Call for Collaboration

You are always welcome to collaborate with me in pursuing any one of the research topics shown below. Please send me an E-mail at jryoo at psu dot edu. More detailed information on how to get in touch with me is available here.

Research Interests

My core research areas include:

• Information Assurance and Security
  • Software Security
  • Network/Cyber Security
  • Security Management (with emphasis on Assessment)
  
  
• Software Engineering
  • Software Architectures
  • Object-Oriented Software Engineering
  • Requirements Engineering
    
  
  
• Networking and Telecommunications
  • Network Management

To learn more about my research, click here and visit my research collaboration WIKI.

Honors

1. The University-wide IST Faculty Award, College of IST, The Pennsylvania State University, May 2009.
2. Outstanding Achievement in Research and Creativity, Penn State Altoona, April 2009.

Journal Editorial Board Membership

1. Associate Techincal Editor for IEEE Communications (since 2008)
2. Editor, Journal of Computing Science and Engineering
3. Editorial Board Member, International Journal of Internet Technology and Secured Transactions

I also frequently review articles for Computer and Security.

Publications

Journals

1. Jungwoo Ryoo, Phillip Laplante, and Rick Kazman, In Search of Architectural Patterns for Software Security, IEEE Computer, 42(6): 98-100, June 2009.
   
   
   Software architects design by combining and tailoring styles, patterns, and tactics with known properties. A security-relevant research agenda will give architects a principled body of knowledge from which to reason.
   
   
2. Jungwoo Ryoo, Angsana Techatassanasoontorn, and Dongwon Lee, Security Education Using Second Life, IEEE Security and Privacy, 7(2):72-75, March/April 2009.
   
   
   Many existing information security exercises only focus on the technical aspect of security and lack a meaningful context. These conventional teaching strategies have their role, but the authors believe that educating a future generation of security professionals demands a more student-centered and contextualized pedagogical approach that could prepare students for the highly dynamic world of information security. To meet these challenges, they developed a novel security education environment that improves student engagement and learning efficacy by using Second Life, a popular 3D, Web-based virtual social world.
   
   
3. Seungjae Shin, Jerry Cunningham, Jungwoo Ryoo, and Jack E. Tucci, Authentication and Protection for e-finance Consumers: the Dichotomy of Cost versus Ease of Use, International Journal of Electronic Finance, 3(1): 31-45, 2009.
   
   
   Multi-factor authentication is a tool to combat identity theft and is mandated by the Federal Financial Institutions Examination Council. However, there are only a few US financial institutions that have implemented two-factor authentication. A goal for financial institutions is to provide both a secure and easy-to-use system for customers. This article describes Web authentication technologies that are currently available to financial institutions and provides an interpretation of survey results to identify the perceptions/expectations of online customers. In our online banking customer survey, we found that online banking customers are willing to sacrifice some ease-of-use for more secure online banking transactions.
   
   
4. David Janzen and Jungwoo Ryoo, Improving Evidence-Based Software Engineering Education through a Community-Driven Web Database, Journal of Systems and Software, 82(4): 563-570, April 2009 (ISSN: 0164-1212).
   
   
   Software engineering faculty face the challenge of educating future researchers and industry practitioners regarding the generation of empirical software engineering studies and their use in evidence-based software engineering. In order to engage the Net generation with this topic, we propose development and population of a community-driven Web database containing summaries of empirical software engineering studies. We also present our experience with integrating these activities into a graduate software engineering course. These efforts resulted in the creation of “SEEDS: Software Engineering Evidence Database System”. Graduate students initially populated SEEDS with 216 summaries of empirical software engineering studies. The summaries were randomly sampled and reviewed by industry professionals who found the student-written summaries to be at least as useful as professional-written summaries. In fact, 30% more of the respondents found the student-written summaries to be “very useful”. Motivations, student and instructor-developed prototypes, and assessments of the resulting artifacts will be discussed.
   
   
5. Mohamad Anan, Hossein Saiedian, and Jungwoo Ryoo, An Architecture-centric Software Maintainability Assessment Using Information Theory, Journal of Software Maintenance and Evolution: Research and Practice, 21(1): 1-18, January/February 2009.
   
