CSI/CUNY grants & Research office |
CUNY Research Foundataion
|
IRB
|
CUNY IRB
|
No cost extension
|
read
CS PhD Colloquium & Seminar
Research Interest Areas:
Data Analytics, Machine Learning
iSecure Lab: Information Security and Privacy
AI, Semantic Web and Data Integration
Social Computing
E-Government, Environmental Science Data Management
Decentralized Workflow Management
Web Services
E-Business
Click on the title to view the detailed descriptions.
Data Analytics, Machine Learning
Supported by the NSF IUCRC center projects,
CARTA: Center for Accelerated Real Time Analytics, and
CHMPR: Center for Hybrid Multicore Productivity Research,
the state of the art data analytics, machine learning, AI, or Deep Learning
methods and approaches are leveraged to process large-scale data to
build intelligent machines to bring timely insights, support better
decision making,
and predict behaviors and patterns to solve impactful real-world challenges.
The research and development projects are conducted with industry and
government partners.
- Smart City: Economic Development Policy Analytics
- Identifying Privacy Risks in Social Media
- News Classification and summarization
- Crime Prediction and Analytics
iSecure Lab: Information Security and Privacy
Information security, privacy and trust are critical element in digital age. My research contributions include
developing one of the first geo-spatial authorization models to control access to geospatial data,
such as high resolution imageries, maps and other geo-objects, extending the traditional RBAC with
geo-credentials. This work also naturally extended to data security in mobile and pervasive environment where
the goespatial location is the primary determinant for location-based information services. The geospatial
location of medical emergencies is also used to pull the necessary resources to fill the required roles
for medical record access. Algorithms
for role recommendation for available medical emergency staff
nearby the accidents are developed for medical data access control that also preserve the patient's privacy preferences.
Interorganizational workflow execution often implies sharing of data between several organizations. The conflict
of interest issue may arise with the visible data and control flows in workflow execution period. The Chinese wall security model has been extended to handle this potential conflict of interest issues during decentralized
workflow execution.
In addition, my current research extends to the cybersecurity education. We have established a Security
Research and Education Lab (iSecure Lab) that aims to foster research and learning environment to
raise the awareness and knowledge in cybersecurity and to enhance skills in assessing and controlling
cybersecurity risks and attacks. The main research activity includes a self-help learning tool to
easily search for the educational materials in different formats, based on the security terms
and learners's learning styles and preferences. To this end,
my research activities include a semi-automated Security Ontology Development
and semantic tagging, linking and searching of the security learning objects.
- iSecure LAB: Integrating learning resources for
Information Security Research and Education
-
Cyber Security Ontology : Approaches to develop security knowledge base automatically.
-
SOX: Security Ontology Expert Tool
-
SLOB: Cyber Security Learning using Security Ontology
- Privacy Protection in Government Mashups:
The Web 2.0 technologies allow dynamic content creation using syndications or mashups, extracted from diverse data
sources, including government enterprise data.
As a primary source of citizen data, the US government has the obligation not only to make public data
available for citizen access as stated in the Freedom of Information Act, but
also to protect the privacy of individual citizen's records as stated in the Privacy Act.
In a mashup, a third party
mashup Web application provider requests the individual's data from the government agencies through Web services. Since the data is public data and not necessarily provided through electronic interactions, individual citizens may
not be able to express fine-grained privacy policies on how data may be used. In addition, the government agency's privacy policy is very coarse grained, and the relative sensitivity of individual information is not considered.
We discuss the opportunities and issues associated with the programmable web and mashups,
provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional
privacy protection space and present policy recommendations to complement the technological solutions.
The model and recommendations include deployment of a
personal privacy policy (PPP) network, a distributed system over which citizens can publish
their individual privacy policies. These policies are accessible by all web service providers
to be consulted in real time by data providers including government agencies
for the purposes of automated privacy protection reasoning concerning data release.
Publications:
- Janice Warner and Soon Ae Chun, Privacy Protection for Government Mashups, Information Polity: Volume 14, Editions 1 & 2, 2009: pp 75-90.
- Janice Warner and Soon Ae Chun, A Citizen Privacy Protection Model for E-Government Mashup Services, Proceedings of the 9th International Conference on Digital Government Research ( dg.o 2008), Montreal, Canada, 2008: 188-196
- Situation-based Role Recommendation for Medical Emergency
Sponsor: PSC-CUNY, 2010-2011
Collaborators: Kyounggi University, Korea; NJIT
- Risk-based Access Control:
In this research, we present the notion of
situational role and propose a risk-based access
control model that makes the access decisions by assessing the risk in
releasing data in the situation at hand.
Specifically, it employs the "access first and verify later"
strategy so that needed personal information is released without
delaying access for a decision making
third-party, and yet providing an adequate mechanism for
appropriate release of personal information by third party
provider. Our approach employs the notion of situation
role and uses semantics in building situation
role hierarchies. It computes the semantic distance between the
credential attributes required by the situational role and
the actual role of a user requesting access, which
essentially is used in assessing the risk.
Publications
- Soon Ae Chun and Vijay Atluri, Risk-based Access Control for Personal Data Services, B. Bhattacharya, S. Sur-Kolay, S. Nandy and A. Bagchi (eds.) Statistical Science and Interdisciplinary Research Volumn 3, Algorithms, Architecture and Information Systems Security World Scientific Press, 2008: pp 263-283. (ISBN 9789812836236)
- Geospatial data Authorization Model (GSAM):
(GSAM: Prototype System)
The advent of commercial observation satellites in the new millennium provides unprecedented
access to timely information, as they produce images of the Earth with the sharpness
and quality previously available only from U.S., Russian, and French military satellites. Due
to the fact that they are commercial in nature, a broad range of government agencies (including
international), the news media, businesses and non-governmental organizations can gain access
to this information. This may have grave implications on national security and personal privacy.
Formal policies for prohibiting the release of imagery beyond a certain resolution, and
notifying when an image crosses an international boundary or when such a request is made,
are beginning to emerge. Access permissions in this environment are determined by both the
spatial and temporal attributes of the data, such as location, resolution level and the time of
image download, as well as those of the user credentials. Since existing authorization models
are not adequate to provide access control based on spatial and temporal attributes, in this paper,
we propose a Geospatial Data Authorization Model (GSAM). Unlike the traditional access
control models where authorizations are specified using subjects and objects, authorizations in
GSAM are specified using credential expressions and object expressions. GSAM supports privilege
modes including view, zoom-in, download, overlay, identify, animate
and fly-by, among others. We present our access control prototype system that enables
subject, object as well as authorization specification via a web-based interface. When an access
request is made, the access control system computes the overlapping region of the authorization
and the access request. The zoom-in and zoom-out requests can simply be made through a click
of the mouse, and the appropriate authorizations will be evaluated when these access requests
are made.
- Chinese Wall Security Model for Decentralized Workflow Management:
Decentralized execution of inter-organizational
workflows may raise a number of security issues including those related to conflict-of-interest among
competing organizations. In this paper, we first provide an approach to realize decentralized workflow
execution, in which the workflow is divided into partitions, called self-describing workflows, and handled
by a light weight workflow management component, called workflow stub, located at each organizational
agent. Second, we identify the limitations of the traditional workflow model with respect to expressing
the various types of join dependencies and extend the traditional workflow model suitably. Distinguishing
the different types of dependencies among tasks is essential in the efficient execution of self-describing
workflows. Finally, we recognize that placing the task execution agents that belong to the same conflictof-
interest class in one self-describing workflow may lead to unfair, and in some cases, undesirable results,
akin to being on the wrong side of the Chinese wall. Therefore, to address the conflict-of-interest issues
that arise in competitive business environments, we propose a decentralized workflow Chinese wall security
model. We propose a restrictive partitioning solution to enforce the proposed model.
Semantic Web and Data Integration
Social Computing for Healthcare
Other Areas
E-Government, Environmental Science Data Management
- Sensors and Crowdsourcing for Environmental Emergency Planning
- A Sensor Network-based Real-Time Flood Warning System
- Mobile Environmental Information System (m-ENVI)
In environmental agencies, like NJMC, engineers use mobile devices, as they move around the field to collect data.
In addition, they host visitors, scientists, government officials, students and eco-tourist
participants, in and around Meadowlands areas for different purposes, from simple strolling to learning about the n
ature or landscapes to scientific investigations to managerial decision making, etc.
Currently, the visual observation or guided tour by NJMC and affiliated staff is used. We propose to build a mobil
e communication infrastructure to enable the auto-guided environmental tour information system for these participan
ts. Each visitor or staff will be given a mobile device. Based on the location, the current and historical enviro
nmental information available at the location is delivered. The information type can be adjusted according to the
user's preferences, e.g. a field engineer may be more interested in the historical data on the land use for the p
articular site, while a student may be more interested in learning about the habitats in the particular location he
is standing. As in the museum tour guide system, the relevant information is identified and streamed based on th
e person's location and preference and expertise. Unlike the museum tour guide system, the information is not res
tricted to audio. Information can be multimedia, including images/pictures, maps, textual narratives, audio and ot
hers. In addition, the users can interactively enter the new data observed and collected from the location into
the system for the future information sharing. It allows a location-specific environmental information blogging.
It also supports data "pull", allowing queries by users of different levels and expertise.
- Environmental Data Modeling, Management and Integration for Decision Making
Environmental decision making is a complex process that requires fusing of diverse
data, including environmental and non-environmental (e.g. locational, parcel)
information, to meet speicific goals. I am investigating
two basic components in various decision making processes for environmental management
in New Jersey Meadowlands area:
data fusing and explanation process modeling and integration. This work is conducted
in collaboration with
MERI (Meadowlands Environmental Research Instiutute) at NJMC.
Develop Environmental Linked Knowledge:
Hosts of data collected and being collected continuously are available
but not integrated or interoperable for useful information and knowledge.
Basic problem of locating the right set of data to create knowledge
for a specific purpose and delivering in an intuitive format is crucial for decision making.
The data identification, customization, integration and visualization are primary tasks.
Develop process knowledge:
Various tasks and services are being performed
as stand-alone, independent module. The coherent service and task requires composition
and integration of various services and tasks. Toward this end, the process modeling is
required. In order to model process, there are basic knowledge of how tasks are
integrated. This knowledge modeling may be standard operational procedures or implicit
in experts tasks. My research goal is to capture this process knowledge and model it for
machine processable format for automatic process composition.
Develop Decision Support applications:
Process modeling may be specific to particular applications.
We are actively identifying meaningful decision making applications for various
stateholders of the Meadowlands area, including environmental
planners, researchers/scientists, citizens.
- E-Government: Human-Centered Business Services
- Customized Visualization of GeoSpatial Government Regulations
- SICOP: Spatially Integrated Coastal Permitting System
(Prototype: Meadowlands Coastal Permit Assistant)
- Geospatial Workflow Customization for E-government Services
- Egovernment: Technology Transfer
Funded by NJMC, PI: Nabil R. Adam (7/1/2004-6/30/2005)
Participants: V. Atluri (CoPI), S. Chun, E. Portscher, V. Chopra
Web Services
Proliferation of Web technologies and the ubiquitous Internet has resulted in a tremendous
increase in the need to deliver one-stop Web services, which are often composed of multiple
component services that cross organizational boundaries. It is essential that these composite
Web services, referred to as service flows, be carefully composed in a dynamic and customized
manner to suit to the changing needs of the customers. This composition should be conducted
in such a manner that (i) the composed service flow adheres to the policies imposed by the organizations
offering the component services, (ii) the selected component services are compatible
with one another so that the entire composition would result in a successful service flow, and
(iii) the selected component services most closely meet the customer requirements. In this research,
we propose a policy-based Web service composition that utilizes the semantics associated
with the component services.
We consider policies imposed by different entities while composing service flows, which
include service policies (imposed by the organizations offering component services), service
flow policies (associated with the entire service flow), and user policies (the user requirements
expressed as policies). In addition to these policies, one may consider rules at the syntactic
and semantic levels that can be used to select relevant component services in order to compose
customized service flows, by considering the notions of syntactic, semantic and policy compatibility.
We model the different policies and the service topic ontology using OWL, DAML-S,
RuleML and RDF standards.
- Ontology-based Personalized Service Composition
To support automatic on-the-fly
composition of customized inter-organizational
business processes, this project develops an ontology-based service composition model. This model utilizes a conceptual ontology of component services (tasks), a topic
ontology of domain composition knowledge that hierarchically structures workflow composition rules according to the given topic concepts, and user profile.
