In the first part of this dissertation we have described how to implement the CWSM in a WfMS. The presented examples demonstrate that RBAC with dynamic role-subject and role-permission binding can be applied to implement the CWSM in certain situations. However, we also show that RBAC cannot handle general cases of the CWSM – the BN read rule can be simulated in RBAC with some limitations, whereas the BN write rule cannot be implemented in RBAC. We propose an API that the system developer can use to specify the CWSM. Access control based on the CWSM can be integrated with the dynamic behavior of the workflow process. In addition to supporting the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set), this API can specify several requirements of the dynamic security policy that arise when we want to apply the CWSM in WfMSs. The implementation and experiment demonstrate the feasibility of the proposed scheme.
The popularity of engine-based distributed WfMSs is increasing in today’s global network-based environment. However, they are confronted by several difficulties, including lack of scalability, need for load balancing, susceptibility to denial-of-service attacks, and the problem of sharing process instances in an inter-enterprise or cross-organization environment. In the second part of this dissertation we present the architecture of a document-routing WfMS that does not employ a workflow engine to execute activities, which avoids the above-mentioned problems that may arise in engine-based distributed WfMSs. First, there is no need for the participants to communicate with workflow engines, so that workflow engines cannot be bottlenecks in
the execution of workflow processes. The issues of lack of scalability and load balancing between workflow engines also disappear. Although we need a TFC server for workflow monitoring, the associated computation requirements are minimal. Also, TFC servers do not need to share any workflow process instances. Second, since there are no workflow engines, they are not susceptible to the denial-of-service attack. Third, applying element-wise encryption and a cascade-based method to embed digital signatures means that a DRA4WfMS document is self-protected, and does not need a access-control server to secure the data therein. Thus, the method can be easily applied to an inter-enterprise or cross-organization environment.
Because the DRA4WfMS fulfills all of the main security requirements, the format and syntax of DRA4WfMS documents represent an appropriate standard for storing workflow process instances. It can also be applied in an engine-based WfMS. For example, we can apply the DRA4WfMS to a centralized WfMS as follows: When a user connects to a workflow engine, the workflow engine checks what activities are going to be executed by that user. Since the workflow process instances are stored as DRA4WfMS documents, the workflow engine simply sends a copy of the DRA4WfMS document that represents the workflow process instance. The user employs an AEA to execute the activity and generate a DRA4WfMS document by embedding a CER and send it back to the workflow engine. This provides at least three advantages: (1) nonrepudiation is obtained automatically, (2) the work flow process instances are not protected by any database server, so that the administrator of the database cannot access confidential data, and (3) we can easily extend a centralized WfMS to a distributed WfMS with multiple workflow servers by transmitting DRA4WfMS documents
between these workflow servers.
The architecture of the DRA4WfMS does not require a workflow engine to control the execution of activities, which avoids the security problems that may arise in engine-based distributed WfMSs. The application of element-wise encryption and a cascade-based method of embedding digital signatures makes a DRA4WfMS document self-protected without requiring an access-control server. As a result, security requirements such as authentication, confidentiality, data integrity, and nonrepudiation do not need to rely on service- level agreements between users and cloud service providers. The user does not have to worry about alteration to the contents of workflow process instances because any illegal modification of a process instance will be detected by cryptographic algorithms. Thus, different enterprises or organizations can simultaneously use a single DRA4WfMS cloud system. It is easy to implement a cross-enterprise WfMS in the DRA4WfMS cloud system. The proposed framework can be used to construct WfMSs in private, community, hybrid, and public clouds.
Our implementation of the DRA4WfMS API and the DRA4WfMS cloud system in the HBase database of Apache Hadoop has demonstrated the feasibility of the proposed framework. The current Hadoop cluster has only a small number of data nodes. We are working on extending the number of data nodes in our system and measuring the performance of querying, storing, monitoring, and statistical analyses when the pool of DRA4WfMS documents contains a huge number of documents.
In the third part of this dissertation we propose a security framework to solve the problem that e xisting security standards of an SOA such as WS-Security, WS-SecurityPolicy, and WS-Trust only support the point-to-point security requirements
of individual services. As long as each service provider can comply with the protocol defined by the DRA4SOA to embed its calling record in the DRA4SOA message, the structure of a CCG dynamically formed by a service invocation of an originator can be derived from that message. Service providers can design their own access control policies according to the information contained in the dynamically formed CCG. The DRA4SOA can also fulfill security requirements of authentication, confidentiality, data integrity, and nonrepudiation.
We also investigated how to integrate the DRA4SOA with existing SOA standards such as Web-service-related security standards. The proposed DRA4SOA API demonstrates that calling-chain-based access control can be implemented with minimal programming effort. The DRA4SOA security framework can fulfill major security requirements and calling-chain-based access control without requiring a trusted third party. We also conducted experiments to examine the overhead of involving DRA4SOA messages in SOAP messages, with the results showing the overhead for the size of SOAP messages and the required run-time to construct CCGs from SOAP messages.
The implementation and experimental results demonstrate the feasibility of the proposed system.
Cloud collaboration for documents is a newly emerging way of sharing and co-authoring documents through the use of cloud computing. Furthermore, the issues of trusted execution in untrusted cloud infrastructure received much attention when cloud computing provided concrete use cases. Our future work is to propose a secured, scalable, and multitenancy WfMS in which it supports workflow enactment by cloud collaboration.
149
References
1. D. Georgakopoulos, M. Hornick, and A. Shet, “Overview of Workflow Management: From Process Modeling to Workflow Automation Infrastructure,”
Distributed and Parallel Databases, Vol. 3, No. 2, 1995, pp. 119-153.
2. S. Meilin, Y. Guangxin, X. Yong, and W. Shangguang, “Workflow Management Systems: A Survey,” International Conference on Communication Technology, 1998, pp. 1-5.
3. A. Elmagarmid and W. Du, “Workflow Management: State of the Art vs. State of the Market,” in Proceedings of NATO Advanced Study Institute on Workflow Management Systems, 1997, pp. 1-17.
4. Workflow Management Coalition, “Workflow Reference Model,” Workflow Management Coalition Standard, WfMC-TC-1003, 1995.
5. Workflow Management Coalition, “Workflow: An Introduction,” Workflow Handbook, Future Strategies Inc., USA, 2002.
6. S. Ceri, P. Grefen, and G. Sánchez, “WIDE − A Distributed Architecture for Workflow Management,” The 7th Int. Workshop on Research Issues in Data Engineering, Birmingham, 1997, pp. 76-79.
7. P. Muth, D. Wodtke, J. Weißenfels, A. Kotz-Dittrich, and G. Weikum, “From Centralized Workflow Specification to Distributed Workflow Execution,”
Journal of Intelligent Information Systems, Vol 10, No. 2, 1998, pp. 159-184.
8. H. Schuster, J. Neeb, and R. Schamburger, “A Configuration Management Approach for Large Workflow Management Systems,” in Proceedings of Joint Conference on Work Activities Coordination and Collaboration, San Francisco, 1999, pp. 177-186.
9. G. Coulouris, J. Dollimore, and T. Kindberg, “Distributed Systems: Concepts and Design (3rd Edition),” Addison Wesley, USA, 2000.
10. V. Atluri, “Security for Workflow Systems,” Information Security Technical Report, Vol. 6, No. 2, 2001, pp. 59-68.
11. Bauer, T. and Dadam, P., “Efficient Distributed Workflow Management Based on Variable Server Assignments,” In Proceedings of 12th Int'l Conf. on Advanced Information Systems Engineering (CAiSE '00). Stockholm, Sweden, 1789, 2000, pp. 94–109,
12. Jin, L. J., Casati, F., Sayal, M., and Shan, M. C., “Load balancing in distributed workflow management system,” In Proceedings of the 2001 ACM symposium on Applied computing (SAC '01), 2001.
13. D.F.C. Brewer and M. J. Nash, “The chinese wall security policy,” in Proceedings of IEEE Symposium on Security and Privacy, 1989, pp. 206-214.
14. B. W. Lampson, “Protection,” in Proceedings of the 5th Princeton Conference on Information Sciences and Systems, 1971, pp. 437.
15. R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” IEEE Computer, Vol. 29, No. 2, 1996, pp. 38-47.
16. E. Bertino, E. Ferrari, and V. Atluri, “A Flexible Model Supporting the Specification and Enforcement of Role-based Authorizations in Workflow Management Systems,” in Proceedings of the ACM Workshop on Role-Based Access Control, 1997, pp. 1-12.
17. C. Payne, D. Thomsen, J. Bogle, and R. O’Brien, “Napoleon: A Recipe for Workflow,” in Proceedings of the 15th Computer Security Applications Conference, 1999, pp. 134-142.
18. G. J. Ahn, R. Sandhu, M. Kang, and J. Park, “Injecting RBAC to Secure a Web-Based Workflow System,” in Proceedings of the 5’th ACM Workshop on Role-Based Access Control, 2000, pp. 1-10.
19. S.C. Chou, A.F. Liu, and C.J. Wu, “Preventing information leakage within workflows that execute among competing organizations,” Journal of Systems and Software, Vol. 75(1-2), 2005, pp. 109-123.
20. Hwang, G. H. and Chang, T. K., “An Operational Model and Language Support for Securing XML Documents,” Computers & Security, 23, 6, 2004, pp. 498–529.
21. Hwang, G. H. and Chang, T. K., “Towards Attribute Encryption and a Generalized Encryption Model for XML,” The 4th International Conference on Internet Computing (IC'03), Las Vegas, Nevada, USA, 2003.
22. Workflow Management Coalition, “Workflow Management Coalition Workflow Standard: Workflow Process Definition Interface – XML Process Definition Language (XPDL) (WFMC-TC-1025), Technical report,” Lighthouse Point, Florida, USA, 2002.
23. Arkin, A., “Business Process Modeling Language (BPML),” BPMI.org, 2002.
24. UN/CEFACT and OASIS, “UN/CEFACT and OASIS: ebXML Business Process Specification Schema (Version 1.01),” 2001.
25. OASIS Standard, “Web Services Business Process Execution Language Version 2.0.” http://docs.oasis-open.org/wsbpel/2.0/wsbpel-v2.0.html, 2007.
26. Arkin, A., Askary, S., Fordin, S., Jekeli, W., Kawaguchi, K., Orchard, D., Pogliani, S., Riemer, K., Struble, S., Takacsi-Nagy, P., Trickovic, I., and Zimek, S., “Web Service Choreography Interface (WSCI) 1.0.” World Wide Web Consortium, Boston, USA, 2002.
27. “Workflow Software via Cloud Computing Service - RunMyProcess.”
http://www.runmyprocess.com/.
28. “Visual Workflow: experience the speed of visual app development.”
http://www.salesforce.com/platform/cloud-platform/workflow.jsp.
29. “Aneka: Enabling .NET-based Enterprise Grid and Cloud Computing.”
http://www.manjrasoft.com/products.html.
30. “Azure Services Platform.”
http://en.wikipedia.org/wiki/Microsoft_Azure#Azure_Platform_Components.
31. “Implementing Workflows on Google App Engine with Fantasm.”
http://code.google.com/intl/zh-TW/appengine/articles/fantasm.html.
32 OASIS, “Reference Model for Service Oriented Architecture 1.0,” OASIS Standard, 12 October 2006, http://www.oasis-open.org/committees/soa-rm.
33 Michael Bell, “Introduction to Service-Oriented Modeling,” Service-Oriented Modeling: Service Analysis, Design, and Architecture, Wiley & Sons, ISBN 978-0-470-14111-3, 2008.
34 W3C, “Web Services Architecture”, http://www.w3.org/TR/ws-arch/, 2004.
35 Internet Engineering Task Force (IETF), “The Secure Sockets Layer (SSL) Protocol Version 3.0,” http://tools.ietf.org/html/rfc6101, 2011.
36 A. Singhal, T. Winograd, and K. Scarfone, “Guide to Secure Web Service,” NIST Special Publication 800-95, 2007.
37 OASIS, “WS-SecurityPolicy,” OASIS Standard, February 2009, http://www.oasis-open.org/committees/ws-sx/.
38 OASIS, “WS-Trust,” OASIS Standard, February 2009, http://www.oasis-open.org/committees/ws-sx/.
39 Robert W. Sebesta, “Concepts of Programming Languages, 9/e,” Addison-Wesley, ISBN: 0-13-607347-6, 2010.
40 Internet Engineering Task Force (IETF), “RPC: Remote Procedure Call Protocol Specification Version 2,” http://tools.ietf.org/html/rfc1831, 1995
41 William Grosso, “Java RMI,” O’Reilly Media, ISBN:978-1-56592-452-9, 2001
42 Alan H. Karp, “Authorization-Based Access Control for the Services Oriented Architecture,” Fourth International Conference on Creating, Connecting and Collaborating through Computing (C5’06), January 2006, c5, pp.160-167.
43. M. S. Olivier, R. P. van de Riet, and E. Gudes, “Specifying application-level security in workflow systems,” in Proceeding of the 9th International Workshop on Database and Expert Systems Applications, 1998, pp. 346-351.
44. K. Knorr, “Dynamic access control through petri net workflows,” in Proceedings of the 16th Annual Conference on Computer Security Application, 2000, pp.
159-167.
45. R. K. Thomas and R. S. Sandhu, “Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management,”
in Proceedings of the IFIP WG11.3 Workshop on Database Security, 1997, pp.
166-181.
46. X. Dong, G. Chen, J. Yin, and J. Dong, “Petri-net-based Context Related Access Control in Workflow Environment,” in Proceedings of the 7th International Conference on Computer Supported Cooperative Work in Design, 2002, pp.
381-384.
47. R. Smith, “Chapter 205: Multilevel security,” Handbook of Information Security, Volume 3, Threats, Vulnerabilities, Prevention, Detection and Management, Hossein Bidgoli, ed., ISBN 0-471-64832-9, John Wiley, USA, 2006.
48. M.H. Kang, B.J. Eppinger, and J.N. Froscher, “Tools to Support Secure Enterprise Computing,” in Proceedings of the 15th Annual Computer Security Application Conference, 1999, pp. 143-152.
49. M.H. Kang, J.N. Froscher, A.P. Sheth, and K.J. Kochut, “A Multilevel Secure Workflow Management System,” in Proceedings of 11th Conference on Advanced Information Systems Engineering, 1996, pp. 271-285.
50. V.I. Wietrzyk, M. Takazawa, M.A. Orgun, and V. Varadharajan, “A Secure Transaction Environment for Workflows in Distributed Systems,” in Proceedings of the Eighth International Conference on Parallel and Distributed Systems, 2001, pp. 198-205.
51. V. Atluri and W.K. Huang, “An authorization model for workflows,” in Proceedings of the Fourth European Symposium on Research in Computer Security, Rome, Italy, September, 1996, pp. 25-27.
52. J. S. Park, M. H. Kang, and J. N. Froscher, “A Secure Workflow System for Dynamic Collaboration,” in Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge, Paris, France, 2001, pp. 167-182.
53. D. Thomsen, D. O’Brien, and J. Bogle, “Role Based Access Control Framework for Network Enterprises,” in Proceedings of the 14th Annual Computer Security Applications Conference, 1998, pp. 50-58.
54. W.K. Huang and V. Atluri, “SecureFlow: a secure Web-enabled workflow management system,” in Proceedings of the fourth ACM workshop on Role-based access control, October 1999, pp. 83-94.
55. J. S. Park and R. Sandhu, “RBAC on the Web by Smart Certificates,” in Proceedings of the fourth ACM workshop on Role-based access control, October 1999, pp. 1-9.
56. D. Basin, J. Doser, and T. Lodderstedt, “Model Driven Security for Process-oriented Systems,” in Proceedings of the Eighth ACM Symposium on Access Control Models and Applications, 2003, pp. 100-109.
57. J.S. Park and J. Hwang, “Role-based Access Control for Collaborative Enterprise in Peer-to-peer Computing Environments,” in Proceedings of the Eighth ACM Symposium on Access Control Models and Applications, 2003, pp. 93-99.
58. S. Das, K. Kochut, J. Miller, A. Sheth, and D. Worah, “ORBWork: A Reliable Distributed CORBA-based Workflow Enactment System for METEOR2,”
Technical Report UGA-CS-TR-97-001, University of Georgia, February 1997.
59. J. A. Miller, M. Fan, S. Wu, I. B. Arpinar, A. P. Sheth, and K. J. Kochut,
“Security for the Meteor Workflow Management System,” Technical Report UGA-CS-LSDIS-TR-99-010, University of Georgia, June 1999.
60. G. H. Hwang, Y. C. Hsiao, and S. H. Chang, “XDWfMS: An XML-Based Distributed Workflow Management System,” The Fifth International Workshop on XML Technology and Applications (XMLTech'07), Las Vegas, Nevada, USA, June 25-28, 2007, pp. 318-324.
61. A.H. Karp, H. Haury, and M.H. Davis, “From ABAC to ZBAC: the Evolution of Access Control Models,” Technical report HPL-2009-30, HP Labs, 21 Feb. 2009 62. J. Park and R. Sandhu, “The UCONABC usage control model,” ACM Transactions
on Information and System Security (TISSEC), Vol. 7, Issue 1, New York, NY, USA, February 2004, pp. 128-174.
63. D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding Attributes to Role-Based Access Control,” Computer, Vol. 43, Issue 6, June 2010, pp. 79-81.
64. H. Yao, H. Hu, B. Huang, and R. Li, “Dynamic Role and Context-Based Access Control for Grid Applications,” in Proceeding PDCAT '05 Proceedings of the Sixth International Conference on Parallel and Distributed Computing, 2005, pp.
404-406.
65. M. Strembeck and G. Neumann, “An integrated approach to engineer and enforce context constraints in RBAC environments,” ACM Transactions on Information and System Security (TISSEC), Vol. 7, Issue 3, New York, NY, USA, August 2004, pp. 392-427.
66. R. S. Sandhu, “A Lattice Interpretation of the Chinese Wall Policy,” in Proceedings of the 15th NIST-NCSC National Computer Security Conference, 1992, pp. 329-339.
67. V. Atluri, S. Chun and P. Mazzoleni, “Chinese Wall Security for Decentralized Workflow Management Systems,” Journal of Computer Security, Vol. 12, No. 6, 2004, pp. 799-840.
68. Y. C. Hsiao and G. H. Hwang, “Implementing the Chinese Wall Security Model in Workflow Management Systems,” The 2010 IEEE International Symposium on Parallel and Distributed Processing with Applications (IEEE ISPA 2010), Taipei, Taiwan, September 6-9, 2010, pp. 574-581.
69. Alonso, G., Mohan, C., Gunthor, R., Agrawal, D., El Abbadi, A., and Kamath, M.,
“Exoticd/FMQM: A Persistent Message-Based Architecture for Distributed Workflow Management,” In IFIP WG8. I Working Conference on Information System Development for Decentralized Organizations, Trondheim, Norway, Aug, 1–18, 1995.
70. Wietrzyk, V. I. and Takizawa, M., “DistributedWorkflows: A Framework for Electronic Commerce,” Journal of Information Science and Engineering, 19, 2003, pp. 15–38.
71. Shegalov, G., Gillmann, M., and Weikum, G., “XML-enabled Workflow Management for E-Services across Heterogeneous Platforms,” The International Journal on Very Large Data Bases, 10, 1, 2001.
72. Tripathi, A., Ahmed, T., Kakani, V., Jaman, S., “Workflow support for electronic commerce applications.” Department of Computer Science, University of Minnesota, MN, US, 2000.
73. Buckley, C., Salton, G., and Allan, J., “The effect of adding relevance information in a relevance feedback environment,” In Proceedings of the 17th Int’l Conference on R&D in IR (SIGIR), 1994, pp. 292–300.
74. Hull, D., Pedersen, J., and Schfietze, H., “Document routing as statistical classification,” In AAAI Spring Symposium on Machine Learning in Information Access, Palo Alto, CA, 1996.
