Performance Analysis for Workflow Management Systems under Role-Based Authorization Control

  • Limin Liu
  • Ligang He
  • Stephen A. Jarvis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7296)


Role-Based Access Control (RBAC) remains one of the most popular authorization control mechanisms. Workflow is a business flow composed of several related tasks. These tasks are interrelated and context-dependent during their execution. Under many circumstances execution context introduces uncertainty in authorization decisions for tasks. This paper investigates the role-based authorization model with the runtime context constraints and dynamic cardinality constraints. The Generalized Stochastic Petri-net is used to model the authorization process. Moreover, due to the state explosion problem in the Petri-net formalism, the proposed modeling method combines the Queuing theory to analyze both system-oriented and user-oriented performance. Given the workflow information, its running context and the authorization policies, this work can be used to predict the performance of these workflows running in the system. The prediction information can give insight in how to adjust authorization policies to strike a better balance between security and performance.


Workflow Role Authorization Cardinality Performance 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sandhu, R.S., Coyne, E.J., Feistein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  2. 2.
    Ahn, G., Sandhu, R.: Role-Based Authorization Constraints Specification. ACM Trans. Information and System Security 3(4), 207–226 (2000)CrossRefGoogle Scholar
  3. 3.
    Ahn, G., Sandhu, R.: The RSL99 Language for Role-based Separation of Duty Constraints. In: Proceedings of the Fourth ACM Workshop on Role-based Access Control, Fairfax, Virginia, United States, October 28-29, pp. 43–54 (1999)Google Scholar
  4. 4.
    Botha, R., Eloff, J.: Separation of Duties for Access Control Enforcement in Workflow Environments. IBM Systems Journal 40(3), 666–682 (2001)CrossRefGoogle Scholar
  5. 5.
    Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)CrossRefGoogle Scholar
  6. 6.
    Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC- A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems 12(4), 455–486 (2003)CrossRefGoogle Scholar
  7. 7.
    Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: a Temporal Role-based Access Control Model. In: Proceedings of the Fifth ACM Workshop on Role-based Access Control, Berlin, Germany, July 26-28, pp. 21–30 (2000)Google Scholar
  8. 8.
    Wang, Q., Li, N.: Satisfiability and Resiliency in Workflow Authorization Systems. ACM Transactions on Information and System Security (TISSEC) 13(4), 1–35 (2010)CrossRefGoogle Scholar
  9. 9.
    Thomas, R.K., Sandhu, R.S.: Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. In: IFIP TC11 WG113 11th International Conference on Database Security XI Status and Prospects, vol. 11, pp. 166–181. Chapman & Hall, LtdGoogle Scholar
  10. 10.
    Bertino, E., Ferrari, E.: An authorization Model for Supporting the Specification and Enforcement of Role-based Authorization in Workflow Management Systems. ACM Transactions on Information and System Security 2(1), 65–104 (1999)CrossRefGoogle Scholar
  11. 11.
    Castano, S., Casati, F., Fugini, M.: Managing Workflow Authorization Constraints through Active Database Technology. Information Systems Frontiers 3(3), 319–338 (2001)CrossRefGoogle Scholar
  12. 12.
    van der Aalst, W.M.P.: The Application of Petri Nets to Workflow Management. The Journal of Circuits, Systems and Computers 8(1), 21–66 (1998)CrossRefGoogle Scholar
  13. 13.
    Ray, I., Li, N., France, R., Kim, D.K.: Using UML to Visualize Role-based Access Control Constraints. In: Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, Yorktown Heights, New York, USA, June 02-04, pp. 115–124 (2004)Google Scholar
  14. 14.
    Tan, K., Crampton, J., Gunter, C.: The Consistency of Task-based Authorization Constraints in Workflow Systems. In: Proceedings of 17th IEEE Computer Security Foundations Workshop, pp. 155–169 (2004)Google Scholar
  15. 15.
    Liu, S., Fan, Y.S.: Workflow Model Performance Analysis Concerning Instance Dwelling Times Distribution. In: 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, ISPA, pp. 601–605 (2009)Google Scholar
  16. 16.
    Li, J.Q., Fan, Y.S., Zhou, M.C.: Performance Modeling and Analysis of Workflow. IEEE Transactions on System, Man, and Cybernetics A 34, 229–242 (2004)CrossRefGoogle Scholar
  17. 17.
    He, L., Calleja, M., Hayes, M., Jarvis, S.A.: Performance Prediction for Running Workflows under Role-based Authorization Mechanisms. In: IEEE International Symposium on Parallel and Distributed Processing, pp. 1–8 (2009)Google Scholar
  18. 18.
    Manolache, S.: Schedulability Analysis of Real-Time Systems with Stochastic Task Execution Times. Ph.D Thesis, Department of Computer and Information Science, IDA, Linkoping UniversityGoogle Scholar
  19. 19.
    Gallager, R.G.: Discrete Stochastic Process. Kluwer Academic Publishers Group (1996)Google Scholar
  20. 20.
    Adan, I., Resing, J.: Queueing Theory. Eindhoven University of Technology (2002)Google Scholar
  21. 21.
    Bunday, B.D.: An introduction to queueing theory. Arnold, London (1996)Google Scholar
  22. 22.
    Gross, D., Harris, C.M.: Fundamentals of Queueing Theory. Wiley, Chichester (1985)zbMATHGoogle Scholar
  23. 23.
    Robertazzi, T.G.: Computer Networks and Systems – Queueing Theory and Performance Evaluation. Springer, New York (1994)Google Scholar
  24. 24.
    Bolch, G., Greiner, S., de Meer, H., Trivedi, K.S.: Queueing Networks and Markov Chains – Modeling and Performance Evaluation with Computer Science Applications. John Wiley and Sons, New York (1998)zbMATHCrossRefGoogle Scholar
  25. 25.
    Li, N., Tripunitara, M.V., Bizri, Z.: On Mutually Exclusive Roles and Separation-of-duty. ACM Transactions on Information and System Security (TISSEC) 10(2), 5-es (2007)zbMATHCrossRefGoogle Scholar
  26. 26.
    van Hoorn, M.H., Tijms, H.C.: Approximations for the Waiting Time Distribution of the M/G/C queue. Performance Evaluation 2(1), 22–28 (1982)zbMATHCrossRefGoogle Scholar
  27. 27.
    Boxma, O.J., Cohen, J.W., Huffels, N.: Approximations of the Mean Waiting Time in an M/G/C Queuing System. Operations Research 27, 1115–1127 (1980)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Limin Liu
    • 1
  • Ligang He
    • 2
  • Stephen A. Jarvis
    • 2
  1. 1.Department of Optical and Electronic EngineeringMechanical Engineering CollegeShijiazhuangChina
  2. 2.Department of Computer ScienceUniversity of WarwickCoventryUK

Personalised recommendations