Abstract
Workflows are complex operational processes that include security constraints restricting which users can perform which tasks. An improper user-task assignment may prevent the completion of the workflow, and deciding such an assignment at runtime is known to be complex, especially when considering user unavailability (known as the resiliency problem). Therefore, design tools are required that allow fast evaluation of workflow resiliency. In this paper, we propose a methodology for workflow designers to assess the impact of the security policy on computing the resiliency of a workflow. Our approach relies on encoding a workflow into the probabilistic model-checker PRISM, allowing its resiliency to be evaluated by solving a Markov Decision Process. We observe and illustrate that adding or removing some constraints has a clear impact on the resiliency computation time, and we compute the set of security constraints that can be artificially added to a security policy in order to reduce the computation time while maintaining the resiliency.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Workflow handbook 1997. chapter The Workflow Reference Model, pp. 243–293. John Wiley and Sons Inc, New York (1997)
Armando, A., Ponta, S.E.: Model checking authorization requirements in business processes. Comput. Secur. 40, 1–22 (2014)
Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflow management systems. In: International Conference on Availability, Reliability and Security (ARES 2009), pp. 58–65, March 2009
Bakkali, H.E.: Enhancing workflow systems resiliency by using delegation and priority concepts. J. Digital Inf. Manage. 11(4), 267–276 (2013)
Basin, D., Burri, S.J., Karjoth, G.: Obstruction-free authorization enforcement: aligning security with business objectives. In: Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium (CSF 2011), pp. 99–113. IEEE Computer Society, Washington (2011)
Basin, D., Burri, S.J., Karjoth, G.: Optimal workflow-aware authorizations. In: Proceedings of SACMAT 2012, pp. 93–102. ACM, New York (2012)
Basu, A., Kumar, A.: Research commentary: workflow management issues in e-business. Info. Sys. Res. 13(1), 1–14 (2002)
Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Trans. Inf. Syst. Secur. 2(1), 65–104 (1999)
Botha, R., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Sys. J. 40(3), 666–682 (2001)
Calinescu, R., Ghezzi, C., Kwiatkowska, M., Mirandola, R.: Self-adaptive software needs quantitative verification at runtime. Commun. ACM 55(9), 69–77 (2012)
Calinescu, R., Grunske, L., Kwiatkowska, M., Mirandola, R., Tamburrelli, G.: Dynamic QoS management and optimisation in service-based systems. IEEE Trans. Softw. Eng. 37(3), 387–409 (2011)
Crampton, J., Gutin, G., Yeo, A.: On the parameterized complexity and kernelization of the workflow satisfiability problem. ACM Trans. Inf. Syst. Secur. 16(1), 4 (2013)
Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: Proceedings of the 13th ACM symposium on Access control models and technologies, pp. 31–40. ACM (2008)
Georgakopoulos, D., Hornick, M., Sheth, A.: An overview of workflow management: From process modeling to workflow automation infrastructure. Distrib. Parallel Databases 3(2), 119–153 (1995)
He, L., Huang, C., Duan, K., Li, K., Chen, H., Sun, J., Jarvis, S.A.: Modeling and analyzing the impact of authorization on workflow executions. Future Gener. Comput. Sys. 28(8), 1177–1193 (2012)
Herbert, L., Sharp, R.: Precise quantitative analysis of probabilistic business process model and notation workflows. J. Comput. Inf. Sci. Eng. 13(1), 011007 (2013)
Hiden, H., Woodman, S., Watson, P., Cala, J.: Developing cloud applications using the e-science central platform. Philos. Trans. R. Soc. A : Math. Phys. Eng. Sci. 371(1983), 20120085 (2013)
Howard, R.A.: Dynamic Programming and Markov Processes. MIT Press, Cambridge (1960)
Kohler, M., Liesegang, C., Schaad, A.: Classification model for access control constraints. In: IEEE International on Performance, Computing, and Communications Conference (IPCCC 2007) pp. 410–417, April 2007
Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011)
Lowalekar, M., Tiwari, R.K., Karlapalem, K.: Security policy satisfiability and failure resilience in workflows. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 197–210. Springer, Heidelberg (2009)
Mace, J.C., Morisset, C., van Moorsel, A.: Quantitative workflow resiliency. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 344–361. Springer, Heidelberg (2014)
Mace, J.C., Morisset, C., van Moorsel, A.: Impact of policy design on workflow resiliency computation time. Technical report CS-TR-1469, School of Computing Science, Newcastle University, UK, May 2015
Mace, J.C., Morisset, C., van Moorsel, A.: Modelling user availability in workflow resiliency analysis. In: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security (HotSoS 2015), pp. 7:1–7:10. ACM, New York (2015)
Martinelli, F., Morisset, C.: Quantitative access control with partially-observable markov decision processes. In: Proceedings of CODASPY 2012, pp. 169–180. ACM, New York (2012)
Unertl, K.M., Johnson, K.B., Lorenzi, N.M.: Health information exchange technology on the front lines of healthcare: workflow factors and patterns of use. J. Am. Med. Inform. Assoc. 19(3), 392–400 (2012)
Wainer, J., Barthelmess, P., Kumar, A.: W-rbac - a workflow security model incorporating controlled overriding of constraints. Int. J. Coop. Inf. Sys. 12, 2003 (2003)
Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13(4), 40:1–40:35 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Probabilities for User Availability
A Probabilities for User Availability
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Mace, J.C., Morisset, C., Moorsel, A.v. (2015). Impact of Policy Design on Workflow Resiliency Computation Time. In: Campos, J., Haverkort, B. (eds) Quantitative Evaluation of Systems. QEST 2015. Lecture Notes in Computer Science(), vol 9259. Springer, Cham. https://doi.org/10.1007/978-3-319-22264-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-22264-6_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22263-9
Online ISBN: 978-3-319-22264-6
eBook Packages: Computer ScienceComputer Science (R0)