Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
A reference monitor for workflow systems with constrained task execution
Proceedings of the tenth ACM symposium on Access control models and technologies
Supporting conditional delegation in secure workflow management systems
Proceedings of the tenth ACM symposium on Access control models and technologies
Theory, Volume 1, Queueing Systems
Theory, Volume 1, Queueing Systems
Allocating Non-Real-Time and Soft Real-Time Jobs in Multiclusters
IEEE Transactions on Parallel and Distributed Systems
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems
International Journal on Software Tools for Technology Transfer (STTT)
A Petri net based safety analysis of workflow authorization models^1
Journal of Computer Security
A Secure Task Delegation Model for Workflows
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
A Formal Model of Human Workflow
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment
Journal of Network and Computer Applications
Workflows and e-Science: An overview of workflow system features and capabilities
Future Generation Computer Systems
Performance prediction for running workflows under role-based authorization mechanisms
IPDPS '09 Proceedings of the 2009 IEEE International Symposium on Parallel&Distributed Processing
Coloured Petri Nets: Modelling and Validation of Concurrent Systems
Coloured Petri Nets: Modelling and Validation of Concurrent Systems
Mashing-Up Rich User Interfaces for Human-Interaction in WS-BPEL
ICWS '10 Proceedings of the 2010 IEEE International Conference on Web Services
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Optimizing Resource Conflicts in Workflow Management Systems
IEEE Transactions on Knowledge and Data Engineering
Online scheduling of workflow applications in grid environments
Future Generation Computer Systems
Modelling Workflow Executions under Role-Based Authorisation Control
SCC '11 Proceedings of the 2011 IEEE International Conference on Services Computing
Hi-index | 0.00 |
It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.