Jungwoo Ryoo

Jungwoo Ryoo
Pennsylvania State University Altoona Campus

Ph.D., CISSP, CISA

About

69
Publications
18,234
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
593
Citations

Publications

Publications (69)
Article
Full-text available
IT auditors collect information on an organization's information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standard...
Article
Software architects design by combining and tailoring styles, patterns, and tactics with known properties. A security-relevant research agenda will give architects a principled body of knowledge from which to reason.
Article
Full-text available
Institutions of higher education, government agencies, and private organizations are working to provide information security skills. Current security education is failed to deliver effective learning experiences for its narrow focus on technology and de-contextualized learning. Security education need to be developed around the real-world scenarios...
Article
Architecture-based metrics can provide valuable information on whether or not one can localize the effects of modification (such as adjusting data flows or control flows) in software and can therefore be used to prevent the changes from adversely affecting other software components. This paper proposes an architecture-centric metric using entropy f...
Article
Despite the abundance of taxonomies for the high-level classification of computer or network security attacks, few researchers have worked on the development of a taxonomy dedicated to Wireless Local Area Network (WLAN) security attacks. The existing general-purpose taxonomies are not equipped with WLAN-specific classification criteria and, therefo...
Article
Creating a state-of-the-art deep-learning system requires vast amounts of data, expertise, and hardware, yet research into copyright protection for neural networks has been limited. One of the main methods for achieving such protection involves relying on the susceptibility of neural networks to backdoor attacks in order to inject a watermark into...
Article
This paper introduces our work on the development of a novel system for applying MIT’s Scratch to teaching classes of four to eight-years-old students. Scratch is a visual, block-based programming language designed for anybody to create a computer program without the worry of syntax errors by assembling icon-like command blocks. However, four to ei...
Chapter
Voice assistant is an application that helps users to interact with their devices using voice commands in a more intuitive and natural manner. Recently, many voice assistant applications have been popularly deployed on smartphones and voice-controlled smart speakers. However, the threat and security of those applications have been examined only in...
Article
Full-text available
Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a...
Conference Paper
Security issues emerging out of the constantly evolving software applications became a huge challenge to software security experts. In this paper, we propose a prototype to detect vulnerabilities by identifying their architectural sources and also use security patterns to mitigate the identified vulnerabilities. We emphasize the need to consider ar...
Article
The Internet of Things interconnects a mass of billions devices, from smartphones to cars, to provide convenient services to people. This gives immediate access to various data about the objects and the environmental context -- leading to smart services and increased efficiency. A number of retail stores have started to adopt IoT enabled services t...
Article
An examination of the security approaches in industrial and open source projects shows that a strategic, systemwide architectural approach, implemented as a security framework or as a platform built using these frameworks, results in the highest security and lowest maintenance costs.
Article
There has been a growing interest and enthusiasm for the application of virtual worlds in learning and training. This research proposes a design framework of a virtual world-based learning environment that integrates two unique features of the virtual world technology, immersion and interactivity, with an instructional strategy that promotes self-r...
Conference Paper
Commercial digital music is typically distributed in the music source market via Digital Rights Management systems (DRM). DRM systems help remotely control the music contents. The Open Mobile Alliance (OMA) DRM became the de facto standard after major market adoption because of its support for a wide variety of different business and usage models....
Conference Paper
Cloud computing has emerged as a fast-growing technology in the past few years. It provides a great flexibility for storing, sharing and delivering data over the Internet without investing on new technology or resources. In spite of the development and wide array of cloud usage, security perspective of cloud computing still remains its infancy. Sec...
Article
Existing research on systems security has focused on coding, providing little insight into how to create a secure architecture. Combining architectural analysis techniques based on tactics, patterns, and vulnerabilities will achieve the best outcomes.
Article
Full-text available
While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision...
Article
Full-text available
The emerging trends towards mobility and big data analysis strongly contribute to the success of cloud computing. Despite the numerous advantages cloud computing still has not reached its full potential due to the privacy and security concerns of today's cloud service users. In order to improve trust on clouds, in this paper we propose a cloud onto...
Conference Paper
Some of the most rampant problems in software security originate from improper input validation. This is partly due to ad hoc approaches taken by software developers when dealing with user inputs. Therefore, it is a crucial research question in software security to ask how to effectively apply well-known input validation and sanitization techniques...
Conference Paper
Cloud computing has emerged as a fast-growing paradigm for storing/sharing data and delivering services over the Internet. It provides its users with a way to deal with information or data without investing in any new technology or resources of their own. Although cloud computing environment is viewed as a promising Internet-based computing platfor...
Conference Paper
