在本論文中,我們提出了一個新興的基於雲端的工作流程管理系統架構。首 先,由於在工作流程程序實例中結合了元素式加密法以及嵌入鏈狀的數位簽章,
我們的系統滿足了主要的安全性需求,像是身分認證、資料保密性、資料完整性 以及不可否認性。第二,我們所提出的系統支援多租戶技術。所有的工作流程程 序實例可以被放在一個文件池中,其安全機制可以滿足資料安全性以及資料隔離 性。為了執行的隔離性,流程活動的執行會在客戶端的 AEA 上運作,因此租戶 的執行作業是獨立於其他人的。第三,除了多租戶技術,受控制的資料共享讓其 適合成為跨企業的工作流程管理系統,其透過在使用者之間交換資料,而可以提 供在雲端協作的工作流程執行服務。第四,多租戶系統將不可避免地接受大量的 請求,因此必須要具有可擴展性。我們研究如何使用 BigTable 儲存工作流程程 序實例以及實做在BigTable 內所需的操作,其可用以支援工作流程的執行。我們 的系統是可擴展的,因為即使當多租戶組織的參與者的工作流程程序實例形成一 個 big data 時,我們系統也是能夠操作的。最後,據我們所知,我們的系統是第 一個解決將基於雲端的工作流程管理系統建構在不受信任的伺服器的問題。受客 戶端控制的工作流程程序實例遷移及備份連同在我們系統中的安全性機制,讓客 戶端組織可以利用不受信任的雲端基礎建設去實作利用雲端協作模式之跨企業 工作流程管理系統。實作與實驗結果則展示了我們所提出的系統的可行性。
48
附錄A 實驗數據
表A-1. 文件池中存有不同數量的文件時,提取文件的時間數據 單位:毫秒(ms)
CSIE cluster
10 100 1000 10000 100000 Initial Document
X 0 1344 1326 1349 1332 1358
ICLAB cluster
10 100 1000 10000 100000 Initial Document
X 0 255 255 241 244 242
49
表A-2. 文件池中存有不同數量的文件時,驗證文件的時間數據 單位:毫秒(ms)
CSIE cluster
10 100 1000 10000 100000 Initial Document
X 0 170 171 166 163 169
ICLAB cluster
10 100 1000 10000 100000 Initial Document
X 0 47 47 47 45 46
單位:毫秒(ms) CSIE cluster
10 100 1000 10000 100000 Initial Document
X 0 183 179 185 170 183
ICLAB cluster
10 100 1000 10000 100000 Initial Document
X 0 56 55 57 58 58
51
表A-4. 文件池中存有不同數量的文件時,存入文件的時間數據 單位:毫秒(ms)
CSIE cluster
10 100 1000 10000 100000 Initial Document
X 0 1617 1589 1617 1618 1639
ICLAB cluster
10 100 1000 10000 100000 Initial Document
X 0 362 357 354 353 359
單位:毫秒(ms) CSIE cluster
10 100 1000 10000 100000 Direct Scan 1475 4736 20156 154341 1384848
MR Search 47372 53152 62354 89452 290720 ICLAB cluster
10 100 1000 10000 100000 Direct Scan 307 2013 13996 168877 1574489
MR Search 24399 27389 39803 94455 395208
53
參考著作
1. D. Georgakopoulos, M. Hornick, and A. Shet, “Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure,”
Distributed and Parallel Databases, Vol. 3, No. 2, 1995, Pages 119–153.
2. Shi Meilin, Yang Guangxin, Xiang Yong, and Wu Shangguang, ”Workflow Management Systems: A Survey,” International Conference on Communication Technology, 1998.
3. “Workflow Management Coalition. Workflow: An Introduction,” Workflow Handbook, 2002.
4. “Workflow Software via Cloud Computing Service – RunMyProcess,”
http://www.runmyprocess.com/.
5. “Visual Workflow: experience the speed of visual app development,”
http://www.salesforce.com/platform/cloud-platform/workflow.jsp.
6. “Aneka: Enabling .NET-based Enterprise Grid and Cloud Computing, ”http://www.manjrasoft.com/products.html.
7. “Azure Services Platform,”
http://en.wikipedia.org/wiki/Microsoft_Azure#Azure_Platform_Components.
8. “Implementing Workflows on Google App Engine with Fantasm,”
http://code.google.com/intl/zh-TW/appengine/articles/fantasm.html.
