Seok-Won Lee

University of North Carolina at Charlotte, Charlotte, North Carolina, United States

Are you Seok-Won Lee?

Claim your profile

Publications (35)2.82 Total impact

  • Seok-Won Lee, Mattia Monga, Jan Jürjens
    [Show abstract] [Hide abstract]
    ABSTRACT: th edition of the SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. In fact, software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical.
    Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, Waikiki, Honolulu , HI, USA, May 21-28, 2011; 01/2011
  • Seok-Won Lee, Mattia Monga, Jan Jürjens
    [Show abstract] [Hide abstract]
    ABSTRACT: The 6th edition of the SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. In fact, software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical.
    Proceedings - International Conference on Software Engineering 01/2010;
  • Conference Paper: The 6
    Seok-Won Lee, Mattia Monga, Jan Jürjens
    Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2, ICSE 2010, Cape Town, South Africa, 1-8 May 2010; 01/2010
  • Seok-Won Lee, Mattia Monga
    Computers & Security. 01/2010; 29:299-301.
  • Source
    Robin Gandhi, Seok-Won Lee
    [Show abstract] [Hide abstract]
    ABSTRACT: The level of compliance with security certification requirements is the primary driver of the decision to accredit a software system into operation with an acceptable level of risk. However, given the complexity of current software systems, numerous natural language Certification and Accreditation (C&A) requirements, and ad-hoc processes to assess compliance, this decision is often based on the subjective judgment of the designated officials rather than well-designed metrics and measures. This chapter presents our ongoing research on ontology guided process of building “formal metrics” for understanding risk from the informal specification of security requirements and related evidence collected from the C&A process. The transformation of informal sources (in the problem space) into a representation that supports well-defined metrics (in the solution space) is realized through a combination of knowledge engineering and requirements engineering techniques. Our research outlines a methodological approach for metrics development and understanding using the structured representation of regulatory security requirements in a problem domain ontology. The metrics derived from the domain ontology create a traceable chain of analytical thoughts with software artifacts (e.g. requirements, design, and code). We provide concrete examples for the feasibility of our research findings through its application to a security C&A process and the resulting tool suite.
    10/2009: pages 227-249;
  • Source
    J.R. Cooper, Seok-Won Lee, R.A. Gandhi, O. Gotel
    [Show abstract] [Hide abstract]
    ABSTRACT: Requirements engineering visualization is a rapidly growing field of research; however, the specific characteristics of what makes for effective visualizations during a particular engineering phase have not yet been distinguished. Visualizations, when coupled with traditional practices, augment the ability of resulting requirements artifacts to reach a wide range of stakeholders and provide for a rapid and shared understanding of complex information. This paper represents a survey of the research papers presented during the REV workshops from 2006 to 2008 in order to ascertain how the research trends have evolved over the past few years. By examining approaches to requirements engineering visualization that have been proposed, in retrospect, we hope to show the areas of recent focus, as well as to discover those areas that may hold opportunities for further research with respect to the most commonly understood RE lifecycle phases and activities. In the process, we offer a preliminary classification scheme through which to categorize the various research efforts. Where none existed before, the resulted categorization enables a constructive discussion about the coverage of previous REV contributions from various perspectives, while discovering the gaps, and provides opportunities for further research with the understanding of the trends of applying visualization in requirements engineering research and practice.
    Requirements Engineering Visualization (REV), 2009 Fourth International Workshop on; 10/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Critical infrastructures are highly complex collections of people, processes, technologies, and information; they are also highly interdependent where disruptions to one infrastructure commonly cascade in scope and escalate in impact across other infrastructures. While it is unlikely that disruptions can be prevented with certainty, an effective practice of critical infrastructure analysis can reduce their frequency and/or lessen their impact. We contend that proper critical infrastructure analysis necessitates a system of systems approach. In this paper, we identify requirements for integrated modeling and simulation of critical infrastructures. We also present our integrated modeling and simulation framework based on a service-oriented architecture that enables system of systems analysis of such infrastructures.
    08/2009: pages 24-35;
  • Seok-Won Lee, Mattia Monga
    [Show abstract] [Hide abstract]
    ABSTRACT: Most software quality research has focused on identifying faults (i.e., information is incorrectly recorded in an artifact). Because software still exhibits incorrect behavior, a different approach is needed. This paper presents a systematic literature ...
    Information and Software Technology 07/2009; 51:1150-1151. · 1.52 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Infrastructure management (and its associated processes) is complex to understand, perform and thus, hard to make efficient and effective informed decisions. The management involves a multi-faceted operation that requires the most robust data fusion, visualization and decision making. In order to protect and build sustainable critical assets, we present our on-going multi-disciplinary large-scale project that establishes the Integrated Remote Sens-ing and Visualization (IRSV) system with a focus on supporting bridge structure inspection and management. This project involves specific expertise from civil engineers, computer scientists, geographers, and real-world practitioners from industry, local and federal government agencies. IRSV is being designed to accommodate the essential needs from the following aspects: 1) Better under-standing and enforcement of complex inspection process that can bridge the gap between evidence gathering and decision making through the implementation of ontological knowledge engineering system; 2) Aggregation, representation and fusion of complex multi-layered heterogeneous data (i.e. infrared imaging, aerial photos and ground-mounted LIDAR etc.) with domain application knowledge to support machine understandable recom-mendation system; 3) Robust visualization techniques with large-scale analytical and interactive visualizations that support users' decision making; and 4) Integration of these needs through the flexible Service-oriented Architecture (SOA) framework to compose and provide services on-demand. IRSV is expected to serve as a management and data visualization tool for construction deliverable assurance and infrastructure monitoring both periodically (annually, monthly, even daily if needed) as well as after extreme events.
    Proc SPIE 05/2009;
  • [Show abstract] [Hide abstract]
    ABSTRACT: Infrastructure safety affects millions of U.S citizens in many ways. Among all the infrastructures, the bridge plays a significant role in providing substantial economy and public safety. Nearly 600,000 bridges across the U.S are mandated to be inspected every twenty-four months. Although these inspections could generate great amount of rich data for bridge engineers to make critical maintenance decisions, processing these data has become challenging due to the low efficiency from those traditional bridge management systems. In collaboration with North Carolina Department of Transportation (NCDOT) and other regional DOT collaborators, we present our knowledge integrated visual analytics bridge management system. Our system aims to provide bridge engineers a highly interactive data exploration environment as well as knowledge pools for corresponding bridge information. By integrating the knowledge structure with visualization system, our system could provide comprehensive understandings of the bridge assets and enables bridge engineers to investigate potential bridge safety issues and make maintenance decisions.
    Proc SPIE 05/2009;
  • Source
    Xin Peng, Seok-Won Lee, Wen-Yun Zhao
    [Show abstract] [Hide abstract]
    ABSTRACT: Domain analysis in software product line (SPL) development provides a basis for core assets design and implementation by a systematic and comprehensive commonality/variability analysis. In feature-oriented SPL methods, products of the domain analysis are domain feature models and corresponding feature decision models to facilitate application-oriented customization. As in requirement analysis for a single system, the domain analysis in the SPL development should consider both functional and nonfunctional domain requirements. However, the nonfunctional requirements (NFRs) are often neglected in the existing domain analysis methods. In this paper, we propose a context-based method of the NFR analysis for the SPL development. In the method, NFRs are materialized by connecting nonfunctional goals with real-world context, thus NFR elicitation and variability analysis can be performed by context analysis for the whole domain with the assistance of NFR templates and NFR graphs. After the variability analysis, our method integrates both functional and nonfunctional perspectives by incorporating the nonfunctional goals and operationalizations into an initial functional feature model. NFR-related constraints are also elicited and integrated. Finally, a decision model with both functional and nonfunctional perspectives is constructed to facilitate application-oriented feature model customization. A computer-aided grading system (CAGS) product line is employed to demonstrate the method throughout the paper.