   
   Architecture-based metrics can provide valuable informationon whether or not one can localize the effects of modification (such as adjusting dataflows or control flows) in software and can therefore be used to prevent the changes from adversely affecting other software components. This paper proposes an architecture-centric metric using entropy for assessing structural dependencies among software components. The proposed metric is based on a mathematical model representing themaintainability snapshot of a system. The introduced architectural-level metric includes measures for coupling and cohesion. From this model, the relative maintainability of a component, referred to as a maintainability profile, can be developed to identify architectural decisions that are detrimental to the maintainability of a system.
   
   
6. Jungwoo Ryoo, Tae H. Oh, Seung Jae Shin, and Young B. Choi, A Comprehensive Readiness Assessment Framework for Identity Theft Safeguards in Web-based Electronic Government Systems, Electronic Government, the Journal, 6(1): 19-40, 2009.
   
   
   Identity theft is becoming more commonplace as the number of criminals taking advantage of the World Wide Web to lure their victims increases. The users of Web-based electronic government systems are certainly not immune to this trend although the governmental organizations of various levels (federal, state, and local governments) are taking steps to adopt the best possible safeguards to prevent identity theft on their Web sites. Despite their enthusiasm to protect citizens, governmental organizations currently lack assessment methods specifically designed to measure the effectiveness of safeguards they deploy. To address this problem, we propose a comprehensive readiness assessment framework.
   
   
7. Jungwoo Ryoo, Young B. Choi, Tae H. Oh, and Gregory Corbin, A Multi-dimensional Classification Framework for Developing Context-specific Wireless Local Area Network Attack Taxonomies, International Journal of Mobile Communications, 7(2): 253-267, 2009.
   
   
   Despite the abundance of taxonomies for the high-level classification of computer or network security attacks, few researchers have worked on the development of a taxonomy dedicated to Wireless Local Area Network (WLAN) security attacks. The existing general-purpose taxonomies are not equipped with WLAN-specific classification criteria and, therefore, fail to reveal and categorise attacks that exploit vulnerabilities found only in WLANs. To address this problem, we propose a novel taxonomy development framework that features a rich set of classification criteria devoted to WLAN attacks. The new taxonomy is expressive enough to describe not only well-known attacks, but also newly emerging ones.
   
   
8. Charlotte E. McConn, Jungwoo Ryoo, and Tulay Girard, Assessing the Computer Information Systems Security: Three Case Studies of Local Governments in Central Pennsylvania, Journal of International Business Research, 6(1): 55-75, 2007 (ISSN: 1544-0222).
   
   
   N/A
   
   
9. Jungwoo Ryoo and Young B. Choi, A Comparison and Classification Framework for Disaster Information Management Systems, International Journal of Emergency Management, 3(4): 264-279, November 2006.
   
   
   A disaster, whether artificial or natural, can overwhelm even the best prepared segment of a society. When not properly managed, the same disaster inflicts far more damage than necessary. At the core of disaster management lie the monumental tasks of collecting, distributing, processing, and presenting disaster-related data. Although many products and proposals claim to accomplish these critical undertakings, few live up to the expectations mainly due to the complex and comprehensive nature of disaster information management. Noting the lack of standards and consensus on what constitutes an ideal Disaster Information Management System (DIMS), this paper sets out to first identify essential requirements for a truly useful DIMS and to eventually propose a comparison and classification framework that can be used by various organizations considering the adoption of a DIMS.
   
   
10. Jungwoo Ryoo and Hossein Saiedian, AVDL: A Highly Adaptable Architecture View Description Language, Journal of Systems and Software, 79(8):1180-1206, August 2006.
    
    
    Architectural views are rapidly gaining a momentum as a vehicle to document and analyze software architectures. Despite their popularity, there is no dedicated language flexible enough to support the specification of an unbound variety of views including those preexisting and newly created on demand. In this paper we propose a novel view specification language along with appropriate processes and tools, intended for describing any arbitrary views using a uniform set of conventions for constructing views and how to use them. The highly adaptable nature of the new language results from its built-in mechanism to define different types of views in a systematic and repeatable manner.
    
