978 research outputs found
Optimizing performance of workflow executions under authorization control
âBusiness processes or workflows are often used to
model enterprise or scientific applications. It has
received considerable attention to automate workflow
executions on computing resources. However, many
workflow scenarios still involve human activities and
consist of a mixture of human tasks and computing
tasks.
Human involvement introduces security and
authorization concerns, requiring restrictions on who
is allowed to perform which tasks at what time. Role-
Based Access Control (RBAC) is a popular authorization
mechanism. In RBAC, the authorization concepts such as
roles and permissions are defined, and various
authorization constraints are supported, including
separation of duty, temporal constraints, etc. Under
RBAC, users are assigned to certain roles, while the
roles are associated with prescribed permissions.
When we assess resource capacities, or evaluate the
performance of workflow executions on supporting
platforms, it is often assumed that when a task is
allocated to a resource, the resource will accept the
task and start the execution once a processor becomes available. However, when the authorization policies
are taken into account,â this assumption may not be
true and the situation becomes more complex. For
example, when a task arrives, a valid and activated
role has to be assigned to a task before the task can
start execution. The deployed authorization
constraints may delay the workflow execution due to
the rolesâ availability, or other restrictions on the
role assignments, which will consequently have
negative impact on application performance.
When the authorization constraints are present to
restrict the workflow executions, it entails new
research issues that have not been studied yet in
conventional workflow management. This thesis aims to
investigate these new research issues.
First, it is important to know whether a feasible
authorization solution can be found to enable the
executions of all tasks in a workflow, i.e., check the
feasibility of the deployed authorization constraints.
This thesis studies the issue of the feasibility
checking and models the feasibility checking problem
as a constraints satisfaction problem.
Second, it is useful to know when the performance of
workflow executions will not be affected by the given
authorization constraints. This thesis proposes the
methods to determine the time durations when the given
authorization constraints do not have impact.
Third, when the authorization constraints do have
the performance impact, how can we quantitatively
analyse and determine the impact? When there are multiple choices to assign the roles to the tasks,
will different choices lead to the different
performance impact? If so, can we find an optimal way
to conduct the task-role assignments so that the
performance impact is minimized? This thesis proposes
the method to analyze the delay caused by the
authorization constraints if the workflow arrives
beyond the non-impact time duration calculated above.
Through the analysis of the delay, we realize that the
authorization method, i.e., the method to select the
roles to assign to the tasks affects the length of the
delay caused by the authorization constraints. Based
on this finding, we propose an optimal authorization
method, called the Global Authorization Aware (GAA)
method.
Fourth, a key reason why authorization constraints
may have impact on performance is because the
authorization control directs the tasks to some
particular roles. Then how to determine the level of
workload directed to each role given a set of
authorization constraints? This thesis conducts the
theoretical analysis about how the authorization
constraints direct the workload to the roles, and
proposes the methods to calculate the arriving rate of
the requests directed to each role under the role,
temporal and cardinality constraints.
Finally, the amount of resources allocated to
support each individual role may have impact on the
execution performance of the workflows. Therefore, it
is desired to develop the strategies to determine the
adequate amount of resources when the authorization
control is present in the system. This thesis presents the methods to allocate the appropriate quantity for
resources, including both human resources and
computing resources. Different features of human
resources and computing resources are taken into
account. For human resources, the objective is to
maximize the performance subject to the budgets to
hire the human resources, while for computing
resources, the strategy aims to allocate adequate
amount of computing resources to meet the QoS
requirements
Performance analysis and optimization for workflow authorization
Many workflow management systems have been developed to enhance the performance of workflow executions. The authorization policies deployed in the system may restrict the task executions. The common authorization constraints include role constraints, Separation of Duty (SoD), Binding of Duty (BoD) and temporal constraints. This paper presents the methods to check the feasibility of these constraints, and also determines the time durations when the temporal constraints will not impose negative impact on performance. Further, this paper presents an optimal authorization method, which is optimal in the sense that it can minimize a workflowâs delay caused by the temporal constraints. The authorization analysis methods are also extended to analyze the stochastic workflows, in which the tasksâ execution times are not known exactly, but follow certain probability distributions. Simulation experiments have been conducted to verify the effectiveness of the proposed authorization methods. The experimental results show that comparing with the intuitive authorization method, the optimal authorization method can reduce the delay caused by the authorization constraints and consequently reduce the workflowsâ response time
Achieving Coordination Through Dynamic Construction of Open Workflows
Workflow middleware executes tasks orchestrated by rules defined in a carefully handcrafted static graph. Workflow management systems have proved effective for service-oriented business automation in stable, wired infrastructures. We introduce a radically new paradigm for workflow construction and execution called open workflow to support goal-directed coordination among physically mobile people and devices that form a transient community over an ad hoc wireless network. The quintessential feature of the open workflow paradigm is dynamic construction of custom, context-specific workflows in response to unpredictable and evolving circumstances by exploiting the knowledge and services available within a given spatiotemporal context. This paper introduces the open workflow approach, surveys open research challenges in this promising new field, and presents algorithmic, architectural, and evaluation results for the first practical realization of an open workflow management system
A service to automate the task assignment process in YAWL
Master of ScienceDepartment of Computing and Information SciencesGurdip SinghDeveloping an optimal working environment and managing the of work load in an efficient manner are the major challenges for most businesses today. So, the importance of the workflow and workflow management in an organization is unquestionable. Many organizations use sophisticated systems to organize the workflows. One such workflow system based on a concise and powerful modeling language called âYet Another Workflow Languageâ is YAWL. YAWL handles complex data, transformations, integration with organizational resources and Web Service integration.
Workflow comprises of three main perspectives: control-flow, data and the resources. In Yawl, the control-flow and the data-flow are tightly coupled within the workflow enactment engine. But the resource perspective is provided by a discrete custom service called Resource Service. Administrative tools are provided using which the administrator has to manually select the resource (referred as participant) which needs to perform a particular task of the workflow. This project aims at developing a service which can automate the assignment of the tasks to the participants by using the Resource service which provides number of interfaces that expose the full functionality of the service.
The application of this project with respect to Healthcare domain is presented. Healthcare domain is the one of the most demanding and yet critical business process. Hospitals face increasing pressure to both improve the quality of the services delivered to patients and to reduce costs .Hence there is significant demand on hospitals in regard to how the organization, execution, and monitoring of work processes is performed. Workflow Management Systems like YAWL offers a potential solution as they support processes by managing the flow of work
Cloud Computing and Grid Computing 360-Degree Compared
Cloud Computing has become another buzzword after Web 2.0. However, there are
dozens of different definitions for Cloud Computing and there seems to be no
consensus on what a Cloud is. On the other hand, Cloud Computing is not a
completely new concept; it has intricate connection to the relatively new but
thirteen-year established Grid Computing paradigm, and other relevant
technologies such as utility computing, cluster computing, and distributed
systems in general. This paper strives to compare and contrast Cloud Computing
with Grid Computing from various angles and give insights into the essential
characteristics of both.Comment: IEEE Grid Computing Environments (GCE08) 200
Towards an efficient key management and authentication strategy for combined fog-to-cloud continuum systems
© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Fog-to-cloud systems have emerged as a novel concept intended to improve service performance by considering fog and cloud resources in a coordinated way. In such a heterogeneous scenario, security provisioning becomes necessary, hence novel security solutions must be designed to handle the highly distributed fog-to-cloud nature. In the security area, key distribution and authentication are referred to as two critical pillars for a successful security deployment. Unfortunately, traditional centralized key distribution and authentication approaches do not meet the particularities brought by a Fog-tocloud system due to its distributed nature. In this paper, we propose a novel distributed key management and authentication (DKMA) strategy to make Fog-to-cloud systems as secure as possible. The paper ends up presenting some results assessing the benefits of the proposed strategy in terms of traffic and delay reduction.Peer ReviewedPostprint (published version
- âŠ