Toward Value-Based Control of Knowledge Sharing in Networked Services Design
The notion of cooperative, service-based processes is a crucial one for achieving high flexibility in designing and deploying inter-organizational business applications. However, inter-organizational business processes are known to be prone to a number of security risks. Research on secure distributed computing has traditionally focused on attacks delivered by outsiders; but a major source of risk for business processes is hostile or dysfunctional behaviour of insiders. In particular, the sharing of knowledge that inevitably takes place in cooperative business processes is a major source of risk, as selfish or malicious actors can extract knowledge from the process' information flows they have access to and use it for their own advantage. This disclosure risk depends on the specific business process and on the value of disclosed information, which changes over time. In this work, we outline the definition of a framework supporting process-driven assessment of information value and value-based definition of a disclosure risk: this framework enables process designers to dynamically compute orchestrations that minimize the risk of knowledge disclosure while minimizing the orchestration's own cost, in the presence of changing information value and both rational and malicious actors. (original abstract)
- Aiyer A.S., Alvisi L., Clement A., Dahlin M., Martin J., Porth C. (2005), BAR fault tolerance for cooperative services, [in:] Proceedings of SIGOPS, Operational Systems Review, Vol. 39, No. 5, pp. 45-58.
- Anderson R., Moore T. (2006), The economics of information security, Science, Vol. 314, No. 5799, pp. 610-613.
- Arrow K.J. (1974), The Limits of Organization, Norton and Co., New York.
- Backes M., Pfitzmann B., Waidner M. (2003), Security in business process engineering, [in:] Proceedings of the International Conference on Business Process Management, 2003 (BPM2003), Lecture Notes in Computer Science (LNCS), Vol. 2678, pp. 168-183.
- Barney J., Wright M., Kctchen Jr D.J. (2001), The resource-based view of the firm: Ten years after 1991, Journal of Management, Vol. 27, No. 6, pp. 625-641.
- Conner K.R. (1991), A historical comparison of resource-based theory and five schools of thought within industrial organization economics: Do we have a new theory of the firm?, Journal of Management, Vol. 17, No. I, pp. 121-154.
- Conner K.R., Prahalad C.K. (1996), A resource-based theory of the firm: knowledge versus opportunism, Organization Science, Vol. 7, No. 5, pp. 477-501.
- Damiani E. (2009), Risk-aware collaborative processes, [in:] ICEIS 2009 Proceedings of the 11th International Conference on Enterprise Information Systems (DISI, Milan, Italy, 2009), pp. 29-29.
- Damiani E., De Capitani Di Vimercati S., Paraboschi D., Samarati P. (2003), Managing and Sharing Servents' Reputations in P2P Systems, IEEE Transactions on Knowledge and Data Engineering, Vol. 15, No. 4, pp. 840-854.
- Demsetz H. (1988), The theory of the firm revisited, Journal of Law Economics and Organization, Vol.4, No. I, pp. 141-162.
- Fernandez A., Lopez L., Santos A., Georgiou C. (2006), Reliably executing tasks in the presence of untrusted entities, [in:] Proceedings of 25th IEEE Symposium on Reliable Distributed Systems (IEEE Computer Society 2006), pp. 39-50.
- Fernandez A., Georgiou Ch., Mosteiro M.A. (2008), Designing mechanisms for reliable Internet-based computing, [in:] Seventh IEEE International Symposium on Network Computing and Applications, 2008, NCA '08 (IEEE Computer Society), pp. 315-324.
- Foss N.J. (1996), Knowledge-based approaches to the theory of the firm: Some critical comments, Organization Science, Vol. 7, No. 5, pp. 470-476.
- Gairing M. (2008), Malicious Bayesian congestion games, [in:] Proceedings of' WAOA 2008, Lecture Notes in Computer Science (LNCS), Vol. 5426 (2009). pp. 119-132.
- Gemmer A. (1997), Risk management: Moving beyond process, Computer, Vol. 30, pp. 33-43.
- Heiman B., Nickerson J.A. (2002), Towards reconciling transaction cost economics and knowledge- based view of the firm: The context of interfirm collaboration, International Journal of the Economics of Business, Vol. 9, No. 1, pp. 97-116.
- Kerschbaum F, Robinson P. (2009), Security architecture for virtual organizations of business web services, Journal of Systems Architecture Embedded Systems Design, Vol. 55, No. 4, pp. 224-232.
- Kogut B., Zander U. (1992), Knowledge of the firm, combinative capabilities and the replication of technology, Organization Science, Vol. 3, No. 3, pp. 383-397.
- Kogut B., Zander U. (1996), What firms do? Coordination, identity, and learning, Organization Science, Vol. 7, No. 5, pp. 502-518.
- Konwar K.M., Rajasckaran S., Shvartsman A.A. (2006), Robust network supercomputing with malicious processes, [in:] Proceedings of DISC 2006, Lecture Notes in Computer Science (LNCS), Vol.4167, pp. 474-488.
- Kreps D.M., Milgrom P., Roberts J., Wilson R. (1982), Rational cooperation in the finitely repeated Prisoner's Dilemma, Journal of Economic Theory, Vol. 27, pp. 245-252.
- Mailath G., Samuelson L. (2006), Repeated Games and Reputations: Long-run Relationships, Oxford University Press, Oxford.
- MoscibrodaT., Schmid S., Wattenhofer R. (2006), When selfish meets evil: Byzantine players in a virus inoculation game, [in:] Proceedings of the Twenty-Fifth Annual ACM Symposium on Principles of Distributed Computing (2006) (ACM, New York, NY), pp. 35-44.
- Nahapict J., Ghoshal S. (1998), Social capital, intellectual capital, and organizational advantage, Academy of Management Review, Vol. 23, pp. 242-266.
- Nash J.F. ( 1950), Equilibrium points in n-person games, Proceedings of National Academy of Sciences of the United States of America, Vol. 36, No. 1, pp. 48-49.
- Penrose E.G. (1959), The Theory of the Growth of the Firm, Wiley, New York.
- Shneidman J., Parkes D.C. (2003), Rationality and self-interest in P2P networks, [in:] Proceedings of the Second International Workshop on Peer-to-Peer Systems (IPTPS 2003), Lecture Notes in Computer Science (LNCS), Vol. 2735, pp. 139-148.
- Szabó G., Fáth G. (2007), Evolutionary games on graphs, Physics Reports, Vol. 446, pp. 97-216.
- Werncrfclt B. (1984), A resource-based view of the firm. Strategic Management Journal, Vol. 5, No. 2, pp. 171-180.
- Williamson O.E. (1999), Strategy research: Governance and competence perspectives, Strategic Management Journal, Vol. 20, No. 12 (Dec., 1999), pp. 1087-1108.
- Wolter Ch., Schaad A. (2007), Modelling of task-based authorization constraints in BPMN, [in:] Proceedings of the International Conference on Business Process Management, 2007, Lecture Notes in Computer Science (LNCS), Vol. 4714, pp. 64-79.
- Yurkewych M., Levine B.N., Rosenberg A.E. (2005), On the cost-ineffectiveness of redundancy in commercial P2P computing, [in:] Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, (ACM), pp. 280-288.