    Journal of Computer Science and Technology 03/2009; 24(2):319-338. · 0.48 Impact Factor
  • Conference Paper: The 5
    Bart De Win, Seok-Won Lee, Mattia Monga
    31st International Conference on Software Engineering, ICSE 2009, May 16-24, 2009, Vancouver, Canada, Companion Volume; 01/2009
  • Source
    Bart De Win, Seok-Won Lee, Mattia Monga
    [Show abstract] [Hide abstract]
    ABSTRACT: Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these systems to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs. Moreover, the pervasiveness of software products in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. However, nowadays almost every application has some kind of security requirement even if its use is not to be considered critical.
    01/2009;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Knowledge-assisted visualization has been a fast growing field because it directly integrates and utilizes domain knowledge to produce effective data visualization. However, most existing knowledge-assisted visualization applications focus on integrating domain knowledge that is tailored only for specific analytical tasks. This reflects not only the different understandings of what “knowledge” is in visualization, but also the difficulties in generalizing and reapplying knowledge to new problems or domains. In this paper, we differentiate knowledge into two types, tacit and explicit, and suggest four conversion processes between them (internalization, externalization, collaboration, and combination) that could be included in knowledge-assisted visualizations. We demonstrate the applications of these four processes in a bridge visual analytical system for the US Department of Transportation and discuss their roles and utilities in real-life scenarios.
    Computers & Graphics. 01/2009;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Integral to effective critical infrastructure analysis is the assessment of infrastructure vulnerabilities, which provides insights into potential disruptions that can enhance protection plans and response and recovery operations. Effective critical infrastructures analysis, however, must account for the complex, multi-dimensional characteristics of infrastructures and the dependencies between infrastructures. This paper presents a new methodology for integrated modeling and simulation that supports such analysis. An integrated analysis environment that embodies this new methodology is presented as a proof of concept.
    10/2008: pages 257-268;
  • Source
    Critical Information Infrastructure Security, Third International Workshop, CRITIS 2008, Rome, Italy, October 13-15, 2008. Revised Papers; 01/2008
  • Source
    Bart De Win, Seok-Won Lee, Mattia Monga
    [Show abstract] [Hide abstract]
    ABSTRACT: One of the Holy Grails of Computer Science for many decades has been to make the power of computer programming accessible to more and more people. The earliest "high level" languages, FORTRAN and COBOL, were intentionally designed to be written and understood ...
    30th International Conference on Software Engineering (ICSE 2008), Leipzig, Germany, May 10-18, 2008, Companion Volume; 01/2008
  • Bart De Win, Seok-Won Lee, Mattia Monga
    SESS; 01/2008
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: One widely perceived yet poorly understood phenomenon in the practice of critical infrastructure protection is that of blind spots. These are certain aspects of the interrelationships among different critical infrastructure systems (CI systems) that could trigger catastrophe across CI systems but are concealed from planners, and discovered only in the aftermath of a crisis. In this paper, we discuss the sources of blind spots, and explore the feasibility of various techniques to help reveal blind spots.
    Critical Information Infrastructure Security, Third International Workshop, CRITIS 2008, Rome, Italy, October 13-15, 2008. Revised Papers; 01/2008
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Numerous interdependent quality requirements imposed by regulatory Certification and Accreditation (C&A) processes enable a rich context to gather compliance evidences for promoting software assurance. The goal of the r-AnalytiCA workbench is to make sense out of the large collection of available evidences for a complex software system though multidimensional requirements-driven problem domain analysis. The requirements analytics employed in the workbench support C&A activities by leveraging the expressiveness of ontologies used to model C&A requirements and their interdependencies.
    Requirements Engineering Conference, 2007. RE '07. 15th IEEE International; 11/2007