Performance Analysis for Workflow Management Systems under Role-Based Authorization Control
Role-Based Access Control (RBAC) remains one of the most popular authorization control mechanisms. Workflow is a business flow composed of several related tasks. These tasks are interrelated and context-dependent during their execution. Under many circumstances execution context introduces uncertainty in authorization decisions for tasks. This paper investigates the role-based authorization model with the runtime context constraints and dynamic cardinality constraints. The Generalized Stochastic Petri-net is used to model the authorization process. Moreover, due to the state explosion problem in the Petri-net formalism, the proposed modeling method combines the Queuing theory to analyze both system-oriented and user-oriented performance. Given the workflow information, its running context and the authorization policies, this work can be used to predict the performance of these workflows running in the system. The prediction information can give insight in how to adjust authorization policies to strike a better balance between security and performance.
KeywordsWorkflow Role Authorization Cardinality Performance
Unable to display preview. Download preview PDF.
- 3.Ahn, G., Sandhu, R.: The RSL99 Language for Role-based Separation of Duty Constraints. In: Proceedings of the Fourth ACM Workshop on Role-based Access Control, Fairfax, Virginia, United States, October 28-29, pp. 43–54 (1999)Google Scholar
- 7.Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a Temporal Role-based Access Control Model. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, Berlin, Germany, July 26-28, pp. 21–30 (2000)Google Scholar
- 9.Thomas, R.K., Sandhu, R.S.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: IFIP TC11 WG113 11th International Conference on Database Security XI Status and Prospects, vol. 11, pp. 166–181. Chapman & Hall, LtdGoogle Scholar
- 13.Ray, I., Li, N., France, R., Kim, D.K.: Using UML to Visualize Role-based Access Control Constraints. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, Yorktown Heights, New York, USA, June 02-04, pp. 115–124 (2004)Google Scholar
- 14.Tan, K., Crampton, J., Gunter, C.: The Consistency of Task-based Authorization Constraints in Workflow Systems. In: Proceedings of 17th IEEE Computer Security Foundations Workshop, pp. 155–169 (2004)Google Scholar
- 15.Liu, S., Fan, Y.S.: Workflow Model Performance Analysis Concerning Instance Dwelling Times Distribution. In: 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, ISPA, pp. 601–605 (2009)Google Scholar
- 17.He, L., Calleja, M., Hayes, M., Jarvis, S.A.: Performance Prediction for Running Workflows under Role-based Authorization Mechanisms. In: IEEE International Symposium on Parallel and Distributed Processing, pp. 1–8 (2009)Google Scholar
- 18.Manolache, S.: Schedulability Analysis of Real-Time Systems with Stochastic Task Execution Times. Ph.D Thesis, Department of Computer and Information Science, IDA, Linkoping UniversityGoogle Scholar
- 19.Gallager, R.G.: Discrete Stochastic Process. Kluwer Academic Publishers Group (1996)Google Scholar
- 20.Adan, I., Resing, J.: Queueing Theory. Eindhoven University of Technology (2002)Google Scholar
- 21.Bunday, B.D.: An introduction to queueing theory. Arnold, London (1996)Google Scholar
- 23.Robertazzi, T.G.: Computer Networks and Systems – Queueing Theory and Performance Evaluation. Springer, New York (1994)Google Scholar