The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A Chinese wall security model for decentralized workflow systems
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Anonymous Communications for Mobile Agents
MATA '02 Proceedings of the 4th International Workshop on Mobile Agents for Telecommunication Applications
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks
Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
Specification of Secure Distributed Collaboration Systems
ISADS '03 Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems (ISADS'03)
Anonymous Connections and Onion Routing
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Synchronization analysis for decentralizing composite Web services
Proceedings of the 2003 ACM symposium on Applied computing
Providing transactional properties for migrating workflows
Mobile Networks and Applications
Preventing information leakage within workflows that execute among competing organizations
Journal of Systems and Software - Special issue: Software engineering education and training
Policy-based cryptography and applications
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
| Hi-index | 0.00 |
The execution of business processes in the decentralized setting raises security requirements due to the lack of a dedicated infrastructure in charge of management and control tasks. Basic security features including compliance of the overall sequence of workflow operations with the pre-defined workflow execution plan or traceability become critical issues that are yet to be addressed. In this paper, we suggest new security mechanisms capitalizing on onion encryption and group encryption techniques in order to assure the integrity of the distributed execution of workflows and to manage traceability with respect to sensitive workflow instances. We carry out an in depth analysis of the security properties offered by these mechanisms. Our solution can easily be integrated into distributed workflow management systems as its design is strongly coupled with the runtime specification of decentralized workflows.