A Capability Model for Knowledge Protection

Literature on knowledge protection strongly focuses on the application of measures, widely neglecting the abilities of individual firms. A capability view on firms could help to answer the question of how well they can utilize different measures for protecting knowledge. Drawing on the resource-based view, this paper proposes the concept of protection capabilities and discusses how they could help firms to protect knowledge. Protection capabilities are conceptualized as a capability model that mirrors the identification, assimilation, and application capabilities as defined in the model of absorptive capacity. As a result, firms need to develop three types of capabilities: (1) concealment to protect their resources, (2) ambiguity to protect their capabilities and (3) enforcement to protect their business strategies. This paper discusses how each capability type reduces the risk of external organizations absorbing knowledge, and gives examples of what role IT plays in building each of the capability types

Semantic Information Assurance for Secure Distributed Knowledge Management: A Business Process Perspective

Secure knowledge management for eBusiness processes that span multiple organizations requires intraorganizational and interorganizational perspectives on security and access control issues. There is paucity in research on information assurance of distributed interorganizational eBusiness processes from a business process perspective. This paper presents a framework for secure semantic eBusiness processes integrating three streams of research, namely: 1) eBusiness processes; 2) information assurance; and 3) semantic technology. This paper presents the conceptualization and analysis of a secure semantic eBusiness process framework and architecture, and provides a holistic view of a secure interorganizational semantic eBusiness process. This paper fills a gap in the existing literature by extending role-based access control models for eBusiness processes that are done by using ontological analysis and semantic Web technologies to develop a framework for computationally feasible secure eBusiness process knowledge representations. An integrated secure eBusiness process approach is needed to provide a unifying conceptual framework to understand the issues surrounding access control over distributed information and knowledge resources

An interaction-based access control model (IBAC) for collaborative services

A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated

A Capability Model for Knowledge Protection

Abstract. Literature on knowledge protection strongly focuses on the application of measures, widely neglecting the abilities of individual firms. A capability view on firms could help to answer the question of how well they can utilize different measures for protecting knowledge. Drawing on the resource-based view, this paper proposes the concept of protection capabilities and discusses how they could help firms to protect knowledge. Protection capabilities are conceptualized as a capability model that mirrors the identification, assimilation, and application capabilities as defined in the model of absorptive capacity. As a result, firms need to develop three types of capabilities: (1) concealment to protect their resources, (2) ambiguity to protect their capabilities and (3) enforcement to protect their business strategies. This paper discusses how each capability type reduces the risk of external organizations absorbing knowledge, and gives examples of what role IT plays in building each of the capability types. Keywords: knowledge protection, capabilities, resource-based view, absorptive capacity, knowledge-based view Introduction Literature on knowledge protection strongly focuses on the application of formal and informal measures [1-3] mainly addressing the question of how effective can different protection measures be applied. Characteristics like firm siz

Design of an Integrated Role-Based Access Control Infrastructure for Adaptive Workflow Systems

With increasing numbers of organizations automating their business processes by using workflow systems, security aspects of workflow systems has become a heavily researched area. Also, most workflow processes nowadays need to be adaptive, i.e., constantly changing, to meet changing business conditions. However, little attention has been paid to integrating Security and Adaptive Workflow. In this paper, we investigate this important research topic, with emphasis on Role Based Access Control (RBAC) in Adaptive Workflow. Based on our earlier work on a 3-tier adaptive workflow architecture, we present the design of a similar 3-tier RBAC infrastructure, and we show that it conceptually mirrors our adaptive workflow architecture. We also describe the mappings between them, and we show how this mapping can be used to manage organizational RBAC constraints when the workflows are being adapted continuously. We illustrate our ideas throughout the paper with a simple yet non-trivial example

Diagnosis of Errors in Stalled Inter-Organizational Workflow Processes

Fault-tolerant inter-organizational workflow processes help participant organizations efficiently complete their business activities and operations without extended delays. The stalling of inter-organizational workflow processes is a common hurdle that causes organizations immense losses and operational difficulties. The complexity of software requirements, incapability of workflow systems to properly handle exceptions, and inadequate process modeling are the leading causes of errors in the workflow processes. The dissertation effort is essentially about diagnosing errors in stalled inter-organizational workflow processes. The goals and objectives of this dissertation were achieved by designing a fault-tolerant software architecture of workflow system’s components/modules (i.e., workflow process designer, workflow engine, workflow monitoring, workflow administrative panel, service integration, workflow client) relevant to exception handling and troubleshooting. The complexity and improper implementation of software requirements were handled by building a framework of guiding principles and the best practices for modeling and designing inter-organizational workflow processes. Theoretical and empirical/experimental research methodologies were used to find the root causes of errors in stalled workflow processes. Error detection and diagnosis are critical steps that can be further used to design a strategy to resolve the stalled processes. Diagnosis of errors in stalled workflow processes was in scope, but the resolution of stalled workflow process was out of the scope in this dissertation. The software architecture facilitated automatic and semi-automatic diagnostics of errors in stalled workflow processes from real-time and historical perspectives. The empirical/experimental study was justified by creating state-of-the-art inter-organizational workflow processes using an API-based workflow system, a low code workflow automation platform, a supported high-level programming language, and a storage system. The empirical/experimental measurements and dissertation goals were explained by collecting, analyzing, and interpreting the workflow data. The methodology was evaluated based on its ability to diagnose errors successfully (i.e., identifying the root cause) in stalled processes caused by web service failures in the inter-organizational workflow processes. Fourteen datasets were created to analyze, verify, and validate hypotheses and the software architecture. Amongst fourteen datasets, seven datasets were created for end-to-end IOWF process scenarios, including IOWF web service consumption, and seven datasets were for IOWF web service alone. The results of data analysis strongly supported and validated the software architecture and hypotheses. The guiding principles and the best practices of workflow process modeling and designing conclude opportunities to prevent processes from getting stalled. The outcome of the dissertation, i.e., diagnosis of errors in stalled inter-organization processes, can be utilized to resolve these stalled processes

Computer Supported Cooperative Work Applications for the Design of Buildings based on an integrated Building Model Management

Gegenstand der vorliegenden Arbeit ist die Konzeption und prototypische Umsetzung von Techniken des Computer Supported Cooperative Work (CSCW) im Rahmen einer integrierten objektorientierten und dynamischen Bauwerksmodellverwaltung zur Unterstützung der Bauwerksplanung. Die Planung von Bauwerken ist durch einen hohen Grad an Arbeitsteiligkeit, aber auch durch eine schwache Strukturierung der ablaufenden Prozesse gekennzeichnet. Besonders durch den Unikatcharakter des Planungsgegenstands \'Bauwerk\' ergeben sich signifikante Unterschiede zum Entwurf anderer, durch Serienfertigung produzierter Industriegüter. Zunehmend wird die Planung von Bauwerken in Virtual Enterprises ausgeführt, die sich durch eine dynamische Organisationsstruktur, geographische Verteilung der Partner, schwer normierbare Informationsflüsse und eine häufig stark heterogene informationstechnische Infrastruktur auszeichnen. Zur rechnerinternen Repräsent! ation des Planungsgegenstands haben sich objektorientierte Bauwerksmodelle bewährt. Aufgrund der Veränderlichkeit der Bauwerke und deren rechnerinterner Repräsentation im Laufe des Bauwerkslebenszyklus ist eine dynamische Anpassung der Modelle unumgänglich. Derartige in Form von Taxonomien dargestellte dynamische Bauwerksmodellstrukturen können gemeinsam mit den in Instanzform vorliegenden konkreten Projektinformationen in entsprechenden Modellverwaltungssystemen (MVS) gehandhabt werden. Dabei wird aufgrund der Spezialisierung und Arbeitsteilung im Planungsprozess von einer inhaltlich verknüpften Partialmodellstruktur, die räumlich verteilt sein kann, ausgegangen. Die vorgeschlagenen Methoden zur Koordinierung der Teamarbeit in der Bauwerksplanung beruhen auf der Nutzung von CSCW–Techniken für \'Gemeinsame Informationsräume\' und \'Workgroup Computing\', die im Kontext der als Integrationsbasis fungierenden Modellverwaltungssysteme umgesetzt werden. Dazu werden die zur d! ynamischen Bauwerksmodellierung erforderlichen Metaebenenfunk! tionalitäten sowie Ansätze zur Implementierung von Modellverwaltungskernen systematisiert. Ebenso werden notwendige Basistechniken für die Realisierung von MVS untersucht und eine Architektur zur rollenspezifischen Präsentation dynamischer Modellinhalte vorgestellt. Da klassische Schichtenmodelle nicht auf die Verhältnisse in Virtual Enterprises angewendet werden können, wird eine physische Systemarchitektur mit einem zentralen Projektserver, Domänenservern und Domänenclients vorgestellt. Ebenso werden Techniken zur Sicherung des autorisierten Zugriffs sowie des Dokumentencharakters beschrieben. Zur Unterstützung der asynchronen Phasen der Kooperation wird der gemeinsame Informationsraum durch Mappingtechniken zur Propagation und Notifikation von Änderungsdaten bezüglich relevanter Modellinformationen ergänzt. Zur Unterstützung synchroner Phasen werden Techniken zur Schaffung eines gemeinsamen Kontexts durch relaxierte WYSIWIS–Präsentationen auf Basis der Modellinformationen! verbunden mit Telepresence–Techniken vorgestellt. Weiterhin werden Methoden zur Sicherung der Group–Awareness für alle Kooperationsphasen betrachtet.The thesis covers the conceptual design and the prototypical realisation of Computer Supported Cooperative Work (CSCW)– techniques within the scope of an integrated, object-oriented, dynamic model management system for the support of building planning activities. The planning of buildings is characterised by a high degree of collaboration but by a weak structuring of the processes, too. Significant differences between the design of buildings and industrial goods produced by series production are implied by the uniqueness of a building. Increasingly, the planning of buildings is accomplished by Virtual Enterprises. These are characterised by a dynamic organisation structure, geographic dispersion of the involved planning experts, information flows, which are hard to standardise, and a frequently very heterogeneous information-technology infrastructure. Object oriented building models have proven to be a suitable base for! the binary representation of planning subject information. Due to the changeability of both building structures and their binary representation during the building life cycle, a dynamical adaptation of the models is indispensable. Dynamic building models, which are represented by taxonomic information, can be handled together with actual project information, which is stored in taxonomy instances within an appropriate model management system. Due to the specialisation and the division of labour in the planning process, a semantic linked but spatial distributed partial model structure is applied. The recommended methods for the coordination of teamwork in the planning process are based on the application of CSCW-techniques for \'Shared Information Spaces\' and \'Workgroup Computing\' in the context of model management systems acting as an foundation for planning information integration. The required meta level functionalities for dynamic building modelling and appropriate! implementation approaches for modelling kernels are systemat! ised. The necessary base techniques for the realisation of model management systems are explored. An architecture for the role specific presentation of dynamic model content is introduced, too. Due to the inadequacy of conventional multi-tier models for an application in Virtual Enterprises, an appropriate physical system architecture with a central project server, domain servers and domain clients is introduced. The thesis covers techniques, which ensure the authorised access to information and the authenticity of planning documents, too. For an adequate support of the asynchronous phases of collaboration, the Shared Information Space is supplied with mapping mechanisms for the propagation and user notification of changes in the relevant planning information. Synchronous collaboration can be performed by means of relaxed WYSIWIS-presentations connected with telepresence mechanisms in order to create a shared context for the planners. Furthermore, methods for the provis! ion of group-awareness for all co-operation phases are treated