About Me

Currently, I am a senior research scholar for the Laboratory for Analytic Sciences at North Carolina State University in Raleigh, NC.

My PhD research focused on finding access control policies in natural language text and implementing those policies in the technical environment (i.e., database or application).

Prior to my return to graduate school, I led several teams producing enterprise-wide intranet applications for the human resources and information security groups at Wachovia Corporation.

PhD Dissertation

With over forty years of use and refinement, access control, often in the form of access control rules (ACRs), remains a significant and widely-used control mechanism for information security. ACRs regulate who can perform specific actions on specific resources within a software-intensive system and are considered a critical component to ensure both confidentiality and integrity. Although software can and does implement access control at the application layer, failure to enforce data access controls at the persistence layer may allow uncontrolled data access when individuals bypass application controls or the ACRs are inconsistently implemented. Our research goal is to improve security and compliance by ensuring access control rules explicitly and implicitly defined within unconstrained natural language product artifacts are appropriately enforced within a system's relational database. Access control implemented in both the application and persistence layers strongly supports a defense in depth strategy. We specify a tool-based process to 1) parse existing, unconstrained natural language product artifacts; 2) classify whether or not a sentence in the product artifact implies access control and whether or not the sentence implies database model elements; and, as appropriate, 3) extract ACR elements; 4) extract database model elements; 5) map extracted data model to a database schema; and 6) implement role-based access control (RBAC) within a relational database

 

Dissertation

Publications

Conferences, Workshops, and Symposiums

  • C. Moon, S. Harenberg, J. Slankas, and N. Samatova, "Learning Contextual Embeddings for Knowledge Graph Completion" (2017). PACIS 2017 Proceedings. 248. http://aisel.aisnet.org/pacis2017/248
  • M. Riaz, J. Stallings, M. Singh, J. Slankas, andL. Williams, "DIGS – A Framework for Discovering Goals for Security Requirements Engineering", 10th International Sympoisum on Emperical Software Engineering and Measurement (ESEM 2016), Ciudad Real, Spain, September 8-9, 2016, Paper   Presentation
  • T. Barik, K. Lubick, J. Smith, J. Slankas, E. Murphy-Hill. Fuse: A Reproducible, Extendable, Internet-Scale Corpus of Spreadsheets. MSR 2015: 486-489
  • J. Slankas, X. Xiao, L. Williams, and T. Xie, "Relation Extraction for Inferring Access Control Rules from Natural Language Artifacts" , 2014 Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA.
  • M. Riaz, J. Slankas, J. King, and L. Williams, "Using Templates to Elicit Implied Security Requirements from Functional Requirements − A Controlled Experiment", ACM / IEEE 8th International Symposium on Empirical Software Engineering and Measurement (ESEM 2014), Torino, Italy, September 18-19, 2014
  • M. Riaz, J. King, J. Slankas, and L. Williams, "Hidden in Plain Sight: Automatically Identifying Security Requirements from Natural Language Artifacts", 2014 Requirements Engineering (RE 2014), Karlskrona, Sweeden, August 25-29, 2014 Paper   Presentation
  • J. Slankas and L. Williams, "Access Control Policy Extraction from Unconstrained Natural Language Text", 2013 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust (PASSAT 2013), Washington D.C., USA, September 8-14, 2013. (Acceptance Rate: 9.6%) Paper   Presentation
  • J. Slankas and L. Williams, "Automated Extraction of Non-functional Requirements in Available Documentation", 1st International Workshop on Natural Language Analysis in Software Engineering (NaturaLiSE 2013), San Francisco, CA. Paper   Presentation
  • J. Slankas, "Implementing Database Access Control Policy from Unconstrained Natural Language Text", 35th International Conference on Software Engineering - Doctoral Symposium (ICSE DS 2013), San Francisco, CA. Paper
  • J. Slankas and L. Williams, "Classifying Natural Language Sentences for Policy", IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2012), Chapel Hill, NC. Paper
  • D. Binkley, D. Lawrie, E. Hill, J. Burge, I. Harris, R. Hebig, O. Keszocze, K. Reed and J. Slankas, "Task Driven Software Summarization", 29th IEEE International Conference on Software Maintenance (ICSM 2013), Eindhoven, The Netherlands.

