antón. IEEE Transactions on Software Engineering, 34(1), pp. 5-20, January 2008

The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information,
Paul N. Otto, Annie I. Antón and David L. Baumer. IEEE Security & Privacy, 5(5), pp. 15-23, September-October 2007.

A Roadmap for Comprehensive Online Privacy Policy Management.
Annie I. Antón, Elisa Bertino, Ninghui Li and Ting Yu. Communications of the ACM, 50(7), pp. 109-116, July 2007.

HIPAA's Effect on Web Site Privacy Policies [IEEE],
Annie I. Antón, Julia B. Earp, Matthew W. Vail, Neha Jain, Carrie Gheen and Jack M. Frink. IEEE Security & Privacy, 5(1), pp. 45-52, January/February 2007.

A Semantics-based Approach to Privacy Languages,
Ninghui Li, Ting Yu and Annie I. Antón. International Journal of Computer Systems Science & Engineering, 21(5), pp. 339-352, September 2006.

Crossed Signals: Internet Privacy Policies and User Concerns,
Julia B. Earp, Annie I. Antón, Lynda Aiman-Smith, and William Stufflebeam. IEEE Transactions on Engineering Management, 52(2), pp. 227-237, May 2005.

The Complexity Underlying JetBlue's Privacy Policy Violations, [PDF]
Annie I. Antón, Qingfeng He and David Baumer. IEEE Security & Privacy, 2(6), pp. 12-18, November/December 2004.

A Requirements Taxonomy to Reduce Website Privacy Vulnerabilities,
Annie I. Antón and Julie B. Earp. Requirements Engineering Journal, Springer Verlag, 9(3), pp. 169-185, August 2004.

Misuse and Abuse Cases: Getting Past the Positive, [HTML]
Paco Hope, Annie I. Antón and Gary McGraw. IEEE Security & Privacy, pp. 90-92, May/June 2004.

The Lack of Clarity in Financial Privacy Policies and the Need for Standardization, [PDF]
Annie I. Antón, Julia B. Earp, Davide Bolchini, Qingfeng He, Carlos Jensen and William Stufflebeam, IEEE Security & Privacy, 2(2), pp. 36-45, 2004.

Precluding Incongruous Behavior by Aligning Software Requirements with Security and Privacy Policies, Annie I. Antón, Julie B. Earp and Ryan A. Carter. Information and Software Technology, Elsevier, 45(14), pp. 967-977, 1 November 2003.

Successful Projects Need Requirements Planning,
Annie I. Antón. IEEE Software, 20(3), pp. 44, 46-47, May/June 2003.

Functional Paleontology: The Evolution of User-Visible System Services,
Annie I. Antón and Colin Potts. IEEE Transactions on Software Engineering, 29(2), pp. 151-166, February 2003.

Guest Editorial: Requirements Engineering for Information Security,
Annie I. Antón. Requirements Engineering Journal, Springer Verlag, 7(4), pp. 177-178, December 2002.

Deriving Goals from a Use Case Based Requirements Specification, [PDF]
A.I. Antón, R.A. Carter, A. Dagnino, J.H. Dempster and D.F. Siege. Requirements Engineering Journal, Springer-Verlag, Volume 6, pp. 63-73, May 2001.

A Representational Framework for Scenarios of Systems Use,
Annie I. Antón and Colin Potts. 3(3-4), Requirements Engineering Journal, Springer Verlag, pp. 219-241, December 1998.

Inquiry-Based Requirements Analysis, [PDF]
Colin Potts, Kenji Takahashi and Annie I. Antón. IEEE Software, 11(2), pp. 21-32, March 1994.

CONFERENCE PAPERS

Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility,
T.D. Breaux, A.I. Antón, K. Boucher and M. Dorfman. Submitted To: 16th IEEE International Requirements Engineering Conference, Barcelona, Spain, September 2008. NCSU CSC Technical Report TR-2008-5.

Identifying Vulnerabilities and Critical Requirements Using Criminal Court Proceedings,
T.D. Breaux, J.D. Lewis, P.N. Otto and A.I. Antón. Submitted To: 16th IEEE International Requirements Engineering Conference, Barcelona, Spain, September 2008., NCSU CSC Technical Report TR-2008-6.

Analyzing HIPAA Compliance: A Case Study in Aligning Requirements with Regulations in the iTrust System,
A.K. Massey, P.N. Otto and A.I. Antón. Submitted To: 16th IEEE International Requirements Engineering Conference, Barcelona, Spain, September 2008.

Extracting Rights and Obligations from Regulations: Toward a Tool-Supported Process,
N. Kiyavitskaya, N. Zeni, T.D. Breaux, A.I. Antón, J.R. Cordy, L. Mich and J. Mylopoulos. Twenty-Second IEEE/ACM international Conference on Automated Software Engineering (ASE'07), Atlanta, Georgia, USA, pp. 429-432, 5-9 November 2007.

Addressing Legal Requirements in Requirements Engineering,
Paul N. Otto and Annie I. Antón. 15th IEEE International Requirements Engineering Conference, Delhi, India, pp. 5 - 14, 15-19 October 2007.

Improving Performance Requirements Specifications from Field Failure Reports,
D. Ho, L. Williams and A.I. Antón. 15th IEEE International Requirements Engineering Conference (RE'07), Delhi, India, pp. 79 - 88, 15-19 October 2007.

Privacy Policy Representation in Web-based Healthcare,
M.W. Vail, J.B. Earp and A.I. Antón. 40th Annual Hawaii International Conference on System Sciences (HICSS 2007), Waikoloa, HI, pp. 138-138, January 2007.

Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations.
T.D. Breaux, M. Vail and A.I. Antón. 14th IEEE International Requirements Engineering Conference (RE'06), Minneapolis / St. Paul, Minnesota, pp. 46-35, 11-15 September 2006.

Analyzing Goal Semantics for Rights, Permissions, and Obligations.
T.D. Breaux and A.I. Antón. 13th IEEE International Requirements Engineering Conference (RE'05), Paris, France, pp. 177-186, 29 August - 2 September 2005.

Experiences in Applying Agile Software Development Practices in New Product Development,
A. Dagnino, K. Smiley, H. Srikanth, A.I. Antón and L. Williams. The 8th IASTED International Conference on Software Engineering and Applications (SEA 2004), Cambridge, MA, pp. 501-506, 9-11 November 2004.

I need it now: Improving Website Usability By Contextualizing Privacy Policies,
D. Bolchini, Q. He, A.I. Antón and W. Stufflebeam. The 4th International Conference on Web Engineering (ICWE 2004), Munich, Germany, 28-30 July 2004.

Addressing End-User Privacy Concerns,
J.B. Earp and A. I. Antón. 2004 Americas Conference on Information Systems (AMCIS 2004), 6-8 August 2004.

An Initial Exploration of the Relationship Between Pair Programming and Brooks Law, L. Williams, A. Shukla and A. I. Antón. NCSU CSC TR # TR-2004-3, 2004 Agile Development Conference, 31 January 2004.

Toward a Framework for Evaluating Extreme Programming,
L. Williams, L. Layman, W. Krebs and A. I. Antón. NCSU CSC TR #TR-2004-02, 8th Conference on Evaluation & Assessment in Software Engineering (EASE 2004), pp. 11-20, Edinburgh, Scotland, 24-25 May 2004.

Enabling Transnational Collection, Notification, and Sharing of Information V. Cavalli-Sforza, A. I. Antón, O. Brooks, J. Carbonell, R. Cole, R. Connolly, J. Fortes, M. Herrera, I. Krsul, C. McSweeney, C. Ortega, S. Su, D. Towsley, J. Ventura and W. Ward. The 2003 National Conference on Digital Government Research, 2003.

A Visibility Framework for Privacy Management Requirements,
Olli Jarvinen, Julia B. Earp and Annie I. Antón. 2nd Symposium on Requirements Engineering for Information Security, Raleigh, NC, 15 October 2002.

A Social, Technical and Legal Framework for Privacy Management and Policies,
Julia B. Earp, Annie I. Antón and Olli Jarvinen. Americas Conference on Information Systems (AMCIS 2002), Dallas, Texas, pp. 605-612, 9-11 August 2002.

