Specification and execution of transactional workflows
Modern database systems
An overview of workflow management: from process modeling to workflow automation infrastructure
Distributed and Parallel Databases - Special issue on software support for work flow management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Modeling and Analysis of Workflows Using Petri Nets
Journal of Intelligent Information Systems - Special issue on workflow management systems
From Centralized Workflow Specification to Distributed WorkflowExecution
Journal of Intelligent Information Systems - Special issue on workflow management systems
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Communications of the ACM
Access control mechanisms for inter-organizational workflow
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Mobile Agents and Security
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
A Secure Workflow System for Dynamic Collaboration
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
A Formal Foundation for Distributed Workflow Execution Based on State Charts
ICDT '97 Proceedings of the 6th International Conference on Database Theory
Specification of Secure Distributed Collaboration Systems
ISADS '03 Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems (ISADS'03)
Formal aspects of mobile code security
Formal aspects of mobile code security
A new approach to mobile code security
A new approach to mobile code security
Mostly-static decentralized information flow control
Mostly-static decentralized information flow control
Anonymous connections and onion routing
IEEE Journal on Selected Areas in Communications
Using Semantics for Policy-Based Web Service Composition
Distributed and Parallel Databases
A decentralized execution model for inter-organizational workflows
Distributed and Parallel Databases
On the Prevention of Fraud and Privacy Exposure in Process Information Flow
INFORMS Journal on Computing
Information and Software Technology
Hi-index | 0.01 |
Workflow systems are gaining importance as an infrastructure for automating inter-organizational interactions, such as those in Electronic Commerce. In such an environment, a centralized Workflow Management System is not desirable because: (i) it can be a performance bottleneck, and (ii) the systems are inherently distributed, heterogeneous, and autonomous in nature. Decentralized execution of interorganizational workflows may raise a number of security issues including those related to conflict-of-interest among competing organizations. In this paper, we first provide an approach to realize decentralized workflow execution, in which the workflow is divided into partitions, called self-describing workflows, and handled by a light weight workflow management component, called workflow stub, located at each organizational agent. Second, we identify the limitations of the traditional workflow model with respect to expressing the various types of join dependencies and extend the traditional workflow model suitably. Distinguishing the different types of dependencies among tasks is essential in the efficient execution of self-describing workflows. Finally, we recognize that placing the task execution agents that belong to the same conflict-of-interest class in one self-describing workflow may lead to unfair, and in some cases, undesirable results, akin to being on the wrong side of the Chinese wall. Therefore, to address the conflict-of-interest issues that arise in competitive business environments, we propose a decentralized workflow Chinese wall security model. We propose a restrictive partitioning solution to enforce the proposed model.