112,554 research outputs found
A RISK BASED APPROACH FOR SELECTING SERVICES IN BUSINESS PROCESS EXECUTION
The vision of automated business processes within a service-oriented paradigm includes the flexible orchestration of IT services. Whenever alternative services are available for activities in an ITsupported business process, an automated decision is worth aspiring to. According to valueoriented management, this decision should be motivated economically and also requires taking account of risk. This paper presents a novel approach for assessing the risk of IT services, based on vulnerability information as can be obtained in the form of publicly available Common Vulnerability Scoring System (CVSS) data
Outsourcing and acquisition models comparison related to IT supplier selection decision analysis
This paper presents a comparison of acquisition models related to decision analysis of IT supplier selection. The main standards are: Capability Maturity Model Integration for Acquisition (CMMI-ACQ), ISO / IEC 12207 Information Technology / Software Life Cycle Processes, IEEE 1062 Recommended Practice for Software Acquisition, the IT Infrastructure Library (ITIL) and the Project Management Body of Knowledge (PMBOK) guide. The objective of this paper is to compare the previous models to find the advantages and disadvantages of them for the future development of a decision model for IT supplier selection
Stochastic Privacy
Online services such as web search and e-commerce applications typically rely
on the collection of data about users, including details of their activities on
the web. Such personal data is used to enhance the quality of service via
personalization of content and to maximize revenues via better targeting of
advertisements and deeper engagement of users on sites. To date, service
providers have largely followed the approach of either requiring or requesting
consent for opting-in to share their data. Users may be willing to share
private information in return for better quality of service or for incentives,
or in return for assurances about the nature and extend of the logging of data.
We introduce \emph{stochastic privacy}, a new approach to privacy centering on
a simple concept: A guarantee is provided to users about the upper-bound on the
probability that their personal data will be used. Such a probability, which we
refer to as \emph{privacy risk}, can be assessed by users as a preference or
communicated as a policy by a service provider. Service providers can work to
personalize and to optimize revenues in accordance with preferences about
privacy risk. We present procedures, proofs, and an overall system for
maximizing the quality of services, while respecting bounds on allowable or
communicated privacy risk. We demonstrate the methodology with a case study and
evaluation of the procedures applied to web search personalization. We show how
we can achieve near-optimal utility of accessing information with provable
guarantees on the probability of sharing data
Threats Management Throughout the Software Service Life-Cycle
Software services are inevitably exposed to a fluctuating threat picture.
Unfortunately, not all threats can be handled only with preventive measures
during design and development, but also require adaptive mitigations at
runtime. In this paper we describe an approach where we model composite
services and threats together, which allows us to create preventive measures at
design-time. At runtime, our specification also allows the service runtime
environment (SRE) to receive alerts about active threats that we have not
handled, and react to these automatically through adaptation of the composite
service. A goal-oriented security requirements modelling tool is used to model
business-level threats and analyse how they may impact goals. A process flow
modelling tool, utilising Business Process Model and Notation (BPMN) and
standard error boundary events, allows us to define how threats should be
responded to during service execution on a technical level. Throughout the
software life-cycle, we maintain threats in a centralised threat repository.
Re-use of these threats extends further into monitoring alerts being
distributed through a cloud-based messaging service. To demonstrate our
approach in practice, we have developed a proof-of-concept service for the Air
Traffic Management (ATM) domain. In addition to the design-time activities, we
show how this composite service duly adapts itself when a service component is
exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Planning and Scheduling of Business Processes in Run-Time: A Repair Planning Example
Over the last decade, the efficient and flexible management of business
processes has become one of the most critical success aspects. Furthermore, there
exists a growing interest in the application of Artificial Intelligence Planning and
Scheduling techniques to automate the production and execution of models of organization.
However, from our point of view, several connections between both
disciplines remains to be exploited. The current work presents a proposal for modelling
and enacting business processes that involve the selection and order of the
activities to be executed (planning), besides the resource allocation (scheduling),
considering the optimization of several functions and the reach of some objectives.
The main novelty is that all decisions (even the activities selection) are taken in
run-time considering the actual parameters of the execution, so the business process
is managed in an efficient and flexible way. As an example, a complex and representative
problem, the repair planning problem, is managed through the proposed
approach.Ministerio de Ciencia e InnovaciĂłn TIN2009-13714Junta de AndalucĂa P08-TIC-0409
- …