Printer Friendly

Security based Partner Selection in Inter-Organizational Workflow Systems.

1. Introduction

Today's network openness stimulates the creation of inter-organizational collaboration that allows enterprises to work together and share their skills and resources towards common goals. In this context, Inter-Organizational Workflow systems represent an appropriate solution. In such dynamic, competitive and changing business environment, being able to collaborate with distributed enterprises is critical. Establishing Virtual Organization (VO) for Inter-Organizational Workflow systems is the most interesting solution for distributed coalition. The VOis a temporary relationship with two or more participants which is formed, operated, and dissolved to accomplish specific goals [1]. It's fundamental that companies in Inter-Organization Workflows share their data and information with each other. Data sharing may cause information disclosure or security breaches. Therefore, it is crucial to find the right partner that respects the necessary conditions for executing a specific outsourced task; however, lack of information may block the partner selection process. The partner network is used as catalog that contains organization's profiles and helps organization's decision makers to choose the most suitable partner and overcome the mismatches resulting from the heterogeneity of potential partners. For example, in healthcare domain, if a hospital that is the workflow initiator is compliant with General Data Protection Regulation (GDPR) and requires collaborating with a partner that is also compliant with GDPR in order to protect their patients' personnel data. Then the partner selection process should be based on this specific requirement for a successful collaboration.

In the literature, there are many solution for partner selection in different filed ([2],[1],[3]) that are based on partner network, however, and to the best of our knowledge, none of them include the security criteria as the main specification for a successful collaboration. Finding the right partners for each task based on specific security criteria allows the workflow initiator entity, on the one hand, to reduce the collaboration risk related to untrusted organization, competence leakage on specific domain and security regulation compliance, and on the other hand, to enhance the collaboration performance.At this purpose, several criteria have to be considered, among them: trust and reputation level, policy similarity level, security level, privacy compliance level, cost, time, quality, performance and reliability. We outline the mean security criteria that should be considered to enhance the security in such distributed environments.

In this paper we present the main steps for a new partner subscription to the partner network and define the convenient security criteria that have to be considered, and then we propose a hybrid security based partner selection approach that aims to help decision makers to assign the outsourced tasks to the best partner. The proposed approach uses a hybrid multi-criteria decision approach which uses Analytic Hierarchy Process (AHP) method for a pairwise comparison of the specified criteria defined by the workflow initiator and the Grey Technique for Order of Preference by Similarity to Ideal Solution (Grey TOPSIS) method to rank the partners and classify them by the criteria.

The rest of this paper is organized as follow; Section 2 presents related work. In section 3 we discuss our proposed hybrid selection approach based on AHP method and Grey TOPSIS method. Section 4 presents an example scenario to demonstrate the effectiveness of the proposed approach. Section 5 summarizes the paper and notes some challenges and future research directions.

2. Related Work

In this section we discuss many works related to; partner selection criteria and Multi-Criteria Decision Method (MCDM).

Many works proposed a set of criteria that should be included for partner selection([1],[2],[4]).Authors in [2]introduced various metrics for importance ranking in scientific collaboration environments. Authors proposed a metric that measures organizations' structural importance based on the notion of structural holes, structural importance are systematically combined with cost. This metric helps in identifying organizations that may be valuable partners for strategic alliances. However, they didn't take into consideration the same criteria as in our proposed model..

Authors in [5] used a set of criteria in order to choose the most appropriate contractor, the proposed model take into consideration technical experience, performance recourses, financial stability, management performance and employees' qualification, capacity, safety record and operation and equipment. Authors in ([1],[4],[2])applied the analytical hierarchy process AHP to select the best vendor with criteria such as experience, financial stability, and quality performance.However, they omit security requirement. Hereafter, we list the most used selection criteria for distributed collaboration in different field such as supply chain, cloud partner selection (see table 1).

Our proposed approach uses a set of criteria to calculate organizations' weight for each task and select the suitable entity for each task.In this sense, we associate the organizations' weight that reflect the organization trust level, security and privacy compliance level and policy similarity level with the task assignment. In fact, the organization with higher score is likely to be selected for related task.

The proposed approach aims to help decision maker to select the most appropriate organization for each task taking into account the predefined security requirement.

The partner selection can be viewed as a multi-criteria decision-making (MCDM) problem. MCDM usually aims to reveal the best option among all of the feasible alternatives in the presence of multiple adverse decision criteria. The aim of MCDM here is to evaluate and rank the alternatives based on a set of criteria. Various approaches have been proposed for partner selection in different field such as virtual enterprise (VE) partner selection, cloud provider selection and ERP QoS selection [12].

Analytic hierarchy process (AHP) is a MCDM approach in which factors are arranged in a hierarchic structure. [2]developed an AHP-based decision analysis process for selecting a suitable ERP system, the proposed procedure allows a company to identify the elements of ERP system selection and formulate the fundamental-objective hierarchy and means-objective network. In [1], authors proposed an analytic hierarchy process model to contribute in the selection of the partner companies in the virtual enterprises, considering Unit cost, Caution cost, Completion probability and Past performance. Although AHP is an efficient approach for making decisions, it does not consider the uncertainty of decision in determining pairwise comparison selection [12]. In this context, fuzzy AHP is introduced to overcome this difficulty, allowing decision makers to use fuzzy ranking in place of exact ranking. Paper [13]presented a QoS ranking prediction framework to select cloud service by taking benefits of the past cloud service usage experiences of the user.

The Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an MCDM method used to determine the best alternative, which is defined as the one having the shortest distance from the Positive Ideal Alternative (PIA) and the longest distance from the Negative Ideal Alternative (NIA). TOPSIS method provides greater agility and simplicity than other MCDM models. Further, there is no limitation for the number of alternatives and criteria in TOPSIS. Fuzzy TOPSIS and Grey TOPSIS are the combinations of fuzzy set theory and grey theory to TOPSIS [12].

A fuzzy TOPSIS method was proposed for selecting a partner in a Virtual Enterprise (VE) [14]. In their proposed method; cost, past performance, relationship closeness, completion probability, time and quality was considered as decision attributes; however, they omit the security criteria in their proposed approach. Authors in [11]proposed a hybrid MCDM models for selecting appropriate cloud services. Although fuzzy TOPSIS used to solve uncertainty problems with imprecise data, it cannot handle discrete data and incomplete information. To overcome this problem, grey theory is an effective approach utilized to solve uncertainty problems with discrete data and incomplete information. [12] used grey TOPSIS for cloud service selection, [15] used grey theory for ERP vendor selection. Despite several researchers use AHP, TOPSIS, fuzzy TOPSIS, and Grey TOPSIS in several domains, to the best of our knowledge, none of them use multi-criteria decision making model based on security criteria for task partner selection. The main objective of this paper is to propose a hybrid approach (AHP and Grey TOPSIS) based on security attribute for selecting the most suitable partner for each outsourced task.

3. Our Proposed Hybrid Selection Approach

In the current business situation, organizations are faced a big competition. The situation forces companies to struggle with challenges in order to maintain competitiveness. One of the responses is the formation of new collaborative systems, which allows companies to become more flexible and sustainable in the marketplace. In recent years, the trend to establish virtual enterprise has increased. In this paper we propose the use of PartnerNetwork in order to classify the participating companies and help them to find the most suitable partner for their outsourced tasks. It might be easier, smarter and more efficient to specify the main selection criteria for each outsourced task and find the best organization for the task execution. In the literature, there are many solutions for partner selection in different filed [2][1][3] that are based on Partner Network. But none of them include the security criteria as the main specification for a successful collaboration. PN ties the companies together, via horizontal as well as via vertical communication, to be ready for the new business opportunities. When companies, entering into the PN, they should sign the frame agreement. The term PN is based on the Business Partner Network (BPN) definition, as used in Microsoft Partner Network, Oracle Partner Network and others. There are many companies that use PN such as sigfox partner network, google cloud partner network and others.

In this paper, it is assumed that the participating enterprises in the inter-organizational workflow are considered as a part of PN. The PN is managed by legal entity that manages participating entities in the PN.

3.1 Steps for Inter-Organizational Workflow Creation

In the following part, the partner network PN definition is used For Inter-Organizational Workflow collaboration. A new candidate must fill the questionnaire in order to become an accepted member of PN. The company provides initial data to join the PN repository. After that the company is audited, this step is described hereafter. The third step is the Service Level Agreement (SLA)as described in figure 1. Once the SLA is signed, the subscribed organization has to send their task access control policy.

Once the new business opportunity is developed by a workflow initiator, a VO is created, and a task partner allocation is described in figure 3.

In order to be able to join a PN, the new enterprise should fill the described sub-steps:

Step 1: Each new partner has to fill the questionnaire in order to provide the initial data and fulfill basic requirements for PN members (the proposed questionnaire is introduced in figure 2. The questionnaire embraces information about the company, its offered tasks, its security certification and privacy compliance.

Step 2: Based on the questionnaire, it is decided in which area enterprises provide services, which offered services and the enterprise security and privacy compliance level calculation. In fact, the security and privacy level are calculated based on the submitted data. Security level is calculated based on the existing security standards such as ISO 27001 and privacy compliance based on GDPR .The collected data is added to PN repository.

Step 3: we assume that we have a scale from 1 to 10 for the security and privacy compliance level, if this parameter is upper than five the entity has to present its justifications. If not and in order to measure the organization security level and the privacy compliance, the entity have to fill the security questionnaire (the security and privacy questionnaire will be presented as future work.) Based on collected data, the security and privacy compliance level are calculated.

Step 4: Next the new partner signs the contractual agreement

Step 5: The last step is that the new partner sends its security policy and the offered task access control policy rules. This step allows the PN manager to calculate policy similarity level between partners in case of an eventual partnership.

The creation of inter-organizational workflow is initiated by a workflow initiator that specifies the outsourced tasks and a set of necessary criteria to succeed the task execution with selected partner. The procedure of IOW creation is given in figure 3. The most suitable partner is selected for task execution based on specified criteria by the workflow initiator.

The workflow initiator identifies the selection criteria for a particular outsourced task and chooses the importance weight of each criterion. The AHP method calculates the criteria's weight. Then, the matrix is constructed based on the calculated information for each partner (security level, policy similarity level, privacy compliance level and reputation level, etc...). The Grey logic TOPSIS calculate the closeness coefficient of each partner. Based on this information, workflow initiator ranks the partners as described in figure 3.

3.2 The Main Criteria

Huge cost and risk are involved in the implementation of inter-organizational workflow systems, therefore the main security factors should be identified which would lead to the secured collaboration. Hereafter, we list the main security factors to be considered for secured collaboration. The workflow initiator can add additional criteria such as cost, execution time, technical infrastructure, etc. The main focus in this paper is the security issues

3.2.1 Security Level

When a company decides to outsource some internal tasks, to focus on its main job or to promote collaboration, its first concern is to keep shared data security. Thus, the organization's security compliance remains as one of the most important criteria for partner selection.

There are many different compliance standards and regulations that may apply to the organization. The well-known standards are ISO/IEC 27001, Payment Card Industry Data Security Standard (PCI DSS) for organizations that handle branded credit cards. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This means that the certified organizations take cyber security seriously and this can be a huge reassurance for existing and potential customers.

As future work we will propose a document based on ISO27002 to evaluate the security maturity level. The questionnaire has to be completed by the information system administrator. The response analysis assesses the security maturity level of each entity. This parameter can be calculated based on security check tools, the detailed approach will be presented in our future work.

3.2.2 Privacy compliance level:

Nowadays, most of business involves personal data of customers and employees. This is strictly regulated by legislation to protect the rights of the data subject. In inter-organizational collaboration, personnel data can be shared with partner. This situation requires that organizations ensure that their data security remains strong. Thus, organizations require legal requirements protecting specific types of data must also be taken into account and suitably enforced. Enforcing regulation into enterprise information system is a non-trivial task that requires an interdisciplinary approach .The most important class of legal requirements concern privacy and data protection. Several legislations concern these values: the EU Data Protection Directive (EU DPD), the HIPAA and the Sarbanes-Oxley and General Data Protection Regulation (GDPR).

These legislations state that organizations must adopt appropriate policies, procedures and processes to protect the personal data they hold. We will detail how to calculate privacy compliance level in our future work.

3.2.3 Policy similarity level:

In our previous work [16], we define policy similarity level as a score for any two given policies [P.sub.1],[P.sub.2] which approximates the percentage of the rule pairs having the same decision. In the following we calculate PSL for a specific task [T.sub.k]. [PSL.sub.i] ([T.sub.k] ) determines the closeness of the two policies related to the execution of the task [T.sub.k] . In the proposed work, each subscribed entity in PN repository has to submit its local access policy. This step allows the calculation of policy similarity level of two organizations. It's an important criterion that should be taken into account when selecting the most suitable partner for collaboration.

[mathematical expression not reproducible]

The similarity score is a value between 0 and 1. Two equivalent policies are expected to obtain a similarity score which equals 1.

