A semantic-based execution model for multilevel secure workflows

Quantified Score

Visualization

Abstract

Workflow management systems (WFMS) support the modeling andcoordinated execution of processes within an organization. Tocoordinate the execution of the various activities (or tasks) in aworkflow, task dependencies are specified among them. As advancesin workflow management take place, they are also required tosupport security. In a multilevel secure (MLS) workflow, tasks maybelong to different security levels. Ensuring the dependencies fromthe tasks at higher security levels to those at lower securitylevels (high-to-low dependencies) may compromise security. In thispaper, we consider such MLS workflows and show how they can beexecuted in a secure and correct manner. Our approach is based onsemantic classification of the task dependencies that examines thesource of the task dependencies. We classify the high-to-lowdependencies in several ways: conflicting versusconflict-free, result-independent versus result-dependent, strongversus weak, and abortive versus non-abortive. We proposealgorithms to automatically redesign the workflow and demonstratethat only a small subset among all the types of high-to-lowdependencies requires to be executed by trusted subjects and allother types can be executed without compromising security. The solutions proposed in this paper are directly applicable toanother relevant area of research - execution of multileveltransactions in multilevel secure databases since the atomicityrequirements and other semantic requirements can be modeled as aworkflow. When compared to the research in this area, our work (1)is more general in the sense that it can model several other typesof dependencies thereby allowing one to specify relaxed atomicityrequirements and (2) is capable of automatically redesigning aworkflow without requiring any human intervention by eliminatingsome cycles among task dependencies, which helps to attain higherdegree of atomicity.