Evaluation of User Specific Privacy Policy Architecture for Collaborative BPaaS on the Example of Logistics

Nowadays, collaboration between multiple companies along the supply chain is one of the key factors for ensuring sustainable success. Although this fact is known by almost all companies the actual collaboration is quite low because of the fear of losing sensitive and critical data to competitors. To solve this problem an architecture for modeling and execution of privacy preserved business processes and a privacy modeling approach have been developed. This paper evaluates both artifacts. The used method is framework for evaluation in design science (FEDS).

[1]  Mukesh Singhal,et al.  Collaboration in multicloud computing environments: Framework and security issues , 2013, Computer.

[2]  Rudy Hirschheim,et al.  Analysing information systems evaluation: another look at an old problem , 1998 .

[3]  Terje Gjøsæter,et al.  ViSPE: A Graphical Policy Editor for XACML , 2015, ICISSP.

[4]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[5]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[6]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[7]  Dongwen Wang,et al.  Development of a system framework for implementation of an enhanced role-based access control model to support collaborative processes , 2012 .

[8]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[9]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[10]  Jan Pries-Heje,et al.  FEDS: a Framework for Evaluation in Design Science Research , 2016, Eur. J. Inf. Syst..

[11]  Nora Cuppens-Boulahia,et al.  Data and Applications Security and Privacy XXVI , 2012, Lecture Notes in Computer Science.

[12]  D. Stufflebeam The CIPP Model for Evaluation , 2000 .

[13]  P. Black,et al.  Meanings and Consequences: a basis for distinguishing formative and summative functions of assessment? , 1996 .

[14]  Bogdan Franczyk,et al.  Secure service interaction for collaborative business processes in the inter-cloud , 2015, 2015 Federated Conference on Computer Science and Information Systems (FedCSIS).

[15]  Antonios Gouglidis,et al.  domRBAC: An access control model for modern collaborative systems , 2012, Comput. Secur..

[16]  Paul B. Kantor,et al.  Cross-Evaluation: A new model for information system evaluation , 2006 .

[17]  Robert E. Crossler,et al.  Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems , 2011, MIS Q..

[18]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[19]  Zahid Iqbal,et al.  Towards Semantic-Enhanced Attribute-Based Access Control for Cloud Services , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[20]  Le Xuan Hung,et al.  Evaluation of an Enhanced Role-Based Access Control model to manage information access in collaborative processes for a statewide clinical education program , 2014, J. Biomed. Informatics.

[21]  Jan Stage,et al.  Object-oriented Analysis and Design. , 1993 .

[22]  Bhavani M. Thuraisingham,et al.  Mandatory Access Control , 2009, Encyclopedia of Database Systems.

[23]  Le Xuan Hung,et al.  An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow , 2012, J. Biomed. Informatics.

[24]  Terje Gjøsæter,et al.  A scratch-based graphical policy editor for XACML , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).