    
11. Jungwoo Ryoo and Hossein Saiedian, A Refinement-based Taxonomy of Architectural Views, Information and Software Technology, 48(7):456-470, July 2006.
    
    
    Despite its widespread use in the software architecture community, architectural views and relationships among them are poorly defined. A solid taxonomy of views is a critical factor in tackling this problem since it must adopt an unambiguous definition of views and provide rigorous criteria for classification. Nevertheless, the existing taxonomies of views fail to eliminate vagueness surrounding the definitions of views and their inter-relationships mainly due to their informal nature. One of the most significant consequences of these failures is inability to systematically define new views in support of domain-specialization. This paper is an attempt to resolve these outstanding problems by proposing a sound framework for creating new, customized taxonomies of views in a repeatable manner, based on the formal concept of refinement.
    
    
12. Jungwoo Ryoo and Hossein Saiedian, A Formal Language to Describe Architectural Views, International Journal of Computer and Information Science, 5(4), 2004.
    
    
    The current practice of specifying software architecture views remains predominantly ad-hoc. This paper proposes a novel, more formal way of defining views and their relationships through refinement. This new approach gives a rise to the identification of a core set of the most fundamental specification primitives and derivatives and the eventual incorporation of them into a dedicated language whose only purpose is to specify software architecture views in a structured, unambiguous manner. The new language is based on the classical four layer metamodeling architecture. Object Management Group's (OMG) Meta Object Facility (MOF) is used to specify its metamodel.

Journal Papers Submitted for Publication

1. Angsana Techatassansoontorn, Jungwoo Ryoo, and Dongwon Lee, Virtual World-based Security Learning Using Second Life: Design and Evaluation, under review for publication in Journal of Database Management.
   
   
   There has been a growing interest and enthusiasm for the application of virtual worlds in learning and training. This research proposes a design framework of a virtual world-based learning environment that integrates two unique features of virtual world technology—immersion and interactivity with an instructional strategy that promotes self-regulatory learning. We demonstrate the usefulness and assess the effectiveness of our design in the context of security learning using Second Life. Overall, the results strongly suggest that the virtual world-based learning environment enhances information security learning, thus supporting the effectiveness of the proposed design framework. Additional results suggest that learner traits have an important influence on learning outcomes through perceived enjoyment. The study offers useful design and implementation guidelines for organizations and universities to develop a virtual world-based learning environment. It also represents an initial step towards the design and explanation theories of virtual world-based learning environments.
   
   
2. Jungwoo Ryoo, Peng Liu, and Hossein Saiedian, Secure Software Development through Software Architecture Mechanisms, under review for publication in IEEE Security and Privacy.
   
   
   In the article, the authors point out that the current emphasis on testing and run-time control for developing more secure software needs to be reconsidered and that there are other aspects (particularly, software architectures) of software development, which can have a more fundamental and lasting impact on software security. The authors also discuss a crucial role an architecture plays in developing software that is less susceptible to not only well known security threats but also newly emerging, more subtle types of attacks. Finally, the paper proposes a novel architectural solution called an integrity-driven Auditor-Object-Subject (AOS) architecture.
   
   

Journal Papers under Preparation

1. Ryoo, J., H. Saiedian. Consistency Enforcement and Verification for Multiple Architectural Views.
2. Ryoo. J., Girard, T, E. Park, S. Osagie. An Internet Security Readiness Assessment Framework.
3. Ryoo. J., T. Seth. A Vulnerability Analysis of Web-based Content Management Systems Security.

Conference and Workshop Proceedings

1. Sohail Anwar and Jungwoo Ryoo, Integration of Multidisciplinary Security and Risk Analysis Undergraduate Program Components into a Four-Year Electromechanical Engineering Technology Program, In Proceedings of the Frontiers in Education (FIE 2009) Conference, IEEE, San Antonio TX, October 2009.
   