- Policy-based Web Service Composition
- Ontology and pragmatic Knowlege for Semantic Web
- Context Model for Pervasive Semantic Web Services
Decentralized Workflow Management
With the rapid growth of Internet applications for enterprise-wide and cross-enterprise
business processes with dynamically changing participants, workflow management sys-
tems (WFMS) face various challenges: (1) cross-organizational workflow design and
definition need to be dynamic, efficiently constructed, and customized to a user's needs;
(2) workflow execution should honor the autonomy of various participating organiza-
tions, avoiding centralized control which can be a potential bottleneck and single point
of failure, and (3) service and business workflows should be customizable at run time
to adapt to changes of requirements and exception situations. This project has
contributed to the progress towards the formalization and development of a decentral-
ized workflow system that supports customized workflows that can be automatically
composed at design time, and that adds greater flexibility for dynamic workflows that
can adapt to the changing requirements and environments. This research also has
contributed to the progress towards the understanding of requirements and limitations
in developing inter-agency E-government application systems.
- Ontology-based Workflow Generation
To support automatic on-the-fly
composition of customized inter-organizational
workflows, this project develops an ontology-based dynamic workflow generation
model. This model utilizes a conceptual ontology of component services (tasks), a topic
ontology of domain composition knowledge that hierarchically structures workflow com-
position rules according to the given topic concepts, and user profile.
- Decentralized Workflow Management Model:
The issues of autonomy and scalability are addressed with the decentralized
workflow management model that enforces intertask dependencies without the need for
a centralized WFMS. The model utilizes self-describing workflows, workflow partitions
that carry sufficient information so that they can be managed by a local task execution
agent rather than the central WFMS, and WFMS stubs, light-weight agent attached to
a task execution agency, that is responsible for receiving the self-describing workflow,
processing and dynamically partitioning the workflow.
- Dynamic Worflow Change Management
To handle run-time changes and exceptions for a flexible workflow system,
this thesis provides a dynamic change management model that allows the specification
of a change request with controlled vocabulary derived from concepts in an ontology,
the context manager that monitors changes in the user profiles, rules, and exceptions,
and the ontology-based identification of migration rules requisite to adapt to changes.
The modified workflow is ensured to be migration consistent to the original workflow
and its execution states.
- Performance Analysis of Decentralized Workflow Model
We are also conducting the performance studies to contrast the
proposed decentralized workflow execution model with the centralized architecture.
Specifically, the
performance advantages gained in the minimal (need-based) evaluation of dependency
conditions and JOIN and SPLIT relations in different workflow cases.
- Chinese Wall Security Model for Conflict-of-Interests in Inter-organizational Workflow
This project identifies conflict-of-interest problems that may arise in decentralized
control of the inter-organizational workflows, where a task agent may take
advantage of others by manipulating the semantics of the workflow. This project
proposes a decentralized workflow Chinese Wall Security model that supports fair execution of a workflow in a decen
tralized manner with sensitive data, the conflict-of-interest groups, restrictive partitioning and secure dependenc
y splitting algorithms.
- Automatic Generation of Geospatial Workflows
E-Business
- Electronic Commerce: Infrastructure for Divisible Credit Card Payment
E-commerce customers may have a problem when paying for the
purchase of a major item, if its price is larger than the available credit on their credit card.
In the brick and mortar world, this problem would be solved by paying part
of the bill with cash or with a second credit card. In e-commerce, however, this has not been an option. Furthermore, even when a customer could pay the whole purchase with one of her credit cards, she may prefer to first max out another card with a lower interest rate. The overall goal of this research is to provide customers with the capability of customizing their payments by splitting an e-commerce payment over multiple cards, while taking into account a set of competing preferences over policies and constraints of various cards in determining which cards to use.
This project focuses on
devising and developing
(1) a new infrastructure that supports the divisible card payment where a combination of multiple credit cards can be used for a single purchase;
(2) an intelligent card management agent, called Fuzzy Virtual Card Agent (f-VA) that supports the customer's divisible payment decision. By modeling the customer's preferences using weighted fuzzy set memberships, the f-VA considers the preferences over the card issuers' policies, such as credit limits, interest rates and many others as well as the policies imposed by the secondary issuers, such as employers, and suggests the best combination of cards to the customer. The customer can take advantage of the suggestion by the f-VA or modify it immediately on the Web. Our approach provides customers with a more flexible card payment method for online purchases and can be extended to any types of purchases, such as mobile commerce payments.
Useful Links
Tools that support Workflows
Database Management (Cloud data)
Last Revised: