Skip to main content
SpringerLink
Log in
Book cover

International Conference on Quantitative Evaluation of Systems

QEST 2015: Quantitative Evaluation of Systems pp 244–259Cite as

Impact of Policy Design on Workflow Resiliency Computation Time

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9259))

Abstract

Workflows are complex operational processes that include security constraints restricting which users can perform which tasks. An improper user-task assignment may prevent the completion of the workflow, and deciding such an assignment at runtime is known to be complex, especially when considering user unavailability (known as the resiliency problem). Therefore, design tools are required that allow fast evaluation of workflow resiliency. In this paper, we propose a methodology for workflow designers to assess the impact of the security policy on computing the resiliency of a workflow. Our approach relies on encoding a workflow into the probabilistic model-checker PRISM, allowing its resiliency to be evaluated by solving a Markov Decision Process. We observe and illustrate that adding or removing some constraints has a clear impact on the resiliency computation time, and we compute the set of security constraints that can be artificially added to a security policy in order to reduce the computation time while maintaining the resiliency.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Workflow handbook 1997. chapter The Workflow Reference Model, pp. 243–293. John Wiley and Sons Inc, New York (1997)

    Google Scholar 

  2. Armando, A., Ponta, S.E.: Model checking authorization requirements in business processes. Comput. Secur. 40, 1–22 (2014)

    Article  Google Scholar 

  3. Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflow management systems. In: International Conference on Availability, Reliability and Security (ARES 2009), pp. 58–65, March 2009

    Google Scholar 

  4. Bakkali, H.E.: Enhancing workflow systems resiliency by using delegation and priority concepts. J. Digital Inf. Manage. 11(4), 267–276 (2013)

    Google Scholar 

  5. Basin, D., Burri, S.J., Karjoth, G.: Obstruction-free authorization enforcement: aligning security with business objectives. In: Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium (CSF 2011), pp. 99–113. IEEE Computer Society, Washington (2011)

    Google Scholar 

  6. Basin, D., Burri, S.J., Karjoth, G.: Optimal workflow-aware authorizations. In: Proceedings of SACMAT 2012, pp. 93–102. ACM, New York (2012)

    Google Scholar 

  7. Basu, A., Kumar, A.: Research commentary: workflow management issues in e-business. Info. Sys. Res. 13(1), 1–14 (2002)

    Article  Google Scholar 

  8. Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)

    Article  Google Scholar 

  9. Botha, R., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Sys. J. 40(3), 666–682 (2001)

    Article  Google Scholar 

  10. Calinescu, R., Ghezzi, C., Kwiatkowska, M., Mirandola, R.: Self-adaptive software needs quantitative verification at runtime. Commun. ACM 55(9), 69–77 (2012)

    Article  Google Scholar 

  11. Calinescu, R., Grunske, L., Kwiatkowska, M., Mirandola, R., Tamburrelli, G.: Dynamic QoS management and optimisation in service-based systems. IEEE Trans. Softw. Eng. 37(3), 387–409 (2011)

    Article  Google Scholar 

  12. Crampton, J., Gutin, G., Yeo, A.: On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Trans. Inf. Syst. Secur. 16(1), 4 (2013)

    Article  Google Scholar 

  13. Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: Proceedings of the 13th ACM symposium on Access control models and technologies, pp. 31–40. ACM (2008)

    Google Scholar 

  14. Georgakopoulos, D., Hornick, M., Sheth, A.: An overview of workflow management: From process modeling to workflow automation infrastructure. Distrib. Parallel Databases 3(2), 119–153 (1995)

    Article  Google Scholar 

  15. He, L., Huang, C., Duan, K., Li, K., Chen, H., Sun, J., Jarvis, S.A.: Modeling and analyzing the impact of authorization on workflow executions. Future Gener. Comput. Sys. 28(8), 1177–1193 (2012)

    Article  Google Scholar 

  16. Herbert, L., Sharp, R.: Precise quantitative analysis of probabilistic business process model and notation workflows. J. Comput. Inf. Sci. Eng. 13(1), 011007 (2013)

    Article  Google Scholar 

  17. Hiden, H., Woodman, S., Watson, P., Cala, J.: Developing cloud applications using the e-science central platform. Philos. Trans. R. Soc. A : Math. Phys. Eng. Sci. 371(1983), 20120085 (2013)

    Article  Google Scholar 

  18. Howard, R.A.: Dynamic Programming and Markov Processes. MIT Press, Cambridge (1960)

    MATH  Google Scholar 

  19. Kohler, M., Liesegang, C., Schaad, A.: Classification model for access control constraints. In: IEEE International on Performance, Computing, and Communications Conference (IPCCC 2007) pp. 410–417, April 2007

    Google Scholar 

  20. Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Lowalekar, M., Tiwari, R.K., Karlapalem, K.: Security policy satisfiability and failure resilience in workflows. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 197–210. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Mace, J.C., Morisset, C., van Moorsel, A.: Quantitative workflow resiliency. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 344–361. Springer, Heidelberg (2014)

    Google Scholar 

  23. Mace, J.C., Morisset, C., van Moorsel, A.: Impact of policy design on workflow resiliency computation time. Technical report CS-TR-1469, School of Computing Science, Newcastle University, UK, May 2015

    Google Scholar 

  24. Mace, J.C., Morisset, C., van Moorsel, A.: Modelling user availability in workflow resiliency analysis. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security (HotSoS 2015), pp. 7:1–7:10. ACM, New York (2015)

    Google Scholar 

  25. Martinelli, F., Morisset, C.: Quantitative access control with partially-observable markov decision processes. In: Proceedings of CODASPY 2012, pp. 169–180. ACM, New York (2012)

    Google Scholar 

  26. Unertl, K.M., Johnson, K.B., Lorenzi, N.M.: Health information exchange technology on the front lines of healthcare: workflow factors and patterns of use. J. Am. Med. Inform. Assoc. 19(3), 392–400 (2012)

    Article  Google Scholar 

  27. Wainer, J., Barthelmess, P., Kumar, A.: W-rbac - a workflow security model incorporating controlled overriding of constraints. Int. J. Coop. Inf. Sys. 12, 2003 (2003)

    Google Scholar 

  28. Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13(4), 40:1–40:35 (2010)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing Science, Newcastle University, Newcastle upon Tyne, NE1 7RU, UK

    John C. Mace, Charles Morisset & Aad van Moorsel

Authors
  1. John C. Mace
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charles Morisset
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aad van Moorsel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to John C. Mace .

Editor information

Editors and Affiliations

  1. Universidad de Zaragoza, Zaragoza, Spain

    Javier Campos

  2. University of Twente, Enschede, The Netherlands

    Boudewijn R. Haverkort

A Probabilities for User Availability

A Probabilities for User Availability

Table 4. User probabilistic availabilities used to compute resiliency for running example workflow \(w_1\) in Sects. 46.1 and 6.2
Full size table
Table 5. User probabilistic availabilities used to compute resiliency when assessing policy changes (Sect. 5) and for the base workflow \(w_B\) (Sect. 6.3)
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Mace, J.C., Morisset, C., Moorsel, A.v. (2015). Impact of Policy Design on Workflow Resiliency Computation Time. In: Campos, J., Haverkort, B. (eds) Quantitative Evaluation of Systems. QEST 2015. Lecture Notes in Computer Science(), vol 9259. Springer, Cham. https://doi.org/10.1007/978-3-319-22264-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22264-6_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22263-9

  • Online ISBN: 978-3-319-22264-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation