Workflow Automation: Overview and Research Issues
Information Systems Frontiers
AutoWF: a secure web workflow system using autonomous objects
Data & Knowledge Engineering
Wrappers-a mechanism to support state-based authorisation in Web applications
Data & Knowledge Engineering - Data and applications security
AGENT WORK: a workflow system supporting rule-based workflow adaptation
Data & Knowledge Engineering
Design security for internet-based workflow management systems adopting security agents
AIKED'05 Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases
Towards a MOF/QVT-Based domain architecture for model driven security
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Consolidating the access control of composite applications and workflows
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Model driven security for inter-organizational workflows in e-government
TCGOV'05 Proceedings of the 2005 international conference on E-Government: towards Electronic Democracy
Behavioral Attestation for Web Services Based Business Processes
International Journal of Web Services Research
Information and Software Technology
Hi-index | 0.00 |
Workflow Management (WFM) Systems automate traditional processes where information flows between individuals. WFM systems have two major implications for security. Firstly, since the description of a workflow process explicitly states when which function is to be performed by whom, security specifications may be automatically derived from such descriptions. Secondly, the derived security specifications have to be enforced. The paper considers the issues that need to be addressed by a secure workflow system. In particular it addresses the requirement that security for workflow systems need to be specified at the workflow level, and not at the level of the underlying components, such as the database or networks. One reason why it is necessary to consider security at this level is the dynamic nature of workflow systems, with access restrictions depending on the state of the workflow process. In addition, workflow systems may handle many instances of a given workflow specification and needs to be able to protect the instances according to the requirements posed by each. The intention of this paper is to provide an orderly framework for these concepts and to discuss a more generalized implementation architecture which can be based on existing technologies of the Web and Object-oriented systems. The framework is based on three levels: Modelling, Specification and Implementation; each level refines the concepts of the level above it. Modelling is illustrated by using a notion of Alter-Egos and a workflow modelling tool known as COLOR-X. How these and related concepts may be formally specified are considered in the second part of the paper. The specification is based on the formal language Z. The implementation section considers protocols, standards and architectures that may be used to realize such a secure workflow system. Since the implementation does not use any specific system but only very general components, it can be realized on various platforms.