Cloud computing represents the next evolutionary step in the realm of IT and offers a multitude of advantages over traditional computing models. However, there is a large trust deficit between cloud service users (CSUs) and cloud service providers (CSPs) that prevents the widespread adoption of the cloud among business professionals. Businesses are...
Article
Full-text available
Cloud computing is an emerging computing model that provides numerous advantages to organizations (both service providers and customers) in terms of massive scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages of cloud computing, many potential cloud consumers are still hesitant to adopt cloud c...
Article
Cloud computing provides a framework for allowing remote and nearly instantaneous access to data and resources from any location in the world with an Internet connection. However, it faces privacy concerns since cloud service providers can also access user data on their storage. Although several encryption services and applications were introduced...
Article
Despite the best intentions of software architects, it is often the case that individual developers do not faithfully implement the original security design decisions. Such a scenario sometimes leads to a situation in which while an architect claims the use of a secure architecture in the form of some tactic, the corresponding source code does not...
Article
A Security Pattern encapsulates security design expertise that addresses recurring information security problems in the form of a credentialed solution. It also presents potential problems and trade-offs in its application. This paper proposes a novel classification model for security patterns. Based on our review of more than one hundred security...
Conference Paper
Sustainability of software architectures has gained increasing attention to cope with factors causing architectural changes such as requirements changes, technological changes, and changes in business strategies and goals. However, there has not been much work on architectural sustainability. In this paper, we present a novel approach for addressin...
Conference Paper
Full-text available
In the IT world of corporate networking, how businesses store and compute data is starting to shift from in-house servers to the cloud. However, some enterprises are still hesitant to make this leap to the cloud because of their information security and data privacy concerns. Enterprises that want to invest into this service need to feel confident...
Conference Paper
Full-text available
With the rapid development of cloud computing, more users are attracted by its powerful and cost-efficient computation capability. However, whether CSPs can effectively protect CSUs’ data confidentiality remains a challenging issue. In this work, we aim at ensuring data confidentiality in the cloud environment by enabling CSUs to (1) encrypt their...
Conference Paper
Full-text available
MOOCs, 3D virtual world environments, game-based learning, simulations, digital story telling, and other learning-focused digital interactions hold tremendous potential for presenting information science concepts and problem-solving strategies to the generations of the 21st century. We use them to present both theoretical and practical concepts in...
Article
Engaging students in learning is often a challenge. It is even more so when the subject matter is non-trivial and requires a significant effort to master. Game-Based Learning (GBL) makes learning more interesting and appealing by seamlessly incorporating educational lessons into competitive games. Students naturally develop their interest in the ma...
Article
Full-text available
Today, the use of Information and Communication Technology (ICT) is transforming the ways many organizations conduct their business. Governments are no exception from this phenomenon, and their use of ICT in providing services (to the public or other government organizations) is referred to as Electronic Government (e-Government). More specifically...
Conference Paper
Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decis...
Article
This paper first discusses emerging security threats, requirements and solutions for WSNs. In addition, the current applications and architectures of WSNs in healthcare systems are explained in detail. Then an assessment framework for WSN security for healthcare is developed to determine the security impact of WSNs on the healthcare applications. T...
Article
Full-text available
In this paper we applied our previously developed assessment framework to the data collected from an internet security readiness survey targeted at households. We used the assessment framework to compute an Internet Security Readiness index for each household, which was in turn derived from Internet Security Readiness capital, skill, and actual upt...
Article
Although information systems increase productivity in organizations, they also make the Information Technology (IT) assets within these organizations vulnerable in the context of cyber security. Thus, the designers and users of IT in these organizations need to have adequate education in the cyber security threats and be ready to take appropriate a...
Conference Paper
Although many aids such as architectural styles and patterns are now available for software architects, making optimal design decisions on appropriate architectural structures still requires significant creativity. In an effort to introduce a more direct link between an architectural decision and its consequences, a finer grained architectural conc...
Conference Paper
Full-text available
This paper describes a new programming learning system. It consists of a Web-based flowchart application and Light Emitting Diode (LED) display kits. The LED kits produce various animations or static images according to a flow chart. The flowchart tool allows students to manipulate program elements through a Graphical User Interface (GUI). Survey r...
Chapter
Due to increased awareness of human's adverse effect on the environment, many new technologies to mitigate the environmental damage are under development. Although innovative, many of these technologies are often developed in isolation and consequently incompatible with each other. From the viewpoint of Systems Engineering, this presents an enormou...
Conference Paper
Although information systems increase productivity in organizations, they also make the Information Technology (IT) assets within these organizations vulnerable in the context of cyber security. Thus, the designers and users of IT in these organizations need to have adequate education in the cyber security threats and be ready to take the appropria...
Article
