73,297 research outputs found
On Secure Workflow Decentralisation on the Internet
Decentralised workflow management systems are a new research area, where most
work to-date has focused on the system's overall architecture. As little
attention has been given to the security aspects in such systems, we follow a
security driven approach, and consider, from the perspective of available
security building blocks, how security can be implemented and what new
opportunities are presented when empowering the decentralised environment with
modern distributed security protocols. Our research is motivated by a more
general question of how to combine the positive enablers that email exchange
enjoys, with the general benefits of workflow systems, and more specifically
with the benefits that can be introduced in a decentralised environment. This
aims to equip email users with a set of tools to manage the semantics of a
message exchange, contents, participants and their roles in the exchange in an
environment that provides inherent assurances of security and privacy. This
work is based on a survey of contemporary distributed security protocols, and
considers how these protocols could be used in implementing a distributed
workflow management system with decentralised control . We review a set of
these protocols, focusing on the required message sequences in reviewing the
protocols, and discuss how these security protocols provide the foundations for
implementing core control-flow, data, and resource patterns in a distributed
workflow environment
Constraint Expressions and Workflow Satisfiability
A workflow specification defines a set of steps and the order in which those
steps must be executed. Security requirements and business rules may impose
constraints on which users are permitted to perform those steps. A workflow
specification is said to be satisfiable if there exists an assignment of
authorized users to workflow steps that satisfies all the constraints. An
algorithm for determining whether such an assignment exists is important, both
as a static analysis tool for workflow specifications, and for the construction
of run-time reference monitors for workflow management systems. We develop new
methods for determining workflow satisfiability based on the concept of
constraint expressions, which were introduced recently by Khan and Fong. These
methods are surprising versatile, enabling us to develop algorithms for, and
determine the complexity of, a number of different problems related to workflow
satisfiability.Comment: arXiv admin note: text overlap with arXiv:1205.0852; to appear in
Proceedings of SACMAT 201
Supporting Quality of Service in Scientific Workflows
While workflow management systems have been utilized in enterprises to support
businesses for almost two decades, the use of workflows in scientific environments
was fairly uncommon until recently. Nowadays, scientists use workflow systems to
conduct scientific experiments, simulations, and distributed computations. However,
most scientific workflow management systems have not been built using existing
workflow technology; rather they have been designed and developed from
scratch. Due to the lack of generality of early scientific workflow systems, many
domain-specific workflow systems have been developed. Generally speaking, those
domain-specific approaches lack common acceptance and tool support and offer
lower robustness compared to business workflow systems.
In this thesis, the use of the industry standard BPEL, a workflow language
for modeling business processes, is proposed for the modeling and the execution of
scientific workflows. Due to the widespread use of BPEL in enterprises, a number
of stable and mature software products exist. The language is expressive (Turingcomplete)
and not restricted to specific applications. BPEL is well suited for the
modeling of scientific workflows, but existing implementations of the standard lack
important features that are necessary for the execution of scientific workflows.
This work presents components that extend an existing implementation of the
BPEL standard and eliminate the identified weaknesses. The components thus provide
the technical basis for use of BPEL in academia. The particular focus is on
so-called non-functional (Quality of Service) requirements. These requirements include
scalability, reliability (fault tolerance), data security, and cost (of executing a
workflow). From a technical perspective, the workflow system must be able to interface
with the middleware systems that are commonly used by the scientific workflow
community to allow access to heterogeneous, distributed resources (especially Grid
and Cloud resources).
The major components cover exactly these requirements:
Cloud Resource Provisioner Scalability of the workflow system is achieved by
automatically adding additional (Cloud) resources to the workflow system’s
resource pool when the workflow system is heavily loaded.
Fault Tolerance Module High reliability is achieved via continuous monitoring
of workflow execution and corrective interventions, such as re-execution of a
failed workflow step or replacement of the faulty resource.
Cost Aware Data Flow Aware Scheduler The majority of scientific workflow
systems only take the performance and utilization of resources for the execution
of workflow steps into account when making scheduling decisions. The
presented workflow system goes beyond that. By defining preference values
for the weighting of costs and the anticipated workflow execution time,
workflow users may influence the resource selection process. The developed multiobjective
scheduling algorithm respects the defined weighting and makes both
efficient and advantageous decisions using a heuristic approach.
Security Extensions Because it supports various encryption, signature and authentication
mechanisms (e.g., Grid Security Infrastructure), the workflow
system guarantees data security in the transfer of workflow data.
Furthermore, this work identifies the need to equip workflow developers with
workflow modeling tools that can be used intuitively. This dissertation presents
two modeling tools that support users with different needs. The first tool, DAVO
(domain-adaptable, Visual BPEL Orchestrator), operates at a low level of abstraction
and allows users with knowledge of BPEL to use the full extent of the language.
DAVO is a software that offers extensibility and customizability for different application
domains. These features are used in the implementation of the second tool,
SimpleBPEL Composer. SimpleBPEL is aimed at users with little or no background
in computer science and allows for quick and intuitive development of BPEL workflows based on predefined components
SecFlow: Adaptive Security-Aware Workflow Management System in Multi-Cloud Environments
In this paper, we propose an architecture for a security-aware workflow
management system (WfMS) we call SecFlow in answer to the recent developments
of combining workflow management systems with Cloud environments and the still
lacking abilities of such systems to ensure the security and privacy of
cloud-based workflows. The SecFlow architecture focuses on full workflow life
cycle coverage as, in addition to the existing approaches to design
security-aware processes, there is a need to fill in the gap of maintaining
security properties of workflows during their execution phase. To address this
gap, we derive the requirements for such a security-aware WfMS and design a
system architecture that meets these requirements. SecFlow integrates key
functional components such as secure model construction, security-aware service
selection, security violation detection, and adaptive response mechanisms while
considering all potential malicious parties in multi-tenant and cloud-based
WfMS.Comment: 16 pages, 6 figure
On the satisfiability of constraints in workflow systems
Separation of duty and binding of duty in workflow systems is an
important area of current research in computer security. We
introduce a formal model for constrained workflow systems that
incorporate constraints for implementing such policies. We define an
entailment constraint, which is defined on a pair of tasks in a work
flow, and show that such constraints can be used to model many
familiar authorization policies. We show that a set of entailment
constraints can be manipulated algebraically in order to compute all
possible dependencies between tasks in the workflow. The resulting
set of constraints form the basis for an analysis of the
satisfiability of a workflow. We briefly consider how this analysis
can be used to implement a reference monitor for workflow systems
Recommended from our members
Survivor: An Approach for Adding Dependability to Legacy Workflow Systems
Although they often provide critical services, most workflow systems are not dependable. There has been much literature on dependable/survivable distributed systems; most is concerned with developing new architectures, not adapting pre-existing ones. Additionally, the literature is focused on hardening, security-based defense, as opposed to recovery. For deployed systems, it is often infeasible to completely replace existing infrastructures; what is more pragmatic are ways in which existing distributed systems can be adapted to offer better dependability. In this paper, we outline a general architecture that can easily be retrofitted to legacy workflow systems in order to improve dependability and fault tolerance. We do this by monitoring enactment and replicating partial workflow states as tools for detection, analysis and recovery. We discuss some policies that can guide these mechanisms. Finally, we describe and evaluate our implementation, Survivor, which modified an existing workflow system provided by the Naval Research Lab
Combined automotive safety and security pattern engineering approach
Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt
ICT in Czech companies: business efficiency potentials to be achieved.
The paper deals with business potential analysis based on the data published by Czech Statistic Authority (SĂš). It shows that the infrastructure state of the art even in small Czech companies enables to expand ERP and CRM systems, trading over Internet, Supply Chain Management and other new trends. Internet security is here of greatest importance, however it cannot be seen as major obstacle for new trading methods. The greatest challenge identified is the process and workflow optimization. To streamline workflow the document management supporting nearly seamless integration crossover the functional areas is of greatest importance. Moreover, process optimization can run into difficulties due to cross-organization functionalities of new IT architecture concepts like Service Oriented Architecture, WEB2 concepts and other methods and means. In this paper the value flow approach is shortly mentioned as an alternative to process modeling and workflow approach. Value oriented methods can overcome the process oriented approach limitations.ICT infrastructure; Business processes; Process modeling; Document management; Value chains; Business semantics
- …