access control (ABAC) has emerged as a new paradigm to provide access mediation
by leveraging the concept of attributes: observable properties that become relevant under a certain security context and are exhibited by the entities normally involved in the mediation process, namely, end-users and protected resources. Also recently, independently-run organizations from the private and public sectors have recognized the benefits of engaging in multi-disciplinary research collaborations that involve sharing sensitive proprietary resources such as scientific data, networking capabilities and computation time and have recognized ABAC as the paradigm that suits their needs for restricting the way such resources are to be shared with each other. In such a setting, a robust yet flexible access mediation scheme is crucial to guarantee participants are granted access to such resources in a safe and secure manner.
However, no consensus exists either in the literature with respect to a formal model that clearly defines the way the components depicted in ABAC should interact with each other, so that the rigorous study of security properties to be effectively pursued. This dissertation proposes an approach tailored to provide a well-defined and formal definition of ABAC, including a description on how attributes exhibited by different independent organizations are to be leveraged for mediating access to shared resources, by allowing for collaborating parties to engage in federations for the specification, discovery, evaluation and communication of attributes, policies, and access mediation decisions. In addition, a software assurance framework is introduced to support the correct construction of enforcement mechanisms implementing our approach by leveraging validation and verification techniques based on software assertions, namely, design by contract (DBC) and behavioral interface specification languages (BISL). Finally, this dissertation also proposes a distributed trust framework that allows for exchanging recommendations on the perceived reputations of members of our proposed federations, in such a way that the level of trust of previously-unknown participants can be properly assessed for the purposes of access mediation.
Mobile applications markets with app stores have introduced a new approach to define and sell software applications with access to a large body of heterogeneous consumer population. This research examines key seller- and app-level characteristics that impact success in an app store market. We tracked individual apps and their presence in the top-grossing 300 chart in Apple's App Store and examined how factors at different levels affect the apps' survival in the top 300 chart. We used a generalized hierarchical modeling approach to measure sales performance, and confirmed the results with the use of a hazard model and a count regression model. We find that broadening app offerings across multiple categories is a key determinant that contributes to a higher probability of survival in the top charts. App-level attributes such as free app offers, high initial ranks, investment in less-popular (less-competitive) categories, continuous quality updates, and high-volume and high-user review scores have positive effects on apps' sustainability. In general, each diversification decision across a category results in an approximately 15 percent increase in the presence of an app in the top charts. Survival rates for free apps are up to two times more than that for paid apps. Quality (feature) updates to apps can contribute up to a threefold improvement in survival rate as well. A key implication of the results of this study is that sellers must utilize the natural segmentation in consumer tastes offered by the different categories to improve sales performance.
Information systems research is replete with examples of the importance of business processes defining IT adoption. Business processes are influenced by both organizational and operational concerns. We evaluate the comparative importance of operational and organizational influences for complementary IT systems. In the context of acute-care hospitals the analysis shows that an organizational approach to automating a process is related to different financial outcomes than an operational approach. Six complementary systems supporting a three-stage medication management process are studied: prescribing, dispensing, and administration. The analysis uses firm-level, panel data extracted from the HIMSS Analytics database spanning ten years of IT adoption for 140 hospitals. We have augmented the HIMSS dataset with matching demographic and financial details from the American Hospital Association and the Centers for Medicare and Medicaid Services. Using event sequence analysis we explore whether organizations are more likely to adopt organization boundary spanning systems and if the sequence of adoption follows the temporal ordering of the business process steps. The research also investigates if there is a relationship between the paths to IT adoption and financial performance. Comparison of the two measures suggests that the organizational model of adoption is observed more often in the data. Following the organizational model of adoption is associated with approximately $155 dollar increase in net income per patient day; whereas the operational model of adoption is associated with approximately $225 dollars decrease in net income per patient day. However, this effect diminishes with the adoption of each additional system thus demonstrating that the adoption path effects may only be relevant in the short-term.