3.2.4 Reputation level

In cross-organizational collaboration, building a mutual trust relationship between organizations is fundamental key of collaboration success. Mutual trust refers to the fact that collaborating entities have confidence in their partners' reliability and honesty. In the non-electronic business, partners are selected based on personal relationships. Organizations use their historical experiences to build trust in their partners, the more positive experience with a specific partner, the more trust is in place in that partner. In a dynamic and geographically dispersed environment organizations are often confronted to make choices among candidates without any previous experience. The trust and reputation system are solicited to create trustworthiness among a group of organization. In fact, these systems take the cumulative historical transaction behavior and also feedback of other entities to evaluate the trust level. Feedbacks, scores, recommendations and any other information given by organizations are very important for the trust reputation assessment. However, the reliability of this information needs to be verified [6]. There are many works that aim to calculate the trustworthiness level in the literature; In [17], authors defined a trust level algorithm attempting to calculate the Certificate Authority (CA) trustworthiness value. It depends on three parameters that are the CA reputation score value as well as its CP quality and its security maturity level. In [6], the authors proposed a Sentiment based Trust and Reputation System namedSentiTrustCom (STC), which aimed to compute most reliable reputation scores for reviewers and products in ecommerce applications. As a future work, we will propose an extended algorithm for calculating a trust and reputation level of each organization in PN based on the work presented in [6].

3.3 Hybrid Selection Approach

The partner selection is the key issue for successful collaboration. We propose a hybrid approach to calculate the ranking of the partners. The first method is Analytical Hierarchical Process (AHP) in order to calculate the weight of each criterion. The second method is Grey Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) used to calculate the ranking of the partners. The AHP method is used for a pairwise comparison of the criteria required for Partner Selection. The Grey TOPSIS method helped rank the partners and classified them by the criteria.Grey numbers are included in TOPSIS method in order to deal with the uncertainties embedded in the security based partner selection problem.

Based on the outsourced tasks, the workflow initiator defines the set of possible partners (A = {[A.sub.1], [A.sub.2], ..., [A.sub.m]}) and defines the set of criteria for each task as (C = {[C.sub.1],[C.sub.2], ..., [C.sub.n]}). The value of each partner [A.sub.i] with respect to criteria [C.sub.j] is calculated based on the data stored on the PN repository. After which the tool calculates the rank of the partners.

The criteria weights are calculated based on AHP method and the criteria importance determined by the workflow initiator. The criteria weights are taken into account in partner selection. The Grey TOPSIS method is applied to rank the partners. The used data in the Grey TOPSIS are obtained from different sources and stored in PN repository. The proposed approach has the following advantages:

* Grey TOPSIS uses the grey numbers which incorporate evaluation uncertainty.

* The hybrid proposed technique leads to better results since the criteria's weights are better identified by using AHP method. Unlike classical methodology where criteria's weight are either omitted or explicitly assigned by decision maker

* The proposed methodology leads to more accurate evaluations. Unlike Fuzzy TOPSIS that uses linguistic variable for quantitative values, and these linguistic variable are transformed to fuzzy numbers. Thus, a lack of information may cause inaccurate evaluation and mislead results.

* The proposed approach is simple, practical and less time consuming.

The information related to security level is calculated based on the submitted information by each a new partner. Once the partner is registered to the PN, it has to send its task access control policy. Other informationare collected from other partner experience and previous collaboration.

3.3.1 Preliminaries

This section presents the essential ideas of Analytical Hierarchical Process (AHP), Grey theory and Grey Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS).

a) Analytical Hierarchical Process (AHP)

AHP is a multi-criteria decision-making model to allow decision makers to compute a ratio scale from preferences and model a complex problem in a hierarchical structure. This structure based on three steps: goal, criteria (QoS parameters), and alternatives. In AHP, at top level the criteria are assessed, and at bottom level the alternatives are evaluated for each criterion. The decision makers evaluated her evaluation separately at each level. The decision makers should calculate the weights of all criteria in order to do pairwise comparison among them. The AHP method is described as follows [18]:

1. The problem structure is decomposed into structural hierarchy (goal, criteria, sub-criteria, and alternatives) (as shown in Figure 6)

2. Establish the pairwise comparison matrix at each level of structural hierarchy based on priority of input data (the pairwise comparison calculated according to the scale from1 to 9, see table 2).

3. Compute vector of weights by using eigenvector procedure.

Compute the consistency ratio (CR) to check the consistency of the judgment. If CR < 0.1, then the pairwise comparison is consistent and acceptable. The consistency index (CI) and consistency ratio (CR) of the pairwise comparison matrix A are computed using equations (2) and (3).

CR = [CI]/[RI] (2)

CI=[[[lambda].sub.max] - n]/[n - 1] (3)

Where CI is the consistency index, n is the order of the pairwise comparison matrix A, and [[lambda].sub.max] is its maximum eigenvalue, while the random index RI is the average CI value for random matrices.

Although AHP technique is used to solve selection problems, in this study it is only utilized to determine the weight of the criteria, not to evaluate the alternatives.

