Model-Driven Management of Internal Controls for Business Process Compliance

The thesis tackles the problem of high effort for achieving business process compliance to regulations in the area of Enterprise Risk Management. Common to these regulations are requirements on the presence of effective internal controls in companies. The level of automation with regard to translating compliance requirements into a set of internal controls and assuring the effectiveness of these controls during execution of business processes is raised thorugh a novel model-driven approach

Reference Capabilities for Flexible Memory Management: Extended Version

Verona is a concurrent object-oriented programming language that organises all the objects in a program into a forest of isolated regions. Memory is managed locally for each region, so programmers can control a program's memory use by adjusting objects' partition into regions, and by setting each region's memory management strategy. A thread can only mutate (allocate, deallocate) objects within one active region -- its "window of mutability". Memory management costs are localised to the active region, ensuring overheads can be predicted and controlled. Moving the mutability window between regions is explicit, so code can be executed wherever it is required, yet programs remain in control of memory use. An ownership type system based on reference capabilities enforces region isolation, controlling aliasing within and between regions, yet supporting objects moving between regions and threads. Data accesses never need expensive atomic operations, and are always thread-safe.Comment: 87 pages, 10 figures, 5 listings, 4 tables. Extended version of paper to be published at OOPSLA 202

Broadening the Scope of Security Usability from the Individual to the Organizational : Participation and Interaction for Effective, Efficient, and Agile Authorization

Restrictions and permissions in information systems -- Authorization -- can cause problems for those interacting with the systems. Often, the problems materialize as an interference with the primary tasks, for example, when restrictions prevent the efficient completing of work and cause frustration. Conversely, the effectiveness can also be impacted when staff is forced to circumvent the measure to complete work -- typically sharing passwords among each other. This is the perspective of functional staff and the organization. There are further perspectives involved in the administration and development of the authorization measure. For instance, functional staff need to interact with policy makers who decide on the granting of additional permissions, and policy makers, in turn, interact with policy authors who actually implement changes. This thesis analyzes the diverse contexts in which authorization occurs, and systematically examines the problems that surround the different perspectives on authorization in organizational settings. Based on prior research and original research in secure agile development, eight principles to address the authorization problems are identified and explored through practical artifacts

Deep Underground Science and Engineering Laboratory - Preliminary Design Report

The DUSEL Project has produced the Preliminary Design of the Deep Underground Science and Engineering Laboratory (DUSEL) at the rehabilitated former Homestake mine in South Dakota. The Facility design calls for, on the surface, two new buildings - one a visitor and education center, the other an experiment assembly hall - and multiple repurposed existing buildings. To support underground research activities, the design includes two laboratory modules and additional spaces at a level 4,850 feet underground for physics, biology, engineering, and Earth science experiments. On the same level, the design includes a Department of Energy-shepherded Large Cavity supporting the Long Baseline Neutrino Experiment. At the 7,400-feet level, the design incorporates one laboratory module and additional spaces for physics and Earth science efforts. With input from some 25 science and engineering collaborations, the Project has designed critical experimental space and infrastructure needs, including space for a suite of multidisciplinary experiments in a laboratory whose projected life span is at least 30 years. From these experiments, a critical suite of experiments is outlined, whose construction will be funded along with the facility. The Facility design permits expansion and evolution, as may be driven by future science requirements, and enables participation by other agencies. The design leverages South Dakota's substantial investment in facility infrastructure, risk retirement, and operation of its Sanford Laboratory at Homestake. The Project is planning education and outreach programs, and has initiated efforts to establish regional partnerships with underserved populations - regional American Indian and rural populations

