Conference Tutorials

 

Security Issues in Virtual Organisations by Abdelmalek Benzekri

Abstract:

Recently, Virtual Organizations were the focus of different research axes (business, social and human aspects, infrastructure, networking…). Many definitions may be found in the literature where there is not a clear-cut definition of what a VO is.

Early definitions focus on business and human collaboration within the virtual organization which is a set of “Independent individuals from different organizations who realize together a project or a common economic activity…”

Recent ones reflect the emergent technologies influence where a VO is seen as “Temporary networks of independent companies linked by information technology that share competencies, infrastructure and business processes, with the purpose to fulfil a specific market requirement”.

Then the virtual organization is a conversion point between two axes:

-         Business needs: Market and cost pressure which obliges enterprises in various industries to focus their investments on their core competencies while outsourcing supporting processes to partners. This necessitates an aggregation of core competencies within a virtual organization to grab a good market opportunity.

-         Information technology advancement:  the information technology offers a flexible environment over which collaboration spaces may be built. Virtual Private Networks and Grid technologies are examples of collaboration spaces. VPN constitutes simply a secure connectivity infrastructure when compared to the Grid which offers more services like resources sharing, dynamic allocation and coordination at the different partners’ sites.

Creating a virtual organization encompasses multiple issues starting by business process modelling and discovery of potential partners. The main challenge is to achieve a common understanding among the different partners concerning their relationships, responsibilities and tasks within the structure. Solutions based on ontologies or model-based can be employed to achieve common understanding.

Considering a Grid infrastructure, the understanding extends also to the different services and resources (attributes, composition, constraints, access points…) to be interconnected and employed to ensure the achievement of the business needs.

This should be reflected in an access control policy that specifies the subjects authorized to do certain activities on the available resources in certain conditions. Policy expression and management are problems that arise in a multi organizational environment.  Policy enforcement points may vary according to the network topology and resource management system employed, while monitoring of the executed policies depends on how deep the probes are installed in the partners’ networks.