   
2. Angsana Techatassana Soontorn, Jungwoo Ryoo, Dongwon Lee, Taylor Davenport, The Design and Evaluation of a Virtual World-based Learning Environment: Information Security Learning Using Second Life, In Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology (DESRIST 2009), Philadelphia PA, May 2009.
   
   
3. Charlotte McConn and Jungwoo Ryoo, Using Geographic Information Systems in an Information Systems Security Readiness Assessment, In Proceedings of International Conference on Business, Economics, and Information Technology (ICBEIT 2009), Nagoya Japan, March 9-10, 2009.
   
   
4. Jungwoo Ryoo and Phillip Laplante, Architectural Security, In Proceedings of the 42nd Hawaii International Conference on Systems Sciences (HICSS 2009): Trust and Dependability Workshop, HI, January 5, 2009.
   
   
5. Jungwoo Ryoo, Dongwon Lee, and Angsana Techatassanasoontorn. Immersive Security Education Environment (I-SEE) Using Second Life, In Proceedings of the SIGCSE 2008 Technical Symposium on Computer Science Education, ACM, Portland OR, March 2008.
   
   
6. Jungwoo Ryoo, Frederico Fonseca, and David Janzen. Teaching Object-Oriented Software Engineering through Problem-based Learning in the Context of Game Design, In Proceedings of the 21st IEEE-CS Conference on Software Engineering Education and Training (CSEE&T), pages 137-144. Edited by Hossein Saiedian and Laurie Williams, IEEE Computer Society, Charleston SC, April 2008.
   
   
7. Davod Janzen and Jungwoo Ryoo, Seeds of Evidence: Integrating Evidence-Based Software Engineering Instruction, In Proceedings of the 21st IEEE-CS Conference on Software Engineering Education and Training (CSEE&T), pages 223-230. Edited by Hossein Saiedian and Laurie Williams, IEEE Computer Society, Charleston SC, April 2008.
   
   
8. Jungwoo Ryoo and Tae H. Oh, Teaching Internet Protocol Encryption and Decryption Using the OPNET Modeling and Simulation Tool, In Proceedings of the 12th Colloquium for Information Systems Security Education (CISSE), pages 113-118. Edited by Ronald Dodge. CISSE, Dallas TX, June 2008.
   
   
9. Seungjae Shin, Jerry Cunningham, Jungwoo Ryoo, and Jack E. Tucci, A Study of Two-Factor Authentication against Online Identity Theft, In Proceedings of the 39th Annual Meeting of Decision Science Institute, DSI, Baltimore MD, December 2008.
   
   
10. Jungwoo Ryoo and Soon Ae Chun, A Behavior-Centric Mobile-Device-Resident Malware Detection Method Using Ontology, In Proceedings of the 2008 U.S. Korean Conference on Science, Technology, and Entrepreneurship (UKC 2008), KSEA, San Diego CA, August 2008.
    
    
11. Jungwoo Ryoo, Tom Oh, and Young B. Choi, An Analysis of Identity Theft Safegurds in the U.S. e-Government Systems, In Proceedings of the 35th Research Conference on Communication, Information, and Internet Policy (Telecommunications Policy Research Conference), George Mason University, Arlington, VA, September 2007.
    
    
    
    
    
12. Tom Oh and Jungwoo Ryoo, Modeling and Simulation for HAIPE and IP Security, In Proceedings of OPNETWORK 2007, Washington, D.C., August 2007.
    
    
    
    
    
13. Tom Oh and Jungwoo Ryoo, Modeling and Simulation of Wireless Local Area Network Security Using a New Multi-dimensional Threat Taxonomy, In Proceedings of 2007 US-Korea Conference on Science, Technology, and Entrepreneurship (UKC-2007) Information Technology Symposium, Washington, D.C., August 2007.
    
    
    
    
    
14. Sohail Anwar and Jungwoo Ryoo, An Interdisciplinary Approach to Information Systems Security Education: a Case Study, In Proceedings of the 114th Annual American Society for Engineering Education (ASEE) Conference, Honolulu, Hawaii, June 2007.
    
    
    To be available soon
    
    
15. S. E. McConn, J. Ryoo, and T. Girard, Assessing Information Systems Security within Local Governments: a Pilot Study for Central Pennsylvania, In Proceedings of the 2007 International Guam Conference on Business, Economics, and Information Technology, Tumon, Guam, March, 2007.
    
    
    Information assurance is critical for all types of organizations since security breaches have become such a constant and pervasive threat. Preliminary research by the authors indicates that while significant efforts have been made at the federal, state, and large city government levels, little has been done for small local governments. This paper presents the results of a pilot study that evaluates the information systems security readiness of small local governments in central Pennsylvania. The study serves as the first step in building a comprehensive assessment framework for a larger-scale, follow-up study.
    
    
16. J. Ryoo and S. E. McConn, Developing a Community Outreach Program for Information Assurance, In Proceedings of the Southeast Decision Science Institute (SEDSI) Thirty Seventh Meeting, Savannah, GA, February, 2007.
    
    
    Despite a growing demand, there is a dire shortage of professionals with security expertise. Combined with other factors, this problem causes security to be overlooked in many small and medium-sized organizations. Realizing that awareness and education are important vehicles that can bridge this gap, the authors launched a community outreach program to first raise security awareness in local communities Penn State Altoona is serving. Understanding that the heightened awareness may well lead to the increased demand for security education, they also developed and implemented a certificate program in information systems security. This paper discusses the authors' experience in developing a community outreach program for information assurance.
    
    
17. J. Ryoo, Software Security from an Architectural Perspective, Invited Talk, 2006 Korean Computer Scientists and Engineers Association (KOCSEA) in America Technical Symposium, Arizona State University, Tempe, Arizona, December 2006.
    
    
    In this talk, the speaker argues that the current emphasis on testing and run-time control for developing more secure software needs to be reconsidered and that there are other aspects (particularly, software architectures) of software development, which can have a more fundamental and lasting impact on software security. He discusses a crucial role an architecture plays in developing software that is less susceptible to not only well known security threats but also newly emerging, more subtle types of attacks. The speaker also proposes his own architectural solution.
    
    
18. T. Girard, M. O'Connor, and J. Ryoo, Consumer Patronage Intentions in the Context of Internet Security and Perceived Risk. In Proceedings of the Fourteenth International Conference on Telecommunications Systems-Modeling and Analysis (ICTSM 2006), Berks, Pennsylvania, October 2006.
    
    
    This research proposes an e-commerce model that examines the relationships of specific antecedent factors and their effect on online shoppers' purchase intentions. The factors examined include consumers' prior online shopping experience, satisfaction with a product purchase from a specific vendor, and the dimensions of trust required to build lasting relationships with online vendors. This study investigates the mediating roles of satisfaction and trust between consumers' prior online shopping experience and online purchase intentions. The paper offers academics and marketers a comprehensive set of measurements of trust and furthers learning about shoppers' online purchase intentions for different products sold by online vendors.
    
    
19. S. Jang and J. Ryoo. Software Security Verification with Formal Method Tools,2006 US-Korea Conference on Science, Technology, and Entrepreneurship (UKC-2006) Information Technology Symposium, Teaneck, New Jersey, August 2006.
    
    
    Formal methods can guarantee the stability and reliability of security software. Formal methods can be further categorized into formal verification and validation for which many tools are available. This paper formally verifies an Access Control System (ACS) using RoZ and Z/EVES, two of the many verification tools available for ensuring the integrity of security software. For this, a UML model of ACS with Z annotations is first created. Next, the model is transformed into a Z specification which is then verified by the Z/EVES prover. Using this process, one can find security vulnerabilities created during a development process.
    
    
20. J. Ryoo, E. Park, T. Girard, and S. Osagie, Measuring Internet Security Readiness: A Study of Household Behavior. In Proceedings of the Sixteenth Biennial Conference of the International Telecommunications Society, Beijing, China, June 2006.
    