Journals

  • J. Slankas and L. Williams, 2013. Access Control Policy Identification and Extraction from Project Documentation, Academy of Science and Engineering Science Journal Volume 2, Issue 3. p145-159. Paper

Professional Experience

Systems Analysis/Program Senior Manager

January 2006 to June 2009

Wachovia Corporation, Charlotte, NC
Led team of seven professionals to design, develop, operate, and maintain custom identity management based applications to support Wachovia’s Information Security Group.

Responsibilities:

  • Provide technical guidance, leadership, support and training for the development and maintenance of applications.
  • Partner with peers in Wachovia’s Information Security Group to identify and specify complex business requirements and processes. Lead team in the application design, testing and implementation of those requirements and processes.
  • Coordinate application changes with the client area, development staff, operations, network, security and IT technical staff.
  • Mentor employees.

Accomplishments:

  • Ensured system access reviews of over 120,000 employees performed on a triannual basis, a critical activity to meet compliance and regulatory standards.
  • Oversaw development and operational support of a system to request, approve, and provision access requests. System performed over 20,000 requests per month with most requests automatically provisioned.
  • Developed and supported system to track critical HR transactions related to identity management needs. System automatically notified other systems to change access controls based upon employee transfers and terminations.

Web Group Leader

September 1999 to December 2005

Wachovia Corporation, Charlotte, NC
Led team of six professionals responsible for developing and maintaining customized web applications for Wachovia’s Human Resources Division.

Accomplishments:

  • Led team to develop, deploy and maintain HR Online. This internally built application provides employee self-service transactions, manager self-service transactions, job postings, HR Handbook, and corporate directory. Over 99% of the active employee population accessed the application. Over 25,000 users access the application on a daily basis. HR Online provides tremendous cost savings to the corporation by automatically processing transactions into the payroll system. System processes over 50,000 transactions and 8,500 job applications monthly. Application is available through Wachovia’s intranet as well as the Internet.
  • Developed application to send out targeted email to various population groups.
  • Developed real-time interface to synchronize corporate LDAP servers with HR data
  • Developed and maintain disaster recovery architecture and processes for applications

Senior Consultant

June 1998 to August 1999

Sybase, Inc., Atlanta, GA
Designed and developed Java solutions for a large national bank. These solutions enabled the bank to effectively manage employees and the company’s organizational structure. Other developed solutions supported the company’s intranet environment. These solutions involved design, development, and testing of Java applets and applications as well as database work with data modeling and performance & tuning. Teamed and mentored with bank employees to complete these projects. Taught Sybase’s Fast Track to Java and Rapid Application Development with PowerJ courses. Team leader of three consultants.


Software Engineer / Captain

June 1996 to June 1998

USAF - National Security Agency, Ft. Meade, MD
Led a seven-person database team. Designed, developed, and maintained a wide variety of database applications and automatic processing software using object-oriented and structured design methods. Applications and databases enabled the division to process mission critical data in a timely manner. Met regularly with customers to discuss requirements receive feedback on existing and developing systems. Organized and taught weekly sessions in such areas as HTML, CGI, Java, optimization, and usability to improve the knowledge of division personnel.


Software Process Engineer / First Lieutenant

May 1994 to May 1996

USAF - Space and Warning Systems Center, Peterson AFB, CO
Designed, developed, and maintained a database workflow application to track software changes, problems, and requests for large-scale military systems at NORAD. Insured the application helped the organization perform various key process areas of the SEI’s Capability Maturity Model. The application reduced maintenance costs through automated configuration control, reducing time to staff and analyze problems reports, tracking milestones, and eliminating change traceability problems.

Teaching Experience

Course Instructor / Adjunct Assistant Professor

  • Fall 2017 - CSC 515: Software Security (North Carolina State University)
  • Fall 2015 - CSC 515: Software Security (North Carolina State University)
  • Spring 2011 - CSC 116: Introduction to Computing - Java (North Carolina State University)
  • Summer 1993 - CSC 430: Software Engineering (University of Arizona)

Teaching Assistant

  • Fall 2010 - CSC 591: Software Security (North Carolina State University)
  • Spring 2010 - CSC 512: Compilers (North Carolina State University)
  • Fall 2009 - CSC 517: Object-Oriented Languages and Systems (North Carolina State University)
  • Fall 1993 - CSC 430: Software Engineering (University of Arizona)

Education

Ph.D., Computer Science, North Carolina State University, 2015. Advisor: Laurie Williams
M.S., Computer Science, University of Arizona, 1993
B.S., Mathematics, University of Notre Dame, 1992

Visualizations