Jungwoo Ryoo

Teaching Object-Oriented Software Engineering through Problem-Based Learning in the Context of Game Design

Although Object Orientation is emphasized in software engineering education, few have attempted to alleviate the initial learning curve associated with an inexperienced audience in non-computer science disciplines. The authors propose a Problem-Based Learning curriculum centered on game development to deliver basic Object-Oriented programming concepts in an interactive and engaging manner. Class activities occur within the context of the Object-Oriented Rational Unified Process. One of the most significant contributions of this paper lies in the design of class modules containing tasks intended to educate students on Object-Oriented Software Engineering in an incremental and self-actuated way.

A Survey of Security and Privacy Challenges in Cloud Computing: Solutions and Future Directions

While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

Cloud Security Auditing: Challenges and Emerging Approaches

IT auditors collect information on an organizations information systems, practices, and operations and critically analyze the information for improvement. One of the primary goals of an IT audit is to determine if the information system and its maintainers are meeting both the legal expectations of protecting customer data and the company standards of achieving financial success against various security threats. These goals are still relevant in the newly emerging cloud computing model of business, but they need customization. There are clear differences between cloud and traditional IT security auditing. In this article, the authors explore potential challenges unique to cloud security auditing; examine additional challenges specific to particular cloud computing domains such as banking, medical, and government sectors; and present emerging cloud-specific security auditing approaches and provide critical analysis.

Security Education Using Second Life

Institutions of higher education, government agencies, and private organizations have been making sustained efforts to teach some information security skills more efficiently. In these efforts to improve security education, the dominant pedagogical approach has been to use security exercises in a lab setting.

A comparison and classification framework for disaster information management systems

A disaster, whether artificial or natural, can overwhelm even the best prepared segment of a society. When not properly managed, the same disaster inflicts far more damage than necessary. At the core of disaster management lie the monumental tasks of collecting, distributing, processing, and presenting disaster-related data. Although many products and proposals claim to accomplish these critical undertakings, few actually do live up to the expectations mainly due to the complex and comprehensive nature of disaster information management. Noting the lack of standards and consensus on what constitutes an ideal Disaster Information Management System (DIMS), this paper sets out to first identify essential requirements for a truly useful DIMS and to eventually propose a comparison and classification framework that can be used by various organisations considering the adoption of a DIMS.

Architectural Analysis for Security

Existing research on systems security has focused on coding, providing little insight into how to create a secure architecture. Combining architectural analysis techniques based on tactics, patterns, and vulnerabilities will achieve the best outcomes.

Revising a Security Tactics Hierarchy through Decomposition, Reclassification, and Derivation

Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.

A Methodology for Mining Security Tactics from Security Patterns

Although many aids such as architectural styles and patterns are now available for software architects, making optimal design decisions on appropriate architectural structures still requires significant creativity. In an effort to introduce a more direct link between an architectural decision and its consequences, a finer grained architectural concept called a tactic has emerged. Since its introduction, many tactics have been identified and used in real- life applications. However, the number of tactics discovered is not sufficient to cover all the necessary aspects of architectural decision making. The tactics could be created from scratch, but it would be more efficient if tactics could be mined from a proven source. One possible source is any architectural pattern that consists of tactics. Therefore, in this paper we propose a novel way to retrieve tactics from well known patterns. Among the many different types of existing patterns, this paper focuses on security patterns.

An architecture-centric software maintainability assessment using information theory

A robust model reference controller which supplies manipulated variables for controlling a multi-input multi-output process of the type which may not be modelled perfectly consists of a pre-compensator, a diagonal filter, and a post-compensator. The input signals to the robust model reference controller are first projected dynamically into decoupled signals by the pre-compensator. The diagonal filters then filter the decoupled signals individually. The filtered signals are projected back dynamically to the manipulated variables for the controlled process. The filter can easily be tuned to attain the optimal response of the closed-loop system with a given bound of model uncertainty.

In Search of Architectural Patterns for Software Security

Software architects design by combining and tailoring styles, patterns, and tactics with known properties. A security-relevant research agenda will give architects a principled body of knowledge from which to reason.