    
    Today many organizations including households, corporations, and government agencies are susceptible to malicious attacks on their computing infrastructures via the Internet. Although many of these organizations fully understand the risks involved in such attacks - and would like to accurately assess their vulnerabilities - there is no clearly established method for evaluating the overall readiness of an entity concerning its countermeasures against cyber crimes. This research, therefore, seeks to fill the current void by developing a conceptual framework to quantify and measure Internet security readiness especially in the context of households. The secondary goal of this research is to discover how aware households are of security threats and how well they are prepared for protecting themselves from those risks in terms of fundamental infrastructures and their actual usage.
    
    
21. J. Ryoo and Y. Choi, Recent Developments in Telecommunications Technologies for Disaster Information Management Systems. In Proceedings of the Fourth Annual Conference on Telecommunications and Information Technology, Mandalay Bay Hotel, Las Vegas, Nevada, March, 2006.
    
    
    Although many technological breakthroughs in telecommunications have been reported for the past decade, a majority of these technologies are not being exploited by disaster management efforts made today. In this paper we closely examine various telecommunication-related requirements for disaster management and try to identify relevant, readily-available technologies that can be put to use immediately. Some implications resulting from the adoption are also discussed.
    
    
22. J. Quint and J. Ryoo, An XML Document-centric Architecture. In Proceedings of the Southeast Decision Science Institute (SEDSI) Thirty Sixth Meeting, Wilmington, NC, February, 2006.
    
    
    XML enabling a typical object-oriented application is cumbersome, which increases the costs of initial development and on-going maintenance. Therefore, the increased total cost of ownership of the application reduces the overall return on investment. This paper introduces the XML document-centric architecture as a viable alternative to a typical object-oriented architecture. To support this claim, a case study has been done to show that a XML document-centric architecture is suitable for rapidly developing XML enabled applications that are practical, adaptable, and scalable.
    
    
23. J. Ryoo, A Taxonomy of Software Architecture Specification Methods, In Proceedings of the Southeast Decision Science Institute (SEDSI) Thirty Fifth Meeting, Raleigh, NC, February, 2005, SEDSI.
    
    
    This paper notes the lack of a taxonomy not just limited to Architecture Description Languages (ADLs) but comprehensive enough to address software architecture specification methods in general. A through literature survey reveals new criteria for classification, not used in any existing taxonomies devoted to ADLs. These criteria form the basis of the newly proposed taxonomy. They include: an emphasis on a certain specification construct, a concrete specification paradigm adopted, and mathematical formalism providing necessary rigor to the chosen paradigm.
    
    
24. J. Ryoo and H. Saiedian, A Refinement-based Taxonomy of Architectural Views, In Proceedings of the Second ACIS International Conference on Software Engineering Research, Management, and Applications, pages 118--122, Los Angeles, CA, May, 2004, Elsevier.
    
    
    Despite its widespread use in the software architecture community, architectural views and relationships among them are poorly defined. A solid taxonomy of views is a critical factor in tackling this problem. However, the existing taxonomies of views fail to eliminate ambiguities surrounding the definitions of views and their inter-relationships. This paper is an attempt to rigorously define the term view by proposing a framework for a novel taxonomy of views based on the formal concept of refinement.

    Intelligent Mobile Software Agent Research

25. J. Ryoo, S. Tak, D. Lee, J. Stach, and E. K. Park, Visualizing Large-Scale Distributed Artificial Intelligence (DAI) Systems, In Proceedings of the ACM Workshop on New Paradigms in Information Visualization and Manipulation (NPIVM'00), pages 21--27, McLean, VA, November 2000, ACM.
    
    
    To be added ...
    
    
26. C. Lee, J. Ryoo, S. Tak, D. Lee, C. Oh, J. Kim, J. Stach, and E. K. Park, Simulating Software Agent Colonies in Large Scale Distributed Artificial Intelligence (DAI) Networks, In Proceedings of the Center for Architectures for Data-driven Information Processing (CADIP) Research Symposium, Baltimore County, MD, September 2000, CADIP.
    
    
    To be added ...