The calculated weights are later used in the TOPSIS-Grey technique.

b) Grey theory:

Grey theory was proposed by [19]to deal with insufficient an incomplete information. A grey number is an indeterminate number that takes value within an interval. It is denoted as [direct sum] x [member of] [x, x] were x is lower limit real numbers, and x is an upper limit real number for the grey number[direct sum] x. If both its limits are unknown, the number is called a black number. If both upper and lower limits are equal, then it is called a white number which means complete information is available). The basic operations for the grey numbers[direct sum] x [member of] [x, x] and [direct sum] y [member of] [y, y]are given as follow:

[direct sum]x+ [direct sum] y [member of] [x + y, x + y ] (4)

(-[direct sum]x ) [member of] [- x,-x ] (5)

([direct sum]x x [direct sum]y)[member of]

[min { xy, xy, xy, xy}, max {xy, xy, xy, xy}] (6)

1/[direct sum]x [member of] [1/x, 1/x] (7)

(h [direct sum] x) [member of] [hx, hx](8) Where h is a positive real number.

c) Grey TOPSIS

Grey TOPSIS is a combination of grey theory and TOPSIS method. The procedural steps of Grey TOPSIS for calculating the criteria weights are demonstrated as follows [20]:

Step 1: Determine the grey decision matrix D.

[mathematical expression not reproducible] (9)

Where[direct sum] [x.sub.ij] denotes the evaluation of grey numbers of the i -th alternative with respect to the i -th criteria. [A.sub.i] ([A.sub.1], [A.sub.2]... [A.sub.m]) represents the m alternatives and [C.sub.j] ([C.sub.1], [C.sub.2], ..., [C.sub.n]) represents the n criteria.

Step 2: Calculate the criteria weights [w.sub.j] using Table 2.

Step 3: Normalize the grey decision matrix according to the equation (10) [21].

[mathematical expression not reproducible] (10)

Step 4: Identify the positive and negative ideal alternatives. The positive ideal alternative A* and negative ideal alternative [A.sup.-] are defined in equation (11) as follows.

[mathematical expression not reproducible] (11)

[mathematical expression not reproducible] (12)

[mathematical expression not reproducible] (13)

Step 5: Determine the separation measure of positive (d*) and negative ideal ([d.sup.-]) alternatives according to equations (14) and (15).

[mathematical expression not reproducible] (14)

[mathematical expression not reproducible] (15)

Step 6: Calculate the relative closeness ([C.sub.i]*) to the positive ideal alternatives

[mathematical expression not reproducible] (16)

3.3.2 Hybrid Multi-Criteria Decision-Making for Organization Task Assignment

The main objective of this paper is to assign the best partner for each specific task in the global workflow with respect to complex organization criteria specification. Hence, we use analytical hierarchy process (AHP) to define the priorities of different criteria of pre-defined parameters. Then, we combine AHP with Grey TOPSIS for selecting and ranking the best partner for each task. The data flow and workflow for the most suitable partner task assignment our proposed approach is shown in Figure 4.

Initially, the workflow initiator selects the suitable organizations and criteria based on specific outsourced task. Subsequently, the workflow initiator predefines the priority of each criterion. Afterwards, we calculate the criterion weights by using AHP method. If the criteria weights are inconsistent, then AHP is reused to determine them. The workflow initiator determine the threshold of each criteria, based on a comparison with the pre-selected partner criteria value and the criteria threshold a set of partner are selected and ranked based on Grey TOPSIS.

Afterwards, a grey decision matrix is established based on equation (9), each row representing an organization and each column representing a criterion. After this process, we calculate the normalized grey decision matrix and the weighted grey decision matrix (based on equation(10)). Afterwards, we compute the positive ideal alternative A* and the negative ideal alternative [A.sup.-] and quantify the A* and [A.sup.-] of each organization by using Equation (11). Following that, we determine the separation measure of the positive ideal alternative [d.sub.i]* and that of the negative ideal alternative [d.sub.i.sup.-] according to Equations (14) and (15). Subsequently, we determine the relative closeness coefficient [C.sub.i]* and the final rank of selected organization.

4. Case Study

4.1 Scenario description

Our application scenario is inspired from healthcare treatment, we consider a global workflow for patient diagnostic, the global workflow is decomposed into three global tasks W= {[T.sub.1], [T.sub.2], [T.sub.3]} and looking for fore partners O={[O.sub.1], [O.sub.2], [O.sub.3], [O.sub.4]}with the relevant skills to execute these tasks and respect the predefined security requirements C = {[C.sub.1],[C.sub.2], [C.sub.3],[C.sub.4]}. [Org.sub.1], [Org.sub.2], [Org.sub.3] and [Org.sub.4] are preselected partners for the first task ([T.sub.1] = radio exam), [Org.sub.2], [Org.sub.3], [Org.sub.4] are preselected partners for the task ([T.sub.2] = blood test), and [Org.sub.3], [Org.sub.4], [Org.sub.5] are preselected for the task ([T.sub.3] = ask doctor opinion).

4.2 Steps illustration

1. For each task, the workflow initiator determines how much each criterion is important compared to others. The organization rank determines the most suitable organization for each task based on security criteria as described in figure 5. For instance, when selecting the suitable partner for [T.sub.1] execution, the decision maker decides that Policy similarity level is "slightly important" than security level (see also table 1). Thus, the corresponding comparison assumes the value of 3. A similar interpretation is true for the rest of the entries.

2. The next step is to extract the relative importance implied by the previous comparisons. To compute vector of weights, we use eigenvector procedure. The process can be done as follows.

[mathematical expression not reproducible]

3. The pairwise matrix is raised to powers that are successively squared each time. For example,

[mathematical expression not reproducible]

4. The row sums are then calculated and normalized.

For example:

[mathematical expression not reproducible]

We used AHP to compute the weight [w.sub.j] for the criterion of organization task assignment. The scale that we use ranges from 1 to 9 is described in Table 2., and the weights of each criterion are described in Table 3. The pairwise comparison was made by domain experts. We achieve the consistency ratio as 0.096 as shown in figure 6. A consistency ratio is less than 0.1, our model is consistent, and weights are valid. Criteria's weight is shown in figure 7.
Figure 7. AHP Weight Calculation

Category                              Priority    Rank

1          Security Level             19.7%       3
2          Privacy Compliance Level   26.1%       2
3          Policy Similarity Level    41.8%
4          Trust & Reputation Level   12.4%       4

We use analytical hierarchy process (AHP) to define the priorities of different criteria of organization task assignment. Then, we combine AHP with Grey TOPSIS for selecting and ranking the best organization for task execution.

Following equation (10) the normalized grey values are determined. To this end, the maximum upper limit of alternatives is determined, and all evaluation values are divided by the maximum value. For example; for SL the highest upper limit is found as 0.9, thus each evaluation in this row is divided by this value. The normalized values of [Org.sub.1] is found as (0.4/0.9;0.5/0.9) which equals (0.44;0.56). The normalized values of alternatives are shown in Table 4. Negative and positive ideals are calculated using equation (11) and shown in Table 5. For the criteria SL, the maximum value of the upper limit is 1 and the lowest value at the lower limit is equal to 0.44, thus the positive ideal value is set to 1 and the negative ideal value is determined as 0.44 and shown at the last two columns of Table 4.

The next step is calculating the separation measure of the positive and negative ideal alternatives. Using Equations (14) and (15),d*and d- values are found and represented in Table 5. For [Org.sub.1], d*and d- are calculated as follows:

[mathematical expression not reproducible]

Finally the calculated d-and d* values are used to find the relative closenessC*. As an example, the relative closeness of Org1 is calculated as follows:

[C.sub.i]* = [0.089]/[0.089 + 0.734] =0.108

The calculated relative closeness values are shown in Table 6

According to the results of Table 6, the priority of the organizations is determined as [Org.sub.3]>[Org.sub.2]>[Org.sub.4]>[Org.sub.1]. The results of Table showed that [Org.sub.3]is the best partner for the task [T.sub.1], the worst choice is Org1based on the determined criteria by the workflow initiator.

4.3 Sensitivity analysis

In this subsection a sensitivity analysis is performed in order to show the robustness of the proposed approach. To this end, the weight of one criterion is gradually changed while keeping all other weights the same and the influence on the final decisions are investigated. The operation is done respectively for each criterion.

As shown in Figure 8, the y-axis represents the final organization's rank and x-axis represents different weights of the selected criteria. In order to represent the trend, the organization's ranks are calculated for each different weight value for the selected criteria. As an example, in Figure 8a, we can realize that Org3 is the best partner for the different weights of Security Level criteria. However, in Figure 8c, Org2 has priority when the weight of the Policy Similarity Level is greater than 60%.

Based on our experiments, we observed that Org3 remains the best partner for the majority of the situations. Among the different scenarios we point out the weight changes have no significant effect on the organization's ranking. As a result, it can be concluded that the proposed technique is robust since best organization decision is insensitive to the changes in the criteria's weights.

5. Conclusion

In this paper, we proposed a security based partner selection approach that aims to help decision makers to assign each outsourced tasks to the best partner based on pre-defined security criteria. We detailed the necessary steps for a new partner subscription to the Partner Network (PN), and then we presented a selection partner process for each outsourced task based on a hybrid approach. The proposed approach use the Analytic Hierarchy Process (AHP) method for a pairwise comparison of the specified criteria defined by the workflow initiator and the Grey Technique for Order of Preference by Similarity to Ideal Solution (Grey TOPSIS) method to rank the partners and classify them by the criteria. To the best of our knowledge this is the first study that uses security criteria with Grey TOPSIS in partner selection for task allocation in Inter-Organizational Workflows.

The main contribution of this paper is twofold, the use of security criteria for partner selection among a PN, and the use of a hybrid approach with AHP to calculate criteria's weight and Grey TOPSIS to rank the partners and deal with uncertainty in a practical way.

As a future work, we will explore the ways to calculate criteria's value. Especially, Trust and Reputation level of each subscribed organization in the PN. Also we will present a new automated tool for legal security and privacy compliance checking.


[1] B. Sari, T. Sen, S. E. Kilic, "Ahp model for the selection of partner companies in virtual enterprises," Int. J. Adv. Manuf. Technol., vol. 38, no. 3-4, pp. 367-376, 2008.

[2] C. C. Wei, C. F. Chien, M. J. J. Wang, "An AHP-based approach to ERP system selection," Int. J. Prod. Econ., vol. 96, no. 1, pp. 47-62, 2005.

[3] M. R. Mollahoseini Ardakani, S. M. Hashemi, M. Razzazi, "A Cloud-based solution/reference architecture for establishing collaborative networked organizations," J. Intell. Manuf., pp. 1-17, 2018.

[4] J. Chen, Z.-M. Zhang, X.-T. Tian, J.-H. Geng, S.-N. Liu, "An approach to partner selection in virtual enterprises based on grey relational analysis," Proc. Inst. Mech. Eng. Part B J. Eng. Manuf., vol. 225, no. 12, pp. 2296-2301, 2011.

[5] A. Hammami, P. Burlat, J. P. Campagne, "Evaluating orders allocation within networks of firms," Int. J. Prod. Econ., vol. 86, no. 3, pp. 233-249, 2003.

[6] H. Rahimi, H. EL Bakkali, "CIOSOS: Combined idiomaticontology based sentiment orientation system for trust reputation in E-commerce," Adv. Intell. Syst. Comput., vol. 369, pp. 189-200, 2015.

[7] B. Kozuch K. Sienkiewicz-Malyjurek, "Key Factors of Inter-Organisational Collaboration in the Public Sector and Their Strength," Int. J. Contemp. Manag., vol. 15, no. 3, pp. 123-144, 2016.

[8] N. F. Garmann-johnsen, "Critical Success Factors for Inter-Organizational Process Collaboration in eHealth," no. c, pp. 217-223, 2014.

[9] B. M. Seth, R. Kiran, D. P. Goyal, "Information System through SEM Approach," vol. 15, no. 6, 2015.

[10] E. N. Alkhanak, S. P. Lee, S. U. R. Khan, "Cost-aware challenges for workflow scheduling approaches in cloud computing environments: Taxonomy and opportunities," Futur. Gener. Comput. Syst., vol. 50, pp. 3-21, 2015.

[11] A. Kumar, B. Sah, A. R. Singh, Y. Deng, X. He, P. Kumar, and R. C. Bansal, "A review of multi criteria decision making (MCDM) towards sustainable renewable energy development," Renew. Sustain. Energy Rev., vol. 69, no. November 2016, pp. 596-609, 2017.

[12] C. Jatoth, G. R. Gangadharan, U. Fiore, R. Buyya, "SELCLOUD: a hybrid multi-criteria decision-making model for selection of cloud services," Soft Comput., no. Mcdm, pp. 1-15, 2018.

[13] Z. Zheng, X. Wu, Y. Zhang, M. R. Lyu, J. Wang, "QoS ranking prediction for cloud services," IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 6, pp. 1213-1222, 2013.

[14] F. Ye, Q. Lin, "Partner selection in a virtual enterprise: A group multiattribute decision model with weighted possibilistic mean values," Math. Probl. Eng., vol. 2013, 2013.

[15] H. Khan, M. N. Faisal, "A Grey-based approach for ERP vendor selection in small and medium enterprises in Qatar," Int. J. Bus. Inf. Syst., vol. 19, no. 4, p. 465, 2015.

[16] A. El Kandoussi, H. El Bakkali, "Novel Access Control Approach for Inter-organizational Workflows," no. Icissp, pp. 345-352, 2018.

[17] Z. El Uahhabi, H. El Bakkali, "Calculating and evaluating trustworthiness of certification authority," Int. J. Commun. Networks Inf. Secur., vol. 8, no. 3, pp. 136-146, 2016.

[18] T. L. Saaty, "Axiomatic Foundation of the Analytic Hierarchy Process," Manage. Sci., vol. 32, no. 7, pp. 841-855, 1986.

[19] D. Ju-Long, "Control problems of grey systems," Syst. Control Lett., vol. 1, no. 5, pp. 288-294, 1982.

[20] Y. H. Lin, P. C. Lee, H. I. Ting, "Dynamic multi-attribute decision making model with grey number evaluations," Expert Syst. Appl., vol. 35, no. 4, pp. 1638-1644, 2008.

[21] B. Oztaysi, "A decision model for information technology selection using AHP integrated TOPSIS-Grey: The case of content management systems," Knowledge-Based Syst., vol. 70, pp. 44-54, 2014.

Asmaa El kandoussi (1), Hanan Elbakkali (2)

Mohammed V University, ENSIAS, Information Security Research Team, Morocco
Table 1.Criteria Classification

Selection     Description

Trust         Trust is a subjective evaluation of the
              potential outcomes and risks involved by
              relying on a partner [6].
Experience    Organization's experience domain
Cost          Cost threshold that a client wants to pay a
              service provider to avail of the desired
Time          The time required for service execution
Data          Availability of secure modes for
security      transmitting information, greater
              effectiveness in handling sensitive
Inter-        Measure of ability to exchange
operability   data/information/knowledge between
              network partners.
Risk          The risk to lose control over data
              exchanged through the network(number of
              attacks against communication systems,
              frequency of attacks/data loss)

Selection     Articles

Trust         [7],[8],[9]
Experience    [5],[7],[10]
Cost          [5],[11],[10]
Time          [5],[10]
Data          [11]
Inter-        [8],[9]
Risk          [9],[10]

Table 2.AHP scale

Intensity  Definition           Explanation

1          Equal                Two elements contribute equally to the
3          Moderate             One element is slightly more relevant
                                than another
5          Strong               One element is strongly more relevant
                                over another
7          Very strong          One element is very strongly more
                                relevant over another
9          Extreme              One element is extremely more relevant
                                over another
2,4,6,8    Intermediate values  When compromise is needed
           between the two
           adjacent judgment

Table 3.The PairwiseComparison Matrix

             Security   Privacy      Policy       Trust &
             Level      Compliance   Similarity   Reputation
                                     Level        Level

Security     1          1/2          1/3          3
Privacy      2          1            1/2          2
Policy       3          2            1            2
Trust &      1/3        1/2          1/2          1

Table 4.Grey Values

Organization   SL          PCL           PSL         RL

[Org.sub.1]    [0.4;0.5]   [0.10;0.6]    [0.2;0.3]   [0.8;0.9]
[Org.sub.2]    [0.7;0.8]   [0.6;0.7]     [0.8;0.9]   [0.9;1.0]
[Org.sub.3]    [0.8;0.9]   [0.9;1.0]     [0.7;0.8]   [0.6;0.7]
[Org.sub.4]    [0.6;0.7]   [0.8;0.9]     [0.6;0.7]   [0.4;0.5]

Table 5.Normalized Grey Values

      Weight   [Org.sub.1]   [Org.sub.2]   [Org.sub.3]   [Org.sub.4]

SL    0.20     [0.44;0.56]   [0.78;0.89]   [0.89;1.00]   [0.67;0.78]
PCL   0.27     [0.5;0.6]     [0.6;0.7]     [0.9;1.0]     [0.8;0.9]
PSL   0.42     [0.23;0.34]   [0.89,1.00]   [0.78,0.89]   [0.67;0.78]
RL    0.13     [0.8;0.9]     [0.9;1.0]     [0.6;0.7]     [0.4;0.5]

      A*     [A.sup.-]

SL    1.00   0.44
PCL   1.00   0.50
PSL   1.00   0.23
RL    1.00   0.40

Table 6.Negative and positive ideals

              [d.aup.-]   d*      C*       Rank

[Org.sub.1]   0.089       0.734   0.108    4
[Org.sub.2]   0.686       0.212   0.764    2
[Org.sub.3]   0.646       0.167   0.794    1
[Org.sub.4]   0.509       0.298   0.631    3
COPYRIGHT 2018 Kohat University of Science and Technology
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2018 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Kandoussi, Asmaa El; Elbakkali, Hanan
Publication:International Journal of Communication Networks and Information Security (IJCNIS)
Article Type:Report
Date:Dec 1, 2018
Previous Article:Redundancy Elimination with Coverage Preserving Algorithm in Wireless Sensor Network.
Next Article:Evaluation Method for SDN Network Effectiveness in Next Generation Cellular Networks.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters