Possibilistic Information Flow Control for Workflow Management Systems

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and associated security requirements. We present an approach for formally verifying that a workflow satisfies such security requirements. For this purpose, we define the semantics of a workflow as a state-event system and formalise security properties in a trace-based way, i.e. on an abstract level without depending on details of enforcement mechanisms such as Role-Based Access Control (RBAC). This formal model then allows us to build upon well-known verification techniques for information flow control. We describe how a compositional verification methodology for possibilistic information flow can be adapted to verify that a specification of a distributed workflow management system satisfies security requirements on both data and processes.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

A service to automate the task assignment process in YAWL

Master of ScienceDepartment of Computing and Information SciencesGurdip SinghDeveloping an optimal working environment and managing the of work load in an efficient manner are the major challenges for most businesses today. So, the importance of the workflow and workflow management in an organization is unquestionable. Many organizations use sophisticated systems to organize the workflows. One such workflow system based on a concise and powerful modeling language called “Yet Another Workflow Language” is YAWL. YAWL handles complex data, transformations, integration with organizational resources and Web Service integration. Workflow comprises of three main perspectives: control-flow, data and the resources. In Yawl, the control-flow and the data-flow are tightly coupled within the workflow enactment engine. But the resource perspective is provided by a discrete custom service called Resource Service. Administrative tools are provided using which the administrator has to manually select the resource (referred as participant) which needs to perform a particular task of the workflow. This project aims at developing a service which can automate the assignment of the tasks to the participants by using the Resource service which provides number of interfaces that expose the full functionality of the service. The application of this project with respect to Healthcare domain is presented. Healthcare domain is the one of the most demanding and yet critical business process. Hospitals face increasing pressure to both improve the quality of the services delivered to patients and to reduce costs .Hence there is significant demand on hospitals in regard to how the organization, execution, and monitoring of work processes is performed. Workflow Management Systems like YAWL offers a potential solution as they support processes by managing the flow of work

Work flow management

The adherent need for an integrated network of a composite environment in an office has led to this Intranet project. The workflow in a company would rather flow from one division to another division in a department bottlenecked by human factors. This bottleneck would affect the net performance of the organization (viz., slow information flow across the company, ineffective explanation of resource etc). There constraints can be reduced using an automated flow of work. Across the organization this flow is maneuvered using the project named “Work Flow Management”. The workflow automation is basically an Intranet based project. The evolution of workflow management consists of the automation of business procedures or “workflows” during which documents, information or tasks are passed from one participant to another in a way that is governed by rules or procedures. Workflow software products, like other software technologies have evolved from diverse origins. While some offerings have been developed as pure workflow software, many have evolved from image management systems, document management systems, relational or object database systems, and electronic mail systems. Vendors who have developed pure workflow offerings have invented terms and interfaces, while vendors who have evolved products from other technologies have often adapted terminology and interfaces. Each approach offers a variety of strengths from which a user can choose. Adding a standard based approach allows a user to combine these strengths in one infrastructure. The key benefits of workflow are improved efficiency, better process control, improved customer service, flexibility and business process improvement. The system also reduces the resources needed for processing the data. It has few disadvantages besides many advantages. The person may or may not check the message he has received. Sometimes the server may fail by which work cannot be assigned to the right person

Scalable And Secure Provenance Querying For Scientific Workflows And Its Application In Autism Study

In the era of big data, scientific workflows have become essential to automate scientific experiments and guarantee repeatability. As both data and workflow increase in their scale, requirements for having a data lineage management system commensurate with the complexity of the workflow also become necessary, calling for new scalable storage, query, and analytics infrastructure. This system that manages and preserves the derivation history and morphosis of data, known as provenance system, is essential for maintaining quality and trustworthiness of data products and ensuring reproducibility of scientific discoveries. With a flurry of research and increased adoption of scientific workflows in processing sensitive data, i.e., health and medication domain, securing information flow and instrumenting access privileges in the system have become a fundamental precursor to deploying large-scale scientific workflows. That has become more important now since today team of scientists around the world can collaborate on experiments using globally distributed sensitive data sources. Hence, it has become imperative to augment scientific workflow systems as well as the underlying provenance management systems with data security protocols. Provenance systems, void of data security protocol, are susceptible to vulnerability. In this dissertation research, we delineate how scientific workflows can improve therapeutic practices in autism spectrum disorders. The data-intensive computation inherent in these workflows and sensitive nature of the data, necessitate support for scalable, parallel and robust provenance queries and secured view of data. With that in perspective, we propose $OPQL^{Pig}$, a parallel, robust, reliable and scalable provenance query language and introduce the concept of access privilege inheritance in the provenance systems. We characterize desirable properties of role-based access control protocol in scientific workflows and demonstrate how the qualities are integrated into the workflow provenance systems as well. Finally, we describe how these concepts fit within the DATAVIEW workflow management system

MAIN CONCEPTS OF THE DOCUMENT MANAGEMENT SYSTEM REQUIRED FOR ITS IMPLEMENTATION IN ENTERPRISES

This study is intended to study the system of electronic document circulation, its importance in the organization of documents. The main stages of the document lifecycle include creation, management/storage, access, retrieval, administration, reassignment, collaboration, distribution, preservation, disposal, storage. Definitions are given to such terms as "document", "electronic document", "control systems of documents" and "electronic document management systems". The study examined the features, advantages, disadvantages and capabilities of the electronic document management system. Thus, the main characteristics of the electronic document management system include the following parameters: scalability, compatibility, due availability, dynamism. The main advantage of the electronic document management system is document flow automation, and the disadvantage is significant financial costs. And the capabilities of the electronic document management system include the provision of a user interface, capture, indication and receipt, annotation, storage and archive, distribution, workflow, security and integration of the system. The main requirements for the organization of documents are identified on the basis of this information

A generic framework for process execution and secure multi-party transaction authorization

Process execution engines are not only an integral part of workflow and business process management systems but are increasingly used to build process-driven applications. In other words, they are potentially used in all kinds of software across all application domains. However, contemporary process engines and workflow systems are unsuitable for use in such diverse application scenarios for several reasons. The main shortcomings can be observed in the areas of interoperability, versatility, and programmability. Therefore, this thesis makes a step away from domain specific, monolithic workflow engines towards generic and versatile process runtime frameworks, which enable integration of process technology into all kinds of software. To achieve this, the idea and corresponding architecture of a generic and embeddable process virtual machine (ePVM), which supports defining process flows along the theoretical foundation of communicating extended finite state machines, are presented. The architecture focuses on the core process functionality such as control flow and state management, monitoring, persistence, and communication, while using JavaScript as a process definition language. This approach leads to a very generic yet easily programmable process framework. A fully functional prototype implementation of the proposed framework is provided along with multiple example applications. Despite the fact that business processes are increasingly automated and controlled by information systems, humans are still involved, directly or indirectly, in many of them. Thus, for process flows involving sensitive transactions, a highly secure authorization scheme supporting asynchronous multi-party transaction authorization must be available within process management systems. Therefore, along with the ePVM framework, this thesis presents a novel approach for secure remote multi-party transaction authentication - the zone trusted information channel (ZTIC). The ZTIC approach uniquely combines multiple desirable properties such as the highest level of security, ease-of-use, mobility, remote administration, and smooth integration with existing infrastructures into one device and method. Extensively evaluating both, the ePVM framework and the ZTIC, this thesis shows that ePVM in combination with the ZTIC approach represents a unique and very powerful framework for building workflow systems and process-driven applications including support for secure multi-party transaction authorization

Discovering social networks from event logs

Process mining techniques allow for the discovery of knowledge based on so-called “event logs”, i.e., a log recording the execution of activities in some business process. Many information systems provide such logs, e.g., most WFM, ERP, CRM, SCM, and B2B systems record transactions in a systematic way. Process mining techniques typically focus on performance and control-flow issues. However, event logs typically also log the performer, e.g., the person initiating or completing some activity. This paper focuses on mining social networks using this information. For example, it is possible to build a social network based on the hand-over of work from one performer to the next. By combining concepts from workflow management and social network analysis, it is possible to discover and analyze social networks. This paper defines metrics, presents a tool, and applies these to a real event log from a Dutch organization

MAIN CONCEPTS OF THE DOCUMENT MANAGEMENT SYSTEM REQUIRED FOR ITS IMPLEMENTATION IN ENTERPRISES

This study is intended to study the system of electronic document circulation, its importance in the organization of documents. The main stages of the document lifecycle include creation, management/storage, access, retrieval, administration, reassignment, collaboration, distribution, preservation, disposal, storage. Definitions are given to such terms as "document", "electronic document", "control systems of documents" and "electronic document management systems".The study examined the features, advantages, disadvantages and capabilities of the electronic document management system. Thus, the main characteristics of the electronic document management system include the following parameters: scalability, compatibility, due availability, dynamism. The main advantage of the electronic document management system is document flow automation, and the disadvantage is significant financial costs. And the capabilities of the electronic document management system include the provision of a user interface, capture, indication and receipt, annotation, storage and archive, distribution, workflow, security and integration of the system. The main requirements for the organization of documents are identified on the basis of this information

E-BioFlow: Different Perspectives on Scientific Workflows

We introduce a new type of workflow design system called\ud e-BioFlow and illustrate it by means of a simple sequence alignment workflow. E-BioFlow, intended to model advanced scientific workflows, enables the user to model a workflow from three different but strongly coupled perspectives: the control flow perspective, the data flow perspective, and the resource perspective. All three perspectives are of\ud equal importance, but workflow designers from different domains prefer different perspectives as entry points for their design, and a single workflow designer may prefer different perspectives in different stages of workflow design. Each perspective provides its own type of information, visualisation and support for validation. Combining these three perspectives in a single application provides a new and flexible way of modelling workflows

On Secure Workflow Decentralisation on the Internet

Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment