Soon Ae Chun: Research Overview
Research Interest Areas:
Click on the title to view the detailed descriptions.
Semantic Deep Web
Semantic Annotation and Search for Deep Web Services, July 2008: 389-395Toward Semantic Deep Web, 2008
Information Security and Privacy
I am also interested in advancing knowledge in the field of information security, privacy and trust. My concentration area is access control and authorization in geospatial data, data security in mobile and pervasive environment, and workflow security.- Privacy Protection in Government Mashups:
- Risk-based Access Control:
- Geospatial data Authorization Model (GSAM):
- Chinese Wall Security Model for Decentralized Workflow Management:
The Web 2.0 technologies allow dynamic content creation using syndications or mashups, extracted from diverse data sources, including government enterprise data. As a primary source of citizen data, the US government has the obligation not only to make public data available for citizen access as stated in the Freedom of Information Act, but also to protect the privacy of individual citizen's records as stated in the Privacy Act. In a mashup, a third party mashup Web application provider requests the individual's data from the government agencies through Web services. Since the data is public data and not necessarily provided through electronic interactions, individual citizens may not be able to express ?ne-grained privacy policies on how data may be used. In addition, the government agency's privacy policy is very coarse grained, and the relative sensitivity of individual information is not considered. We discuss the opportunities and issues associated with the programmable web and mashups, provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional privacy protection space and present policy recommendations to complement the technological solutions. The model and recommendations include deployment of a personal privacy policy network, a distributed system over which citizens can publish their individual privacy policies. These policies are accessible by all web service providers to be consulted in real time by data providers including government agencies for the purposes of automated privacy protection reasoning concerning data release.
In the context of ubiquitous computing, small mobile devices are used as a platform for consuming various services. Specifically, personal data are distributed over many third party organizations (data/service provider), and are being made available as Web services, such as monthly financial statements, personal medical data services (e.g., X-ray results), etc. Very often, the personal information Web services are requested by third party data consumers who work on the cases on behalf of the data owner, such as financial advisers or doctors. In this environment, the data consumers often are not the same as the data owner. Access control is enforced to prevent confidential personal information from falling into the hands of "unauthorized" users. However, in many critical situations, such as emergencies, relevant information may need to be released even if users are not explicitly authorized. In this research, we present the notion of situational role and propose a risk-based access control model that makes the access decisions by assessing the risk in releasing data in the situation at hand. Specifically, it employs the "access first and verify later" strategy so that needed personal information is released without delaying access for a decision making third-party, and yet providing an adequate mechanism for appropriate release of personal information by third party provider. Our approach employs the notion of situation role and uses semantics in building situation role hierarchies. It computes the semantic distance between the credential attributes required by the situational role and the actual role of a user requesting access, which essentially is used in assessing the risk.
GSAM: Prototype System The advent of commercial observation satellites in the new millennium provides unprecedented access to timely information, as they produce images of the Earth with the sharpness and quality previously available only from U.S., Russian, and French military satellites. Due to the fact that they are commercial in nature, a broad range of government agencies (including international), the news media, businesses and non-governmental organizations can gain access to this information. This may have grave implications on national security and personal privacy. Formal policies for prohibiting the release of imagery beyond a certain resolution, and notifying when an image crosses an international boundary or when such a request is made, are beginning to emerge. Access permissions in this environment are determined by both the spatial and temporal attributes of the data, such as location, resolution level and the time of image download, as well as those of the user credentials. Since existing authorization models are not adequate to provide access control based on spatial and temporal attributes, in this paper, we propose a Geospatial Data Authorization Model (GSAM). Unlike the traditional access control models where authorizations are specified using subjects and objects, authorizations in GSAM are specified using credential expressions and object expressions. GSAM supports privilege modes including view, zoom-in, download, overlay, identify, animate and fly-by, among others. We present our access control prototype system that enables subject, object as well as authorization specification via a web-based interface. When an access request is made, the access control system computes the overlapping region of the authorization and the access request. The zoom-in and zoom-out requests can simply be made through a click of the mouse, and the appropriate authorizations will be evaluated when these access requests are made.
