Composition and combination‐based object trust evaluation for knowledge management in virtual organizations

Purpose – This paper aims to develop a framework for object trust evaluation and related object trust principles to facilitate knowledge management in a virtual organization. It proposes systematic methods to quantify the trust of an object and defines the concept of object trust management. The study aims to expand the domain of subject trust to object trust evaluation in terms of whether an object is correct and accurate in expressing a topic or issue and whether the object is secure and safe to execute (in the case of an executable program). By providing theoretical and empirical insights about object trust composition and combination, this research facilitates better knowledge identification, creation, evaluation, and distribution. Design/methodology/approach This paper presents two object trust principles – trust composition and trust combination. These principles provide formal methodologies and guidelines to assess whether an object has the required level of quality and security features (hence it is trustworthy). The paper uses a component‐based approach to evaluate the quality and security of an object. Formal approaches and algorithms have been developed to assess the trustworthiness of an object in different cases. Findings The paper provides qualitative and quantitative analysis about how object trust can be composed and combined. Novel mechanisms have been developed to help users evaluate the quality and security features of available objects. Originality/value This effort fulfills an identified need to address the challenging issue of evaluating the trustworthiness of an object (e.g. a software program, a file, or other type of knowledge element) in a loosely‐coupled system such as a virtual organization. It is the first of its kind to formally define object trust management and study object trust evaluation

Malicious Users’ Transactions: Tackling Insider Threat

Part 5: Database SecurityInternational audienceThis paper investigates the issues of malicious transactions by insiders in database systems. It establishes a number of rule sets to constrain the relationship between data items and transactions. A type of graph, called Predictive Dependency Graph, has been developed to determine data flow patterns among data items. This helps in foretelling which operation of a transaction has the ability to subsequently affect a sensitive data item. In addition, the paper proposes a mechanism to monitor suspicious insiders’ activities and potential harm to the database. With the help of the Predictive DependencyGraphs, the presented model predicts and prevents potential damage caused by malicious transactions