My PhD research focused on finding access control policies in natural language text and implementing those policies in the technical environment (i.e., database or application).
Prior to my return to graduate school, I led several teams producing enterprise-wide intranet applications for the human resources and information security groups at Wachovia Corporation.
With over forty years of use and refinement, access control, often in the form of access control rules (ACRs), remains a significant and widely-used control mechanism for information security. ACRs regulate who can perform specific actions on specific resources within a software-intensive system and are considered a critical component to ensure both confidentiality and integrity. Although software can and does implement access control at the application layer, failure to enforce data access controls at the persistence layer may allow uncontrolled data access when individuals bypass application controls or the ACRs are inconsistently implemented. Our research goal is to improve security and compliance by ensuring access control rules explicitly and implicitly defined within unconstrained natural language product artifacts are appropriately enforced within a system's relational database. Access control implemented in both the application and persistence layers strongly supports a defense in depth strategy. We specify a tool-based process to 1) parse existing, unconstrained natural language product artifacts; 2) classify whether or not a sentence in the product artifact implies access control and whether or not the sentence implies database model elements; and, as appropriate, 3) extract ACR elements; 4) extract database model elements; 5) map extracted data model to a database schema; and 6) implement role-based access control (RBAC) within a relational database
Conferences, Workshops, and Symposiums
- C. Moon, S. Harenberg, J. Slankas, and N. Samatova, "Learning Contextual Embeddings for Knowledge Graph Completion" (2017). PACIS 2017 Proceedings. 248. http://aisel.aisnet.org/pacis2017/248
- M. Riaz, J. Stallings, M. Singh, J. Slankas, andL. Williams, "DIGS – A Framework for Discovering Goals for Security Requirements Engineering", 10th International Sympoisum on Emperical Software Engineering and Measurement (ESEM 2016), Ciudad Real, Spain, September 8-9, 2016, Paper Presentation
- T. Barik, K. Lubick, J. Smith, J. Slankas, E. Murphy-Hill. Fuse: A Reproducible, Extendable, Internet-Scale Corpus of Spreadsheets. MSR 2015: 486-489
- J. Slankas, X. Xiao, L. Williams, and T. Xie, "Relation Extraction for Inferring Access Control Rules from Natural Language Artifacts" , 2014 Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA.
- M. Riaz, J. Slankas, J. King, and L. Williams, "Using Templates to Elicit Implied Security Requirements from Functional Requirements − A Controlled Experiment", ACM / IEEE 8th International Symposium on Empirical Software Engineering and Measurement (ESEM 2014), Torino, Italy, September 18-19, 2014
- M. Riaz, J. King, J. Slankas, and L. Williams, "Hidden in Plain Sight: Automatically Identifying Security Requirements from Natural Language Artifacts", 2014 Requirements Engineering (RE 2014), Karlskrona, Sweeden, August 25-29, 2014 Paper Presentation
- J. Slankas and L. Williams, "Access Control Policy Extraction from Unconstrained Natural Language Text", 2013 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust (PASSAT 2013), Washington D.C., USA, September 8-14, 2013. (Acceptance Rate: 9.6%) Paper Presentation
- J. Slankas and L. Williams, "Automated Extraction of Non-functional Requirements in Available Documentation", 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE 2013), San Francisco, CA. Paper Presentation
- J. Slankas, "Implementing Database Access Control Policy from Unconstrained Natural Language Text", 35th International Conference on Software Engineering - Doctoral Symposium (ICSE DS 2013), San Francisco, CA. Paper
- J. Slankas and L. Williams, "Classifying Natural Language Sentences for Policy", IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2012), Chapel Hill, NC. Paper
- D. Binkley, D. Lawrie, E. Hill, J. Burge, I. Harris, R. Hebig, O. Keszocze, K. Reed and J. Slankas, "Task Driven Software Summarization", 29th IEEE International Conference on Software Maintenance (ICSM 2013), Eindhoven, The Netherlands.
- J. Slankas and L. Williams, 2013. Access Control Policy Identification and Extraction from Project Documentation, Academy of Science and Engineering Science Journal Volume 2, Issue 3. p145-159. Paper
Systems Analysis/Program Senior Manager
January 2006 to June 2009
Wachovia Corporation, Charlotte, NC
Web Group Leader
September 1999 to December 2005
Wachovia Corporation, Charlotte, NC
June 1998 to August 1999
Sybase, Inc., Atlanta, GA
Software Engineer / Captain
June 1996 to June 1998
USAF - National Security Agency, Ft. Meade, MD
Software Process Engineer / First Lieutenant
May 1994 to May 1996
USAF - Space and Warning Systems Center, Peterson AFB, CO
Course Instructor / Adjunct Assistant Professor
- Fall 2017 - CSC 515: Software Security (North Carolina State University)
- Fall 2015 - CSC 515: Software Security (North Carolina State University)
- Spring 2011 - CSC 116: Introduction to Computing - Java (North Carolina State University)
- Summer 1993 - CSC 430: Software Engineering (University of Arizona)
- Fall 2010 - CSC 591: Software Security (North Carolina State University)
- Spring 2010 - CSC 512: Compilers (North Carolina State University)
- Fall 2009 - CSC 517: Object-Oriented Languages and Systems (North Carolina State University)
- Fall 1993 - CSC 430: Software Engineering (University of Arizona)
- Stack Overflow: Tags and Relationships
- more to be posted ...