Decentralized execution of inter-organizational workflows may raise a number of security issues including those related to conflict-of-interest among competing organizations. In this paper, we first provide an approach to realize decentralized workflow execution, in which the workflow is divided into partitions, called self-describing workflows, and handled by a light weight workflow management component, called workflow stub, located at each organizational agent. Second, we identify the limitations of the traditional workflow model with respect to expressing the various types of join dependencies and extend the traditional workflow model suitably. Distinguishing the different types of dependencies among tasks is essential in the efficient execution of self-describing workflows. Finally, we recognize that placing the task execution agents that belong to the same conflictof- interest class in one self-describing workflow may lead to unfair, and in some cases, undesirable results, akin to being on the wrong side of the Chinese wall. Therefore, to address the conflict-of-interest issues that arise in competitive business environments, we propose a decentralized workflow Chinese wall security model. We propose a restrictive partitioning solution to enforce the proposed model.
Customization and Decentralized Management of Dynamic Workflow
With the rapid growth of Internet applications for enterprise-wide and cross-enterprise business processes with dynamically changing participants, workflow management sys- tems (WFMS) face various challenges: (1) cross-organizational workflow design and definition need to be dynamic, efficiently constructed, and customized to a user's needs; (2) workflow execution should honor the autonomy of various participating organiza- tions, avoiding centralized control which can be a potential bottleneck and single point of failure, and (3) service and business workflows should be customizable at run time to adapt to changes of requirements and exception situations. This project has contributed to the progress towards the formalization and development of a decentral- ized workflow system that supports customized workflows that can be automatically composed at design time, and that adds greater flexibility for dynamic workflows that can adapt to the changing requirements and environments. This research also has contributed to the progress towards the understanding of requirements and limitations in developing inter-agency E-government application systems.
- Decentralized Workflow Model:
- Conflict-of-Interests in Inter-organizational Workflow (Chinese Wall Security)
- Ontology-based Workflow Generation
- Dynamic Worflow Change Management
- Performance Analysis of Decentralized Workflow Model
- Related Projects
The issues of autonomy and scalability are addressed with the decentralized workflow management model that enforces intertask dependencies without the need for a centralized WFMS. The model utilizes self-describing workflows, workflow partitions that carry sufficient information so that they can be managed by a local task execution agent rather than the central WFMS, and WFMS stubs, light-weight agent attached to a task execution agency, that is responsible for receiving the self-describing workflow, processing and dynamically partitioning the workflow.
This project identifies conflict-of-interest problems that may arise in decentralized control of the inter-organizational workflows, where a task agent may take advantage of others by manipulating the semantics of the workflow. This project proposes a decentralized workflow Chinese Wall Security model that supports fair execution of a workflow in a decentralized manner with sensitive data, the conflict-of-interest groups, restrictive partitioning and secure dependency splitting algorithms.
To support automatic on-the-fly composition of customized inter-organizational workflows, this project develops an ontology-based dynamic workflow generation model. This model utilizes a conceptual ontology of component services (tasks), a topic ontology of domain composition knowledge that hierarchically structures workflow com- position rules according to the given topic concepts, and user profile.
To handle run-time changes and exceptions for a flexible workflow system, this thesis provides a dynamic change management model that allows the specification of a change request with controlled vocabulary derived from concepts in an ontology, the context manager that monitors changes in the user profiles, rules, and exceptions, and the ontology-based identification of migration rules requisite to adapt to changes. The modified workflow is ensured to be migration consistent to the original workflow and its execution states.
We are also conducting the performance studies to contrast the proposed decentralized workflow execution model with the centralized architecture. Specifically, the performance advantages gained in the minimal (need-based) evaluation of dependency conditions and JOIN and SPLIT relations in different workflow cases.
Policy-based Web Service Composition:
Proliferation of Web technologies and the ubiquitous Internet has resulted in a tremendous increase in the need to deliver one-stop Web services, which are often composed of multiple component services that cross organizational boundaries. It is essential that these composite Web services, referred to as service flows, be carefully composed in a dynamic and customized manner to suit to the changing needs of the customers. This composition should be conducted in such a manner that (i) the composed service flow adheres to the policies imposed by the organizations offering the component services, (ii) the selected component services are compatible with one another so that the entire composition would result in a successful service flow, and (iii) the selected component services most closely meet the customer requirements. In this research, we propose a policy-based Web service composition that utilizes the semantics associated with the component services. We consider policies imposed by different entities while composing service flows, which include service policies (imposed by the organizations offering component services), service flow policies (associated with the entire service flow), and user policies (the user requirements expressed as policies). In addition to these policies, one may consider rules at the syntactic and semantic levels that can be used to select relevant component services in order to compose customized service flows, by considering the notions of syntactic, semantic and policy compatibility. We model the different policies and the service topic ontology using OWL, DAML-S, RuleML and RDF standards.- Knowledge-based Personalized Web Service Composition
- Policy-based Web Service Composition (with V. Atluri and N. Adam, 2003-date)
- Ontology and pragmatic Knowlege for Semantic Web (with Y. Lee and J. Geller, 2003-date)
- Context Model for Pervasive Semantic Web Services (with Y. Lee and J. Geller, 2003-date)
- Related projects
Electronic Commerce: Infrastructure for Divisible Credit Card Payment
E-commerce customers may have a problem when paying for the purchase of a major item, if its price is larger than the available credit on their credit card. In the brick and mortar world, this problem would be solved by paying part of the bill with cash or with a second credit card. In e-commerce, however, this has not been an option. Furthermore, even when a customer could pay the whole purchase with one of her credit cards, she may prefer to first max out another card with a lower interest rate. The overall goal of this research is to provide customers with the capability of customizing their payments by splitting an e-commerce payment over multiple cards, while taking into account a set of competing preferences over policies and constraints of various cards in determining which cards to use. This project focuses on devising and developing (1) a new infrastructure that supports the divisible card payment where a combination of multiple credit cards can be used for a single purchase; (2) an intelligent card management agent, called Fuzzy Virtual Card Agent (f-VA) that supports the customer's divisible payment decision. By modeling the customer's preferences using weighted fuzzy set memberships, the f-VA considers the preferences over the card issuers' policies, such as credit limits, interest rates and many others as well as the policies imposed by the secondary issuers, such as employers, and suggests the best combination of cards to the customer. The customer can take advantage of the suggestion by the f-VA or modify it immediately on the Web. Our approach provides customers with a more flexible card payment method for online purchases and can be extended to any types of purchases, such as mobile commerce payments.
Environmental Data Management and Decision Support System
I am interested in the environmental data management, integration process and visualization of environmental data.- Environmental Data management:
- Data Management and Integration
- Process modeling and integration:
- Application processes Process modeling may be specific to particular applications. We are actively identifying meaningful decision making applications for various stateholders of the Meadowlands area, including environmental planners, researchers/scientists, citizens.
- Mobile Environmental Information System (m-ENVI) In environmental agencies, like NJMC, engineers use mobile devices, as they move around the field to collect data. In addition, they host visitors, scientists, government officials, students and eco-tourist participants, in and around Meadowlands areas for different purposes, from simple strolling to learning about the nature or landscapes to scientific investigations to managerial decision making, etc. Currently, the visual observation or guided tour by NJMC and affiliated staff is used. We propose to build a mobile communication infrastructure to enable the auto-guided environmental tour information system for these participants. Each visitor or staff will be given a mobile device. Based on the location, the current and historical environmental information available at the location is delivered. The information type can be adjusted according to the user's preferences, e.g. a field engineer may be more interested in the historical data on the land use for the particular site, while a student may be more interested in learning about the habitats in the particular location he is standing. As in the museum tour guide system, the relevant information is identified and streamed based on the person's location and preference and expertise. Unlike the museum tour guide system, the information is not restricted to audio. Information can be multimedia, including images/pictures, maps, textual narratives, audio and others. In addition, the users can interactively enter the new data observed and collected from the location into the system for the future information sharing. It allows a location-specific environmental information blogging. It also supports data "pull", allowing queries by users of different levels and expertise.
Environmental decision making is a complex process that requires fusing of diverse data, including environmental and non-environmental (e.g. locational, parcel) information, to meet speicific goals. I am investigating two basic components in various decision making processes for environmental management in New Jersey Meadowlands area: data fusing and explanation process modeling and integration. This work is conducted in collaboration with MERI (Meadowlands Environmental Research Instiutute) at NJMC.
Hosts of data collected and being collected continuously are available but not integrated or interoperable for useful information and knowledge. Basic problem of locating the right set of data to create knowledge for a specific purpose and delivering in an intuitive format is crucial for decision making. The data identification, customization, integration and visualization are primary tasks.
Various tasks and services are being performed as stand-alone, independent module. The coherent service and task requires composition and integration of various services and tasks. Toward this end, the process modeling is required. In order to model process, there are basic knowledge of how tasks are integrated. This knowledge modeling may be standard operational procedures or implicit in experts tasks. My research goal is to capture this process knowledge and model it for machine processable format for automatic process composition.
Security Related Links
Last Revised: