The notion of cooperative, service-based processes is a crucial one for achieving high flexibility in designing and deploying inter-organizational business applications. However, inter-organizational business processes are known to be prone to a number of security risks. Research on secure distributed computing has traditionally focused on attacks delivered by outsiders; but a major source of risk for business processes is hostile or dysfunctional behaviour of insiders. In particular, the sharing of knowledge that inevitably takes place in cooperative business processes is a major source of risk, as selfish or malicious actors can extract knowledge from the process’ information flows they have access to and use it for their own advantage. This disclosure risk depends on the specific business process and on the value of disclosed information, which changes over time. In this work, we outline the definition of a framework supporting process-driven assessment of information value and value-based definition of a disclosure risk: this framework enables process designers to dynamically compute orchestrations that minimize the risk of knowledge disclosure while minimizing the orchestration’s own cost, in the presence of changing information value and both rational and malicious actors.
Damiani, E., Gianini, G., Kerschbaum, F., Pibernik, R. (2009). Toward value-based control of knowledge sharing in networked service design. In Advanced Information Technologies for Management – AITM 2009 (pp.51-65). Wroclaw : Publishing House of the Wrocław University of Economics.
Toward value-based control of knowledge sharing in networked service design
Gianini, G;
2009
Abstract
The notion of cooperative, service-based processes is a crucial one for achieving high flexibility in designing and deploying inter-organizational business applications. However, inter-organizational business processes are known to be prone to a number of security risks. Research on secure distributed computing has traditionally focused on attacks delivered by outsiders; but a major source of risk for business processes is hostile or dysfunctional behaviour of insiders. In particular, the sharing of knowledge that inevitably takes place in cooperative business processes is a major source of risk, as selfish or malicious actors can extract knowledge from the process’ information flows they have access to and use it for their own advantage. This disclosure risk depends on the specific business process and on the value of disclosed information, which changes over time. In this work, we outline the definition of a framework supporting process-driven assessment of information value and value-based definition of a disclosure risk: this framework enables process designers to dynamically compute orchestrations that minimize the risk of knowledge disclosure while minimizing the orchestration’s own cost, in the presence of changing information value and both rational and malicious actors.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
