Usage Control in Inter-organisational Collaborative Environments – A Case Study from an Industry Perspective

  • Åsmund Ahlmann Nyre
  • Martin Gilje Jaatun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)


Sharing information between collaborators without relinquishing control of that information has for many years been a tantalizing goal in the research community, but despite application support, the concept of usage control has failed to take hold in the business community. In this paper we present the results of a case study in the Norwegian oil & gas domain. The purpose of the study is to better understand the reasons for the slow adoption rate of usage control technology to control shared information. To this end we investigate risk perception, existing control measures and the attitude towards usage control technology. The study shows that although participants in the case study do not think their information is properly protected, there are several practical challenges that prevent them from adopting usage control technology as a means to improve protection.


Risk Perception Sensitive Information Intellectual Property Right Usage Control Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)CrossRefGoogle Scholar
  2. 2.
    Nyre, Å.A.: Usage Control Enforcement - A Survey. In: Tjoa, A.M., Quirchmayr, G., You, I., Xu, L. (eds.) ARES 2011. LNCS, vol. 6908, pp. 38–49. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM 49, 39–44 (2006)CrossRefGoogle Scholar
  4. 4.
    Norman, P., Boer, H., Seydel, E.R.: Protection motivation theory. In: Conner, M., Norman, P. (eds.) Predicting Health Behaviour: Research and Practice with Social Cognition Models, pp. 81–126. Open University Press, Maidenhead (2005)Google Scholar
  5. 5.
    Rogers, R.W.: A protection motivation theory of fear appeals and attitude. Journal of Psychology 91 (1975)Google Scholar
  6. 6.
    Rogers, E.M.: Diffusion of Innovations, 5th edn. Free Press (2003)Google Scholar
  7. 7.
    Nyre, Å.A., Jaatun, M.G.: On the adoption of usage control technology in collaborative environments. In: Proceedings of the 12th International Conference on Innovative Internet Community Systems, Trondheim, Norway (accepted for publication, 2012)Google Scholar
  8. 8.
    Seaman, C.B.: Qualitative methods. In: Shull, F., Singer, J., Sjøberg, D.I.K. (eds.) Guide to Advanced Empirical Software Engineering, pp. 35–62. Springer, London (2008)CrossRefGoogle Scholar
  9. 9.
    Robson, C.: Real World Research, 3rd edn. John Wiley & Sons (2011)Google Scholar
  10. 10.
    Siponen, M., Pahnila, S., Mahmood, A.: Employees’ Adherence to Information Security Policies: An Empirical Study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 133–144. Springer, Boston (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Åsmund Ahlmann Nyre
    • 1
  • Martin Gilje Jaatun
    • 2
  1. 1.Norwegian University of Science and TechnologyNorway
  2. 2.SINTEF ICTNorway

Personalised recommendations