75. Schütze, H., Hull, D. A., and Pedersen, J. O., “A comparison of classifiers and document representations for the routing problem,” In Proceedings of the 18th
annual international ACM SIGIR conference on Research and development in information retrieval, Seattle, Washington, United States, 1995, pp. 229–237.
76. Ramachandran, D., Boyette, N., Cheng, I., Krishna, V., and Srinivasan, S.,
“Towards Scaleable and Adaptive Document Routing Services,” IEEE International Conference on Services Computing (SCC'06), 2006.
77. Kumar, A. and Zhao, J. L., “Workflow support for electronic commerce applications,” Decision Support Systems, 32, 3, 2002.
78. Montagut, F. and Molva, R., “Bridging Security and Fault Management within Distributed Workflow Management Systems,” IEEE Transactions on Services Computing, 1, 1, 33–48, 2008.
79. Goldschlag, D. M., Reed, M. G., and Syverson, P. F., “Onion Routing for Anonymous and Private Internet Connections,” Communications of the ACM, 42, 2, 1999.
80. Reed, M. G., Syverson, P. F., and Goldschlag, D. M., “Anonymous Connections and Onion Routing,” IEEE Journal on Selected Areas in Communication, Special Issue on Copyright and Privacy Protection, 1998.
81. Farmer, W., Guttman, J., and Swarup, V., “Security for Mobile Agents:
Authentication and State Appraisal,” In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS '96), 1996, pp. 118–
130.
82. Necula, G. and Lee, P., “Safe Kernel Extensions Without Run-Time Checking,”
In Proceedings of the 2nd Symposium on Operating System Design and Implementation (OSDI '96), Seattle, Washington, 1996, pp. 229–243.
83. Vigna, G., “Protecting Mobile Agents through Tracing,” In Proceedings of the 3rd ECOOP Workshop on Mobile Object Systems. Jyvalskyla, Finland, 1997.
84. Roth, V., “Secure Recording of Itineraries through Cooperating Agents,” In Proceedings of the ECOOP Workshop on Distributed Object Security and 4th Workshop on Mobile Object Systems: Secure Internet Mobile Computations, INRIA, France, 1998, pp. 147–154.
85. Ordille, J. J., “When Agents Roam, Who Can You Trust?,” In Proceedings of the First Conference on Emerging Technologies and Applications in Communications, Portland, OR, 1996.
86. Hulaas, J. G., Stormer, H., and Schonhoff, M., “ANAISoft: An Agent-based Architecture for Distributed Market-based Workflow Management,” CSCW2001, 2001.
87. Kumar, A. and Zhao, J. L., “Dynamic Routing and Operational Controls in a Workflow Management System,” Management Science, 45, 2, 1999.
88. OASIS, “Web Services Security,” OASIS Standard, February 2006, http://www.oasis-open.org/committees/wss/.
89. OASIS, “Security Assertion Markup Language(SAML) V2.0,” OASIS Standard, March 2005, http://saml.xml.org/saml-specifications.
90. OASIS, “WS-SecureConversation,” OASIS Standard, February 2009, http://www.oasis-open.org/committees/ws-sx/.
91. W. She, B. M. Thuraisingham, and I. Yen, “Delegation-based Security Model for Web Services,” 10th IEEE High Assurance Systems Engineering Symposium, 2007.
92. W. She, I. Yen, and B. M. Thuraisingham, “Enhancing Security Modeling for Web Services Using Delegation and Pass-On,” IEEE International Conference on Web Services, pp. 545-552. 2008.
93. W. She, I. Yen, B. M. Thuraisingham, and E. Bertino, “The SCIFC Model for Information Flow Control in Web Service Composition”. IEEE International Conference on Web Services, 2009.
94. T. Rhodes, “File System Access Control Lists,” FreeBSD Handbook, 2003, Chap.14, http://www.freebsd.org/doc/en/books/handbook/fs-acl.html.
95. OASIS, “eXtensible Access Control Markup Language (XACML) Version 2.0,”
OASIS Standard, February 2005,
OASIS Standard, February 2005,