skip to main content


Search for: All records

Creators/Authors contains: "Kim, I."

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Digital content services provide users with a wide range of content, such as news, articles, or movies, while monetizing their content through various business models and promotional methods. Unfortunately, poorly designed or unpro- tected business logic can be circumvented by malicious users, which is known as business flow tampering. Such flaws can severely harm the businesses of digital content service providers. In this paper, we propose an automated approach that discov- ers business flow tampering flaws. Our technique automatically runs a web service to cover different business flows (e.g., a news website with vs. without a subscription paywall) to collect execution traces. We perform differential analysis on the execution traces to identify divergence points that determine how the business flow begins to differ, and then we test to see if the divergence points can be tampered with. We assess our approach against 352 real-world digital content service providers and discover 315 flaws from 204 websites, including TIME, Fortune, and Forbes. Our evaluation result shows that our technique successfully identifies these flaws with low false-positive and false- negative rates of 0.49% and 1.44%, respectively. 
    more » « less
    Free, publicly-accessible full text available July 1, 2024
  2. We use Kremser and Blagoev’s [1] role-routine ecology to theorize about the effects of concurrency in complex service organizations, such as outpatient medical clinics. In a typical clinic, teams of specialized individuals serve multiple clients at the same time. There can be concurrency within a patient visit (a technician may be preparing for a procedure while the doctor talks to the patient) and concurrency between patient visits (multiple patients being treated in the clinic). Using data from electronic health records, we estimate the effects of concurrency within and between patient visits on the duration of patient visits in a set of dermatology clinics. As expected, we find that concurrency within patient visits is associated with reduced duration, while concurrency between visits is associated with increased duration. We discuss the implication of these findings for process mining and discovery of process models in organizations where process instances are not independent. 
    more » « less
  3. Free, publicly-accessible full text available October 1, 2024
  4. null (Ed.)
    Using data from the audit trail of an electronic medical record system, we examine the effects of a disruption on the clinical documentation process. We use process mining to construct a network that describes the process and then we use a latent factor selection model to analyze changes to that network. Rather than attempting to discover a particular process model, our goal is to identify theory-based factors that explain change and stability in the overall pattern of actions. We conduct the analysis at two levels of granularity and we compare time periods with and without disruption. The paper contributes to current research on routine dynamics as network dy-namics by demonstrating the use of network science to predict the structure of an organizational routine. 
    more » « less
  5. Free, publicly-accessible full text available April 1, 2024