9. S. Ceri, P. Grefen, and G. Sánchez, “WIDE − A Distributed Architecture for Workflow Management,” The 7th Int. Workshop on Research Issues in Data Engineering, Birmingham, 1997.
10. P. Muth, D. Wodtke, J. Weißenfels, A. Kotz-Dittrich, and G. Weikum, “From Centralized Workflow Specification to Distributed Workflow Execution,”
Journal of Intelligent Information Systems, 10(2):159-184, 1998.
Approach for Large Workflow Management Systems,” Joint Conf. on Work Activities Coordination and Collaboration, San Francisco, 1999.
12. T. Bauer and P. Dadam, “Efficient Distributed Workflow Management Based on Variable Server Assignments,” B. Wangler, L. Bergman (Eds.): CAiSE 2000, LNCS 1789, pp. 94-109, 2000.
13. Li-jie Jin, Fabio Casati, Mehmet Sayal, and Ming-Chien Shan, “Load balancing in distributed workflow management system,” Proceedings of the 2001 ACM symposium on Applied computing (SAC '01).
14. George Coulouris, Jean Dollimore, Tim Kindberg. “Distributed Systems:
Concepts and Design (3rd Edition),” Addison-Wesley, 2000.
15. Bojanova, Irena; Zhang, Jia; Zhang, Liang-Jie, “Enforcing Multitenancy for Cloud Computing Environments,” IT Professional, Volume 14, Issue 1, 2012.
16. Milinda Pathirage, Srinath Perera, Indika Kumara , and Sanjiva Weerawarana,
“A Multi-tenant Architecture for Business Process Executions,” Proceedings of the 2011 IEEE International Conference on Web Services, pp. 121-128.
17. Chun-Feng Liao, Kung Chen, and Jiu-Jye Chen, “Toward a Tenant-aware Query Rewriting Engine for Universal Table Schema-Mapping,” IEEE International Conference on Cloud Computing Technology and Science (IEEE CloudCom 2012), presented in 2012 International Workshop on SaaS (Software-as-a-Service) Architecture and Engineering, Taipei, Taiwan, 2012.
18. C. D. Weissman and S. Bobrowski, ”The design of the Froce.com multitenant internet application development platform,” in Proc. ACM SIGMOD International Conference on Management of Data, 2009.
19. “Google docs,” http://docs.google.com.
20. “Google calendar,” http://www.google.com/calendar.
21. Ariel J. Feldman, William P. Zeller, Michael J. Freedman, and Edward W.
Felten, “SPORC: Group Collaboration using Untrusted Cloud Resources,” the
55
9TH USENIX SYMPOSIUM ON OPERATING SYSTEMS SYSTEMS DESIGN AND IMPLEMENTATION, 2010.
22. A. Adya, W. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. Douceur, J.
Howell, J. Lorch, M. Theimer, and R. Wattenhofer, “FARSITE: Federated, Available, and Eliable Storage for an Incompletely Trusted Environment,” In OSDI, pages 1–14, December 2002.
23. J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels, R.
Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao,
“Oceanstore: An Architecture for Global-scale Persistent Storage,” In ASPLOS, December 2000.
24. G. Ganger, P. Khosla, M. Bakkaloglu, M. Bigrigg, G. Goodson, S. Oguz, V.
Pandurangan, C. Soules, J. Strunk, and J. Wylie, “Survivable storage systems.
In DARPA Information Survivability Conference and Exposition,” IEEE, volume 2, pages 184–195, June 2001.
25. P. Druschel and A. Rowstron, “Storage management and caching in PAST, a large-scale, persistent peerto-peer storage utility,” In SOSP, 2001.
26. Eu-Jin Goh, Hovav Shacham, Nagendra Modadugu, and Dan Boneh, “Sirius:
securing remote unstrusted storage,” In NDSS (2003).
27. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, “Plutus:
Scalable Secure File Sharing on Untrusted Storage,” In USENIX FAST (2003).
28. Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang, “Enabling Security in Cloud Storage SLAs with CloudProof,” in USENIX Annual Technical Conference, June 2011.
29. Adam Jacobs, “The Pathologies of Big Data,” ACMQueue (http://queue.acm.org/detail.cfm?id=1563874), July 6th, 2009.
30. Gwan-Hwan Hwang and Yu-Cheng Hsiao, “A Security Framework for Decentralized Workflow Management Systems,” Technical Report, National
Taiwan Normal University, 2011,
011_12_01.pdf.
31. Gwan-Hwan Hwang and Tao-Ku Chang, “An Operational Model and Language Support for Securing XML Documents,” Computers &
Security,Volume 23, Issue 6, pp. 498-529, 2004.
32. Gwan-Hwan Hwang and Tao-Ku Chang, “Towards Attribute Encryption and a Generalized Encryption Model for XML,” The 4th International Conference on Internet Computing 2003 (IC'03), Las Vegas, Nevada, USA.
33. OMG, “Business Process Modeling Notation (BPMN) 1.2,” 2009.
34. WFMC, ”Workflow Management Coalition Workflow Standard: Workflow Process Definition Interface – XML Process Definition Language (XPDL) (WFMC-TC-1025),” Technical report, Workflow Management Coalition, Lighthouse Point, Florida, USA, 2002.
35. V. Atluri, S. Chun, and P. Mazzoleni, ”Chinese Wall Security for Decentralized Workflow Management Systems,” Journal of Computer Security, Volume 12, Number 6, 2004.
36. Fay Chang, Jeffrey Dean, Sanjay Ghemawat, Wilson C. Hsieh, Deborah A.
Wallach, Mike Burrows, Tushar Chandra, Andrew Fikes, and Robert E. Gruber,
"Bigtable: A Distributed Storage System for Structured Data," OSDI'06:
Seventh Symposium on Operating System Design and Implementation, Seattle, WA, November, 2006.
37. Tom White, “Hadoop: The Definitive Guide,” O'Reilly Media., ISBN 978-1-4493-3877-0, May 10th, 2012.
38. AMAZON, “Amazon S3 Service Level Agreement,”
http://aws.amazon.com/s3-sla/.
39. MICROSOFT CORPORATION. “Windows Azure Pricing and Service Agreement,” http://www.microsoft.com/windowsazure/pricng/.
57
40. Aleš Frece, Gregor Srdić, and Matjaž B. Jurič, “BPM and iBPMS in the Cloud,”
Proceedings of the 1st International Conference on CLoud Assisted ServiceS Bled, 25 October 2012.
41. Apache Software Foundation, “Apache ODE,” http://ode.apache.org/.
42. A. Azeez and S. Perera et al., “Multi-Tenant SOA Middle- ware for Cloud Computing,” 3rd IEEE Conference on Cloud Computing, 2010.
43. Tobias Anstett, Frank Leymann, Ralph Mietzner, and Steve Strauch, “Towards BPEL in the Cloud: Exploiting Different Delivery Models for the Execution of Business Processes,” 2009 World Conference on Services – I, pp. 670-677.
44. Han YB, Sun JY, and Wang GL, “A Cloud-based BPM Architecture with User-end Distribution of Non-compute-intensive Activities and Sensitive Data,”
JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 25(6): 1157–
1167 Nov. 2010.
45. Vinod Muthusamy and Hans-Arno Jacobsen, “BPM in Cloud Architectures:
Business Process Management with SLAs and Events,” Business Process Management 2010, Hoboken, NJ, USA, pp. 5-10.
46. Yongqing Zheng, Jinshan Pang, Jian Li, and Li-zhen Cui, “Business Process Oriented Platform-as-a-Service Framework for Process Instances Intensive Applications,” IPDPS Workshops 2012, pp. 2320-2327.
47. Lei Mao, Yongguo Yang, and Hui Xu, “Design and Optimization of Cloud-Oriented Workflow System,” Journal of Software, Volume, 8(1):
251-258 (2013).
48. Fernando Antônio, Aires Lins, Robson W. A. Medeiros, Bruno L. B. Silva, Andre R. R. Souza, David Aragão, Julio C. Damasceno, Paulo Romero Martins Maciel, Nelson Souto Rosa, Bryan Stephenson, and J. Li, “SSC4Cloud Tooling:
An Integrated Environment for the Development of Business Processes with Security Requirements in the Cloud,” SERVICES 2011,pp. 53-60.
peer-to-peer based cloud workflow system for managing instance intensive applications,” in: Handbook of Cloud Computing, Springer, 2010, pp. 309–332.
50. Huang Hua, Zhang Yi-Lai, and Zhang Min, “A Survey of Cloud Workflow,”
Proceedings of the 2nd International Conference On Systems Engineering and Modeling (ICSEM-13), 2013.