Ziyi Su

Toward Comprehensive Security Policy Governance in Collaborative Enterprise

The lack of trust among software services spanning multiple organisations and the rather poor adaptability level of the current security policies are often seen as braking forces to collaborative-enterprise development. Removing this impediment involves re-thinking the security policy according to “due usage” requirements and setting security enforcement and regulations according to both the due usage and the runtime environment. This paper analyzes the nature of secured assets exchange management in collaborative enterprise, describing the assets sharing patterns and, accordingly, ‘sub-context’ partition method. Resource protection can be done by applying a ‘collaborative usage control policy model’ on each ‘sub-context’ to manage “due usage” control during service/information aggregation. In this way, a compendious but comprehensive security governance for collaborative enterprise is achieved.

A Governance Framework for Mitigating Risks and Uncertainty in Collaborative Business Processes

The development of collaborative business process relies mostly on software services spanning multiple organizations. Therefore, uncertainty related to the shared assets and risks of Intellectual Property infringement form major concerns and hamper the development of inter-enterprise collaboration. This paper proposes a governance framework to enhance trust and assurance in such collaborative context, coping with the impacts of Cloud infrastructure. First, a collaborative security requirements engineering approach analyzes assets sharing relations in business process, to identify risks and uncertainties and, therefore, elicits partners’ security requirements and profiles. Then, a ‘due usage’ aware policy model supports negotiation between asset provider’s requirements and consumer’s profiles. The enforcement mechanism adapts to dynamic business processes and Cloud infrastructures to provide end-to-end protection on shared assets.

Toward architectural and protocol-level foundation for end-to-end trustworthiness in Cloud/Fog computing

With Cloud/Fog Computing being a paradigm combination of IoT context and Edge Computing extended with Cloud/Fog, business process in it involves dataflows among multilayers and multi-nodes, possibly provided by multi-organizations. Achieving end-to-end trustworthiness over the whole dataflow in such a Cloud/Fog Computing context is a challenging issue, nonetheless a necessary pre-condition for a successful business process on intra-/inter- organizational level. This paper investigates technical conundrums related to this target and proposes a policy-based approach for trustworthiness governance. An architectural layout is proposed with according modules, by carrying out two methodologies. One resides in tracing data derivation and maintaining security-level over the whole dataflow, handling data aggregation with several protocols. The other is to express data owner trustworthiness requirements with an enhanced attribute-based access control policy model and to evaluate data accessing nodes’ trustworthiness-related properties. Experiments show that processing time per attribute pair drops as the scales of policies increase, suggesting good scaling property of the system.

Collaboration-oriented information flow analysis and control for Mobile Cloud

This paper presents a functional design of a ‘information flow analysis’ service that provides information/data owner with a explicit and end-to-end provenance recording of information/data usage and redissemnation among entities in a collaborative context of Mobile Cloud. The core idea is to identify data exchanged among nodes in the business process. BPEL-defined business process is used as a study case. Experiments show the service to scale well with complex processes and to have trivial performance impact when deployed with an orchestration service.

Owner-stipulated data security and privacy for data accessing in Mobile Cloud context

A security principle in the collaborative Mobile Cloud contexts is that data recipients to gain owners approval for usage and redissemination of digital object shared and merged in transactions/interactions. This paper presents a system for Mobile Cloud scenarios that enabling owners to stipulate data security and privacy level in the data sharing interactions. During data/information redissemination among Mobile Cloud entities, their security attributes are collected, attested and evaluated upon data owners security policies, to decide an entitys eligibility for accessing merged data. Implementation and performance experimentation is conducted.

Foundation for Fine-Grained Security and DRM Control Based on a Service Call Graph Context Identification

Maintaining service/data providers’ protection requirements in a dynamic service composition context requires a collaborative business process slicing method to capture the assets derivation pattern. Based on a brief discussion of sub-context modes in collaborative enterprise scenarios, we propose a service composition context identification method with Service Call Graph (SCG) model, extending the System Dependency Graph, to describe dependencies among partners in a business process. This graph is then analyzed to group partners into sub-context thanks to asset-based and request-based slicing strategies. By this way, downstream consumers’ security profile can be compared with upstream asset providers’ policies so that security requirements can be fulfilled.