    Master's Thesis Research

27. Y. Lee, J. Ryoo, J. Stach, and E. K. Park, Composing Requirements for Goal-Oriented System Behaviors Using an Extended Form of Use Cases, In Proceedings of the IEEE Workshop on Application-Specific Systems and Software Engineering (ASSET'00), pages 91--96, Richardson, Texas, March 2000, IEEE.
    
    
    To be added ...
    
    
28. J. Ryoo, J. Stach, and E. K. Park, Extension and Partitioning of Use Cases in Support of Formal Object Modeling, In Proceedings of the IEEE Workshop on Application-Specific Systems and Software Engineering (ASSET'99), pages 238--243, Dallas, Texas, March 1999, IEEE.
    
    
    To be added ...

Book Chapters

1. Jungwoo Ryoo, Young B. Choi, and Tom Oh, Security and Privacy in Mobile Telemedicine, Mobile Telemedicine: A Computing and Networking Perspective, Auerbach Publications, CRC Press, 2007 (ISBN-10: 1420060465).

Externally Funded Projects and Grants

Funded and In Progress

1. An Immersive Security Education Environment (I-SEE) Using Second Life, National Science Foundation, Course, Curriculum, and Laboratory Improvement (CCLI) Program, $399,900.
   
   
2. September 2007-August 2008, Immersive Security Education through Second Life, ACM SIGCSE Special Projects Grant, $4,829.
   
   
3. January 2008-December 2008, Computer Security Readiness Assessment for Small Municipalities in Rural Pennsylvania, Center for Rural Pennsylvania Research Grant, $49,989.
   
   

   Under Preparation

4. Information Assurance for Local Governments: Raising Awareness, Providing Education, and Implementing Policies through Active Assessment, National Science Foundation, Cyber Trust Program,$200,000.
   
   
5. Encouraging Creativity in Software Engineering Education through a Web-based Virtual Reality System, National Science Foundation, Creative IT Program, $400,000.
   
   
6. Achieving Software Security through Architectural View-based Vulnerability Detection and Prevention, National Science Foundation, Foundations of Computing Process and Artifacts Program, $200,000.

Internally Funded Projects and Grants

Completed

1. January-December 2006, Community Outreach: Computer Security Research Institute at Penn State Altoona, Penn State Altoona Chancellor's Development Fund Grant, $3,000.
   
   
2. 2005-2006, Modeling Wireless Local Area Network (WLAN) Attacks Using a Multi-Dimensional Threat Taxonomy, Penn State Altoona Undergraduate Research Award, $500.
   
   
3. 2005-2006, A Classification and Comparison Framework for Wireless Networking Security Software, Penn State Altoona Research Development Grant, $2000.
   
   
4. Fall 2006, Information Assurance for Local Governments: Raising Awareness, Providing Education, and Implementing Policies through Active Assessment (National Science Foundation Cyber Trust proposal), Penn State Altoona Collaborative Research Proposal Writing Grant, one course release.
   
   
5. January-December 2007, Community Outreach: Computer Security Research Institute at Penn State Altoona: Phase Two, Penn State Altoona Chancellor's Development Fund Grant, $2,000.
   
   
6. January-December 2007, The Role of satisfaction and trust in Consumer Online Purchase Intention, Penn State Altoona Chancellor's Development Fund Grant, $4,000
   
   
7. February 2007, A Risk Assessment Framework for Embedded Device-Resident Malware Penn State Altoona Undergraduate Research Award, $500.

   In Progress

Travel Support Grants

1. December 2006, Participation in Korean Computer Scientists and Engineers Association in America Technical Symposium, Korea-U.S. Science Cooperation Center Honorarium, $400.
   
   
2. December 2006, Participation in U.S.-Korea Conference on Science, Technology and Entrepreneurship Information Technology Symposium, Korea-U.S. Science Cooperation Center Honorarium, $300.
   
   
3. September 2006, Participation in Object-Oriented Programming, Systems, Languages, and Applications Conference (OOPSLA), Association for Computing Machinery Special Interest Group in Programming Languages Educator Scholarship, $600.