Prof. Park has a variety of accomplishments from his previous and current research projects in information and systems security.

Until now, a variety of security technologies and approaches have been introduced, but none has been able to provide a perfect solution. There is no silver bullet for most security problems, but I hypothesize that security in most information systems can be improved by proper countermeasures.

Research Agenda

My main research area is Applied Information Security. In that context I focus on scalability, fine-granularity, and survivability. The table below summarizes my research agenda. Under the main theme, Applied Information Security, I have identified three core-interlinked research streams that are common to the areas of my research: scalable, fine-grained, and survivable security approaches. In each stream I have three research realms with respect to theoretical frameworks, support mechanisms, and applications in real systems. In the realm of theoretical frameworks, I identify fundamental problems in the research stream and propose new strategies, models, and architectures, along with the analyses of their tradeoffs. In the realm of support mechanisms, I develop new mechanisms or enhance existing mechanisms with sophisticated features to support the corresponding theoretical frameworks. Finally, in the realm of applications, I apply the theoretical frameworks to real systems, using the support mechanisms that I have developed, prove the feasibility of my proposed ideas, and evaluate the experimental results.

This research agenda is not necessarily fulfilled in the order of theoretical frameworks, support mechanisms, and applications to real systems. For instance, sometimes I figure out a theoretical framework while (or even after) I am working on the support mechanisms or applications. The experience and outcomes from one realm can be useful input to another realm in the same or different research stream. Research streams also have linkages with other streams.

Sponsored Research Projects

• Advanced Research and Development Activity (ARDA) Information Assurance for the Intelligence Community (IAIC) Program: A Context, Role, and Semantics (CRS) based Approach for Countering Malicious Insider Threats. $822,683, 2003-2005. (with Elizabeth Liddy and Liaquat Hossain at Syracuse University, and Syracuse Research Corporation).
• The National Research Council (NRC) Summer Faculty Fellowship Program (SFFP): Trusted Military Message System. $17,500, 2003.
• The National Research Council (NRC) Summer Faculty Fellowship Program (SFFP): Dynamic Component Recovery and Immunization for Survivable Large Distributed Systems. $19,250, 2004.
• The New York State Center for Advanced Technology in Computer Applications and Software Engineering (CASE): User-Centric Anti-Spam Mechanisms. 2002-2004.
• US Air Force Research Laboratory (AFRL) SFFP Extended Research Program: Software Component Survivability. $10,000, 2004.
• Department of Defense (DoD) Small Business Innovation Research (SBIR) Program: Fine-grained and Scalable Security Services for XML Guard. $99,996, 2004-2005 (with Dolphin Technology).
• Air Force Research Laboratory (AFRL)/Griffiss Institute Information Assurance Program: Active Access Control for Insider Threat Detection and Response in Wireless Networks. $371,020, 2004-2005. (with ITT Industries, Capraro Technologies, and Rensselaer Polytechnic Institute).
• Department of Defense (DoD) Intergovernmental Personnel Act (IPA) Mobility Program: FASAC (Fine-grained, Active, and Scalable Access Control) for Countering Insider Threats. $154,888, 2005-2006.
• Air Force Research Laboratory (AFRL) Information Warfare Program: Dynamic, Hybrid Component Test for Mission-Critical Systems, $39,997, 2006.
• JPMorgan Chase Bank (JPMC): Systems Access Management (Identity Management). $192,979, 2008. (with Wenliang (Kevin) Du at Syracuse University).