Abstract
We propose a language for expressing fine-grained security policies for controlling orchestrated business processes modelled as a BPEL workflow. Our policies are expressed as a process algebra that permits a BPEL activity, denies it or force-terminates it. The outcome is evaluates with compensation contexts. Finally, we give an example of these policies in a distributed map processing scenario such that the policies constrain service interactions in the workflow according to the security requirements of each entity participating in the workflow.
This work is partially funded by the EU GridTrust project, contract No. 033827 - http://www.gridtrust.eu, and the EU Consequence project, contract No. 214859 - http://www.consequence-project.eu/
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baiardi, F., Martinelli, F., Mori, P., Vaccarelli, A.: Improving Grid Services Security with Fine Grain Policies. In: Meersman, R., Tari, Z., Corsaro, A. (eds.) OTM-WS 2004. LNCS, vol. 3292, pp. 123–134. Springer, Heidelberg (2004)
Baresi, L., Guinea, S.: Towards Dynamic Monotoring of WS-BPEL Processes. In: Benatallah, B., Casati, F., Traverso, P. (eds.) ICSOC 2005. LNCS, vol. 3826, pp. 269–282. Springer, Heidelberg (2005)
BEA, IBM, Microsoft, SAP, and Siebel. Business Process Execution Language for Web Services Version 1.1. Public Specification (2003)
BEA, IBM, Microsoft, SAP, and Siebel. Web Services Business Process Execution Language Version 2.0. OASIS Standard (2007)
Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WS-BPEL. In: Proceedings of the 2006 IEEE International Conference on Web Services, Chicago, Illinois, USA, pp. 275–284. IEEE Computer Society, Los Alamitos (2006)
Bonatti, P.A., di Vimercati, S.D.C., Samarati, P.: A Modular Approach to Composing Access Control Policies. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), Athens, Greece, November 2000, pp. 164–173. ACM Press, New York (2000)
Bryans, J.: Reasoning about xacml policies using csp. In: SWS. ACM Press, New York (2005)
Chadwick, D., Otenko, A.: The permis x.509 role based privilege management infrastructure. In: SACMAT 2002: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 135–140. ACM Press, New York (2002)
Colombo, M., Martinelli, F., Mori, P., Petrocchi, M., Vaccarelli, A.: Fine grained access control with trust and reputation management for globus. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1505–1515. Springer, Heidelberg (2007)
Crampton, J.: An Algebraic Approach to the Analysis of Constrained Workflow Systems. In: Proceedings of the 3rd Workshop on Foundations of Computer Security, pp. 61–74 (2004)
Decker, G., Kopp, O., Leymann, F., Weske, M.: BPEL4Chor: Extending BPEL for Modeling Choreographies. In: Proceedings of the IEEE 2007 International Conference on Web Services (ICWS 2007), Salt Lake City, Utah, USA. IEEE Computer Society, Los Alamitos (2007)
Foster, I., Kesselman, C., Pearlman, L., Tuecke, S., Welch, V.: A community authorization service for group collaboration. In: Proceedings of the3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 50–59 (2002)
GridTrust. Deliverable D5.1(M19) Specifications of Applications and Test Cases (2007)
Martinelli, F., Matteucci, I.: Synthesis of web services orchestrators in a timed setting. In: Dumas, M., Heckel, R. (eds.) WS-FM 2007. LNCS, vol. 4937, pp. 124–138. Springer, Heidelberg (2008)
Mendling, J., Strembeck, M., Stermsek, G., Neumann, G.: An Approach to Extract RBAC Models from BPEL4WS Processes. In: Proceedings of the Thirteenth IEEE International Workshops on Enabling Technologies (WETICE 2004): Infrastructure for Collaborative Enterprises, Modena, Italy, pp. 81–86. IEEE Computer Society, Los Alamitos (2004)
Pearlman, L., Kesselman, C., Welch, V., Foster, I., Tuecke, S.: The community authorization service: Status and future. In: Proceedings of Computing in High Energy and Nuclear Physics (CHEP 2003): ECONF (2003) C0303241:TUBT003
Pretschner, A., Massacci, F., Hilty, M.: Usage control in service-oriented architectures. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus. LNCS, vol. 4657, pp. 83–93. Springer, Heidelberg (2007)
Qiu, Z., Wang, S., Pu, G., Zhao, X.: Semantics of BPEL4WS-Like Fault and Compensation Handling. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 350–365. Springer, Heidelberg (2005)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a pki environment. ACM Transactions on Information and System Security (TISSEC) 6(4), 566–588 (2003)
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: A usage-based authorization framework for collaborative computing systems. In: SACMAT 2006: Proceedings of the eleventh ACM symposium on Access control models and technologies, pp. 180–189. ACM Press, New York (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aziz, B., Arenas, A., Martinelli, F., Matteucci, I., Mori, P. (2008). Controlling Usage in Business Process Workflows through Fine-Grained Security Policies. In: Furnell, S., Katsikas, S.K., Lioy, A. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2008. Lecture Notes in Computer Science, vol 5185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85735-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-85735-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85734-1
Online ISBN: 978-3-540-85735-8
eBook Packages: Computer ScienceComputer Science (R0)