Exploring the Work of K-12 Interpreters at One School for the Deaf

Emergent signers are Deaf students with a spoken language foundation who are learning within educational environments where ASL is the shared and dominant language. Emergent signers’ growing presence within Deaf school classrooms has created a new opportunity in educational interpreting research because they require spoken language interpreting services while learning within these settings. Interpreting is produced primarily from ASL to spoken English. This pilot case study illuminates the factors that influence interpreters’ decision-making in an ASL-dominant K-12 educational setting, at one school for the Deaf. Furthermore, the study documents strategies used by interpreters in response to those factors. This project’s methodology includes observations and field notes, video footage of interpreters at work, and filmed video elicitation interviews. Three interpreters participated, whose voices were prioritized in the quantitative data. Results are categorized with Smith’s (2013) three overarching aims of educational interpreters. Findings indicate that the highly visual nature of ASL-dominant classroom, particularly during ‘question and answer’ times generate unique factors that influence interpreters’ strategic decision-making. Implications of the study suggest that educational interpreters must be trained to evaluate and prioritize in their moment-to-moment decisions

SLA-Driven Governance of RESTful Systems

The Software as a Service (SaaS) paradigm has become entrenched in the industry as a deployment model, bringing flexibility to the customers and a recurring revenue to the business. The main architectural paradigm of SaaS systems is the service-oriented one since it provides numerous advantages in terms of elasticity, fault tolerance, and flexible architectural design. Currently, the RESTful paradigm, a layer of abstraction on the server created by defining resources and entities that can be accessed by means of a URI, is the preferred choice for the construction of SaaS, as it promotes the deployment, isolation and integration of microservices through APIs. Nowadays, APIs are regarded as a new form of business product and ever more organizations are publicly opening up access to their APIs as a way to create new business opportunities. In the same way, other organizations also consume a number of third-party APIs as part of their business. We henceforth define the concept of a RESTful System as an information system following the RESTful paradigm to shape the integration model between both its own components as well as other information systems. Furthermore, understanding governance as the way in which a component is directed and controlled, in RESTful Systems, those components will be the RESTful APIs and what we aim to control or regulate is their behavior (i.e., how an API is being consumed or provided). As APIs are increasingly regarded as business products, a crucial activity is to describe the set of plans (i.e., the pricing) that depicts the functionality and performance being offered to clients. API providers usually define certain limitations in each instance of a plan (e.g., quotas and rates); for example, a free plan might be limited to having one hundred monthly requests, and a professional plan to have five hundred monthly requests. However, although API providers use the Service Level Agreement (SLA) concept to delimit the functionality and guarantees to which they commit to their customers, there is no standard model used by API providers for modeling API pricing (including the plans and limitations). Although some providers do model the information regarding the API pricing and API limitations with an ad hoc approach, there is no widely accepted model in the industry. Wherefore answering questions regarding API limitations (e.g., determining whether or not a certain pricing is valid) is still a manual or non-interoperable process coming along with some inconveniences (being tedious, time-consuming, error-prone, etc.). Understating governance as to how a system is directed and controlled, we translate this concept to meet the SLA-driven approach: we consider the SLA (i.e., API pricing) as the element that will drive the directions, policies and rules to deliver and maintain the RESTful System. Adding the SLA to the idea of governance of RESTful systems leads to the main hypothesis of this dissertation: there is no well-established model for describing API pricings)in RESTful systems, which is hindering the automatic SLA-Driven governance. We claim the main goal of this thesis to be: the creation of an expressive, fully-fledged specification of SLAs for RESTful APIs endorsed with an open ecosystem of tools aimed at the SLA-Driven Governance of RESTful systems. The results of this endeavor are twofold: (I) Creation of a sufficiently expressive specification for the description of API pricings and the analysis of their validity. This comprises: (i) conducting an analysis of real-world APIs to evaluate the characteristics of the API pricings and limitations; (ii) identifying the relevance of SLAs in APIs in both academic and industrial scenarios; (iii) proposing a comprehensive model for describing API pricings; (iv) defining analysis operations for common questions regarding the validity in API pricings and limitations; (v) performing an evaluation of the model in real-world APIs. (II) Implementation of an ecosystem of tools to support the SLA-Driven governance of RESTful APIs. This includes: (i) developing a set of API governance tools; (ii) implementing a validity analysis operation; (iii) performing a validation of the tools and operations in realistic scenarios. In this thesis, we present the Governify4APIs ecosystem as the set comprised of (i) a model aimed at describing API pricings that is closely aligned with industry standards in APIs (OpenAPI Specification) and (ii) a set of companion tools for enacting the automatic governance using our specification, ranging from low-level validation tasks to SaaS solutions based on our model. Governify4APIs is, therefore, a fully-fledged specification, aligned with the mainstream standards and intended to enable an SLA-Driven Governance of RESTful Systems.El paradigma del software como servicio (SaaS) se ha afianzado en la industria como modelo de despliegue, aportando flexibilidad a los clientes y unos ingresos constantes a las organizaciones. El principal paradigma arquitectónico de los sistemas SaaS es la arquitectura orientada a servicios, ya que proporciona numerosas ventajas en términos de elasticidad, tolerancia a fallos y diseño flexible. RESTful, una capa de abstracción sobre el servidor creada mediante la definición de recursos y entidades a las que se puede acceder mediante una URI, es la opción preferida para la construcción de SaaS, ya que promueve el despliegue, el aislamiento y la integración de microservicios a través de APIs. Hoy en día, las APIs se consideran una nueva forma de producto empresarial y cada vez más organizaciones abren públicamente el acceso a sus APIs como forma de crear nuevas oportunidades de negocio. Del mismo modo, otras organizaciones también consumen una serie de APIs de terceros como parte de su negocio. A partir de ahora definimos el concepto de Sistema RESTful como un sistema de información que sigue el paradigma RESTful para conformar el modelo de integración tanto entre sus propios componentes como con otros sistemas de información. Además, entendiendo gobierno como la forma en que se dirige y controla un componente, en los sistemas RESTful, esos componentes serán las APIs RESTful y lo que pretendemos controlar o regular es su comportamiento (es decir, cómo se está consumiendo o proporcionando una API). Dado que las APIs están, cada vez más, siendo consideradas como productos comerciales, una actividad crucial es describir el conjunto de planes (es decir, el pricing) que describe la funcionalidad y el rendimiento que se ofrece a los clientes. Los proveedores de API suelen definir ciertas limitaciones en cada instancia de un plan (por ejemplo, quotas y rates); por ejemplo, un plan gratuito podría estar limitado a tener cien peticiones mensuales, y un plan profesional a tener quinientas peticiones mensuales. Sin embargo, aunque los proveedores de APIs utilizan el concepto de Acuerdo de Nivel de Servicio (SLA) para delimitar la funcionalidad y las garantías a las que se comprometen con sus clientes, no existe ningún modelo estándar usado por los proveedores para modelar el pricing de las API (incluyendo los planes y limitaciones). Aunque algunos proveedores modelan la información relativa a los pricings y las limitaciones de las APIs con un enfoque ad hoc, no existe un modelo ampliamente aceptado en el sector. Por lo tanto, responder a las preguntas relativas a las limitaciones de la APIs (por ejemplo, determinar si un determinado pricing es válido o no) sigue siendo un proceso manual o no interoperable, cosa que conlleva algunos inconvenientes (es tedioso, consume tiempo, es propenso a errores, etc.). Entendiendo el gobierno como la forma de dirigir y controlar un sistema, podemos traducir este concepto teniendo en cuenta el SLA, esto es, consideramos este elemento como aquel sobre el que se realiza la dirección, políticas y reglas para entregar y mantener el sistema RESTful. Añadir el concepto SLA a esa idea de gobierno de sistemas RESTful nos lleva a la hipótesis principal de esta tesis: no existe un modelo bien establecido para describir los SLAs (o pricing) en los sistemas RESTful, lo que está dificultando el gobierno automático. Es, por tanto, el objetivo principal de esta tesis la creación de una especificación expresiva y completa de SLAs para APIs RESTful, respaldada por un ecosistema abierto de herramientas orientadas al gobierno de sistemas RESTful dirigido por SLAs. Los resultados principales han sido: (I) Creación de una especificación suficientemente expresiva para la descripción de los pricings de la API y el análisis de su validez. Esto comprende: (i) realizar un análisis de APIs del mundo real para evaluar las características de los pricings y limitaciones de las APIs; (ii) identificar la relevancia de los SLAs en las APIs tanto en escenarios académicos como industriales; (iii) proponer un modelo completo para describir los pricings de las APIs; (iv) definir operaciones de análisis para preguntas comunes sobre la validez en los pricings y limitaciones de las APIs; (v) realizar una evaluación del modelo en APIs del mundo real. (II) Implementación de un ecosistema de herramientas para apoyar la gobernanza SLA-Driven de las APIs RESTful. Esto incluye: (i) desarrollar un conjunto de herramientas de gobierno de APIs; (ii) implementar una operación de análisis de validez; (iii) realizar una validación de las herramientas y operaciones en escenarios realistas. En esta tesis, presentamos el ecosistema Governify4APIs como el conjunto compuesto por (i) un modelo destinado a describir los pricings de las APIs y alineado estrechamente con los estándares de la industria (OpenAPI) y (ii) un conjunto de herramientas complementarias para el gobierno automático utilizando este modelo, que van desde tareas de validación hasta soluciones SaaS. Por lo tanto, Governify4APIs es una especificación acompañada de todo lo necesario, alineada con los estándares industriales y destinada a permitir un gobierno de sistemas RESTful dirigidos por SLAs

FROM FLIGHT LINES TO HEADLINES: HARNESSING TACTICAL AIR FORCE INFORMATION WARFARE FOR STRATEGIC EFFECTS

The current United States Air Force (USAF) information operations (IO) force posture, which operates predominately at the operational level with a small portion integrated at the tactical level within Special Operations Wings (SOW), is not distributed to effectively exploit the informational aspects of military activities. This research highlights the criticality of integrating IO officers across the levels of warfare, emphasizing their potential in conventional tactical units. This research analyzes the untapped synergy of IO, Agile Combat Employment (ACE), and air advising and finds that their integration demonstrates how integrated deterrence can be operationalized. Moreover, the study reveals discrepancies between doctrinal prescriptions and operational realities, which have led to impractical and occasionally inaccurate interpretations of how IO is employed in practice. In response, this research recommends revising the roles and functions of IO officers to align more closely with operational realities. Finally, the research advocates instilling an IO practitioner mindset across the force, emphasizing the significance of cognitive resilience—the capacity to counter foreign malign influence—as a fundamental function of IO. These recommendations aim to fortify the USAF’s tactical integration of IO, ensuring a more dynamic and resilient force capable of addressing the complexities of modern conflict.Approved for public release. Distribution is unlimited.Captain, United States Air Forc

Organizational Learning Through Disruptive Digital Innovation. A Blockchain Implementation

Organizational learning and management are at a transition point because of the shift in disruptive digital innovations (DDI). Organizing axioms are challenged or fundamentally changed by the nature of innovation (Nambisan, Lyytinen, Majchrzak, & Song, 2017). There is widespread recognition that investing in organizational learning drives change and innovation (Linares, 2017). The early research examined DDI and the factors that enable or inhibit it. However, there is a limited amount of research on the relationship between DDI and organizational learning. More specifically, research that is conducted to understand the theoretical relationship between organizational learning and DDI is needed. The phenomenon has been studied in the rich context of information technology (IT) and supply chain management (SCM). In this research, a single case study approach is used to examine single- and double-loop learning. IT organizations use DDI to remain practical in a dynamic environment. In the present study, the DDI framework is used to illustrate how organizational learning is facilitated. Recommendations are offered on how IT organizations could enhance organizational learning to improve project implementation and delivery related to disruptive digital innovation

Multimodalities in Metadata: Gaia Gate

Metadata is information about objects. Existing metadata standards seldom describe details concerning an object’s context within an environment; this thesis proposes a new concept, external contextual metadata (ECM), examining metadata, digital photography, and mobile interface theory as context for a proposed multimodal framework of media that expresses the internal and external qualities of the digital object and how they might be employed in various use cases. The framework is binded to a digital image as a singular object. Information contained in these ‘images’ can then be processed by a renderer application to reinterpret the context that the image was captured, including non-visually. Two prototypes are developed through the process of designing a renderer for the new multimodal data framework: a proof-of-concept application and a demonstration of ‘figurative’ execution (titled ‘Gaia Gate’), followed by a critical design analysis of the resulting products