Soon Ae Chun: Research

Data Analytics, Machine Learning

• Smart City: Economic Development Policy Analytics
• Identifying Privacy Risks in Social Media
• News Classification and summarization
• Crime Prediction and Analytics

iSecure Lab: Information Security and Privacy

Interorganizational workflow execution often implies sharing of data between several organizations. The conflict of interest issue may arise with the visible data and control flows in workflow execution period. The Chinese wall security model has been extended to handle this potential conflict of interest issues during decentralized workflow execution.

In addition, my current research extends to the cybersecurity education. We have established a Security Research and Education Lab (iSecure Lab) that aims to foster research and learning environment to raise the awareness and knowledge in cybersecurity and to enhance skills in assessing and controlling cybersecurity risks and attacks. The main research activity includes a self-help learning tool to easily search for the educational materials in different formats, based on the security terms and learners's learning styles and preferences. To this end, my research activities include a semi-automated Security Ontology Development and semantic tagging, linking and searching of the security learning objects.

• iSecure LAB: Integrating learning resources for Information Security Research and Education
• Cyber Security Ontology : Approaches to develop security knowledge base automatically.
• SOX: Security Ontology Expert Tool
• SLOB: Cyber Security Learning using Security Ontology
• Privacy Protection in Government Mashups:
  

  The Web 2.0 technologies allow dynamic content creation using syndications or mashups, extracted from diverse data sources, including government enterprise data. As a primary source of citizen data, the US government has the obligation not only to make public data available for citizen access as stated in the Freedom of Information Act, but also to protect the privacy of individual citizen's records as stated in the Privacy Act.

  In a mashup, a third party mashup Web application provider requests the individual's data from the government agencies through Web services. Since the data is public data and not necessarily provided through electronic interactions, individual citizens may not be able to express fine-grained privacy policies on how data may be used. In addition, the government agency's privacy policy is very coarse grained, and the relative sensitivity of individual information is not considered.

  We discuss the opportunities and issues associated with the programmable web and mashups, provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional privacy protection space and present policy recommendations to complement the technological solutions.

  The model and recommendations include deployment of a personal privacy policy (PPP) network, a distributed system over which citizens can publish their individual privacy policies. These policies are accessible by all web service providers to be consulted in real time by data providers including government agencies for the purposes of automated privacy protection reasoning concerning data release.
  
  Publications:

  • Janice Warner and Soon Ae Chun, Privacy Protection for Government Mashups, Information Polity: Volume 14, Editions 1 & 2, 2009: pp 75-90.
  • Janice Warner and Soon Ae Chun, A Citizen Privacy Protection Model for E-Government Mashup Services, Proceedings of the 9th International Conference on Digital Government Research ( dg.o 2008), Montreal, Canada, 2008: 188-196
• Situation-based Role Recommendation for Medical Emergency
  

  Sponsor: PSC-CUNY, 2010-2011
  Collaborators: Kyounggi University, Korea; NJIT
  
  

• Risk-based Access Control:
  

  In this research, we present the notion of situational role and propose a risk-based access control model that makes the access decisions by assessing the risk in releasing data in the situation at hand. Specifically, it employs the "access first and verify later" strategy so that needed personal information is released without delaying access for a decision making third-party, and yet providing an adequate mechanism for appropriate release of personal information by third party provider. Our approach employs the notion of situation role and uses semantics in building situation role hierarchies. It computes the semantic distance between the credential attributes required by the situational role and the actual role of a user requesting access, which essentially is used in assessing the risk.
  
  Publications

  • Soon Ae Chun and Vijay Atluri, Risk-based Access Control for Personal Data Services, B. Bhattacharya, S. Sur-Kolay, S. Nandy and A. Bagchi (eds.) Statistical Science and Interdisciplinary Research Volumn 3, Algorithms, Architecture and Information Systems Security World Scientific Press, 2008: pp 263-283. (ISBN 9789812836236)
  
  
  
• Geospatial data Authorization Model (GSAM):
  (GSAM: Prototype System) The advent of commercial observation satellites in the new millennium provides unprecedented access to timely information, as they produce images of the Earth with the sharpness and quality previously available only from U.S., Russian, and French military satellites. Due to the fact that they are commercial in nature, a broad range of government agencies (including international), the news media, businesses and non-governmental organizations can gain access to this information. This may have grave implications on national security and personal privacy. Formal policies for prohibiting the release of imagery beyond a certain resolution, and notifying when an image crosses an international boundary or when such a request is made, are beginning to emerge. Access permissions in this environment are determined by both the spatial and temporal attributes of the data, such as location, resolution level and the time of image download, as well as those of the user credentials. Since existing authorization models are not adequate to provide access control based on spatial and temporal attributes, in this paper, we propose a Geospatial Data Authorization Model (GSAM). Unlike the traditional access control models where authorizations are specified using subjects and objects, authorizations in GSAM are specified using credential expressions and object expressions. GSAM supports privilege modes including view, zoom-in, download, overlay, identify, animate and fly-by, among others. We present our access control prototype system that enables subject, object as well as authorization specification via a web-based interface. When an access request is made, the access control system computes the overlapping region of the authorization and the access request. The zoom-in and zoom-out requests can simply be made through a click of the mouse, and the appropriate authorizations will be evaluated when these access requests are made.
  
  
• Chinese Wall Security Model for Decentralized Workflow Management:
  Decentralized execution of inter-organizational workflows may raise a number of security issues including those related to conflict-of-interest among competing organizations. In this paper, we first provide an approach to realize decentralized workflow execution, in which the workflow is divided into partitions, called self-describing workflows, and handled by a light weight workflow management component, called workflow stub, located at each organizational agent. Second, we identify the limitations of the traditional workflow model with respect to expressing the various types of join dependencies and extend the traditional workflow model suitably. Distinguishing the different types of dependencies among tasks is essential in the efficient execution of self-describing workflows. Finally, we recognize that placing the task execution agents that belong to the same conflictof- interest class in one self-describing workflow may lead to unfair, and in some cases, undesirable results, akin to being on the wrong side of the Chinese wall. Therefore, to address the conflict-of-interest issues that arise in competitive business environments, we propose a decentralized workflow Chinese wall security model. We propose a restrictive partitioning solution to enforce the proposed model.
  
  

• Social InfoButtons: Semantic Integration of Health 2.0 data
  Sponsor: PSC-CUNY 2011-2013
  Collaborator: NJIT
  
• Developing a Health 2.0 Medical Knowledge Base, and Health Blog Annotation
  
• Linked Data for Clinical Trials and Side effects Collaborator: St. John's University (2013-2014)
• Developing People Ontology and Semantic Search: OSWS: Ontology-supported Web Search
• Semantic Annotation and Search for Deep Web Services
• Toward Semantic Deep Web, 2008
  Why the Deep Web Needs the Semantic Web? (An Interview with SemanticWeb.com ), 2009
  Cited in Greg Goth's article in IEEE Computer., 2009

• Comorbidity trajectory modelling
• Collaborative Condition Prediction Model
• Twitter Sentiment Classification for Monitoring Public Health Concern Trends
• Mapping Public Health Concerns
• Twitter Health Data Monitoring and Visualization: EOSDS: Epidemics Outbreak and Spread Detection System (EOSDS mirror site at NJIT)

Other Areas

• Sensors and Crowdsourcing for Environmental Emergency Planning
• A Sensor Network-based Real-Time Flood Warning System
• Mobile Environmental Information System (m-ENVI) In environmental agencies, like NJMC, engineers use mobile devices, as they move around the field to collect data. In addition, they host visitors, scientists, government officials, students and eco-tourist participants, in and around Meadowlands areas for different purposes, from simple strolling to learning about the n ature or landscapes to scientific investigations to managerial decision making, etc. Currently, the visual observation or guided tour by NJMC and affiliated staff is used. We propose to build a mobil e communication infrastructure to enable the auto-guided environmental tour information system for these participan ts. Each visitor or staff will be given a mobile device. Based on the location, the current and historical enviro nmental information available at the location is delivered. The information type can be adjusted according to the user's preferences, e.g. a field engineer may be more interested in the historical data on the land use for the p articular site, while a student may be more interested in learning about the habitats in the particular location he is standing. As in the museum tour guide system, the relevant information is identified and streamed based on th e person's location and preference and expertise. Unlike the museum tour guide system, the information is not res tricted to audio. Information can be multimedia, including images/pictures, maps, textual narratives, audio and ot hers. In addition, the users can interactively enter the new data observed and collected from the location into the system for the future information sharing. It allows a location-specific environmental information blogging. It also supports data "pull", allowing queries by users of different levels and expertise.
  
  
• Environmental Data Modeling, Management and Integration for Decision Making
  Environmental decision making is a complex process that requires fusing of diverse data, including environmental and non-environmental (e.g. locational, parcel) information, to meet speicific goals. I am investigating two basic components in various decision making processes for environmental management in New Jersey Meadowlands area: data fusing and explanation process modeling and integration. This work is conducted in collaboration with MERI (Meadowlands Environmental Research Instiutute) at NJMC.

  Develop Environmental Linked Knowledge: Hosts of data collected and being collected continuously are available but not integrated or interoperable for useful information and knowledge. Basic problem of locating the right set of data to create knowledge for a specific purpose and delivering in an intuitive format is crucial for decision making. The data identification, customization, integration and visualization are primary tasks.

  Develop process knowledge: Various tasks and services are being performed as stand-alone, independent module. The coherent service and task requires composition and integration of various services and tasks. Toward this end, the process modeling is required. In order to model process, there are basic knowledge of how tasks are integrated. This knowledge modeling may be standard operational procedures or implicit in experts tasks. My research goal is to capture this process knowledge and model it for machine processable format for automatic process composition.

  Develop Decision Support applications: Process modeling may be specific to particular applications. We are actively identifying meaningful decision making applications for various stateholders of the Meadowlands area, including environmental planners, researchers/scientists, citizens.
  
  

• E-Government: Human-Centered Business Services
• Customized Visualization of GeoSpatial Government Regulations
• SICOP: Spatially Integrated Coastal Permitting System (Prototype: Meadowlands Coastal Permit Assistant)
• Geospatial Workflow Customization for E-government Services
• Egovernment: Technology Transfer
  Funded by NJMC, PI: Nabil R. Adam (7/1/2004-6/30/2005)
  Participants: V. Atluri (CoPI), S. Chun, E. Portscher, V. Chopra
  
  

Proliferation of Web technologies and the ubiquitous Internet has resulted in a tremendous increase in the need to deliver one-stop Web services, which are often composed of multiple component services that cross organizational boundaries. It is essential that these composite Web services, referred to as service flows, be carefully composed in a dynamic and customized manner to suit to the changing needs of the customers. This composition should be conducted in such a manner that (i) the composed service flow adheres to the policies imposed by the organizations offering the component services, (ii) the selected component services are compatible with one another so that the entire composition would result in a successful service flow, and (iii) the selected component services most closely meet the customer requirements. In this research, we propose a policy-based Web service composition that utilizes the semantics associated with the component services.

We consider policies imposed by different entities while composing service flows, which include service policies (imposed by the organizations offering component services), service flow policies (associated with the entire service flow), and user policies (the user requirements expressed as policies). In addition to these policies, one may consider rules at the syntactic and semantic levels that can be used to select relevant component services in order to compose customized service flows, by considering the notions of syntactic, semantic and policy compatibility. We model the different policies and the service topic ontology using OWL, DAML-S, RuleML and RDF standards.

• Ontology-based Personalized Service Composition
  To support automatic on-the-fly composition of customized inter-organizational business processes, this project develops an ontology-based service composition model. This model utilizes a conceptual ontology of component services (tasks), a topic ontology of domain composition knowledge that hierarchically structures workflow composition rules according to the given topic concepts, and user profile.
  
