Modeling and analyzing the impact of authorization on workflow executions

Authors:
Ligang He;Chenlin Huang;Kewei Duan;Kenli Li;Hao Chen;Jianhua Sun;Stephen A. Jarvis
Affiliations:
Department of Computer Science, University of Warwick, Coventry, UK;Institute of Software, School of Computer Science, National University of Defense Technology, Changsha, China;Department of Computer Science, University of Bath, Bath, UK;School of Computer and Communication, Hunan University, Changsha, China;School of Computer and Communication, Hunan University, Changsha, China;School of Computer and Communication, Hunan University, Changsha, China;Department of Computer Science, University of Warwick, Coventry, UK
Venue:
Future Generation Computer Systems
Year:
2012

Citing 23
Cited 0

Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
A secure workflow model

ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
A reference monitor for workflow systems with constrained task execution

Proceedings of the tenth ACM symposium on Access control models and technologies
Supporting conditional delegation in secure workflow management systems

Proceedings of the tenth ACM symposium on Access control models and technologies
Theory, Volume 1, Queueing Systems

Theory, Volume 1, Queueing Systems
Allocating Non-Real-Time and Soft Real-Time Jobs in Multiclusters

IEEE Transactions on Parallel and Distributed Systems
Access Control and Authorization Constraints for WS-BPEL

ICWS '06 Proceedings of the IEEE International Conference on Web Services
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems

International Journal on Software Tools for Technology Transfer (STTT)
A Petri net based safety analysis of workflow authorization models^1

Journal of Computer Security
A Secure Task Delegation Model for Workflows

SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
A Formal Model of Human Workflow

ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment

Journal of Network and Computer Applications
Workflows and e-Science: An overview of workflow system features and capabilities

Future Generation Computer Systems
Performance prediction for running workflows under role-based authorization mechanisms

IPDPS '09 Proceedings of the 2009 IEEE International Symposium on Parallel&Distributed Processing
Coloured Petri Nets: Modelling and Validation of Concurrent Systems

Coloured Petri Nets: Modelling and Validation of Concurrent Systems
Programming Human and Software-Based Web Services

Computer
Mashing-Up Rich User Interfaces for Human-Interaction in WS-BPEL

ICWS '10 Proceedings of the 2010 IEEE International Conference on Web Services
Satisfiability and Resiliency in Workflow Authorization Systems

ACM Transactions on Information and System Security (TISSEC)
Optimizing Resource Conflicts in Workflow Management Systems

IEEE Transactions on Knowledge and Data Engineering
Online scheduling of workflow applications in grid environments

Future Generation Computer Systems
Modelling Workflow Executions under Role-Based Authorisation Control

SCC '11 Proceedings of the 2011 IEEE International Conference on Services Computing
Multi-View Interaction Modelling of human collaboration processes: A business process study of head and neck cancer care in a Dutch academic hospital

Journal of Biomedical Informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

It has been a subject of a significant amount of research to automate the execution of workflows (or business processes) on computer resources. However, many workflow scenarios still require human involvement, which introduces additional security and authorization concerns. This paper presents a novel mechanism for modeling the execution of workflows with human involvement under Role-based Authorization Control. Our modeling approach applies Colored Timed Petri-Nets to allow various authorization constraints to be modeled, including role, temporal, cardinality, BoD (Binding of Duty), SoD (Separation of Duty), role hierarchy constraints etc. We also model the execution of tasks with different levels of human involvement and as such allow the interactions between workflow authorization and workflow execution to be captured. The modeling mechanism is developed in such a way that the construction of the authorization model for a workflow can be automated. This feature is very helpful for modeling large collections of authorization policies and/or complex workflows. A Petri-net toolkit, the CPN Tools, is utilized in the development of the modeling mechanism and to simulate the constructed models. This paper also presents the methods to analyze and calculate the authorization overhead as well as the performance data in terms of various metrics through the model simulations. Based on the simulation results, this paper further proposes the approaches to improving performance given the deployed authorization policies. This work can be used for investigating the impact of authorization, for capacity planning, for the design of workload management strategies, and also to estimate execution performance, when human resources and authorization policies are employed in tandem.