Analyzing Web Site Privacy Requirements Using a Privacy Goal Taxonomy,
Annie I. Antón, Julia B. Earp and Angela Reese. 10th Anniversary IEEE Joint Requirements Engineering Conference (RE'02), Essen, Germany, pp. 605-612, 9-13 September 2002.

Evolving Beyond Requirements Creep: A Risk-Based Evolutionary Prototyping Model, [PDF]
Ryan A. Carter, Annie I. Antón, Aldo Dagnino and Laurie Williams. IEEE 5th International Symposium on Requirements Engineering (RE'01), Toronto, Canada, pp. 94-101, 27-31 August 2001.

The Role of Policy and Privacy Values in Requirements Engineering, [PDF]
Annie I. Antón, Julia B. Earp, Colin Potts and Thomas A. Alspaugh. IEEE 5th International Symposium on Requirements Engineering (RE'01), Toronto, Canada, pp. 138-145, 27-31 August 2001.

Functional Paleontology: System Evolution as the User Sees It, [PDF]
Annie I. Antón and Colin Potts. IEEE International Conference on Software Engineering (ICSE 2001), Toronto, Canada, pp. 421-430, 12-19 May 2001.

An Integrated Scenario Management Strategy, [PDF, Postscript]
Thomas Alspaugh, Annie I. Antón, Tiffany Barnes and Bradford Mott. IEEE Fourth International Symposium on Requirements Engineering (RE`99), University of Limerick, Ireland, pp. 142-149, 7-11 June 1999.

The Use of Goals to Surface Requirements for Evolving Systems, [PDF]
Annie I. Antón and Colin Potts. International Conference on Software Engineering (ICSE `98) , Kyoto, Japan, pp. 157-166, 19-25 April 1998.

**Goal-Based Requirements Analysis, [PDF, Postscript]
Annie I. Antón. Second IEEE International Conference on Requirements Engineering ( ICRE `96) , Colorado Springs, Colorado, pp. 136-144, 15-18 April 1996.
**Awarded Most Influential Paper of ICRE 1996 at RE 2006

Goal Decomposition and Scenario Analysis in Business Process Reengineering,
Annie I. Antón, W. Michael McCracken and Colin Potts. Advanced Information Systems Engineering, 6th International Conference Proceedings (CAiSE `94), Utrecht, The Netherlands, pp. 94-104, 6-10 June 1994.

Object-Based Requirements Modeling for Process Continuity, [PDF]
Annie I. Antón, Thomas A. Gale, W. Michael McCracken and John J. Shilling. Proc. Twenty-Sixth Hawaii International Conference on System Sciences, Vol 3, pp. 191-202, 1993.

WORKSHOP PAPERS

Towards Understanding User Perceptions of Digital Identity Technologies,
Laurie A. Jones, Annie I. Antón and Julia B. Earp. CCS Workshop on Privacy in the Electronic Society, Alexandria, VA, pp. 91-98, 29 October 2007.

Enforceability vs. Accountability in Electronic Policies,
Travis Breaux, Annie I. Antón, Clare-Marie Karat and John Karat. IEEE 7th International Workshop on Policies for Distributed Systems and Networks (POLICY‘06), London, Ontario, Canada, pp. 227-230, 5-7 June 2006.

Ensuring Compliance Between Policies, Requirements and Software Design: A Case Study,
Qingfeng He, Paul Otto, Annie I. Antón and Laurie Jones. 4th IEEE Intl. Info. Assurance Workshop, Royal Holloway, U.K., 13-14 April 2006.

Mining Rule Semantics to Understand Legislative Compliance,
Travis Breaux and Annie I. Antón. CCS Workshop on Privacy in the Electronic Society, (June 22, 2005), Alexandria, VA, pp. 51-54, 7 November 2005.

Deriving Semantic Models from Privacy Policies [PDF],
Travis Breaux and Annie I. Antón. IEEE 6th Int’l Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, pp. 67-76, 6-8 June 2005.

A Formal Semantics for P3P,
Ting Yu, Ninghui Li and Annie I. Antón. ACM Workshop on Secure Web Services (SWS), Washington, D.C., October 2004.

Specifying Privacy Policies with P3P and EPAL: Lessons Learned [PDF],
William Stufflebeam, Annie I. Antón, Qingfeng He and Neha Jain. CCS Workshop on Privacy in the Electronic Society, Washington, D.C., October 2004.

The Challenge of Balancing Security and Privacy,
Annie I. Antón. 2003 CRA Conference on Grand Challenges in Information Security and Information Assurance, Virginia, September 16, 2003.

A Framework for Modeling Privacy Requirements in Role Engineering,
Qingfeng He and Annie I. Antón. International Workshop on Requirements Engineering for Software Quality (REFSQ 2003), Klagenfurt / Velden, Austria, 16 - 17 June, 2003.

Aligning Software Requirements with Security and Privacy Policies
Annie I. Antón, Julia B. Earp and Ryan A. Carter. International Workshop on Requirements Engineering for Software Quality (REFSQ 2002), Essen, Germany, 18 April 2002.

Scenario Networks: A Case Study of the Enhanced Messaging System, [PDF]
Thomas A. Alspaugh and Annie I. Antón. Seventh International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ), Interlaken, Switzerland, pp. 113-124, 5-6 June 2001.

Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems, [PDF]
Annie I. Antón and Julia B. Earp. 1st ACM Workshop on Security and Privacy in E-Commerce (CCS 2000), Athens, Greece, unnumbered pages,1-4 November 2000.

Requirements Engineering in the Long-Term: Fifty Years of Telephony Feature Evolution, [PDF]
Annie I. Antón and Colin Potts. International Workshop on Feedback and Evolution in Software and Business Processes (FEAST 2000), London, UK, 10-12 July 2000.

Deriving Goals from a Use Case Based Requirements Specification for an Electronic Commerce System, [PDF]
A.I. Antón, J.H. Dempster and D.F. Siege. Sixth International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ), Stockholm, Sweden, pp. 10-19, 5-6 June 2000.

A Web-Based Requirements Analysis Tool, [ PDF]
Annie I. Antón, Eugene Liang and Roy Rodenstein. IEEE Fifth Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET-ICE96), Stanford University, California, USA, pp. 238-243, 19-21 June 1996.

COLLOQUIM PAPERS

A Multidisciplinary Project Studio: Designing Secure Electronic Commerce Systems,
A.I. Antón and J.B. Earp. 6th National Colloquim for Information Systems Security Education (NCISSE), (15 January 2002) Microsoft Corporate Campus, Redmond, Washington, 3-7 June 2002.

A Multidisciplinary Electronic Commerce Project Studio for Secure Systems, [PDF]
A.I. Antón and J.B. Earp. 4th National Colloquim for Information Systems Security Education (NCISSE), Washington, D.C., May 23-25, 2000.

CONFERENCE PANEL PAPERS

What do you mean I've been practicing without a license? Certifying Requirements Engineering Professionals,
A.I. Antón and Jo Atlee. 4th IEEE International Conference on Requirements Engineering (ICRE 2000), Chicago, Illinois, 19-23 June 2000.

PH.D. THESIS

Goal Identification and Refinement in the Specification of Software-Based Information Systems, [Postscript]
Annie I. Antón. Ph.D. Thesis, Georgia Institute of Technology, Atlanta, GA, USA, June 1997.

TECHNICAL REPORTS

A Distributed Requirements Management Framework for Legal Compliance and Accountability,
T.D. Breaux, A.I. Antón and E.H. Spafford. 12 February 2007.

Impalpable Constraints: Framing Requirements for Formal Methods,
T.D. Breaux and A.I. Antón. NCSU Technical Report TR-2007-6, Raleigh, NC, 12 February 2007.

Extracting Rights and Obligations from Regulations: Towards a Tool-Supported Process,
N. Kiyavitskaya, N. Zeni, T.D. Breaux, A.I. Antón, J. Mylopolous, L. Mich and J.R. Cordy. T12 February 2007.

Acquiring Software Compliance Artifacts from Policies and Regulations,
T.D. Breaux and A.I. Antón. NCSU CSC Technical Report TR-2006-27, September 2006.

A Distributed Requirements Management Framework for Compliance and Accountability,
T. Breaux, A.I. Antón and E.H. Spafford. NCSU CSC Technical Report TR-2006-14, June 13, 2006.

An Algorithm to Generate Compliance Monitors from Regulations.
T.D. Breaux and A.I. Antón. NCSU CSC Technical Report TR-2006-9, 2006.

Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Q. He and A.I. Antón. NCSU CSC Technical Report TR-2005-9, 14 February 2005.

Deriving Access Control Policies from Requirements Specifications and Database Designs [PDF],
Q. He and A.I. Antón. NCSU CSC Technical Report #TR-2004-24, September 2005.

Exploring the Use of a "Safe Subset" of Extreme Programming: An Industrial Case Study, L. Williams, L. Layman, W. Krebs and A. I. Antón. NCSU CSC Technical Report #TR-2004-XX, 19 January 2004.

A Framework for Privacy-Enhanced Access Control Analysis in Requirements Engineering,
Qingfeng He and Annie I. Antón. March 29, 2004.

The Use of Goals to Extract Privacy and Security Requirements from Policy Statements, A. I. Antón, Q. He and D. Bolchini. NCSU Technical Report #TR-2003-17, 27 January 2004.

A Semantics-Based Approach to Privacy Languages,
N. Li, T. Yu and A. I. Antón. Purdue University CERIAS Technical Report 2003-28, 1 February 2004.

Using Goals to Extract Privacy and Security Requirements from Policies, [PDF]
Annie I. Antón, Davide Bolchini, and Qingfeng He. NCSU Technical Report #TR-2003-17, September 23, 2003.

Toward an XP Evaluation Framework, [PDF]
Laurie Williams, William Krebs, Lucas Layman and Annie I. Antón. NCSU Technical Report #TR-2003-18, September 22, 2003.

Pair Programming and the Factors Affecting Brooks' Law
Laurie A. Williams, Anuja Shukla and Annie I. Antón. NCSU Computer Science Technical Report TR-2003-04, 3 January 2003.

Towards Improved Requirements Practices in Agile Software Development
Hema L. Srikanth and Annie I. Antón. 18 April 2002.

Scenario Networks for Software Specification and Scenario Management, [PDF]
Thomas A. Alspaugh and Annie I. Antón. NCSU Computer Science Technical Report TR-2001-15, 20 December 2001.

A Taxonomy for Web Site Privacy Requirements, [PDF]
Annie I. Antón and Julia B. Earp. NCSU Technical Report TR-2001-14, 18 December 2001.

Goal Mining to Examine Health Care Privacy Policies, [PDF]
Annie I. Antón, Julia B. Earp and Angela Reese. NCSU Technical Report TR-2001-10, 6 November 2001.

Using Scenario Networks for Scenario Management and Software Specification,
Thomas A. Alspaugh and Annie I. Antón. NCSU Technical Report TR-2001-11, 26 September 2001.

Tailored CMM for a Small e-Commerce Company- Level 2: Repeatable, [PDF]
Annie I. Antón, Ryan A. Carter, Hema Srikanth, Ashish Sureka, Laurie A. Williams, Kai Yang, Lingyun Yang, NCSU Technical Report, TR-2001-09, August 23, 2001.

EPRAM: Evolutionary Prototyping Risk Analysis & Mitigation (e-Commerce Software Development Process Document), [PDF]
Annie I. Antón, Ryan A. Carter, Julia B. Earp and Laurie A. Williams, NCSU Technical Report, TR-2001-08, Auust 20, 2001.

Managing Use Cases During Goal-Driven Requirements Engineering: Challenges Encountered and Lessons Learned, [PDF]
Annie I. Antón, John H. Dempster and Devon F. Siege. North Carolina State University Technical Report, TR-99-16, December 1, 1999.

National Identification Cards, [HTML]
Annie I. Antón. Information Policy Report for PUBP 8100, Georgia Institute of Technology, Atlanta GA, 17 December 1996.

Inquiry-Based Scenario Analysis of System Requirements, [Postscript]
Colin Potts, Kenji Takahashi and Annie I. Antón. Georgia Tech College of Computing Tech Report, GIT-CC-94/14, January 1994.