Software engineering faculty face the challenge of educating future researchers and industry practitioners regarding the generation of empirical software engineering studies and their use in evidence-based software engineering. In order to engage the Net generation with this topic, we propose development and population of a community-driven Web dat...
Article
Identity theft is becoming more commonplace as the number of criminals taking advantage of the World Wide Web to lure their victims increases. The users of web-based electronic government systems are certainly not immune to this trend although the governmental organisations of various levels (federal, state and local governments) are taking steps t...
Conference Paper
This research proposes a design framework of a virtual world-based learning environment that integrates unique features of the virtual world technology with an instructional strategy. We then demonstrate the environment's usefulness and assess the effectiveness of our design framework in the context of information security learning using Second Lif...
Article
Multifactor authentication is a tool to combat identity theft and is mandated by the Federal Financial Institutions Examination Council. However, there are only a few US financial institutions that have implemented two-factor authentication. A goal for financial institutions is to provide both a secure and easy-to-use system for customers. This art...
Conference Paper
Full-text available
Although Object Orientation is emphasized in software engineering education, few have attempted to alleviate the initial learning curve associated with an inexperienced audience in non-computer science disciplines. The authors propose a Problem-Based Learning curriculum centered on game development to deliver basic Object-Oriented programming conce...
Conference Paper
Full-text available
With increasing interest in evidence-based software engineering (EBSE), software engineering faculty face the challenge of educating future researchers and industry practitioners regarding the generation and use of EBSE results. We propose development and population of a community-driven Web database containing summaries of EBSE studies. We present...
Article
Although Object Orientation is emphasized in software engineering education, few have attempted to alleviate the initial learning curve associated with an inexperienced audience in non-computer science disciplines. The authors propose a Problem-Based Learning curriculum centered on game development to deliver basic Object-Oriented programming conce...
Article
With increasing interest in Evidence-Based Software Engineering (EBSE), software engineering faculty face the challenge of educating future researchers and industry practitioners regarding the generation and use of EBSE results. We propose development and population of a community-driven web database containing summaries of EBSE studies. We present...
Chapter
Due to its heavy reliance on wireless technologies, mobile telemedicine suffers from the same set of security and privacy problems as its underlying technical standards (such as WLAN, MANET, WPAN, 3G, RFID, and WSN) face. This chapter looks into how each of these wireless technologies is being used in mobile telemedicine (see Table 10.1 for a summa...
Article
Computer information systems security is critical for all organizations since security threats have become such a constant and pervasive force. Preliminary research by the authors indicates that while significant scholarly efforts have been made at the federal government level, little research has been conducted to assess the computer information s...
Article
Architectural views are rapidly gaining a momentum as a vehicle to document and analyze software architectures. Despite their popularity, there is no dedicated language flexible enough to support the specifications of an unbound variety of views including those preexisting and needing to be newly created on demand. In this paper, we propose a novel...
Article
Despite its widespread use in the software architecture community, architectural views and relationships among them are poorly defined. A solid taxonomy of views is a critical factor in tackling this problem since it must adopt an unambiguous definition of views and provide rigorous criteria for classification. Nevertheless, the existing taxonomies...
Article
A disaster, whether artificial or natural, can overwhelm even the best prepared segment of a society. When not properly managed, the same disaster inflicts far more damage than necessary. At the core of disaster management lie the monumental tasks of collecting, distributing, processing, and presenting disaster-related data. Although many products...
Conference Paper
Use cases have been shown to be an effective construct to express system requirements in terms of environmentally visible behaviors. However, refinement of the use case into a set of corresponding system requirements is only indirectly supported by use case semantics that focus on environmental objects and their interaction with the system. The aut...
Chapter
Due to increased awareness of human’s adverse effect on the environment, many new technologies to mitigate the environmental damage are under development. Although innovative, many of these technologies are often developed in isolation and consequently incompatible with each other. From the viewpoint of Systems Engineering, this presents an enormou...
Conference Paper
The number of use cases produced for any non-trivial system can be large. These use cases may contain redundancies resulting from multilevel stakeholder communities, natural language ambiguity, terminology differences, and common data and behaviours. In order to prepare use cases for formal requirements modeling, some structure is needed to classif...
Article
Full-text available
Wide area networks have a large number of computers capable of providing a wide range of services. Due to their low cost and high performance, autonomous mobile Agents are being used to access information sources in distributed, wide-area, networks. Architectures such as active networks also employ intelligent, mobile network processes. However, th...
Article
Full-text available
Summary Formal methods ensure the stability and reliability of soft-ware systems by using mathematical principles and proving conformance to a given set of requirements. The stable and reliable operation of software is especially important for system applications dealing with security. Although very effective in identifying a non-conformance in sec...

Network

Cited By