  
• Policy-based Web Service Composition
• Ontology and pragmatic Knowlege for Semantic Web
• Context Model for Pervasive Semantic Web Services

With the rapid growth of Internet applications for enterprise-wide and cross-enterprise business processes with dynamically changing participants, workflow management sys- tems (WFMS) face various challenges: (1) cross-organizational workflow design and definition need to be dynamic, efficiently constructed, and customized to a user's needs; (2) workflow execution should honor the autonomy of various participating organiza- tions, avoiding centralized control which can be a potential bottleneck and single point of failure, and (3) service and business workflows should be customizable at run time to adapt to changes of requirements and exception situations. This project has contributed to the progress towards the formalization and development of a decentral- ized workflow system that supports customized workflows that can be automatically composed at design time, and that adds greater flexibility for dynamic workflows that can adapt to the changing requirements and environments. This research also has contributed to the progress towards the understanding of requirements and limitations in developing inter-agency E-government application systems.

• Ontology-based Workflow Generation
  To support automatic on-the-fly composition of customized inter-organizational workflows, this project develops an ontology-based dynamic workflow generation model. This model utilizes a conceptual ontology of component services (tasks), a topic ontology of domain composition knowledge that hierarchically structures workflow com- position rules according to the given topic concepts, and user profile.
  
  
• Decentralized Workflow Management Model:
  The issues of autonomy and scalability are addressed with the decentralized workflow management model that enforces intertask dependencies without the need for a centralized WFMS. The model utilizes self-describing workflows, workflow partitions that carry sufficient information so that they can be managed by a local task execution agent rather than the central WFMS, and WFMS stubs, light-weight agent attached to a task execution agency, that is responsible for receiving the self-describing workflow, processing and dynamically partitioning the workflow.
  
  
• Dynamic Worflow Change Management
  To handle run-time changes and exceptions for a flexible workflow system, this thesis provides a dynamic change management model that allows the specification of a change request with controlled vocabulary derived from concepts in an ontology, the context manager that monitors changes in the user profiles, rules, and exceptions, and the ontology-based identification of migration rules requisite to adapt to changes. The modified workflow is ensured to be migration consistent to the original workflow and its execution states.
  
  
• Performance Analysis of Decentralized Workflow Model
  We are also conducting the performance studies to contrast the proposed decentralized workflow execution model with the centralized architecture. Specifically, the performance advantages gained in the minimal (need-based) evaluation of dependency conditions and JOIN and SPLIT relations in different workflow cases.
  
  
• Chinese Wall Security Model for Conflict-of-Interests in Inter-organizational Workflow
  This project identifies conflict-of-interest problems that may arise in decentralized control of the inter-organizational workflows, where a task agent may take advantage of others by manipulating the semantics of the workflow. This project proposes a decentralized workflow Chinese Wall Security model that supports fair execution of a workflow in a decen tralized manner with sensitive data, the conflict-of-interest groups, restrictive partitioning and secure dependenc y splitting algorithms.
  
  
• Automatic Generation of Geospatial Workflows

• Electronic Commerce: Infrastructure for Divisible Credit Card Payment

  E-commerce customers may have a problem when paying for the purchase of a major item, if its price is larger than the available credit on their credit card. In the brick and mortar world, this problem would be solved by paying part of the bill with cash or with a second credit card. In e-commerce, however, this has not been an option. Furthermore, even when a customer could pay the whole purchase with one of her credit cards, she may prefer to first max out another card with a lower interest rate. The overall goal of this research is to provide customers with the capability of customizing their payments by splitting an e-commerce payment over multiple cards, while taking into account a set of competing preferences over policies and constraints of various cards in determining which cards to use.

  This project focuses on devising and developing (1) a new infrastructure that supports the divisible card payment where a combination of multiple credit cards can be used for a single purchase; (2) an intelligent card management agent, called Fuzzy Virtual Card Agent (f-VA) that supports the customer's divisible payment decision. By modeling the customer's preferences using weighted fuzzy set memberships, the f-VA considers the preferences over the card issuers' policies, such as credit limits, interest rates and many others as well as the policies imposed by the secondary issuers, such as employers, and suggests the best combination of cards to the customer. The customer can take advantage of the suggestion by the f-VA or modify it immediately on the Web. Our approach provides customers with a more flexible card payment method for online purchases and can be extended to any types of purchases, such as mobile commerce payments.